3249 files changed, 225174 insertions, 0 deletions

diff --git a/metadata/glsa/glsa-200310-03.xml b/metadata/glsa/glsa-200310-03.xml
new file mode 100644
index 000000000000..8b3308a259f6
--- /dev/null
+++ b/metadata/glsa/glsa-200310-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200310-03">
+  <title>Apache: multiple buffer overflows</title>
+  <synopsis>
+    Multiple stack-based buffer overflows in mod_alias and mod_rewrite can allow
+    execution of arbitrary code and cause a denial of service.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2003-10-28</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>32194</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">1.3.29</unaffected>
+      <vulnerable range="lt">1.3.29</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP Server is one of the most popular web servers on the
+    Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow
+    attackers who can create or edit configuration files including .htaccess
+    files, to cause a denial of service and execute arbitrary code via a regular
+    expression containing more than 9 captures.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may cause a denial of service or execute arbitrary code with the
+    privileges of the user that is running apache.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time, other than to disable both
+    mod_alias and mod_rewrite.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    It is recommended that all Gentoo Linux users who are running
+    net-misc/apache 1.x upgrade:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv apache
+    # emerge '&gt;=www-servers/apache-1.3.29'
+    # emerge clean
+    # /etc/init.d/apache restart</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542 (under review at time of GLSA)</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200310-04.xml b/metadata/glsa/glsa-200310-04.xml
new file mode 100644
index 000000000000..efdce1905e60
--- /dev/null
+++ b/metadata/glsa/glsa-200310-04.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200310-04">
+  <title>Apache: buffer overflows and a possible information disclosure</title>
+  <synopsis>
+    Multiple stack-based buffer overflows in mod_alias and mod_rewrite can allow
+    execution of arbitrary code and cause a denial of service, and a bug in the
+    way mod_cgid handles CGI redirect paths could result in CGI output going to
+    the wrong client.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2003-10-31</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>32271</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.48</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.0.48</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP Server is one of the most popular web servers on the
+    Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow
+    attackers who can create or edit configuration files including .htaccess
+    files, to cause a denial of service and execute arbitrary code via a regular
+    expression containing more than 9 captures, and a bug in the way mod_cgid
+    handles CGI redirect paths could result in CGI output going to the wrong
+    client when a threaded MPM is used, resulting in an information disclosure.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may cause a denial of service or execute arbitrary code with the
+    privileges of the user that is running apache.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    It is recommended that all Gentoo Linux users who are running
+    net-misc/apache 2.x upgrade:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=www-servers/apache-2.0.48'
+    # emerge '&gt;=www-servers/apache-2.0.48'
+    # emerge clean
+    # /etc/init.d/apache2 restart</code>
+    <p>
+    Please remember to update your config files in /etc/apache2 as --datadir has
+    been changed to /var/www/localhost.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789">CAN-2003-0789</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200311-01.xml b/metadata/glsa/glsa-200311-01.xml
new file mode 100644
index 000000000000..3a12447abeb0
--- /dev/null
+++ b/metadata/glsa/glsa-200311-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200311-01">
+  <title>kdebase: KDM vulnerabilities</title>
+  <synopsis>
+    A bug in KDM can allow privilege escalation with certain configurations of
+    PAM modules.
+  </synopsis>
+  <product type="ebuild">kdebase</product>
+  <announced>2003-11-15</announced>
+  <revised count="01">2003-11-15</revised>
+  <bug>29406</bug>
+  <access>local / remote</access>
+  <affected>
+    <package name="kde-base/kdebase" auto="yes" arch="*">
+      <unaffected range="ge">3.1.4</unaffected>
+      <vulnerable range="le">3.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDM is the desktop manager included with the K Desktop Environment.
+    </p>
+  </background>
+  <description>
+    <p>
+    Firstly, versions of KDM &lt;=3.1.3 are vulnerable to a privilege escalation
+    bug with a specific configuration of PAM modules.  Users who do not use PAM
+    with KDM and users who use PAM with regular Unix crypt/MD5 based
+    authentication methods are not affected.
+    </p>
+    <p>
+    Secondly, KDM uses a weak cookie generation algorithm.  Users are advised to
+    upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable source of
+    entropy to improve security.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote or local attacker could gain root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    It is recommended that all Gentoo Linux users who are running
+    kde-base/kdebase &lt;=3.1.3 upgrade:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=kde-base/kde-3.1.4'
+    # emerge '&gt;=kde-base/kde-3.1.4'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690">CAN-2003-0690</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692">CAN-2003-0692</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20030916-1.txt">KDE Security Advisory</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200311-02.xml b/metadata/glsa/glsa-200311-02.xml
new file mode 100644
index 000000000000..f0fb2207a6fa
--- /dev/null
+++ b/metadata/glsa/glsa-200311-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200311-02">
+  <title>Opera: buffer overflows in 7.11 and 7.20</title>
+  <synopsis>
+    Buffer overflows exist in Opera 7.11 and 7.20 that can cause Opera to crash,
+    and can potentially overwrite arbitrary bytes on the heap leading to a
+    system compromise.
+  </synopsis>
+  <product type="ebuild">Opera</product>
+  <announced>2003-11-19</announced>
+  <revised count="01">2003-11-19</revised>
+  <bug>31775</bug>
+  <access>local / remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">7.21</unaffected>
+      <vulnerable range="eq">7.20</vulnerable>
+      <vulnerable range="eq">7.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Opera browser can cause a buffer allocated on the heap to overflow under
+    certain HREFs when rendering HTML.  The mail system is also deemed
+    vulnerable and an attacker can send an email containing a malformed HREF, or
+    plant the malicious HREF on a web site.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Certain HREFs can cause a buffer allocated on the heap to overflow when
+    rendering HTML which can allow arbitrary bytes on the heap to be overwritten
+    which can result in a system compromise.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to perform an 'emerge sync' and upgrade the package
+    to the latest available version.  Opera 7.22 is recommended as Opera 7.21 is
+    vulnerable to other security flaws. Specific steps to upgrade:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=www-client/opera-7.22'
+    # emerge '&gt;=www-client/opera-7.22'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0870">CAN-2003-0870</uri>
+    <uri link="http://www.atstake.com/research/advisories/2003/a102003-1.txt">@stake Security Advisory</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200311-03.xml b/metadata/glsa/glsa-200311-03.xml
new file mode 100644
index 000000000000..7205e4947f76
--- /dev/null
+++ b/metadata/glsa/glsa-200311-03.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200311-03">
+  <title>HylaFAX: Remote code exploit in hylafax</title>
+  <synopsis>
+    A format bug condition allows a remote attacjer to execute arbitrary code as
+    the root user.
+  </synopsis>
+  <product type="ebuild">HylaFAX</product>
+  <announced>2003-11-10</announced>
+  <revised count="01">2003-11-10</revised>
+  <bug>33368</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/hylafax" auto="yes" arch="*">
+      <unaffected range="ge">4.1.8</unaffected>
+      <vulnerable range="le">4.1.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    HylaFAX is a popular client-server fax package.
+    </p>
+  </background>
+  <description>
+    <p>
+    During a code review of the hfaxd server, the SuSE Security Team discovered
+    a format bug condition that allows a remote attacker to execute arbitrary
+    code as the root user.  However, the bug cannot be triggered in the default
+    hylafax configuration.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could execute arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to perform an 'emerge sync' and upgrade the package to
+    the latest available version.  Vulnerable versions of hylafax have been
+    removed from portage.  Specific steps to upgrade:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=net-misc/hylafax-4.1.8'
+    # emerge '&gt;=net-misc/hylafax-4.1.8'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0886">CAN-2003-0886</uri>
+    <uri link="http://www.novell.com/linux/security/advisories/2003_045_hylafax.html">SuSE Security Announcment</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200311-04.xml b/metadata/glsa/glsa-200311-04.xml
new file mode 100644
index 000000000000..e252e20f5ce8
--- /dev/null
+++ b/metadata/glsa/glsa-200311-04.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200311-04">
+  <title>FreeRADIUS: heap exploit and NULL pointer dereference vulnerability</title>
+  <synopsis>
+    FreeRADIUS is vulnerable to a heap exploit and a NULL pointer dereference
+    vulnerability.
+  </synopsis>
+  <product type="ebuild">FreeRADIUS</product>
+  <announced>2003-11-23</announced>
+  <revised count="01">2003-11-23</revised>
+  <bug>33989</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3</unaffected>
+      <vulnerable range="le">0.9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeRADIUS is a popular open source RADIUS server.
+    </p>
+  </background>
+  <description>
+    <p>
+    FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however,
+    the attack code must be in the form of a valid RADIUS packet which limits
+    the possible exploits.
+    </p>
+    <p>
+    Also corrected in the 0.9.3 release is another vulnerability which causes
+    the RADIUS server to de-reference a NULL pointer and crash when an
+    Access-Request packet with a Tunnel-Password is received.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a RADIUS packet which would cause the RADIUS
+    server to crash, or could possibly overflow the heap resulting in a system
+    compromise.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to perform an 'emerge sync' and upgrade the package to
+    the latest available version - 0.9.3 is available in portage and is marked
+    as stable.
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=net-dialup/freeradius-0.9.3'
+    # emerge '&gt;=net-dialup/freeradius-0.9.3'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securitytracker.com/alerts/2003/Nov/1008263.html">SecurityTracker.com Security Alert</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200311-05.xml b/metadata/glsa/glsa-200311-05.xml
new file mode 100644
index 000000000000..471b11e2345d
--- /dev/null
+++ b/metadata/glsa/glsa-200311-05.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200311-05">
+  <title>Ethereal: security problems in ethereal 0.9.15</title>
+  <synopsis>
+    Ethereal is vulnerable to heap and buffer overflows in the GTP, ISAKMP,
+    MEGACO, and SOCKS protocol dissectors.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2003-11-22</announced>
+  <revised count="01">2003-11-22</revised>
+  <bug>32691</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.9.16</unaffected>
+      <vulnerable range="lt">0.9.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a popular network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and
+    MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS
+    protocol dissector, which could cause Ethereal to crash or to execute
+    arbitrary code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a malformed packet which would cause Ethereal
+    to crash or run arbitrary code with the permissions of the user running
+    Ethereal.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time, other than to disable the GTP,
+    ISAKMP, MEGACO, and SOCKS protocol dissectors.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    It is recommended that all Gentoo Linux users who are running
+    net-analyzer/ethereal 0.9.x upgrade:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=net-analyzer/ethereal-0.9.16'
+    # emerge '&gt;=net-analyzer/ethereal-0.9.16'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00011.html">Ethereal Security Advisory</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200311-06.xml b/metadata/glsa/glsa-200311-06.xml
new file mode 100644
index 000000000000..f5a824252851
--- /dev/null
+++ b/metadata/glsa/glsa-200311-06.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200311-06">
+  <title>glibc: getgrouplist buffer overflow vulnerability</title>
+  <synopsis>
+    glibc contains a buffer overflow in the getgrouplist function.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2003-11-22</announced>
+  <revised count="01">2003-11-22</revised>
+  <bug>33383</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5</unaffected>
+      <vulnerable range="le">2.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    glibc is the GNU C library.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in the getgrouplist function can cause a buffer overflow if the size
+    of the group list is too small to hold all the user's groups.  This overflow
+    can cause segmentation faults in user applications.  This vulnerability
+    exists only when an administrator has placed a user in a number of groups
+    larger than that expected by an application.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Applications that use getgrouplist can crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    It is recommended that all Gentoo Linux users update their systems as
+    follows:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=sys-libs/glibc-2.2.5'
+    # emerge '&gt;=sys-libs/glibc-2.2.5'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689">CAN-2003-0689</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200311-07.xml b/metadata/glsa/glsa-200311-07.xml
new file mode 100644
index 000000000000..6701c5b044cf
--- /dev/null
+++ b/metadata/glsa/glsa-200311-07.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200311-07">
+  <title>phpSysInfo: arbitrary code execution and directory traversal</title>
+  <synopsis>
+    phpSysInfo contains two vulnerabilities that can allow arbitrary code
+    execution and local directory traversal.
+  </synopsis>
+  <product type="ebuild">phpSysInfo</product>
+  <announced>2003-11-22</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>26782</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-apps/phpsysinfo" auto="yes" arch="*">
+      <unaffected range="ge">2.1-r1</unaffected>
+      <vulnerable range="le">2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpSysInfo is a PHP system information tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    phpSysInfo contains two vulnerabilities which could allow local files to be
+    read or arbitrary PHP code to be executed, under the privileges of the web
+    server process.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could read local files or execute arbitrary code with the
+    permissions of the user running the host web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    It is recommended that all Gentoo Linux users who are running
+    www-apps/phpsysinfo upgrade to the fixed version:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=www-apps/phpsysinfo-2.1-r1'
+    # emerge '&gt;=www-apps/phpsysinfo-2.1-r1'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0536">CAN-2003-0536</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200311-08.xml b/metadata/glsa/glsa-200311-08.xml
new file mode 100644
index 000000000000..d7e74aa3af6b
--- /dev/null
+++ b/metadata/glsa/glsa-200311-08.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200311-08">
+  <title>Libnids: remote code execution vulnerability</title>
+  <synopsis>
+    Libnids contains a bug which could allow remote code execution.
+  </synopsis>
+  <product type="ebuild">Libnids</product>
+  <announced>2003-11-22</announced>
+  <revised count="01">2003-11-22</revised>
+  <bug>32724</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libnids" auto="yes" arch="*">
+      <unaffected range="ge">1.18</unaffected>
+      <vulnerable range="le">1.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Libnids is a component of a network intrusion detection system.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a bug in the part of libnids code responsible for TCP reassembly.
+    The flaw probably allows remote code execution.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    It is recommended that all Gentoo Linux users who are running
+    net-libs/libnids update their systems as follows:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=net-libs/libnids-1.18'
+    # emerge '&gt;=net-libs/libnids-1.18'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850">CAN-2003-0850</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200312-01.xml b/metadata/glsa/glsa-200312-01.xml
new file mode 100644
index 000000000000..ae25b6df6eb4
--- /dev/null
+++ b/metadata/glsa/glsa-200312-01.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200312-01">
+  <title>rsync.gentoo.org: rotation server compromised</title>
+  <synopsis>
+    A server in the rsync.gentoo.org rotation was compromised.
+  </synopsis>
+  <product type="infrastructure">rsync mirror</product>
+  <announced>2003-12-02</announced>
+  <revised count="01">2003-12-02</revised>
+  <affected>
+    <service type="rsync" fixed="yes"/>
+  </affected>
+  <background>
+    <p>
+    The rsync.gentoo.org rotation of servers provides an up to date Portage
+    tree using the rsync file transfer protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    On December 2nd at approximately 03:45 UTC, one of the servers that makes up
+    the rsync.gentoo.org rotation was compromised via a remote exploit.  At this
+    point, we are still performing forensic analysis.  However, the compromised
+    system had both an IDS and a file integrity checker installed and we have a
+    very detailed forensic trail of what happened once the box was breached, so
+    we are reasonably confident that the portage tree stored on that box was
+    unaffected.
+    </p>
+    <p>
+    The attacker appears to have installed a rootkit and modified/deleted some
+    files to cover their tracks, but left the server otherwise untouched.  The
+    box was in a compromised state for approximately one hour before it was
+    discovered and shut down.  During this time, approximately 20 users
+    synchronized against the portage mirror stored on this box.  The method used
+    to gain access to the box remotely is still under investigation.  We will
+    release more details once we have ascertained the cause of the remote
+    exploit.
+    </p>
+    <p>
+    This box is not an official Gentoo infrastructure box and is instead donated
+    by a sponsor.  The box provides other services as well and the sponsor has
+    requested that we not publicly identify the box at this time.  Because the
+    Gentoo part of this box appears to be unaffected by this exploit, we are
+    currently honoring the sponsor's request.  That said, if at any point, we
+    determine that any file in the portage tree was modified in any way, we will
+    release full details about the compromised server.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    There is no known impact at this time.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Again, based on the forensic analysis done so far, we are reasonably
+    confident that no files within the Portage tree on the box were affected.
+    However, the server has been removed from all rsync.*.gentoo.org rotations
+    and will remain so until the forensic analysis has been completed and the
+    box has been wiped and rebuilt.  Thus, users preferring an extra level of
+    security may ensure that they have a correct and accurate portage tree by
+    running:
+    </p>
+    <code>
+    # emerge sync</code>
+    <p>
+    Which will perform a sync against another server and ensure that all files
+    are up to date.
+    </p>
+  </resolution>
+  <references/>
+</glsa>
diff --git a/metadata/glsa/glsa-200312-03.xml b/metadata/glsa/glsa-200312-03.xml
new file mode 100644
index 000000000000..ba3a51f33b9c
--- /dev/null
+++ b/metadata/glsa/glsa-200312-03.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200312-03">
+  <title>rsync: exploitable heap overflow</title>
+  <synopsis>
+    rsync contains a heap overflow vulnerability that can be used to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2003-12-04</announced>
+  <revised count="01">2003-12-04</revised>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">2.5.7</unaffected>
+      <vulnerable range="lt">2.5.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rsync is a popular file transfer package used to synchronize the Portage
+    tree.
+    </p>
+  </background>
+  <description>
+    <p>
+    Rsync version 2.5.6 contains a vulnerability that can be used to run
+    arbitrary code.  The Gentoo infrastructure team has some reasonably good
+    forensic evidence that this exploit may have been used in combination with
+    the Linux kernel do_brk() vulnerability (see GLSA 200312-02) to exploit a
+    rsync.gentoo.org rotation server (see GLSA-200312-01.)
+    </p>
+    <p>
+    Please see http://lwn.net/Articles/61541/ for the security advisory released
+    by the rsync development team.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could execute arbitrary code with the permissions of the
+    root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    To address this vulnerability, all Gentoo users should read GLSA-200312-02
+    and ensure that all systems are upgraded to a version of the Linux kernel
+    without the do_brk() vulnerability, and upgrade to version 2.5.7 of rsync:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=net-misc/rsync-2.5.7'
+    # emerge '&gt;=net-misc/rsync-2.5.7'
+    # emerge clean</code>
+    <p>
+    Review your /etc/rsync/rsyncd.conf configuration file; ensure that the use
+    chroot="no" command is commented out or removed, or change use chroot="no"
+    to use chroot="yes".  Then, if necessary, restart rsyncd:
+    </p>
+    <code>
+    # /etc/init.d/rsyncd restart</code>
+  </resolution>
+  <references>
+    <uri link="https://rsync.samba.org/#security_dec03">Rsync Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962">CAN-2003-0962</uri>
+    <uri link="https://security.gentoo.org/glsa/glsa-200312-02.xml">GLSA-200312-02</uri>
+    <uri link="https://security.gentoo.org/glsa/glsa-200312-01.xml">GLSA-200312-01</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200312-04.xml b/metadata/glsa/glsa-200312-04.xml
new file mode 100644
index 000000000000..1f938427a057
--- /dev/null
+++ b/metadata/glsa/glsa-200312-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200312-04">
+  <title>CVS: malformed module request vulnerability</title>
+  <synopsis>
+    A bug in cvs could allow attempts to create files and directories outside a
+    repository.
+  </synopsis>
+  <product type="ebuild">CVS</product>
+  <announced>2003-12-08</announced>
+  <revised count="01">2003-12-08</revised>
+  <bug>35371</bug>
+  <access>unknown</access>
+  <affected>
+    <package name="dev-util/cvs" auto="yes" arch="*">
+      <unaffected range="ge">1.11.10</unaffected>
+      <vulnerable range="le">1.11.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CVS, which stands for Concurrent Versions System, is a client/server
+    application which tracks changes to sets of files.  It allows multiple users
+    to work concurrently on files, and then merge their changes back into the
+    main tree (which can be on a remote system).  It also allows branching, or
+    maintaining separate versions for files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=84:
+    "Stable CVS 1.11.10 has been released. Stable releases contain only bug
+    fixes from previous versions of CVS. This release fixes a security issue
+    with no known exploits that could cause previous versions of CVS to attempt
+    to create files and directories in the filesystem root. This release also
+    fixes several issues relevant to case insensitive filesystems and some other
+    bugs. We recommend this upgrade for all CVS clients and servers!"
+    </p>
+  </description>
+  <impact type="minimal">
+    <p>
+    Attempts to create files and directories outside the repository may be
+    possible.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gentoo Linux machines with cvs installed should be updated to use
+    dev-util/cvs-1.11.10 or higher:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=dev-util/cvs-1.11.10'
+    # emerge '&gt;=dev-util/cvs-1.11.10'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977">CAN-2003-0977</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200312-05.xml b/metadata/glsa/glsa-200312-05.xml
new file mode 100644
index 000000000000..a07faf7ba339
--- /dev/null
+++ b/metadata/glsa/glsa-200312-05.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200312-05">
+  <title>GnuPG: ElGamal signing keys compromised and format string vulnerability</title>
+  <synopsis>
+    A bug in GnuPG allows ElGamal signing keys to be compromised, and a format
+    string bug in the gpgkeys_hkp utility may allow arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">GnuPG</product>
+  <announced>2003-12-12</announced>
+  <revised count="01">2003-12-12</revised>
+  <bug>34504</bug>
+  <access>unknown</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3-r5</unaffected>
+      <vulnerable range="le">1.2.3-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnuPG is a popular open source signing and encryption tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two flaws have been found in GnuPG 1.2.3.
+    </p>
+    <p>
+    First, ElGamal signing keys can be compromised.  These keys are not commonly
+    used, but this is "a significant security failure which can lead to a
+    compromise of almost all ElGamal keys used for signing.  Note that this is a
+    real world vulnerability which will reveal your private key within a few
+    seconds".
+    </p>
+    <p>
+    Second, there is a format string flaw in the 'gpgkeys_hkp' utility which
+    "would allow a malicious keyserver in the worst case to execute an arbitrary
+    code on the user's machine."
+    </p>
+  </description>
+  <impact type="minimal">
+    <p>
+    If you have used ElGamal keys for signing your private key can be
+    compromised, and a malicious keyserver could remotely execute arbitrary code
+    with the permissions of the user running gpgkeys_hkp.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users who have created ElGamal signing keys should immediately revoke
+    them.  In addition, all Gentoo Linux machines with gnupg installed should be
+    updated to use gnupg-1.2.3-r5 or higher:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=app-crypt/gnupg-1.2.3-r5'
+    # emerge '&gt;=app-crypt/gnupg-1.2.3-r5'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0971">CAN-2003-0971</uri>
+    <uri link="http://marc.theaimsgroup.com/?l=gnupg-announce&amp;m=106992378510843&amp;q=raw">GnuPG Announcement</uri>
+    <uri link="http://www.s-quadra.com/advisories/Adv-20031203.txt">S-Quadra Advisory</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200312-06.xml b/metadata/glsa/glsa-200312-06.xml
new file mode 100644
index 000000000000..584f42ae57cd
--- /dev/null
+++ b/metadata/glsa/glsa-200312-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200312-06">
+  <title>XChat: malformed dcc send request denial of service</title>
+  <synopsis>
+    A bug in XChat could allow malformed dcc send requests to cause a denial of
+    service.
+  </synopsis>
+  <product type="ebuild">xchat</product>
+  <announced>2003-12-14</announced>
+  <revised count="01">2003-12-14</revised>
+  <bug>35623</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/xchat" auto="yes" arch="*">
+      <unaffected range="ge">2.0.6-r1</unaffected>
+      <vulnerable range="eq">2.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XChat is a multiplatform IRC client.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a remotely exploitable bug in XChat 2.0.6 that could lead to a
+    denial of service attack.  Gentoo wishes to thank lloydbates for discovering
+    this bug, as well as jcdutton and rac for submitting patches to fix the bug.
+    </p>
+  </description>
+  <impact type="medium">
+    <p>
+    A malformed DCC packet sent by a remote attacker can cause XChat to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most
+    architectures.  Since it was never marked as stable in the portage tree,
+    only xchat users who have explictly added the unstable keyword to
+    ACCEPT_KEYWORDS are affected.  Users may updated affected machines to the
+    patched version of xchat using the following commands:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=net-irc/xchat-2.0.6-r1'
+    # emerge '&gt;=net-irc/xchat-2.0.6-r1'
+    # emerge clean</code>
+    <p>
+    This assumes that users are running with ACCEPT_KEYWORDS enabled for their
+    architecture.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html">XChat Announcement</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200312-07.xml b/metadata/glsa/glsa-200312-07.xml
new file mode 100644
index 000000000000..cd9870a03b29
--- /dev/null
+++ b/metadata/glsa/glsa-200312-07.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200312-07">
+  <title>Two buffer overflows in lftp</title>
+  <synopsis>
+    Two buffer overflow problems are found in lftp that, in case the user visits
+    a malicious ftp server, could lead to malicious code being executed.
+  </synopsis>
+  <product type="ebuild">lftp</product>
+  <announced>2003-12-13</announced>
+  <revised count="2">2003-12-07</revised>
+  <bug>35866</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/lftp" auto="yes" arch="*">
+      <vulnerable range="lt">2.6.10</vulnerable>
+      <unaffected range="ge">2.6.10</unaffected>
+    </package>
+  </affected>
+  <background>
+    <p>
+    lftp is a multithreaded command-line based FTP client. It allows you to
+    execute multiple commands simultaneously or in the background. If features
+    mirroring capabilities, resuming downloads, etc.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two buffer overflows exist in lftp. Both can occur when the user connects to
+    a malicious web server using the HTTP or HTTPS protocol and issues lftp's
+    "ls" or "rels" commands.
+    </p>
+    <p>
+    Ulf Harnhammar explains:
+    </p>
+    <p>
+    Technically, the problem lies in the file src/HttpDir.cc and the
+    functions try_netscape_proxy() and try_squid_eplf(), which both
+    have sscanf() calls that take data of an arbitrary length and
+    store it in a char array with 32 elements. (Back in version 2.3.0,
+    the problematic code was located in some other function, but the
+    problem existed back then too.) Depending on the HTML document in the 
+    specially prepared directory, buffers will be overflown in either one 
+    function or the other.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    When a user issues "ls" or "rels" on a malicious server, the tftp
+    application can be tricked into running arbitrary code on the user his
+    machine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no workaround available.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gentoo users who have net-ftp/lftp installed should update to use
+    version 2.6.0 or higher using these commands:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=net-ftp/lftp-2.6.10'
+    # emerge '&gt;=net-ftp/lftp-2.6.10'
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0">Initial report by Ulf Harnhammar</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200312-08.xml b/metadata/glsa/glsa-200312-08.xml
new file mode 100644
index 000000000000..f1b5831de4e5
--- /dev/null
+++ b/metadata/glsa/glsa-200312-08.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200312-08">
+  <title>CVS: possible root compromise when using CVS pserver</title>
+  <synopsis>
+    A possible root compromise exists for CVS pservers.
+  </synopsis>
+  <product type="ebuild">cvs</product>
+  <announced>2003-12-28</announced>
+  <revised count="01">2003-12-28</revised>
+  <bug>36142</bug>
+  <access>unknown</access>
+  <affected>
+    <package name="dev-util/cvs" auto="yes" arch="*">
+      <unaffected range="ge">1.11.11</unaffected>
+      <vulnerable range="le">1.11.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CVS, which stands for Concurrent Versions System, is a client/server
+    application which tracks changes to sets of files.  It allows multiple users
+    to work concurrently on files, and then merge their changes back into the
+    main tree (which can be on a remote system).  It also allows branching, or
+    maintaining separate versions for files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=88:
+    "Stable CVS 1.11.11 has been released. Stable releases contain only bug
+    fixes from previous versions of CVS. This release adds code to the CVS
+    server to prevent it from continuing as root after a user login, as an extra
+    failsafe against a compromise of the CVSROOT/passwd file. Previously, any
+    user with the ability to write the CVSROOT/passwd file could execute
+    arbitrary code as the root user on systems with CVS pserver access enabled.
+    We recommend this upgrade for all CVS servers!"
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote user could execute arbitrary code with the permissions of the root
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gentoo Linux machines with cvs installed should be updated to use
+    cvs-1.11.11 or higher.
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv '&gt;=dev-util/cvs-1.11.11'
+    # emerge '&gt;=dev-util/cvs-1.11.11'
+    # emerge clean</code>
+  </resolution>
+  <references/>
+</glsa>
diff --git a/metadata/glsa/glsa-200401-01.xml b/metadata/glsa/glsa-200401-01.xml
new file mode 100644
index 000000000000..4d6e2829bc39
--- /dev/null
+++ b/metadata/glsa/glsa-200401-01.xml
@@ -0,0 +1,227 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200401-01">
+  <title>Linux kernel do_mremap() local privilege escalation vulnerability</title>
+  <synopsis>
+    A critical security vulnerability has been found in recent Linux kernels
+    which allows for local privelege escalation.
+  </synopsis>
+  <product type="ebuild">Kernel</product>
+  <announced>2004-01-08</announced>
+  <revised count="01">2004-01-08</revised>
+  <bug>37292</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-kernel/aa-sources" auto="no" arch="*">
+      <unaffected range="ge">2.4.23-r1</unaffected>
+      <vulnerable range="lt">2.4.23-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/alpha-sources" auto="no" arch="*">
+      <unaffected range="ge">2.4.21-r2</unaffected>
+      <vulnerable range="lt">2.4.21-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/arm-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.19-r2</unaffected>
+      <vulnerable range="lt">2.4.19-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/ck-sources" auto="no" arch="*">
+      <unaffected range="ge">2.4.23-r1</unaffected>
+      <vulnerable range="lt">2.4.23-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/compaq-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.9.32.7-r1</unaffected>
+      <vulnerable range="lt">2.4.9.32.7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/development-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1_rc3</unaffected>
+      <vulnerable range="lt">2.6.1_rc3</vulnerable>
+    </package>
+    <package name="sys-kernel/gaming-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.20-r7</unaffected>
+      <vulnerable range="lt">2.4.20-r7</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1_rc3</unaffected>
+      <vulnerable range="lt">2.6.1_rc3</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
+      <unaffected range="gt">2.4.22-r3</unaffected>
+      <vulnerable range="lt">2.4.22-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/grsec-sources" auto="yes" arch="*">
+      <unaffected range="gt">2.4.23.2.0_rc4-r1</unaffected>
+      <vulnerable range="lt">2.4.23.2.0_rc4-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/gs-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23_pre8-r2</unaffected>
+      <vulnerable range="lt">2.4.23_pre8-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.22-r2</unaffected>
+      <vulnerable range="lt">2.4.22-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23_p4-r2</unaffected>
+      <vulnerable range="lt">2.4.23_p4-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/ia64-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.22-r2</unaffected>
+      <vulnerable range="lt">2.4.22-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/mips-prepatch-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24_pre2-r1</unaffected>
+      <vulnerable range="lt">2.4.24_pre2-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r2</unaffected>
+      <vulnerable range="lt">2.4.23-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/mm-sources" auto="no" arch="*">
+      <unaffected range="ge">2.6.1_rc1-r2</unaffected>
+      <vulnerable range="lt">2.6.1_rc1-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.22-r3</unaffected>
+      <vulnerable range="lt">2.4.22-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/pac-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r1</unaffected>
+      <vulnerable range="lt">2.4.23-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/pfeifer-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21.1_pre4-r1</unaffected>
+      <vulnerable range="lt">2.4.21.1_pre4-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21-r4</unaffected>
+      <vulnerable range="lt">2.4.21-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-development-sources" auto="no" arch="*">
+      <unaffected range="ge">2.6.1_rc1-r1</unaffected>
+      <vulnerable range="lt">2.6.1_rc1-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r1</unaffected>
+      <vulnerable range="lt">2.4.23-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources-benh" auto="yes" arch="*">
+      <unaffected range="ge">2.4.22-r4</unaffected>
+      <vulnerable range="lt">2.4.22-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources-crypto" auto="yes" arch="*">
+      <unaffected range="ge">2.4.20-r2</unaffected>
+      <vulnerable range="lt">2.4.20-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/selinux-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24</unaffected>
+      <vulnerable range="lt">2.4.24</vulnerable>
+    </package>
+    <package name="sys-kernel/sparc-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1_rc2</unaffected>
+      <vulnerable range="lt">2.6.1_rc2</vulnerable>
+    </package>
+    <package name="sys-kernel/sparc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24</unaffected>
+      <vulnerable range="lt">2.4.24</vulnerable>
+    </package>
+    <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r1</unaffected>
+      <vulnerable range="lt">2.4.23-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25_pre4</unaffected>
+      <vulnerable range="lt">2.4.25_pre4</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24</unaffected>
+      <vulnerable range="lt">2.4.24</vulnerable>
+    </package>
+    <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.0-r1</unaffected>
+      <vulnerable range="lt">2.6.0-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/wolk-sources" auto="yes" arch="*">
+      <unaffected range="ge">4.10_pre7-r2</unaffected>
+      <vulnerable range="lt">4.10_pre7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/xfs-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r1</unaffected>
+      <vulnerable range="lt">2.4.23-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux kernel is responsible for memory management in a working
+    system - to allow this, processes are allowed to allocate and unallocate
+    memory.
+    </p>
+  </background>
+  <description>
+    <p>
+    The memory subsystem allows for shrinking, growing, and moving of
+    chunks of memory along any of the allocated memory areas which the kernel
+    posesses. 
+    </p>
+    <p>
+    A typical virtual memory area covers at least one memory page. An incorrect
+    bound check discovered inside the do_mremap() kernel code performing
+    remapping of a virtual memory area may lead to creation of a virtual memory
+    area of 0 bytes length.
+    </p>
+    <p>
+    The problem is based on the general mremap flaw that remapping 2 pages from
+    inside a VMA creates a memory hole of only one page in length but an
+    additional VMA of two pages. In the case of a zero sized remapping request
+    no VMA hole is created but an additional VMA descriptor of 0
+    bytes in length is created.
+    </p>
+    <p>
+    This advisory also addresses an information leak in the Linux RTC system.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Arbitrary code may be able to exploit this vulnerability and may
+    disrupt the operation of other
+    parts of the kernel memory management subroutines finally leading to
+    unexpected behavior.
+    </p>
+    <p>
+    Since no special privileges are required to use the mremap(2) system call
+    any process may misuse its unexpected behavior to disrupt the kernel memory
+    management subsystem. Proper exploitation of this vulnerability may lead to
+    local privilege escalation including execution of arbitrary code
+    with kernel level access.
+    </p>
+    <p>
+    Proof-of-concept exploit code has been created and successfully tested,
+    permitting root escalation on vulnerable systems. As a result, all users
+    should upgrade their kernels to new or patched versions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no temporary workaround - a kernel upgrade is required. A list
+    of unaffected kernels is provided along with this announcement.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to upgrade to the latest available sources for
+    their system:
+    </p>
+    <code>
+    $&gt; emerge sync
+    $&gt; emerge -pv your-favourite-sources
+    $&gt; emerge your-favourite-sources
+    $&gt; # Follow usual procedure for compiling and installing a kernel.
+    $&gt; # If you use genkernel, run genkernel as you would do normally.
+
+    $&gt; # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
+    $&gt; # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+    $&gt; # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
+  </resolution>
+  <references>
+    <uri link="http://isec.pl/vulnerabilities/isec-0012-mremap.txt">Vulnerability</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200401-02.xml b/metadata/glsa/glsa-200401-02.xml
new file mode 100644
index 000000000000..5136e90bfa49
--- /dev/null
+++ b/metadata/glsa/glsa-200401-02.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200401-02">
+  <title>Honeyd remote detection vulnerability via a probe packet</title>
+  <synopsis>
+    Identification of Honeyd installations allows an adversary to launch
+    attacks specifically against Honeyd.  No remote root exploit is currently
+    known.
+  </synopsis>
+  <product type="ebuild">honeyd</product>
+  <announced>2004-01-21</announced>
+  <revised count="01">2004-01-21</revised>
+  <bug>38934</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/honeyd" auto="yes" arch="*">
+      <unaffected range="ge">0.8</unaffected>
+      <vulnerable range="lt">0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Honeyd is a virtual honeypot daemon that can simulate virtual hosts on
+    unallocated IP addresses.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in handling NMAP fingerprints caused Honeyd to reply to TCP
+    packets with both the SYN and RST flags set.  Watching for replies, it is
+    possible to detect IP addresses simulated by Honeyd.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Although there are no public exploits known for Honeyd, the detection
+    of Honeyd IP addresses may in some cases be undesirable.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Honeyd 0.8 has been released along with an advisory to address this 
+    issue. In addition, Honeyd 0.8 drops privileges if permitted by the 
+    configuration file and contains command line flags to force dropping 
+    of privileges.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are recommended to update to honeyd version 0.8:
+    </p>
+    <code>
+    $&gt; emerge sync
+    $&gt; emerge -pv "&gt;=net-analyzer/honeyd-0.8"
+    $&gt; emerge "&gt;=net-analyzer/honeyd-0.8"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.honeyd.org/adv.2004-01.asc">Honeyd Security Advisory 2004-001</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200401-03.xml b/metadata/glsa/glsa-200401-03.xml
new file mode 100644
index 000000000000..05ec55fce802
--- /dev/null
+++ b/metadata/glsa/glsa-200401-03.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200401-03">
+  <title>Apache mod_python Denial of Service vulnerability</title>
+  <synopsis>
+    Apache's mod_python module could crash the httpd process if a specific,
+    malformed query string was sent.
+  </synopsis>
+  <product type="ebuild">mod_python</product>
+  <announced>2004-01-27</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>39154</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_python" auto="yes" arch="*">
+      <unaffected range="ge">2.7.10</unaffected>
+      <vulnerable range="lt">2.7.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mod_python is an Apache module that embeds the Python interpreter
+    within the server allowing Python-based web-applications to be
+    created.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Apache Foundation has reported that mod_python may be prone to
+    Denial of Service attacks when handling a malformed
+    query. Mod_python 2.7.9 was released to fix the vulnerability,
+    however, because the vulnerability has not been fully fixed,
+    version 2.7.10 has been released.
+    </p>
+    <p>
+    Users of mod_python 3.0.4 are not affected by this vulnerability.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Although there are no known public exploits known for this
+    exploit, users are recommended to upgrade mod_python to ensure the
+    security of their infrastructure.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Mod_python 2.7.10 has been released to solve this issue; there is
+    no immediate workaround.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users using mod_python 2.7.9 or below are recommended to
+    update their mod_python installation:
+    </p>
+    <code>
+    $&gt; emerge sync
+    $&gt; emerge -pv "&gt;=www-apache/mod_python-2.7.10"
+    $&gt; emerge "&gt;=www-apache/mod_python-2.7.10"
+    $&gt; /etc/init.d/apache restart</code>
+  </resolution>
+  <references>
+    <uri link="https://www.modpython.org/pipermail/mod_python/2004-January/014879.html">Mod_python 2.7.10 release announcement</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200401-04.xml b/metadata/glsa/glsa-200401-04.xml
new file mode 100644
index 000000000000..18ff7c576368
--- /dev/null
+++ b/metadata/glsa/glsa-200401-04.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200401-04">
+  <title>GAIM 0.75 Remote overflows</title>
+  <synopsis>
+    Various overflows in the handling of AIM DirectIM packets was revealed in
+    GAIM that could lead to a remote compromise of the IM client.
+  </synopsis>
+  <product type="ebuild">GAIM</product>
+  <announced>2004-01-26</announced>
+  <revised count="01">2004-01-26</revised>
+  <bug>39470</bug>
+  <access>man-in-the-middle</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">0.75-r7</unaffected>
+      <vulnerable range="lt">0.75-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a multi-platform and multi-protocol instant messaging
+    client.  It is compatible with AIM , ICQ, MSN Messenger, Yahoo,
+    IRC, Jabber, Gadu-Gadu, and the Zephyr networks.
+    </p>
+  </background>
+  <description>
+    <p>
+    Yahoo changed the authentication methods to their IM servers,
+    rendering GAIM useless. The GAIM team released a rushed release
+    solving this issue, however, at the same time a code audit
+    revealed 12 new vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Due to the nature of instant messaging many of these bugs require
+    man-in-the-middle attacks between the client and the server. But
+    the underlying protocols are easy to implement and attacking
+    ordinary TCP sessions is a fairly simple task. As a result, all
+    users are advised to upgrade their GAIM installation.
+    </p>
+    <ul>
+      <li>
+        Users of GAIM 0.74 or below are affected by 7 of the
+        vulnerabilities and are encouraged to upgrade.
+      </li>
+      <li>
+        Users of GAIM 0.75 are affected by 11 of the vulnerabilities
+        and are encouraged to upgrade to the patched version of GAIM
+        offered by Gentoo.
+      </li>
+      <li>
+        Users of GAIM 0.75-r6 are only affected by
+        4 of the vulnerabilities, but are still urged to upgrade to
+        maintain security.
+      </li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no immediate workaround; a software upgrade is required.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are recommended to upgrade GAIM to 0.75-r7.
+    </p>
+    <code>
+    $&gt; emerge sync
+    $&gt; emerge -pv "&gt;=net-im/gaim-0.75-r7"
+    $&gt; emerge "&gt;=net-im/gaim-0.75-r7"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/351235/2004-01-23/2004-01-29/0">Security advisory from Stefan Esser</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200402-01.xml b/metadata/glsa/glsa-200402-01.xml
new file mode 100644
index 000000000000..5a6d84a313ac
--- /dev/null
+++ b/metadata/glsa/glsa-200402-01.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200402-01">
+  <title>PHP setting leaks from .htaccess files on virtual hosts</title>
+  <synopsis>
+    If the server configuration "php.ini" file has
+    "register_globals = on" and a request is made to one virtual host
+    (which has "php_admin_flag register_globals off") and the next
+    request is sent to the another virtual host (which does not have the
+    setting) global variables may leak and may be used to exploit the 
+    site.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2004-02-07</announced>
+  <revised count="01">2004-02-07</revised>
+  <bug>39952</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/mod_php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.4-r4</unaffected>
+      <vulnerable range="lt">4.3.4-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    If the server configuration "php.ini" file has
+    "register_globals = on" and a request is made to one virtual host
+    (which has "php_admin_flag register_globals off") and the next
+    request is sent to the another virtual host (which does not have the
+    setting) through the same apache child, the setting will persist.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Depending on the server and site, an attacker may be able to exploit
+    global variables to gain access to reserved areas, such as MySQL passwords,
+    or this vulnerability may simply cause a lack of functionality. As a
+    result, users are urged to upgrade their PHP installations.
+    </p>
+    <p>
+    Gentoo ships PHP with "register_globals" set to "off"
+    by default.
+    </p>
+    <p>    
+    This issue affects both servers running Apache 1.x and servers running
+    Apache 2.x.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    No immediate workaround is available; a software upgrade is required.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are recommended to upgrade their PHP installation to 4.3.4-r4:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=dev-php/mod_php-4.3.4-r4"
+    # emerge "&gt;=dev-php/mod_php-4.3.4-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://bugs.php.net/bug.php?id=25753">Corresponding PHP bug</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200402-02.xml b/metadata/glsa/glsa-200402-02.xml
new file mode 100644
index 000000000000..007bbf00ad57
--- /dev/null
+++ b/metadata/glsa/glsa-200402-02.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200402-02">
+  <title>XFree86 Font Information File Buffer Overflow</title>
+  <synopsis>
+    Exploitation of a buffer overflow in the XFree86 Project Inc.'s XFree86 X
+    Window System allows local attackers to gain root privileges.
+  </synopsis>
+  <product type="ebuild">200402-02</product>
+  <announced>2004-02-11</announced>
+  <revised count="01">2004-02-11</revised>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xfree" auto="yes" arch="*">
+      <vulnerable range="lt">4.3.99.902-r1</vulnerable>
+      <unaffected range="eq">4.2.1-r3</unaffected>
+      <unaffected range="eq">4.3.0-r4</unaffected>
+      <unaffected range="ge">4.3.99.902-r1</unaffected>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XFree86, provides a client/server interface between display
+    hardware and the desktop environment while also providing both the
+    windowing infrastructure and a standardized API. XFree86 is
+    platform independent, network-transparent and extensible.
+    </p>
+  </background>
+  <description>
+    <p>
+    Exploitation of a buffer overflow in The XFree86 Window System
+    discovered by iDefence allows local attackers to gain root
+    privileges.
+    </p>
+    <p>
+    The problem exists in the parsing of the 'font.alias' file. The X
+    server (running as root) fails to check the length of the user
+    provided input, so a malicious user may craft a malformed
+    'font.alias' file causing a buffer overflow upon parsing,
+    eventually leading to the execution of arbitrary code.
+    </p>
+    <p>
+    To reproduce the overflow on the command line one can run:
+    </p>
+    <code>
+    # cat &gt; fonts.dir &lt;&lt;EOF 
+    1
+    word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1
+    EOF
+    # perl -e 'print "0" x 1024 . "A" x 96 . "\n"' &gt; fonts.alias
+    # X :0 -fp $PWD</code>
+    <p>
+    {Some output removed}... Server aborting... Segmentation fault (core dumped)
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Successful exploitation can lead to a root compromise provided
+    that the attacker is able to execute commands in the X11
+    subsystem. This can be done either by having console access to the
+    target or through a remote exploit against any X client program
+    such as a web-browser, mail-reader or game.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    No immediate workaround is available; a software upgrade is required.
+    </p>
+    <p>
+    Gentoo has released XFree 4.2.1-r3, 4.3.0-r4 and 4.3.99.902-r1 and
+    encourages all users to upgrade their XFree86
+    installations. Vulnerable versions are no longer available in
+    Portage.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are recommended to upgrade their XFree86 installation:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv x11-base/xfree
+    # emerge x11-base/xfree</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083">CVE: CAN-2004-0083</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=72&amp;type=vulnerabilities">Vulnerability:
+    XFree86 Font Information File Buffer Overflow</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200402-03.xml b/metadata/glsa/glsa-200402-03.xml
new file mode 100644
index 000000000000..5ebd0375da39
--- /dev/null
+++ b/metadata/glsa/glsa-200402-03.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200402-03">
+  <title>Monkeyd Denial of Service vulnerability</title>
+  <synopsis>
+    A bug in get_real_string() function allows for a Denial of Service attack to be
+    launched against the webserver.
+  </synopsis>
+  <product type="ebuild">monkeyd</product>
+  <announced>2004-02-11</announced>
+  <revised count="01">2004-02-11</revised>
+  <bug>41156</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/monkeyd" auto="yes" arch="*">
+      <unaffected range="ge">0.8.2</unaffected>
+      <vulnerable range="lt">0.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Monkey HTTP daemon is a Web server written in C that works
+    under Linux and is based on the HTTP/1.1 protocol. It aims to develop
+    a fast, efficient and small web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in the URI processing of incoming requests allows for a Denial of
+    Service to be launched against the webserver, which may cause the server
+    to crash or behave sporadically.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Although there are no public exploits known for bug, users are recommended
+    to upgrade to ensure the security of their infrastructure.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no immediate workaround; a software upgrade is
+    required. The vulnerable function in the code has been rewritten.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are recommended to upgrade monkeyd to 0.8.2:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=www-servers/monkeyd-0.8.2"
+    # emerge "&gt;=www-servers/monkeyd-0.8.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cvs.sourceforge.net/viewcvs.py/monkeyd/monkeyd/src/utils.c?r1=1.3&amp;r2=1.4">CVS Patch</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200402-04.xml b/metadata/glsa/glsa-200402-04.xml
new file mode 100644
index 000000000000..f1128e938d9c
--- /dev/null
+++ b/metadata/glsa/glsa-200402-04.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200402-04">
+  <title>Gallery 1.4.1 and below remote exploit vulnerability</title>
+  <synopsis>
+    The Gallery developers have discovered a potentially serious security flaw
+    in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1 which can allow a 
+    remote exploit of your webserver.
+  </synopsis>
+  <product type="ebuild">Gallery</product>
+  <announced>2004-02-11</announced>
+  <revised count="01">2004-02-11</revised>
+  <bug>39638</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1_p1</unaffected>
+      <vulnerable range="lt">1.4.1_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is an open source image management system written in PHP.
+    More information is available at http://gallery.sourceforge.net
+    </p>
+  </background>
+  <description>
+    <p>
+    Starting in the 1.3.1 release, Gallery includes code to simulate the behaviour
+    of the PHP 'register_globals' variable in environments where that setting
+    is disabled.  It is simulated by extracting the values of the various
+    $HTTP_ global variables into the global namespace.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A crafted URL such as 
+    http://example.com/gallery/init.php?HTTP_POST_VARS=xxx  causes the
+    'register_globals' simulation code to overwrite the $HTTP_POST_VARS which,
+    when it is extracted, will deliver the given payload. If the
+    payload compromises $GALLERY_BASEDIR then the malicious user can perform a
+    PHP injection exploit and gain remote access to the webserver with PHP 
+    user UID access rights.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The workaround for the vulnerability is to replace init.php and
+    setup/init.php with the files in the following ZIP file:
+    http://prdownloads.sourceforge.net/gallery/patch_1.4.1-to-1.4.1-pl1.zip?download 
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are encouraged to upgrade their gallery installation:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -p "&gt;=www-apps/gallery-1.4.1_p1"
+    # emerge "&gt;=www-apps/gallery-1.4.1_p1"</code>
+  </resolution>
+  <references>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200402-05.xml b/metadata/glsa/glsa-200402-05.xml
new file mode 100644
index 000000000000..607d8d63a649
--- /dev/null
+++ b/metadata/glsa/glsa-200402-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200402-05">
+  <title>phpMyAdmin &lt; 2.5.6-rc1: possible attack against export.php</title>
+  <synopsis>
+    A vulnerability in phpMyAdmin which was not properly verifying user
+    generated input could lead to a directory traversal attack.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2004-02-17</announced>
+  <revised count="01">2004-02-17</revised>
+  <bug>40268</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.5.6_rc1</unaffected>
+      <vulnerable range="le">2.5.5_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the administration
+    of MySQL databased over the Web.
+    </p>
+  </background>
+  <description>
+    <p>
+    One component of the phpMyAdmin software package (export.php) does not
+    properly verify input that is passed to it from a remote user.  Since the
+    input is used to include other files, it is possible to launch a directory
+    traversal attack.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Private information could be gleaned from the remote server if an attacker
+    uses a malformed URL such as http://phpmyadmin.example.com/export.php?what=../../../[existing_file] 
+    </p>
+    <p>
+    In this scenario, the script does not sanitize the "what" argument passed
+    to it, allowing directory traversal attacks to take place, disclosing
+    the contents of files if the file is readable as the web-server user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The workaround is to either patch the export.php file using the 
+    referenced CVS patch or upgrade the software via Portage.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to upgrade to phpMyAdmin-2.5.6_rc1:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=dev-db/phpmyadmin-2.5.6_rc1"
+    # emerge "&gt;=dev-db/phpmyadmin-2.5.6_rc1"
+    # emerge clean</code>
+  </resolution>
+  <references>
+    <uri link="https://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/export.php?r1=2.3&amp;r2=2.3.2.1">CVS Patch</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200402-06.xml b/metadata/glsa/glsa-200402-06.xml
new file mode 100644
index 000000000000..74d464f6ddfb
--- /dev/null
+++ b/metadata/glsa/glsa-200402-06.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200402-06">
+  <title>Updated kernel packages fix the AMD64 ptrace vulnerability</title>
+  <synopsis>
+    A vulnerability has been discovered by in the ptrace emulation code for
+    AMD64 platforms when eflags are processed, allowing a local user to obtain
+    elevated priveleges. 
+  </synopsis>
+  <product type="ebuild">Kernel</product>
+  <announced>2004-02-17</announced>
+  <revised count="01">2004-02-17</revised>
+  <access>local</access>
+  <affected>
+    <package name="sys-kernel/ck-sources" auto="yes" arch="amd64">
+      <unaffected range="ge">2.6.2</unaffected>
+      <vulnerable range="lt">2.6.2</vulnerable>
+    </package>
+    <package name="sys-kernel/development-sources" auto="yes" arch="amd64">
+      <unaffected range="ge">2.6.2</unaffected>
+      <vulnerable range="lt">2.6.2</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="amd64">
+      <unaffected range="ge">2.6.2</unaffected>
+      <vulnerable range="lt">2.6.2</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-sources" auto="yes" arch="amd64">
+      <unaffected range="ge">2.4.22-r6</unaffected>
+      <vulnerable range="lt">2.4.22-r6</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-test-sources" auto="yes" arch="amd64">
+      <unaffected range="ge">2.6.2-r1</unaffected>
+      <vulnerable range="lt">2.6.2</vulnerable>
+    </package>
+    <package name="sys-kernel/gs-sources" auto="yes" arch="amd64">
+      <unaffected range="ge">2.4.25_pre7-r1</unaffected>
+      <vulnerable range="lt">2.4.25_pre7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="amd64">
+      <unaffected range="ge">2.4.25_rc3</unaffected>
+      <vulnerable range="lt">2.4.25_rc3</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-sources" auto="yes" arch="amd64">
+      <unaffected range="ge">2.4.24-r1</unaffected>
+      <vulnerable range="lt">2.4.24-r1</vulnerable>
+    </package>
+  </affected>
+  <description>
+    <p>
+    A vulnerability has been discovered by Andi Kleen in the ptrace emulation
+    code for AMD64 platforms when eflags are processed, allowing a local user
+    to obtain elevated priveleges.  The Common Vulnerabilities and Exposures
+    project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Only users of the AMD64 platform are affected: in this scenario, a user may
+    be able to obtain elevated priveleges, including root access. However, no
+    public exploit is known for the vulnerability at this time.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no temporary workaround - a kernel upgrade is required. A list of
+    unaffected kernels is provided along with this announcement.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to upgrade to the latest available sources for
+    their system:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv your-favourite-sources
+    # emerge your-favourite-sources
+    # # Follow usual procedure for compiling and installing a kernel.
+    # # If you use genkernel, run genkernel as you would do normally.
+    </code>
+    <code>
+    # # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
+    # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+    # # REPORTS THAT THE SAME VERSION IS INSTALLED.
+    </code>
+  </resolution>
+  <references>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200402-07.xml b/metadata/glsa/glsa-200402-07.xml
new file mode 100644
index 000000000000..56ce1869f6d4
--- /dev/null
+++ b/metadata/glsa/glsa-200402-07.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200402-07">
+  <title>Clam Antivirus DoS vulnerability</title>
+  <synopsis>
+    Oliver Eikemeier has reported a vulnerability in Clam AV, which can be
+    exploited by a malformed uuencoded message causing a denial of service for
+    programs that rely on the clamav daemon, such as SMTP daemons.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2004-02-17</announced>
+  <revised count="01">2004-02-17</revised>
+  <bug>41248</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.67</unaffected>
+      <vulnerable range="lt">0.67</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a GPLed anti-virus toolkit, designed for integration with
+    mail servers to perform attachment scanning. Clam AV also provides a
+    command line scanner and a tool for fetching updates of the virus database.
+    </p>
+  </background>
+  <description>
+    <p>
+    Oliver Eikemeier of Fillmore Labs discovered the overflow in Clam AV 0.65
+    when it handled malformed UUEncoded messages, causing the daemon to shut
+    down.
+    </p>
+    <p>
+    The problem originated in libclamav which calculates the line length of an
+    uuencoded message by taking the ASCII value of the first character minus 64
+    while doing an assertion if the length is not in the allowed range,
+    effectively terminating the calling program as clamav would not be
+    available.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malformed message would cause a denial of service,
+    and depending on the server configuration this may impact other daemons
+    relying on Clam AV in a fatal manner.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no immediate workaround, a software upgrade is required.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are urged to upgrade their Clam AV installations to Clam AV 0.67:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=app-antivirus/clamav-0.6.7"
+    # emerge "&gt;=app-antivirus/clamav-0.6.7"</code>
+  </resolution>
+  <references>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-01.xml b/metadata/glsa/glsa-200403-01.xml
new file mode 100644
index 000000000000..982f9ebfc6fb
--- /dev/null
+++ b/metadata/glsa/glsa-200403-01.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-01">
+  <title>Libxml2 URI Parsing Buffer Overflow Vulnerabilities</title>
+  <synopsis>
+    A buffer overflow has been discovered in libxml2 versions prior to
+    2.6.6 which may be exploited by an attacker allowing the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">libxml</product>
+  <announced>2004-03-05</announced>
+  <revised count="01">2004-03-05</revised>
+  <bug>42735</bug>
+  <access>local and remote combination</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.6.6</unaffected>
+      <vulnerable range="lt">2.6.6</vulnerable>
+    </package>
+  </affected>
+  <description>
+    <p>
+    Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
+    When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2
+    uses parsing routines that can overflow a buffer caused by improper bounds
+    checking if they are passed a URL longer than 4096 bytes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If an attacker is able to exploit an application using libxml2 that parses
+    remote resources, then this flaw could be used to execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    No workaround is available; users are urged to upgrade libxml2 to 2.6.6.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are recommended to upgrade their libxml2 installation:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=dev-libs/libxml2-2.6.6"
+    # emerge "&gt;=dev-libs/libxml2-2.6.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110">CVE 2004-0110</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-02.xml b/metadata/glsa/glsa-200403-02.xml
new file mode 100644
index 000000000000..d93f6242f889
--- /dev/null
+++ b/metadata/glsa/glsa-200403-02.xml
@@ -0,0 +1,241 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-02">
+  <title>Linux kernel do_mremap local privilege escalation vulnerability</title>
+  <synopsis>
+    A critical security vulnerability has been found in recent Linux kernels by
+    Paul Starzetz of iSEC Security Research which allows for local privilege
+    escalations.
+  </synopsis>
+  <product type="ebuild">Kernel</product>
+  <announced>2004-03-05</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>42024</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-kernel/aa-sources" auto="no" arch="*">
+      <unaffected range="ge">2.4.23-r1</unaffected>
+      <vulnerable range="lt">2.4.23-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/alpha-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21-r4</unaffected>
+      <vulnerable range="lt">2.4.21-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/ck-sources" auto="no" arch="*">
+      <unaffected range="eq">2.4.24-r1</unaffected>
+      <unaffected range="ge">2.6.2-r1</unaffected>
+      <vulnerable range="lt">2.6.2-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/compaq-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.9.32.7-r2</unaffected>
+      <vulnerable range="lt">2.4.9.32.7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/development-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.3_rc1</unaffected>
+      <vulnerable range="lt">2.6.3_rc1</vulnerable>
+    </package>
+    <package name="sys-kernel/gaming-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.20-r8</unaffected>
+      <vulnerable range="lt">2.4.20-r8</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.3_rc1</unaffected>
+      <vulnerable range="lt">2.6.3_rc1</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
+      <unaffected range="eq">2.4.19-r11</unaffected>
+      <unaffected range="eq">2.4.20-r12</unaffected>
+      <unaffected range="ge">2.4.22-r7</unaffected>
+      <vulnerable range="lt">2.4.22-r7</vulnerable>
+    </package>
+    <package name="sys-kernel/grsec-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24.1.9.13-r1</unaffected>
+      <vulnerable range="lt">2.4.24.1.9.13-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/gs-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25_pre7-r2</unaffected>
+      <vulnerable range="lt">2.4.25_pre7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r1</unaffected>
+      <vulnerable range="lt">2.4.24-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.2_p3-r1</unaffected>
+      <vulnerable range="lt">2.6.2_p3-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24_p0-r1</unaffected>
+      <vulnerable range="lt">2.4.24_p0-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/ia64-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r1</unaffected>
+      <vulnerable range="lt">2.4.24-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/mips-prepatch-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25_pre6-r1</unaffected>
+      <vulnerable range="lt">2.4.25_pre6-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25_rc4</unaffected>
+      <vulnerable range="lt">2.4.25_rc4</vulnerable>
+    </package>
+    <package name="sys-kernel/mm-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.3_rc1-r1</unaffected>
+      <vulnerable range="lt">2.6.3_rc1-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.22-r4</unaffected>
+      <vulnerable range="lt">2.4.22-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/pac-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r3</unaffected>
+      <vulnerable range="lt">2.4.23-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21-r5</unaffected>
+      <vulnerable range="lt">2.4.21-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-development-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.3_rc1-r1</unaffected>
+      <vulnerable range="lt">2.6.3_rc1-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r1</unaffected>
+      <vulnerable range="lt">2.4.24-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources-benh" auto="yes" arch="*">
+      <unaffected range="ge">2.4.22-r5</unaffected>
+      <vulnerable range="lt">2.4.22-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources-crypto" auto="yes" arch="*">
+      <unaffected range="ge">2.4.20-r3</unaffected>
+      <vulnerable range="lt">2.4.20-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources-dev" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r2</unaffected>
+      <vulnerable range="lt">2.4.24-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/selinux-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r2</unaffected>
+      <vulnerable range="lt">2.4.24-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/sparc-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.3_rc1</unaffected>
+      <vulnerable range="lt">2.6.3_rc1</vulnerable>
+    </package>
+    <package name="sys-kernel/sparc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r2</unaffected>
+      <vulnerable range="lt">2.4.24-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.24-r1</unaffected>
+      <unaffected range="rge">2.4.26</unaffected>
+      <unaffected range="ge">2.6.3-r1</unaffected>
+      <vulnerable range="lt">2.6.3-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25_rc4</unaffected>
+      <vulnerable range="lt">2.4.25_rc4</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25</unaffected>
+      <vulnerable range="lt">2.4.25</vulnerable>
+    </package>
+    <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+      <unaffected range="eq">2.4.23-r2</unaffected>
+      <unaffected range="ge">2.6.2-r1</unaffected>
+      <vulnerable range="lt">2.6.2-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/wolk-sources" auto="yes" arch="*">
+      <unaffected range="eq">4.9-r4</unaffected>
+      <unaffected range="ge">4.10_pre7-r3</unaffected>
+      <vulnerable range="lt">4.10_pre7-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/xfs-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r2</unaffected>
+      <vulnerable range="lt">2.4.24-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux kernel is responsible for memory management in a working
+    system - to allow this, processes are allowed to allocate and
+    unallocate memory.
+    </p>
+  </background>
+  <description>
+    <p>
+    The memory subsystem allows for shrinking, growing, and moving of
+    chunks of memory along any of the allocated memory areas which the
+    kernel posesses.
+    </p>
+    <p>
+    To accomplish this, the do_mremap code calls the do_munmap() kernel
+    function to remove any old memory mappings in the new location - but,
+    the code doesn't check the return value of the do_munmap() function
+    which may fail if the maximum number of available virtual memory area
+    descriptors has been exceeded.
+    </p>
+    <p>
+    Due to the missing return value check after trying to unmap the middle
+    of the first memory area, the corresponding page table entries from the
+    second new area are inserted into the page table locations described by
+    the first old one, thus they are subject to page protection flags of
+    the first area. As a result, arbitrary code can be executed.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Arbitrary code with normal non-super-user privelerges may be able to
+    exploit this vulnerability and may disrupt the operation of other parts
+    of the kernel memory management subroutines finally leading to
+    unexpected behavior.
+    </p>
+    <p>
+    Since no special privileges are required to use the mremap() and
+    mummap() system calls any process may misuse this unexpected behavior
+    to disrupt the kernel memory management subsystem. Proper exploitation
+    of this vulnerability may lead to local privilege escalation allowing
+    for the execution of arbitrary code with kernel level root access.
+    </p>
+    <p>
+    Proof-of-concept exploit code has been created and successfully tested,
+    permitting root escalation on vulnerable systems. As a result, all
+    users should upgrade their kernels to new or patched versions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Users who are unable to upgrade their kernels may attempt to use
+    "sysctl -w vm.max_map_count=1000000", however, this is a temporary fix
+    which only solves the problem by increasing the number of memory areas
+    that can be created by each process. Because of the static nature of
+    this workaround, it is not recommended and users are urged to upgrade
+    their systems to the latest avaiable patched sources.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to upgrade to the latest available sources for
+    their system:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv your-favourite-sources
+    # emerge your-favourite-sources
+    # # Follow usual procedure for compiling and installing a kernel.
+    # # If you use genkernel, run genkernel as you would do normally.
+    
+    # # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
+    # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+    # # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
+  </resolution>
+  <references>
+    <uri link="http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt">Advisory released by iSEC</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0077">CVE-2004-0077</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-02T12:59:08Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-03.xml b/metadata/glsa/glsa-200403-03.xml
new file mode 100644
index 000000000000..973db79640d1
--- /dev/null
+++ b/metadata/glsa/glsa-200403-03.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-03">
+  <title>Multiple OpenSSL Vulnerabilities</title>
+  <synopsis>
+    Three vulnerabilities have been found in OpenSSL via a commercial test
+    suite for the TLS protocol developed by Codenomicon Ltd.
+  </synopsis>
+  <product type="ebuild">OpenSSL</product>
+  <announced>2004-03-17</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>44941</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.7d</unaffected>
+      <unaffected range="eq">0.9.6m</unaffected>
+      <vulnerable range="le">0.9.7c</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The OpenSSL Project is a collaborative effort to develop a robust,
+    commercial-grade, full-featured, and Open Source toolkit implementing
+    the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
+    v1) protocols as well as a full-strength general purpose cryptography
+    library.
+    </p>
+  </background>
+  <description>
+    <ol>
+    <li>
+    Testing performed by the OpenSSL group using the Codenomicon TLS Test
+    Tool uncovered a null-pointer assignment in the do_change_cipher_spec()
+    function. A remote attacker could perform a carefully crafted SSL/TLS
+    handshake against a server that used the OpenSSL library in such a way
+    as to cause OpenSSL to crash. Depending on the application this could
+    lead to a denial of service. All versions of OpenSSL from 0.9.6c to
+    0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by
+    this issue.
+    </li>
+    <li>
+    A flaw has been discovered in SSL/TLS handshaking code when using
+    Kerberos ciphersuites. A remote attacker could perform a carefully
+    crafted SSL/TLS handshake against a server configured to use Kerberos
+    ciphersuites in such a way as to cause OpenSSL to crash. Most
+    applications have no ability to use Kerberos cipher suites and will
+    therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL
+    are affected by this issue.
+    </li>
+    <li>
+    Testing performed by the OpenSSL group using the Codenomicon TLS Test
+    Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead
+    to a Denial of Service attack (infinite loop). This issue was traced to
+    a fix that was added to OpenSSL 0.9.6d some time ago. This issue will
+    affect vendors that ship older versions of OpenSSL with backported
+    security patches.
+    </li>
+    </ol>
+  </description>
+  <impact type="normal">
+    <p>
+    Although there are no public exploits known for bug, users are
+    recommended to upgrade to ensure the security of their infrastructure.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no immediate workaround; a software upgrade is required. The
+    vulnerable function in the code has been rewritten.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=dev-libs/openssl-0.9.7d"
+    # emerge "&gt;=dev-libs/openssl-0.9.7d"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079">CVE-2004-0079</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0081">CVE-2004-0081</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112">CVE-2004-0112</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-22T05:54:03Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-04.xml b/metadata/glsa/glsa-200403-04.xml
new file mode 100644
index 000000000000..e39329486ca0
--- /dev/null
+++ b/metadata/glsa/glsa-200403-04.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-04">
+  <title>Multiple security vulnerabilities in Apache 2</title>
+  <synopsis>
+    A memory leak in mod_ssl allows a remote denial of service attack against
+    an SSL-enabled server via plain HTTP requests. Another flaw was found when
+    arbitrary client-supplied strings can be written to the error log, allowing
+    the exploit of certain terminal emulators. A third flaw exists with the
+    mod_disk_cache module.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2004-03-22</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>45206</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="eq">1.3*</unaffected>
+      <unaffected range="ge">2.0.49</unaffected>
+      <vulnerable range="le">2.0.48</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP Server Project is an effort to develop and maintain an
+    open-source HTTP server for modern operating systems. The goal of this
+    project is to provide a secure, efficient and extensible server that
+    provides services in tune with the current HTTP standards.
+    </p>
+  </background>
+  <description>
+    <p>
+    Three vulnerabilities were found:
+    </p>
+    <ol>
+    <li>
+    A memory leak in ssl_engine_io.c for mod_ssl in Apache 2.0.48 and below
+    allows remote attackers to cause a denial of service attack via plain
+    HTTP requests to the SSL port of an SSL-enabled server.
+    </li>
+    <li>
+    Apache fails to filter terminal escape sequences from error logs that
+    begin with the ASCII (0x1B) sequence and are followed by a  series of
+    arguments. If a remote attacker could inject escape sequences into an
+    Apache error log, the attacker could take advantages of weaknesses in
+    various terminal emulators, launching attacks against remote users
+    including further denial of service attacks, file modification, and the
+    execution of arbitrary commands.
+    </li>
+    <li>
+    The Apache mod_disk_cache has been found to be vulnerable to a weakness
+    that allows attackers to gain access to authentication credentials
+    through the issue of caching HTTP hop-by-hop headers which would
+    contain plaintext user passwords. There is no available resolution for
+    this issue yet.
+    </li>
+    </ol>
+  </description>
+  <impact type="normal">
+    <p>
+    No special privileges are required for these vulnerabilities. As a
+    result, all users are recommended to upgrade their Apache
+    installations.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no immediate workaround; a software upgrade is required. There
+    is no workaround for the mod_disk_cache issue; users are recommended to
+    disable the feature on their servers until a patched version is
+    released.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are urged to upgrade to Apache 2.0.49:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=www-servers/apache-2.0.49"
+    # emerge "&gt;=www-servers/apache-2.0.49"
+    
+    # ** IMPORTANT **
+    
+    # If you are migrating from Apache 2.0.48-r1 or earlier versions,
+    # it is important that the following directories are removed.
+    
+    # The following commands should cause no data loss since these
+    # are symbolic links.
+    
+    # rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules
+    # rm /etc/apache2/modules
+    
+    # ** ** ** ** **
+    
+    # ** ALSO NOTE **
+    
+    # Users who use mod_disk_cache should edit their Apache
+    # configuration and disable mod_disk_cache.</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/9933/info/">Apache mod_disk_cache authentication storage weakness vulnerability</uri>
+    <uri link="https://www.apache.org/dist/httpd/Announcement2.html">Apache HTTP Server 2.0.49 Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-22T05:52:59Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-05.xml b/metadata/glsa/glsa-200403-05.xml
new file mode 100644
index 000000000000..2f13ee30d4f6
--- /dev/null
+++ b/metadata/glsa/glsa-200403-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-05">
+  <title>UUDeview MIME Buffer Overflow</title>
+  <synopsis>
+    A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe
+    extensions) may cause UUDeview to crash or execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">UUDeview</product>
+  <announced>2004-03-26</announced>
+  <revised count="01">2004-03-26</revised>
+  <bug>44859</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/uudeview" auto="yes" arch="*">
+      <unaffected range="ge">0.5.20</unaffected>
+      <vulnerable range="lt">0.5.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    UUDeview is a program which is used to transmit binary files over the
+    Internet in a text-only format. It is commonly used for email and Usenet
+    attachments. It supports multiple encoding formats, including Base64,
+    BinHex and UUEncoding.
+    </p>
+  </background>
+  <description>
+    <p>
+    By decoding a MIME archive with excessively long strings for various
+    parameters, it is possible to crash UUDeview, or cause it to execute
+    arbitrary code.
+    </p>
+    <p>
+    This vulnerability was originally reported by iDEFENSE as part of a WinZip
+    advisory [ Reference: 1 ].
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could create a specially-crafted MIME file and send it via
+    email. When recipient decodes the file, UUDeview may execute arbitrary code
+    which is embedded in the MIME file, thus granting the attacker access to
+    the recipient's account.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. As a result, a software upgrade
+    is required and users should upgrade to uudeview 0.5.20.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to uudeview 0.5.20:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=app-text/uudeview-0.5.20"
+    # emerge "&gt;=app-text/uudeview-0.5.20"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=76&amp;type=vulnerabilities">iDEFENSE advisory</uri>
+    <uri link="http://www.securityfocus.com/bid/9758">SecurityFocus advisory</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-06.xml b/metadata/glsa/glsa-200403-06.xml
new file mode 100644
index 000000000000..8af4e523d78d
--- /dev/null
+++ b/metadata/glsa/glsa-200403-06.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-06">
+  <title>Multiple remote buffer overflow vulnerabilities in Courier</title>
+  <synopsis>
+    Remote buffer overflow vulnerabilities have been found in Courier-IMAP and
+    Courier MTA. These exploits may allow the execution of abritrary code,
+    allowing unauthorized access to a vulnerable system. 
+  </synopsis>
+  <product type="ebuild">Courier</product>
+  <announced>2004-03-26</announced>
+  <revised count="01">2004-03-26</revised>
+  <bug>45584</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/courier-imap" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0</unaffected>
+      <vulnerable range="lt">3.0.0</vulnerable>
+    </package>
+    <package name="mail-mta/courier" auto="yes" arch="*">
+      <unaffected range="ge">0.45</unaffected>
+      <vulnerable range="lt">0.45</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Courier MTA is a multiprotocol mail server suite that provides webmail,
+    mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server
+    that gives IMAP access to local mailboxes.
+    </p>
+  </background>
+  <description>
+    <p>
+    The vulnerabilities have been found in the 'SHIFT_JIS' converter in
+    'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may
+    supply Unicode characters that exceed BMP (Basic Multilingual Plane) range,
+    causing an overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker without privileges may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access. 
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    While a workaround is not currently known for this issue, all users are
+    advised to upgrade to the latest version of the affected packages.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to current versions of the affected packages:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-mail/courier-imap-3.0.0"
+    # emerge "&gt;=net-mail/courier-imap-3.0.0"
+
+    # ** Or; depending on your installation... **
+
+    # emerge -pv "&gt;=mail-mta/courier-0.45"
+    # emerge "&gt;=mail-mta/courier-0.45"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/9845">Courier Multiple Remote Buffer Overflow Vulnerabilities</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224">CAN-2004-0224</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-07.xml b/metadata/glsa/glsa-200403-07.xml
new file mode 100644
index 000000000000..10ac6a07f09c
--- /dev/null
+++ b/metadata/glsa/glsa-200403-07.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-07">
+  <title>Multiple remote overflows and vulnerabilities in Ethereal</title>
+  <synopsis>
+    Mulitple overflows and vulnerabilities exist in Ethereal which may allow an
+    attacker to crash the program or run arbitrary code.
+  </synopsis>
+  <product type="ebuild">ethereal</product>
+  <announced>2004-03-28</announced>
+  <revised count="01">2004-03-28</revised>
+  <bug>45543</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.3</unaffected>
+      <vulnerable range="le">0.10.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Quote from http://www.ethereal.com
+    </p>
+    <p>
+    "Ethereal is used by network professionals around the world for
+    troubleshooting, analysis, software and protocol development, and
+    education. It has all of the standard features you would expect in a
+    protocol analyzer, and several features not seen in any other product. Its
+    open source license allows talented experts in the networking community to
+    add enhancements. It runs on all popular computing platforms, including
+    Unix, Linux, and Windows."
+    </p>
+  </background>
+  <description>
+    <p>There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:</p>
+    <ul>
+	<li>Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.</li>
+      	<li>A zero-length Presentation protocol selector could make Ethereal crash.</li>
+     	<li>A vulnerability in the RADIUS packet dissector which may crash ethereal.</li>
+      	<li>A corrupt color filter file could cause a segmentation fault.</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    These vulnerabilities may cause Ethereal to crash or may allow an attacker
+    to run arbitrary code on the user's computer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    While a workaround is not currently known for this issue, all users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the current version of the affected package:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-analyzer/ethereal-0.10.3"
+    # emerge "&gt;=net-analyzer/ethereal-0.10.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00013.html">Multiple security problems in Ethereal 0.10.2</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176">CAN-2004-0176</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365">CAN-2004-0365</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367">CAN-2004-0367</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-08.xml b/metadata/glsa/glsa-200403-08.xml
new file mode 100644
index 000000000000..adc5684c8c7e
--- /dev/null
+++ b/metadata/glsa/glsa-200403-08.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-08">
+  <title>oftpd DoS vulnerability</title>
+  <synopsis>
+    A remotely-exploitable overflow exists in oftpd, allowing an attacker to
+    crash the oftpd daemon.
+  </synopsis>
+  <product type="ebuild">oftpd</product>
+  <announced>2004-03-29</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>45738</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/oftpd" auto="yes" arch="*">
+      <unaffected range="ge">0.3.7</unaffected>
+      <vulnerable range="le">0.3.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Quote from <uri link="http://www.time-travellers.org/oftpd/">http://www.time-travellers
+    .org/oftpd/</uri>
+    </p>
+    <p>
+    "oftpd is designed to be as secure as an anonymous FTP server can
+    possibly be. It runs as non-root for most of the time, and uses the
+    Unix chroot() command to hide most of the systems directories from
+    external users - they cannot change into them even if the server is
+    totally compromised! It contains its own directory change code, so that
+    it can run efficiently as a threaded server, and its own directory
+    listing code (most FTP servers execute the system "ls" command to list
+    files)."
+    </p>
+  </background>
+  <description>
+    <p>
+    Issuing a port command with a number higher than 255 causes the server
+    to crash. The port command may be issued before any authentication
+    takes place, meaning the attacker does not need to know a valid
+    username and password in order to exploit this vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This exploit causes a denial of service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    While a workaround is not currently known for this issue, all users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the current version of the affected
+    package:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-ftp/oftpd-0.3.7"
+    # emerge "&gt;=net-ftp/oftpd-0.3.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.time-travellers.org/oftpd/oftpd-dos.html">osftpd DoS Vulnerability</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0376">CVE-2004-0376</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-22T05:52:22Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-09.xml b/metadata/glsa/glsa-200403-09.xml
new file mode 100644
index 000000000000..f8d998b712ad
--- /dev/null
+++ b/metadata/glsa/glsa-200403-09.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-09">
+  <title>Buffer overflow in Midnight Commander</title>
+  <synopsis>
+    A remotely-exploitable buffer overflow in Midnight Commander allows
+    arbitrary code to be run on a user's computer
+  </synopsis>
+  <product type="ebuild">mc</product>
+  <announced>2004-03-29</announced>
+  <revised count="01">2004-03-29</revised>
+  <bug>45957</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/mc" auto="yes" arch="*">
+      <unaffected range="ge">4.6.0-r5</unaffected>
+      <vulnerable range="le">4.6.0-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Midnight Commander is a visual file manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    A stack-based buffer overflow has been found in Midnight Commander's
+    virtual filesystem.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    This overflow allows an attacker to run arbitrary code on the user's
+    computer during the symlink conversion process.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    While a workaround is not currently known for this issue, all users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the current version of the affected package:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-misc/mc-4.6.0-r5"
+    # emerge "&gt;=app-misc/mc-4.6.0-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023">CAN-2003-1023</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-10.xml b/metadata/glsa/glsa-200403-10.xml
new file mode 100644
index 000000000000..61eb8e98fe08
--- /dev/null
+++ b/metadata/glsa/glsa-200403-10.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-10">
+  <title>Fetchmail 6.2.5 fixes a remote DoS</title>
+  <synopsis>
+    Fetchmail versions 6.2.4 and earlier can be crashed by sending a
+    specially-crafted email to a fetchmail user.
+  </synopsis>
+  <product type="ebuild">fetchmail</product>
+  <announced>2004-03-30</announced>
+  <revised count="01">2004-03-30</revised>
+  <bug>37717</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/fetchmail" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5</unaffected>
+      <vulnerable range="le">6.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Fetchmail is a utility that retrieves and forwards mail from remote systems
+    using IMAP, POP, and other protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Fetchmail versions 6.2.4 and earlier can be crashed by sending a
+    specially-crafted email to a fetchmail user. This problem occurs because
+    Fetchmail does not properly allocate memory for long lines in an incoming
+    email.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Fetchmail users who receive a malicious email may have their fetchmail
+    program crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of fetchmail.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Fetchmail users should upgrade to version 6.2.5 or later:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=net-mail/fetchmail-6.2.5"
+    # emerge "&gt;=net-mail/fetchmail-6.2.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://xforce.iss.net/xforce/xfdb/13450">ISS X-Force Listing</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792">CVE Candidate (CAN-2003-0792)</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-11.xml b/metadata/glsa/glsa-200403-11.xml
new file mode 100644
index 000000000000..61ab429130a7
--- /dev/null
+++ b/metadata/glsa/glsa-200403-11.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-11">
+  <title>Squid ACL [url_regex] bypass vulnerability</title>
+  <synopsis>
+    Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to
+    bypass Access Control Lists by sending a specially-crafted URL request
+    containing '%00': in such circumstances; the url_regex ACL may not properly
+    detect the malicious URL, allowing the attacker to effectively bypass the
+    ACL.
+  </synopsis>
+  <product type="ebuild">Squid</product>
+  <announced>2004-03-30</announced>
+  <revised count="02">2004-09-02</revised>
+  <bug>45273</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.5.5</unaffected>
+      <vulnerable range="lt">2.5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a fully-featured Web Proxy Cache designed to run on Unix systems
+    that supports proxying and caching of HTTP, FTP, and other URLs, as well as
+    SSL support, cache hierarchies, transparent caching, access control lists
+    and many other features.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in Squid allows users to bypass certain access controls by passing a
+    URL containing "%00" which exploits the Squid decoding function.
+    This may insert a NUL character into decoded URLs, which may allow users to
+    bypass url_regex access control lists that are enforced upon them.
+    </p>
+    <p>
+    In such a scenario, Squid will insert a NUL character after
+    the"%00" and it will make a comparison between the URL to the end
+    of the NUL character rather than the contents after it: the comparison does
+    not result in a match, and the user's request is not denied.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Restricted users may be able to bypass url_regex access control lists that
+    are enforced upon them which may cause unwanted network traffic as well as
+    a route for other possible exploits. Users of Squid 2.5STABLE4 and below
+    who require the url_regex features are recommended to upgrade to 2.5STABLE5
+    to maintain the security of their infrastructure.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of Squid.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Squid can be updated as follows:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-proxy/squid-2.5.5"
+    # emerge "&gt;=net-proxy/squid-2.5.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189">CAN-2004-0189</uri>
+    <uri link="http://www.squid-cache.org/Advisories/SQUID-2004_1.txt">Squid 2.5.STABLE5 Release Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-02T21:11:59Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-12.xml b/metadata/glsa/glsa-200403-12.xml
new file mode 100644
index 000000000000..b6c8aef7296c
--- /dev/null
+++ b/metadata/glsa/glsa-200403-12.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-12">
+  <title>OpenLDAP DoS Vulnerability</title>
+  <synopsis>
+    A failed password operation can cause the OpenLDAP slapd server, if it is
+    using the back-ldbm backend, to free memory that was never allocated.
+  </synopsis>
+  <product type="ebuild">openldap</product>
+  <announced>2004-03-31</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>26728</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nds/openldap" auto="yes" arch="*">
+      <unaffected range="ge">2.1.13</unaffected>
+      <vulnerable range="le">2.1.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenLDAP is a suite of LDAP-related application and development tools.
+    It includes slapd (the standalone LDAP server), slurpd (the standalone
+    LDAP replication server), and various LDAP libraries, utilities and
+    example clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    A password extended operation (password EXOP) which fails will cause
+    the slapd server to free() an uninitialized pointer, possibly resulting
+    in a segfault. This only affects servers using the back-ldbm backend.
+    </p>
+    <p>
+    Such a crash is not guaranteed with every failed operation, however, it
+    is possible.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker (or indeed, a normal user) may crash the OpenLDAP server,
+    creating a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    OpenLDAP users should upgrade to version 2.1.13 or later:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-nds/openldap-2.1.13"
+    # emerge "&gt;=net-nds/openldap-2.1.13"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.openldap.org/its/index.cgi?findid=2390">OpenLDAP ITS Bug and Patch</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1201">CVE-2003-1201</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-22T05:51:37Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-13.xml b/metadata/glsa/glsa-200403-13.xml
new file mode 100644
index 000000000000..8bf227962ea4
--- /dev/null
+++ b/metadata/glsa/glsa-200403-13.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-13">
+  <title>Remote buffer overflow in MPlayer</title>
+  <synopsis>
+    MPlayer contains a remotely exploitable buffer overflow in the HTTP parser
+    that may allow attackers to run arbitrary code on a user's computer.
+  </synopsis>
+  <product type="ebuild">mplayer</product>
+  <announced>2004-03-31</announced>
+  <revised count="03">2006-10-11</revised>
+  <bug>46246</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="x86 sparc">
+      <unaffected range="ge">0.92-r1</unaffected>
+      <vulnerable range="le">0.92</vulnerable>
+    </package>
+    <package name="media-video/mplayer" auto="yes" arch="amd64">
+      <unaffected range="ge">1.0_pre2-r1</unaffected>
+      <vulnerable range="le">1.0_pre2</vulnerable>
+    </package>
+    <package name="media-video/mplayer" auto="yes" arch="ppc">
+      <unaffected range="ge">1.0_pre3-r3</unaffected>
+      <vulnerable range="le">1.0_pre3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Quote from <uri link="http://mplayerhq.hu">http://mplayerhq.hu</uri>
+    </p>
+    <p>
+    "MPlayer is a movie player for LINUX (runs on many other Unices, and
+    non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI,
+    OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG,
+    FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLL
+    codecs. You can watch VideoCD, SVCD, DVD, 3ivx, DivX 3/4/5 and even WMV
+    movies, too."
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability exists in the MPlayer HTTP parser which may allow an
+    attacker to craft a special HTTP header ("Location:") which will trick
+    MPlayer into executing arbitrary code on the user's computer.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker without privileges may exploit this vulnerability remotely,
+    allowing arbitrary code to be executed in order to gain unauthorized
+    access.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    MPlayer may be upgraded as follows:
+    </p>
+    <p>
+    x86 and SPARC users should:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=media-video/mplayer-0.92-r1"
+    # emerge "&gt;=media-video/mplayer-0.92-r1"</code>
+    <p>
+    AMD64 users should:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=media-video/mplayer-1.0_pre2-r1"
+    # emerge "&gt;=media-video/mplayer-1.0_pre2-r1"</code>
+    <p>
+    PPC users should:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=media-video/mplayer-1.0_pre3-r2"
+    # emerge "&gt;=media-video/mplayer-1.0_pre3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.mplayerhq.hu/homepage/design6/news.html">MPlayerHQ News</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0386">CVE-2004-0386</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-22T05:45:24Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200403-14.xml b/metadata/glsa/glsa-200403-14.xml
new file mode 100644
index 000000000000..fd11798f16fc
--- /dev/null
+++ b/metadata/glsa/glsa-200403-14.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200403-14">
+  <title>Multiple Security Vulnerabilities in Monit</title>
+  <synopsis>
+    A denial of service and a buffer overflow vulnerability have been found in
+    Monit.
+  </synopsis>
+  <product type="ebuild">app-admin/monit</product>
+  <announced>2004-03-31</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>43967</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/monit" auto="yes" arch="*">
+      <unaffected range="ge">4.2</unaffected>
+      <vulnerable range="le">4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Monit is a system administration utility that allows management and
+    monitoring of processes, files, directories and devices on a Unix
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    A denial of service may occur due to Monit not sanitizing remotely
+    supplied HTTP parameters before passing them to memory allocation
+    functions. This could allow an attacker to cause an unexpected
+    condition that could lead to the Monit daemon crashing.
+    </p>
+    <p>
+    An overly long http request method may cause a buffer overflow due to
+    Monit performing insufficient bounds checking when handling HTTP
+    requests.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker may crash the Monit daemon to create a denial of service
+    condition or cause a buffer overflow that would allow arbitrary code to
+    be executed with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Monit users should upgrade to version 4.2 or later:
+    </p>
+    <code> 
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-admin/monit-4.2"
+    # emerge "&gt;=app-admin/monit-4.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/9098">Monit HTTP Content-Length Parameter Denial of Service Vulnerability</uri>
+    <uri link="http://www.securityfocus.com/bid/9099">Monit Overly Long HTTP Request Buffer Overrun Vulnerability</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1083">CVE-2003-1083</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1084">CVE-2003-1084</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-22T05:44:45Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-01.xml b/metadata/glsa/glsa-200404-01.xml
new file mode 100644
index 000000000000..8f53759e9b17
--- /dev/null
+++ b/metadata/glsa/glsa-200404-01.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-01">
+  <title>Insecure sandbox temporary lockfile vulnerabilities in Portage</title>
+  <synopsis>
+    A flaw has been found in the temporary file handling algorithms for the
+    sandboxing code used within Portage. Lockfiles created during normal Portage
+    operation of portage could be manipulated by local users resulting in the
+    truncation of hard linked files; causing a Denial of Service attack on
+    the system.
+  </synopsis>
+  <product type="ebuild">Portage</product>
+  <announced>2004-04-04</announced>
+  <revised count="01">2004-04-04</revised>
+  <bug>21923</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/portage" auto="yes" arch="*">
+      <unaffected range="ge">2.0.50-r3</unaffected>
+      <vulnerable range="lt">2.0.50-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Portage is Gentoo's package management system which is responsible for
+    installing, compiling and updating any ebuilds on the system through the
+    Gentoo rsync tree. Under default configurations, most ebuilds run under a
+    sandbox which prevent the build process writing to the "real"
+    system outside the build directory - packages are installed into a
+    temporary location and then copied over safely by Portage instead. During
+    the process the sandbox wrapper creates lockfiles in the /tmp directory
+    which are vulnerable to a hard-link attack.
+    </p>
+  </background>
+  <description>
+    <p>
+    A flaw in Portage's sandbox wrapper has been found where the temporary
+    lockfiles are subject to a hard-link attack which allows linkable files to
+    be overwritten to an empty file. This can be used to damage critical files
+    on a system causing a Denial of Service, or alternatively this attack may
+    be used to cause other security risks; for example firewall configuration
+    data could be overwritten without notice.
+    </p>
+    <p>
+    The vulnerable sandbox functions have been patched to test for these new
+    conditions: namely; for the existance of a hard-link which would be removed
+    before the sandbox process would continue, for the existance of a
+    world-writable lockfile in which case the sandbox would also remove it, and
+    also for any mismatches in the UID ( anything but root ) and the GID (
+    anything but the group of the sandbox process ).
+    </p>
+    <p>
+    If the vulnerable files cannot be removed by the sandbox, then the sandbox
+    would exit with a fatal error warning the adminstrator of the issue. The
+    patched functions also fix any other sandbox I/O operations which do not
+    explicitly include the mentioned lockfile.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Any user with write access to the /tmp directory can hard-link a file to
+    /tmp/sandboxpids.tmp - this file would eventually be replaced with an empty
+    one; effectively wiping out the file it was linked to as well with no prior
+    warning. This could be used to potentially disable a vital component of the
+    system and cause a path for other possible exploits.
+    </p>
+    <p>
+    This vulnerability only affects systems that have /tmp on the root
+    partition: since symbolic link attacks are filtered, /tmp has to be on the
+    same partition for an attack to take place.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users should upgrade to Portage 2.0.50-r3 or later:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=sys-apps/portage-2.0.50-r3"
+    # emerge "&gt;=sys-apps/portage-2.0.50-r3"</code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="submitter">plasmaroo</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-02.xml b/metadata/glsa/glsa-200404-02.xml
new file mode 100644
index 000000000000..3be7d5726337
--- /dev/null
+++ b/metadata/glsa/glsa-200404-02.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-02">
+  <title>KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability</title>
+  <synopsis>
+    KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow
+    unauthorized access to an affected system. 
+  </synopsis>
+  <product type="ebuild">kde-base/kde</product>
+  <announced>2004-04-06</announced>
+  <revised count="01">2004-04-06</revised>
+  <bug>38256</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kde" auto="yes" arch="*">
+      <unaffected range="ge">3.1.5</unaffected>
+      <vulnerable range="le">3.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE-PIM is an application suite designed to manage mail, addresses,
+    appointments, and contacts.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously
+    crafted VCF file is opened by a user on a vulnerable system.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker may unauthorized access to a user's personal data or
+    execute commands with the user's privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    KDE users should upgrade to version 3.1.5 or later:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=kde-base/kde-3.1.5"
+    # emerge "&gt;=kde-base/kde-3.1.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988">CAN-2003-0988</uri>
+  </references>
+  <metadata tag="submitter">aescriva</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-03.xml b/metadata/glsa/glsa-200404-03.xml
new file mode 100644
index 000000000000..e432882108ee
--- /dev/null
+++ b/metadata/glsa/glsa-200404-03.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-03">
+  <title>Tcpdump Vulnerabilities in ISAKMP Parsing</title>
+  <synopsis>
+    There are multiple vulnerabilities in tcpdump and libpcap related to
+    parsing of ISAKMP packets.
+  </synopsis>
+  <product type="ebuild">tcpdump</product>
+  <announced>2004-03-31</announced>
+  <revised count="01">2004-03-31</revised>
+  <bug>38206</bug>
+  <bug>46258</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/tcpdump" auto="yes" arch="*">
+      <unaffected range="ge">3.8.3-r1</unaffected>
+      <vulnerable range="le">3.8.1</vulnerable>
+    </package>
+    <package name="net-libs/libpcap" auto="yes" arch="*">
+      <unaffected range="ge">0.8.3-r1</unaffected>
+      <vulnerable range="le">0.8.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tcpdump is a program for monitoring IP network traffic. Libpcap is a
+    supporting library which is responsibile for capturing packets off a network
+    interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are two specific vulnerabilities in tcpdump, outlined in [ reference
+    1 ]. In the first scenario, an attacker may send a specially-crafted ISAKMP
+    Delete packet which causes tcpdump to read past the end of its buffer. In
+    the second scenario, an attacker may send an ISAKMP packet with the wrong
+    payload length, again causing tcpdump to read past the end of a buffer.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Remote attackers could potentially cause tcpdump to crash or execute
+    arbitrary code as the 'pcap' user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All tcpdump users are encouraged
+    to upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All tcpdump users should upgrade to the latest available version.
+    ADDITIONALLY, the net-libs/libpcap package should be upgraded.
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-libs/libpcap-0.8.3-r1" "&gt;=net-analyzer/tcpdump-3.8.3-r1"
+    # emerge "&gt;=net-libs/libpcap-0.8.3-r1" "&gt;=net-analyzer/tcpdump-3.8.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.rapid7.com/advisories/R7-0017.html">Rapid7 Advisory</uri>
+    <uri link="https://rhn.redhat.com/errata/RHSA-2004-008.html">Red Hat Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989">CVE Advisory</uri>
+  </references>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-04.xml b/metadata/glsa/glsa-200404-04.xml
new file mode 100644
index 000000000000..8409fff1ad5c
--- /dev/null
+++ b/metadata/glsa/glsa-200404-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-04">
+  <title>Multiple vulnerabilities in sysstat</title>
+  <synopsis>
+    Multiple vulnerabilities in the way sysstat handles symlinks may allow an
+    attacker to execute arbitrary code or overwrite arbitrary files
+  </synopsis>
+  <product type="ebuild">sysstat</product>
+  <announced>2004-04-06</announced>
+  <revised count="01">2004-04-06</revised>
+  <bug>45159</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sysstat" auto="yes" arch="x86 ppc sparc amd64">
+      <unaffected range="ge">5.0.2</unaffected>
+      <vulnerable range="lt">5.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sysstat is a package containing a number of performance monitoring
+    utilities for Linux, including sar, mpstat, iostat and sa tools
+    </p>
+  </background>
+  <description>
+    <p>
+    There are two vulnerabilities in the way sysstat handles symlinks:
+    </p>
+	<ol>
+    <li>The isag utility, which displays sysstat data in a graphical format,
+    creates a temporary file in an insecure manner.</li>
+    <li>Two scripts in the sysstat package, post and trigger, create temporary
+    files in an insecure manner.</li>
+	</ol>
+  </description>
+  <impact type="normal">
+    <p>
+    Both vulnerabilities may allow an attacker to overwrite arbitrary files
+    under the permissions of the user executing any of the affected 
+    utilities.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Systat users should upgrade to version 4.2 or later:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-admin/sysstat-5.0.2"
+    # emerge "&gt;=app-admin/sysstat-5.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0107">CVE (1)</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108">CVE (2)</uri>
+  </references>
+  <metadata tag="submitter">klieber</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-05.xml b/metadata/glsa/glsa-200404-05.xml
new file mode 100644
index 000000000000..3ebd4268c68b
--- /dev/null
+++ b/metadata/glsa/glsa-200404-05.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-05">
+  <title>ipsec-tools contains an X.509 certificates vulnerability.</title>
+  <synopsis>
+    ipsec-tools contains a vulnerability that affects connections authenticated 
+    with X.509 certificates.
+  </synopsis>
+  <product type="ebuild">ipsec-tools</product>
+  <announced>2004-04-07</announced>
+  <revised count="01">2004-04-07</revised>
+  <bug>47013</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-firewall/ipsec-tools" auto="yes" arch="amd64">
+      <unaffected range="ge">0.2.5</unaffected>
+      <vulnerable range="le">0.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    From http://ipsec-tools.sourceforge.net/ :
+    </p>
+    <p>
+    "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6
+    IPsec implementation."
+    </p>
+  </background>
+  <description>
+    <p>
+    <i>racoon</i> (a utility in the ipsec-tools package) does not verify digital
+    signatures on Phase1 packets.  This means  that anybody holding the correct
+    X.509 certificate would be able to establish a connection, even if they did
+    not have the corresponding private key.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Since digital signatures are not verified by the <i>racoon</i> tool, an attacker may
+	be able to connect to the VPN gateway and/or execute a man-in-the-middle attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    ipsec-tools users should upgrade to version 0.2.5 or later:
+    </p>
+    <code>
+    # emerge sync
+ 
+    # emerge -pv "&gt;=net-firewall/ipsec-tools-0.2.5"
+    # emerge "&gt;=net-firewall/ipsec-tools-0.2.5"</code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="submitter">klieber</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-06.xml b/metadata/glsa/glsa-200404-06.xml
new file mode 100644
index 000000000000..a7b67253eda6
--- /dev/null
+++ b/metadata/glsa/glsa-200404-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-06">
+  <title>Util-linux login may leak sensitive data</title>
+  <synopsis>
+    The login program included in util-linux could leak sensitive information
+    under certain conditions.
+  </synopsis>
+  <product type="ebuild"> </product>
+  <announced>2004-04-07</announced>
+  <revised count="01">2004-04-07</revised>
+  <bug>46422</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/util-linux" auto="yes" arch="*">
+      <unaffected range="ge">2.12</unaffected>
+      <vulnerable range="le">2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Util-linux is a suite of essential system utilites, including login,
+    agetty, fdisk. 
+    </p>
+  </background>
+  <description>
+    <p>
+    In some situations the login program could leak sensitive data due to an
+    incorrect usage of a reallocated pointer.
+    </p>
+    <p>
+	<b>NOTE:</b> Only users who have PAM support <b>disabled</b> on their
+	systems (i.e.  <i>-PAM</i> in their USE variable) will be affected by this
+	vulnerability.  By default, this USE flag is <b>enabled</b> on all
+	architectures.  Users with PAM support on their system receive login binaries
+	as part of the pam-login package, which remains unaffected.
+	</p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker may obtain sensitive data.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+     A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
+	</p>
+  </workaround>
+  <resolution>
+    <p>
+    All util-linux users should upgrade to version 2.12 or later:
+    </p>
+    <code>
+    # emerge sync
+    
+	# emerge -pv "&gt;=sys-apps/util-linux-2.12"
+    # emerge "&gt;=sys-apps/util-linux-2.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080">CAN-2004-0080</uri>
+  </references>
+  <metadata tag="submitter">lcars</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-07.xml b/metadata/glsa/glsa-200404-07.xml
new file mode 100644
index 000000000000..26bce01d41b5
--- /dev/null
+++ b/metadata/glsa/glsa-200404-07.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-07">
+  <title>ClamAV RAR Archive Remote Denial Of Service Vulnerability</title>
+  <synopsis>
+    ClamAV is vulnerable to a denial of service attack when processing certain
+    RAR archives.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2004-04-07</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>45357</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.68.1</unaffected>
+      <vulnerable range="le">0.68</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    From <uri link="http://www.clamav.net/">http://www.clamav.net/</uri> :
+    </p>
+    <p>
+    "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose
+    of this software is the integration with mail servers (attachment
+    scanning). The package provides a flexible and scalable multi-threaded
+    daemon, a command line scanner, and a tool for automatic updating via
+    Internet. The programs are based on a shared library distributed with
+    the Clam AntiVirus package, which you can use with your own software.
+    Most importantly, the virus database is kept up to date."
+    </p>
+  </background>
+  <description>
+    <p>
+    Certain types of RAR archives, including those created by variants of
+    the W32.Beagle.A@mm worm, may cause clamav to crash when it attempts to
+    process them.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This vulnerability causes a Denial of Service in the clamav process.
+    Depending on	configuration, this may cause dependent services such as
+    mail to fail as well.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    ClamAV users should upgrade to version 0.68.1 or later:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-antivirus/clamav-0.68.1"
+    # emerge "&gt;=app-antivirus/clamav-0.68.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1909">CVE-2004-1909</uri>
+  </references>
+  <metadata tag="submitter">
+    klieber
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-08.xml b/metadata/glsa/glsa-200404-08.xml
new file mode 100644
index 000000000000..6055ca1e37dc
--- /dev/null
+++ b/metadata/glsa/glsa-200404-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-08">
+  <title>GNU Automake symbolic link vulnerability</title>
+  <synopsis>
+    Automake may be vulnerable to a symbolic link attack which may allow an
+    attacker to modify data or elevate their privileges.
+  </synopsis>
+  <product type="ebuild">automake</product>
+  <announced>2004-04-08</announced>
+  <revised count="05">2005-01-31</revised>
+  <bug>45646</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/automake" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5-r3</unaffected>
+      <unaffected range="rge">1.7.9-r1</unaffected>
+      <unaffected range="lt">1.7</unaffected>
+      <vulnerable range="le">1.8.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Automake is a tool for automatically generating `Makefile.in' files
+    which is often used in conjuction with Autoconf and other GNU Autotools
+    to ease portability among applications. It also provides a standardized
+    and light way of writing complex Makefiles through the use of many
+    built-in macros.
+    </p>
+  </background>
+  <description>
+    <p>
+    Automake may be vulnerable to a symbolic link attack which may allow an
+    attacker to modify data or escalate their privileges. This is due to
+    the insecure way Automake creates directories during compilation. An
+    attacker may be able to create symbolic links in the place of files
+    contained in the affected directories, which may potentially lead to
+    elevated privileges due to modification of data.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may be able to use this vulnerability to modify data in an
+    unauthorized fashion or elevate their privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Automake users should upgrade to the latest versions:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose sys-devel/automake</code>
+  </resolution>
+  <references/>
+  <metadata tag="submitter">
+    klieber
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-09.xml b/metadata/glsa/glsa-200404-09.xml
new file mode 100644
index 000000000000..87b6f570a547
--- /dev/null
+++ b/metadata/glsa/glsa-200404-09.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-09">
+  <title>Cross-realm trust vulnerability in Heimdal</title>
+  <synopsis>
+    Heimdal contains cross-realm vulnerability allowing someone with control
+    over a realm to impersonate anyone in the cross-realm trust path.
+  </synopsis>
+  <product type="ebuild">heimdal</product>
+  <announced>2004-04-09</announced>
+  <revised count="01">2004-04-09</revised>
+  <bug>46590</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-crypt/heimdal" auto="yes" arch="*">
+      <unaffected range="ge">0.6.1</unaffected>
+      <vulnerable range="le">0.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heimdal is a free implementation of Kerberos 5.
+    </p>
+  </background>
+  <description>
+    <p>
+    Heimdal does not properly perform certain consistency checks for
+    cross-realm requests, which allows remote attackers with control of a realm
+    to impersonate others in the cross-realm trust path.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers with control of a realm may be able to impersonate other
+    users in the cross-realm trust path.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Heimdal users should upgrade to version 0.6.1 or later:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-crypt/heimdal-0.6.1"
+    # emerge "&gt;=app-crypt/heimdal-0.6.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0371">CVE</uri>
+  </references>
+  <metadata tag="submitter">klieber</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-10.xml b/metadata/glsa/glsa-200404-10.xml
new file mode 100644
index 000000000000..0a2203f60ac5
--- /dev/null
+++ b/metadata/glsa/glsa-200404-10.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-10">
+  <title>iproute local Denial of Service vulnerability</title>
+  <synopsis>
+    The iproute package allows local users to cause a denial of service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2004-04-09</announced>
+  <revised count="01">2004-04-09</revised>
+  <bug>34294</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/iproute" auto="yes" arch="*">
+      <unaffected range="ge">20010824-r5</unaffected>
+      <vulnerable range="le">20010824-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    iproute is a set of tools for managing linux network routing and advanced
+    features.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that iproute can accept spoofed messages on the kernel
+    netlink interface from local users. This could lead to a local Denial of
+    Service condition.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Local users could cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+     A workaround is not currently known for this issue. All users are advised
+     to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All iproute users should upgrade to version 20010824-r5 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=sys-apps/iproute-20010824-r5";
+    # emerge "&gt;=sys-apps/iproute-20010824-r5";
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856">CAN-2003-0856</uri>
+  </references>
+  <metadata tag="submitter">
+    lcars
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-11.xml b/metadata/glsa/glsa-200404-11.xml
new file mode 100644
index 000000000000..cb51d5cfc8cc
--- /dev/null
+++ b/metadata/glsa/glsa-200404-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-11">
+  <title>Multiple Vulnerabilities in pwlib</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in pwlib that may lead to a remote
+    denial of service or buffer overflow attack. 
+  </synopsis>
+  <product type="ebuild">dev-libs/pwlib</product>
+  <announced>2004-04-09</announced>
+  <revised count="01">2004-04-09</revised>
+  <bug>45846</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/pwlib" auto="yes" arch="*">
+      <unaffected range="ge">1.5.2-r3</unaffected>
+      <vulnerable range="le">1.5.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pwlib is a multi-platform library designed for OpenH323.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been found in the implimentation of protocol
+    H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of
+    ASN.1 elements which would allow an attacker to use a maliciously crafted
+    ASN.1 element to cause unpredictable behavior in pwlib.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker may cause a denial of service condition or cause a buffer
+    overflow that would allow arbitrary code to be executed with root
+    privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Blocking ports 1719 and 1720 may reduce the likelihood of an attack. All
+    users are advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pwlib users are advised to upgrade to version 1.5.2-r3 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-libs/pwlib-1.5.2-r3"
+    # emerge "&gt;=dev-libs/pwlib-1.5.2-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097">CAN-2004-0097</uri>
+    <uri link="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">NISCC Vulnerability Advisory 006489/H323</uri>
+  </references>
+  <metadata tag="submitter">
+    aescriva
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-12.xml b/metadata/glsa/glsa-200404-12.xml
new file mode 100644
index 000000000000..0e35e4a2113a
--- /dev/null
+++ b/metadata/glsa/glsa-200404-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-12">
+  <title>Scorched 3D server chat box format string vulnerability</title>
+  <synopsis>
+    Scorched 3D is vulnerable to a format string attack in the chat box that
+    leads to Denial of Service on the game server and possibly allows execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">scorched3d</product>
+  <announced>2004-04-09</announced>
+  <revised count="08">2004-04-09</revised>
+  <bug>39302</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-strategy/scorched3d" auto="yes" arch="*">
+      <unaffected range="ge">37</unaffected>
+      <vulnerable range="lt">37</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Scorched 3D is a game based loosely on the classic DOS game "Scorched
+    Earth". Scorched 3D adds amongst other new features a 3D island
+    environment and LAN and internet play. Scorched 3D is totally free and is
+    available for multiple operating systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Scorched 3D (build 36.2 and before) does not properly check the text
+    entered in the Chat box (T key). Using format string characters, you can
+    generate a heap overflow. This and several other unchecked buffers have
+    been corrected in the build 37 release.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    This vulnerability can be easily exploited to remotely crash the Scorched
+    3D server, disconnecting all clients. It could also theorically be used to
+    execute arbitrary code on the server with the rights of the user running
+    the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Scorched 3D users should upgrade to version 37 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=games-strategy/scorched3d-37"
+    # emerge "&gt;=games-strategy/scorched3d-37"</code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-13.xml b/metadata/glsa/glsa-200404-13.xml
new file mode 100644
index 000000000000..ad9d0fcd2731
--- /dev/null
+++ b/metadata/glsa/glsa-200404-13.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-13">
+  <title>CVS Server and Client Vulnerabilities</title>
+  <synopsis>
+    There are two vulnerabilities in CVS; one in the server and one in the
+    client. These vulnerabilities allow the reading and writing of arbitrary
+    files on both client and server.
+  </synopsis>
+  <product type="ebuild">cvs</product>
+  <announced>2004-04-14</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>47800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/cvs" auto="yes" arch="*">
+      <unaffected range="ge">1.11.15</unaffected>
+      <vulnerable range="le">1.11.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CVS, which stands for Concurrent Versions System, is a client/server
+    application which tracks changes to sets of files. It allows multiple
+    users to work concurrently on files, and then merge their changes back
+    into the main tree (which can be on a remote system). It also allows
+    branching, or maintaining separate versions for files.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are two vulnerabilities in CVS; one in the server and one in the
+    client. The server vulnerability allows a malicious client to request
+    the contents of any RCS file to which the server has permission, even
+    those not located under $CVSROOT. The client vulnerability allows a
+    malicious server to overwrite files on the client machine anywhere the
+    client has permissions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Arbitrary files may be read or written on CVS clients and servers by
+    anybody with access to the CVS tree.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest stable version of CVS.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CVS users should upgrade to the latest stable version.
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-util/cvs-1.11.15"
+    # emerge "&gt;=dev-util/cvs-1.11.15"</code>
+  </resolution>
+  <references>
+    <uri link="http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.92&amp;content-type=text/x-cvsweb-markup">CVS commit log</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0180">CVE-2004-0180</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0405">CVE-2004-0405</uri>
+  </references>
+  <metadata tag="submitter">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-14.xml b/metadata/glsa/glsa-200404-14.xml
new file mode 100644
index 000000000000..c2b3a6694757
--- /dev/null
+++ b/metadata/glsa/glsa-200404-14.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-14">
+  <title>Multiple format string vulnerabilities in cadaver</title>
+  <synopsis>
+    There are multiple format string vulnerabilities in the neon library used
+    in cadaver, possibly leading to execution of arbitrary code when connected
+    to a malicious server.
+  </synopsis>
+  <product type="ebuild">cadaver</product>
+  <announced>2004-04-19</announced>
+  <revised count="01">2004-04-19</revised>
+  <bug>47799</bug>
+  <access>remote </access>
+  <affected>
+    <package name="net-misc/cadaver" auto="yes" arch="*">
+      <unaffected range="ge">0.22.1</unaffected>
+      <vulnerable range="lt">0.22.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    According to <uri link="http://www.webdav.org/cadaver">http://www.webdav.org/cadaver</uri>,
+    cadaver is a command-line WebDAV client for Unix. It supports file upload,
+    download, on-screen display, namespace operations (move/copy), collection
+    creation and deletion, and locking operations.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cadaver code includes the neon library, which in versions 0.24.4 and
+    previous is vulnerable to multiple format string attacks. The latest
+    version of cadaver uses version 0.24.5 of the neon library, which makes it
+    immune to this vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    When using cadaver to connect to an untrusted WebDAV server, this
+    vulnerability can allow a malicious remote server to execute arbitrary code
+    on the client with the rights of the user using cadaver.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    cadaver users should upgrade to version 0.22.1 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-misc/cadaver-0.22.1"
+    # emerge "&gt;=net-misc/cadaver-0.22.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-15.xml b/metadata/glsa/glsa-200404-15.xml
new file mode 100644
index 000000000000..d20ae1fac552
--- /dev/null
+++ b/metadata/glsa/glsa-200404-15.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-15">
+  <title>XChat 2.0.x SOCKS5 Vulnerability</title>
+  <synopsis>
+    XChat is vulnerable to a stack overflow that may allow a remote attacker to
+    run arbitrary code.
+  </synopsis>
+  <product type="ebuild">xchat</product>
+  <announced>2004-04-19</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>46856</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/xchat" auto="yes" arch="*">
+      <unaffected range="ge">2.0.8-r1</unaffected>
+      <vulnerable range="lt">2.0.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XChat is a multiplatform IRC client.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit.
+    Users would have to be using XChat through a SOCKS 5 server, enable
+    SOCKS 5 traversal which is disabled by default and also connect to an
+    attacker's custom proxy server.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    This vulnerability may allow an attacker to run arbitrary code within
+    the context of the user ID of the XChat client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are
+    advised to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All XChat users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-irc/xchat-2.0.8-r1"
+    # emerge "&gt;=net-irc/xchat-2.0.8-r1"</code>
+    <p>
+    Note that users of the gtk1 version of xchat (1.8.*) should upgrade to
+    xchat-1.8.11-r1:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "=net-irc/xchat-1.8.11-r1"
+    # emerge "=net-irc/xchat-1.8.11-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html">XChat 2.0.x SOCKS5 Vulnerability</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0409">CVE-2004-0409</uri>
+  </references>
+  <metadata tag="submitter">
+    klieber
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-16.xml b/metadata/glsa/glsa-200404-16.xml
new file mode 100644
index 000000000000..fe2a114ee4d0
--- /dev/null
+++ b/metadata/glsa/glsa-200404-16.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-16">
+  <title>Multiple new security vulnerabilities in monit</title>
+  <synopsis>
+    Two new vulnerabilities have been found in the HTTP interface of monit,
+    possibly leading to denial of service or execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">monit</product>
+  <announced>2004-04-19</announced>
+  <revised count="01">2004-04-19</revised>
+  <bug>47631</bug>
+  <access>remote </access>
+  <affected>
+    <package name="app-admin/monit" auto="yes" arch="*">
+      <unaffected range="ge">4.2.1</unaffected>
+      <vulnerable range="le">4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Monit is a system administration utility that allows management and
+    monitoring of processes, files, directories and devices on a Unix system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Monit has several vulnerabilities in its HTTP interface : a buffer overflow
+    vulnerability in the authentication handling code and a off-by-one error in
+    the POST method handling code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker may exploit the off-by-one error to crash the Monit daemon and
+    create a denial of service condition, or cause a buffer overflow that would
+    allow arbitrary code to be executed with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Monit users should upgrade to version 4.2.1 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-admin/monit-4.2.1"
+    # emerge "&gt;=app-admin/monit-4.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.tildeslash.com/monit/secadv_20040305.txt">Monit security advisory 20040305</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-17.xml b/metadata/glsa/glsa-200404-17.xml
new file mode 100644
index 000000000000..128e5ddd79c0
--- /dev/null
+++ b/metadata/glsa/glsa-200404-17.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-17">
+  <title>ipsec-tools and iputils contain a remote DoS vulnerability</title>
+  <synopsis>
+    racoon, which is included in the ipsec-tools and iputils packages in
+    Portage, does not check the length of ISAKMP headers. Attackers may be able
+    to craft an ISAKMP header of sufficient length to consume all available
+    system resoources, causing a Denial of Service.
+  </synopsis>
+  <product type="ebuild">ipsec-utils</product>
+  <announced>2004-04-24</announced>
+  <revised count="01">2004-04-24</revised>
+  <bug>48847</bug>
+  <access>remote </access>
+  <affected>
+    <package name="net-firewall/ipsec-tools" auto="yes" arch="amd64">
+      <unaffected range="ge">0.3.1</unaffected>
+      <vulnerable range="lt">0.3.1</vulnerable>
+    </package>
+    <package name="net-misc/iputils" auto="yes" arch="ppc amd64 ppc64 s390">
+      <unaffected range="eq">021109-r3</unaffected>
+      <vulnerable range="eq">021109-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    From <uri link="http://ipsec-tools.sourceforge.net/">http://ipsec-tools.sourceforge.n
+    et/</uri>
+    </p>
+    <p>
+    "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec
+    implementation."
+    </p>
+    <p>
+    iputils is a collection of network monitoring tools, including racoon, ping
+    and ping6.
+    </p>
+  </background>
+  <description>
+    <p>
+    When racoon receives an ISAKMP header, it allocates memory based on the
+    length of the header field. Thus, an attacker may be able to cause a Denial
+    of Services by creating a header that is large enough to consume all
+    available system resources.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This vulnerability may allow an attacker to remotely cause a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    ipsec-tools users should upgrade to version 0.2.5 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-firewall/ipsec-tools-0.3.1"
+    # emerge "&gt;=net-firewall/ipsec-tools-0.3.1"</code>
+    <p>
+    iputils users should upgrade to version 021109-r3 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-misc/iputils-021109-r3"
+    # emerge "&gt;=net-misc/iputils-021109-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403">CVE</uri>
+  </references>
+  <metadata tag="submitter">
+    klieber
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-18.xml b/metadata/glsa/glsa-200404-18.xml
new file mode 100644
index 000000000000..1a6b321655b2
--- /dev/null
+++ b/metadata/glsa/glsa-200404-18.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-18">
+  <title>Multiple Vulnerabilities in ssmtp</title>
+  <synopsis>
+    There are multiple format string vulnerabilities in the SSMTP package,
+    which may allow an attacker to run arbitrary code with ssmtp's privileges
+    (potentially root).
+  </synopsis>
+  <product type="ebuild">ssmtp</product>
+  <announced>2004-04-26</announced>
+  <revised count="01">2004-04-26</revised>
+  <bug>47918</bug>
+  <bug>48435</bug>
+  <access>remote root </access>
+  <affected>
+    <package name="mail-mta/ssmtp" auto="yes" arch="*">
+      <unaffected range="ge">2.60.7</unaffected>
+      <vulnerable range="le">2.60.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SSMTP is a very simple mail transfer agent (MTA) that relays mail from the
+    local machine to another SMTP host. It is not designed to function as a
+    full mail server; its sole purpose is to relay mail.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are two format string vulnerabilities inside the log_event() and
+    die() functions of ssmtp. Strings from outside ssmtp are passed to various
+    printf()-like functions from within log_event() and die() as format
+    strings. An attacker could cause a specially-crafted string to be passed to
+    these functions, and potentially cause ssmtp to execute arbitrary code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    If ssmtp connects to a malicious mail relay server, this vulnerability can
+    be used to execute code with the rights of the mail sender, including root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to the latest available version of ssmtp.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are advised to upgrade to the latest available version of ssmtp.
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=mail-mta/ssmtp-2.60.7"
+    # emerge "&gt;=mail-mta/ssmtp-2.60.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/11378/">Secunia Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0156">CVE Reference</uri>
+    <uri link="https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00084.html">Debian Advisory</uri>
+  </references>
+  <metadata tag="submitter">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-19.xml b/metadata/glsa/glsa-200404-19.xml
new file mode 100644
index 000000000000..b6e4b43db64b
--- /dev/null
+++ b/metadata/glsa/glsa-200404-19.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-19">
+  <title>Buffer overflows and format string vulnerabilities in LCDproc</title>
+  <synopsis>
+    Multiple remote vulnerabilities have been found in the LCDd server,
+    allowing execution of arbitrary code with the rights of the LCDd user.
+  </synopsis>
+  <product type="ebuild">lcdproc</product>
+  <announced>2004-04-27</announced>
+  <revised count="01">2004-04-27</revised>
+  <bug>47340</bug>
+  <access>remote </access>
+  <affected>
+    <package name="app-misc/lcdproc" auto="yes" arch="*">
+      <unaffected range="ge">0.4.5</unaffected>
+      <vulnerable range="le">0.4.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LCDproc is a program that displays various bits of real-time system
+    information on an LCD. It makes use of a local server (LCDd) to collect
+    information to display on the LCD.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to insufficient checking of client-supplied data, the LCDd server is
+    susceptible to two buffer overflows and one string buffer vulnerability. If
+    the server is configured to listen on all network interfaces (see the Bind
+    parameter in LCDproc configuration), these vulnerabilities can be triggered
+    remotely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities allow an attacker to execute code with the rights of
+    the user running the LCDproc server. By default, this is the "nobody" user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    LCDproc users should upgrade to version 0.4.5 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-misc/lcdproc-0.4.5"
+    # emerge "&gt;=app-misc/lcdproc-0.4.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html">LCDproc advisory</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-20.xml b/metadata/glsa/glsa-200404-20.xml
new file mode 100644
index 000000000000..6bb40160bab9
--- /dev/null
+++ b/metadata/glsa/glsa-200404-20.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-20">
+  <title>Multiple vulnerabilities in xine</title>
+  <synopsis>
+    Several vulnerabilities have been found in xine-ui and xine-lib,
+    potentially allowing an attacker to overwrite files with the rights of the
+    user.
+  </synopsis>
+  <product type="ebuild">xine</product>
+  <announced>2004-04-27</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>45448</bug>
+  <bug>48107</bug>
+  <bug>48108</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/xine-ui" auto="yes" arch="*">
+      <unaffected range="ge">0.9.23-r2</unaffected>
+      <vulnerable range="le">0.9.23-r1</vulnerable>
+    </package>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1_rc3-r3</unaffected>
+      <vulnerable range="le">1_rc3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine is a multimedia player allowing to play back CDs, DVDs, and VCDs
+    and decoding multimedia files like AVI, MOV, WMV, and MP3 from local
+    disk drives, and displays multimedia streamed over the Internet. It is
+    available in Gentoo as a reusable library (xine-lib) with a standard
+    user interface (xine-ui).
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found in xine-ui and xine-lib. By opening
+    a malicious MRL in any xine-lib based media player, an attacker can
+    write arbitrary content to an arbitrary file, only restricted by the
+    permissions of the user running the application. By opening a malicious
+    playlist in the xine-ui media player, an attacker can write arbitrary
+    content to an arbitrary file, only restricted by the permissions of the
+    user running xine-ui. Finally, a temporary file is created in an
+    insecure manner by the xine-check and xine-bugreport scripts,
+    potentially allowing a local attacker to use a symlink attack.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These three vulnerabilities may alow an attacker to corrupt system
+    files, thus potentially leading to a Denial of Service. It is also
+    theoretically possible, though very unlikely, to use these
+    vulnerabilities to elevate the privileges of the attacker.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to
+    upgrade to the latest available versions of xine-ui and xine-lib.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of xine-ui or another xine-based player should upgrade to the
+    latest stable versions:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=media-video/xine-ui-0.9.23-r2"
+    # emerge "&gt;=media-video/xine-ui-0.9.23-r2"
+    
+    # emerge -pv "&gt;=media-libs/xine-lib-1_rc3-r3"
+    # emerge "&gt;=media-libs/xine-lib-1_rc3-r3"</code>
+  </resolution>
+  <references>
+    <uri link="http://xinehq.de/index.php/security">Xine Security Advisories</uri>
+    <uri link="http://nettwerked.mg2.org/advisories/xinebug">xine-bugreport and xine-check vulnerability</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0372">CVE-2004-0372</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1951">CVE-2004-1951</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200404-21.xml b/metadata/glsa/glsa-200404-21.xml
new file mode 100644
index 000000000000..b2d4fcc2d6a1
--- /dev/null
+++ b/metadata/glsa/glsa-200404-21.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200404-21">
+  <title>Multiple Vulnerabilities in Samba</title>
+  <synopsis>
+    There is a bug in smbfs which may allow local users to gain root via a
+    setuid file on a mounted Samba share. Also, there is a tmpfile symlink
+    vulnerability in the smbprint script distributed with Samba.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2004-04-29</announced>
+  <revised count="01">2004-04-29</revised>
+  <bug>41800</bug>
+  <bug>45965</bug>
+  <access>local </access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.2a-r2</unaffected>
+      <vulnerable range="le">3.0.2a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a package which allows UNIX systems to act as file servers for
+    Windows computers. It also allows UNIX systems to mount shares exported by
+    a Samba/CIFS/Windows server. smbmount is a program in the Samba package
+    which allows normal users on a UNIX system to mount remote shares. smbprint
+    is an example script included in the Samba package which can be used to
+    facilitate network printing.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two vulnerabilities have been discovered in Samba. The first vulnerability
+    allows a local user who has access to the smbmount command to gain root. An
+    attacker could place a setuid-root binary on a Samba share/server he or she
+    controls, and then use the smbmount command to mount the share on the
+    target UNIX box. The remote Samba server must support UNIX extensions for
+    this to work. This has been fixed in version 3.0.2a.
+    </p>
+    <p>
+    The second vulnerability is in the smbprint script. By creating a symlink
+    from /tmp/smbprint.log, an attacker could cause the smbprint script to
+    write to an arbitrary file on the system. This has been fixed in version
+    3.0.2a-r2.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Local users with access to the smbmount command may gain root access. Also,
+    arbitrary files may be overwritten using the smbprint script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    To workaround the setuid bug, remove the setuid bits from the
+    /usr/bin/smbmnt, /usr/bin/smbumount and /usr/bin/mount.cifs binaries.
+    However, please note that this workaround will prevent ordinary users from
+    mounting remote SMB and CIFS shares.
+    </p>
+    <p>
+    To work around the smbprint vulnerability, set "debug=no" in the smbprint
+    configuration.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should update to the latest version of the Samba package.
+    </p>
+    <p>
+    The following commands will perform the upgrade:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-fs/samba-3.0.2a-r2"
+    # emerge "&gt;=net-fs/samba-3.0.2a-r2"</code>
+    <p>
+    Those who are using Samba's password database also need to run the
+    following command:
+    </p>
+    <code>
+    # pdbedit --force-initialized-passwords</code>
+    <p>
+    Those using LDAP for Samba passwords also need to check the sambaPwdLastSet
+    attribute on each account, and ensure it is not 0.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/353222/2004-04-09/2004-04-15/1">BugTraq Thread: Samba 3.x + kernel 2.6.x local root vulnerability</uri>
+    <uri link="http://seclists.org/lists/bugtraq/2004/Mar/0189.html">BugTraq: smbprint Vulnerability</uri>
+  </references>
+  <metadata tag="submitter">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-01.xml b/metadata/glsa/glsa-200405-01.xml
new file mode 100644
index 000000000000..cbc184393b7b
--- /dev/null
+++ b/metadata/glsa/glsa-200405-01.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-01">
+  <title>Multiple format string vulnerabilities in neon 0.24.4 and earlier</title>
+  <synopsis>
+    There are multiple format string vulnerabilities in libneon which may allow
+    a malicious WebDAV server to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">neon</product>
+  <announced>2004-05-09</announced>
+  <revised count="01">2004-05-09</revised>
+  <bug>48448</bug>
+  <access>remote </access>
+  <affected>
+    <package name="net-misc/neon" auto="yes" arch="*">
+      <unaffected range="ge">0.24.5</unaffected>
+      <vulnerable range="le">0.24.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    neon provides an HTTP and WebDAV client library.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are multiple format string vulnerabilities in libneon which may allow
+    a malicious WebDAV server to execute arbitrary code under the context of
+    the process using libneon.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may be able to execute arbitrary code under the context of the
+    process using libneon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A workaround is not currently known for this issue. All users are advised
+    to upgrade to the latest version of the affected package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Neon users should upgrade to version 0.24.5 or later:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-misc/neon-0.24.5"
+    # emerge "&gt;=net-misc/neon-0.24.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CVE</uri>
+  </references>
+  <metadata tag="submitter">
+    klieber
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-02.xml b/metadata/glsa/glsa-200405-02.xml
new file mode 100644
index 000000000000..d6212b288b87
--- /dev/null
+++ b/metadata/glsa/glsa-200405-02.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-02">
+  <title>Multiple vulnerabilities in LHa</title>
+  <synopsis>
+    Two stack-based buffer overflows and two directory traversal problems have
+    been found in LHa. These vulnerabilities can be used to execute arbitrary
+    code or as a denial of service attack.
+  </synopsis>
+  <product type="ebuild">lha</product>
+  <announced>2004-05-09</announced>
+  <revised count="02">2006-10-20</revised>
+  <bug>49961</bug>
+  <access>remote </access>
+  <affected>
+    <package name="app-arch/lha" auto="yes" arch="*">
+      <unaffected range="rge">114i-r2</unaffected>
+      <vulnerable range="rle">114i-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LHa is a console-based program for packing and unpacking LHarc archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar found two stack overflows and two directory traversal
+    vulnerabilities in LHa version 1.14 and 1.17. A stack overflow occurs when
+    testing or extracting archives containing long file or directory names.
+    Furthermore, LHa doesn't contain sufficient protection against relative or
+    absolute archive paths.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The stack overflows can be exploited to execute arbitrary code with the
+    rights of the user testing or extracting the archive. The directory
+    traversal vulnerabilities can be used to overwrite files in the filesystem
+    with the rights of the user extracting the archive, potentially leading to
+    denial of service or privilege escalation. Since LHa is often interfaced to
+    other software like an email virus scanner, this attack can be used
+    remotely.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to the latest available version of LHa.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of LHa should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-arch/lha-114i-r2"
+    # emerge "&gt;=app-arch/lha-114i-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234">CAN-2004-0234</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235">CAN-2004-0235</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-03.xml b/metadata/glsa/glsa-200405-03.xml
new file mode 100644
index 000000000000..2a523fb9cd64
--- /dev/null
+++ b/metadata/glsa/glsa-200405-03.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-03">
+  <title>ClamAV VirusEvent parameter vulnerability</title>
+  <synopsis>
+    With a specific configuration (using %f in the VirusEvent parameter), Clam
+    AntiVirus is vulnerable to an attack allowing execution of arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">ClamAV</product>
+  <announced>2004-05-11</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>46264</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.70</unaffected>
+      <vulnerable range="lt">0.70</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    From <uri link="http://www.clamav.net/">http://www.clamav.net/</uri> :
+    </p>
+    <p>
+    "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose
+    of this software is the integration with mail servers (attachment
+    scanning). The package provides a flexible and scalable multi-threaded
+    daemon, a command line scanner, and a tool for automatic updating via
+    Internet. The programs are based on a shared library distributed with
+    the Clam AntiVirus package, which you can use with your own software.
+    Most importantly, the virus database is kept up to date."
+    </p>
+  </background>
+  <description>
+    <p>
+    The VirusEvent parameter in the clamav.conf configuration file allows
+    to specify a system command to run whenever a virus is found. This
+    system command can make use of the "%f" parameter which is replaced by
+    the name of the file infected. The name of the file scanned is under
+    control of the attacker and is not sufficiently checked. Version 0.70
+    of clamav disables the use of the "%f" parameter.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Sending a virus with a malicious file name can result in execution of
+    arbirary system commands with the rights of the antivirus process.
+    Since clamav is often associated to mail servers for email scanning,
+    this attack can be used remotely.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You should not use the "%f" parameter in your VirusEvent configuration.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of Clam AntiVirus should upgrade to the latest stable
+    version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-antivirus/clamav-0.70"
+    # emerge "&gt;=app-antivirus/clamav-0.70"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1876">CVE-2004-1876</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-04.xml b/metadata/glsa/glsa-200405-04.xml
new file mode 100644
index 000000000000..cb6cdf07ae3d
--- /dev/null
+++ b/metadata/glsa/glsa-200405-04.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-04">
+  <title>OpenOffice.org vulnerability when using DAV servers</title>
+  <synopsis>
+    Several format string vulnerabilities are present in the Neon library
+    included in OpenOffice.org, allowing remote execution of arbitrary code
+    when connected to an untrusted WebDAV server.
+  </synopsis>
+  <product type="ebuild">openoffice</product>
+  <announced>2004-05-11</announced>
+  <revised count="02">2004-10-27</revised>
+  <bug>47926</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="x86">
+      <unaffected range="ge">1.1.1-r1</unaffected>
+      <vulnerable range="le">1.1.1</vulnerable>
+    </package>
+    <package name="app-office/openoffice" auto="yes" arch="ppc">
+      <unaffected range="ge">1.0.3-r2</unaffected>
+      <vulnerable range="le">1.0.3-r1</vulnerable>
+    </package>
+    <package name="app-office/openoffice" auto="yes" arch="sparc">
+      <unaffected range="ge">1.1.0-r4</unaffected>
+      <vulnerable range="le">1.1.0-r3</vulnerable>
+    </package>
+    <package name="app-office/openoffice-ximian" auto="yes" arch="*">
+      <unaffected range="ge">1.1.51-r1</unaffected>
+      <vulnerable range="le">1.1.51</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2</unaffected>
+      <vulnerable range="lt">1.1.2</vulnerable>
+    </package>
+    <package name="app-office/openoffice-ximian-bin" auto="no" arch="*">
+      <vulnerable range="le">1.1.52</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an office productivity suite, including word processing,
+    spreadsheets, presentations, drawings, data charting, formula editing, and
+    file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    OpenOffice.org includes code from the Neon library in functions related to
+    publication on WebDAV servers. This library is vulnerable to several format
+    string attacks.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    If you use the WebDAV publication and connect to a malicious WebDAV server,
+    this server can exploit these vulnerabilities to execute arbitrary code
+    with the rights of the user running OpenOffice.org.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    As a workaround, you should not use the WebDAV publication facilities.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    There is no Ximian OpenOffice.org binary version including the fix yet. All
+    users of the openoffice-ximian-bin package making use of the WebDAV
+    openoffice-ximian source-based package.
+    </p>
+    <p>
+    openoffice users on the x86 architecture should:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-office/openoffice-1.1.1-r1"
+    # emerge "&gt;=app-office/openoffice-1.1.1-r1"</code>
+    <p>
+    openoffice users on the sparc architecture should:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-office/openoffice-1.1.0-r3"
+    # emerge "&gt;=app-office/openoffice-1.1.0-r3"</code>
+    <p>
+    openoffice users on the ppc architecture should:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-office/openoffice-1.0.3-r1"
+    # emerge "&gt;=app-office/openoffice-1.0.3-r1"</code>
+    <p>
+    openoffice-ximian users should:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-office/openoffice-ximian-1.1.51-r1"
+    # emerge "&gt;=app-office/openoffice-ximian-1.1.51-r1"</code>
+    <p>
+    openoffice-bin users should:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-office/openoffice-bin-1.1.2"
+    # emerge "&gt;=app-office/openoffice-bin-1.1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-01.xml">Neon vulnerabilities (GLSA 200405-01)</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-05.xml b/metadata/glsa/glsa-200405-05.xml
new file mode 100644
index 000000000000..49db31a34aa7
--- /dev/null
+++ b/metadata/glsa/glsa-200405-05.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-05">
+  <title>Utempter symlink vulnerability</title>
+  <synopsis>
+    Utempter contains a vulnerability that may allow local users to overwrite
+    arbitrary files via a symlink attack.
+  </synopsis>
+  <product type="ebuild">utempter</product>
+  <announced>2004-05-13</announced>
+  <revised count="01">2004-05-13</revised>
+  <bug>49536</bug>
+  <access>local </access>
+  <affected>
+    <package name="sys-apps/utempter" auto="yes" arch="*">
+      <unaffected range="ge">0.5.5.4</unaffected>
+      <vulnerable range="lt">0.5.5.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Utempter is an application that allows non-privileged apps to write utmp
+    (login) info, which otherwise needs root access.
+    </p>
+  </background>
+  <description>
+    <p>
+    Utempter contains a vulnerability that may allow local users to overwrite
+    arbitrary files via a symlink attack.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This vulnerability may allow arbitrary files to be overwritten with root
+    privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to the latest available version of utempter.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of utempter should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=sys-apps/utempter-0.5.5.4"
+    # emerge "&gt;=sys-apps/utempter-0.5.5.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233">CAN-2004-0233</uri>
+  </references>
+  <metadata tag="submitter">
+    klieber
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-06.xml b/metadata/glsa/glsa-200405-06.xml
new file mode 100644
index 000000000000..fc45ddee794a
--- /dev/null
+++ b/metadata/glsa/glsa-200405-06.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-06">
+  <title>libpng denial of service vulnerability</title>
+  <synopsis>
+    A bug in the libpng library can be abused to crash programs making use of
+    that library to decode PNG images.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2004-05-14</announced>
+  <revised count="01">2004-05-14</revised>
+  <bug>49887</bug>
+  <access>remote </access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.5-r5</unaffected>
+      <vulnerable range="le">1.2.5-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is a standard library used to process PNG (Portable Network
+    Graphics) images.
+    </p>
+  </background>
+  <description>
+    <p>
+    libpng provides two functions (png_chunk_error and png_chunk_warning) for
+    default error and warning messages handling. These functions do not perform
+    proper bounds checking on the provided message, which is limited to 64
+    bytes. Programs linked against this library may crash when handling a
+    malicious PNG image.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This vulnerability could be used to crash various programs using the libpng
+    library, potentially resulting in a denial of service attack on vulnerable
+    daemon processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to the latest available version of libpng.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of libpng should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-libs/libpng-1.2.5-r5"
+    # emerge "&gt;=media-libs/libpng-1.2.5-r5"</code>
+    <p>
+    You should also run revdep-rebuild to rebuild any packages that depend on
+    older versions of libpng :
+    </p>
+    <code>
+    # revdep-rebuild</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421">CAN-2004-0421</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-07.xml b/metadata/glsa/glsa-200405-07.xml
new file mode 100644
index 000000000000..ca5e5f76aeb0
--- /dev/null
+++ b/metadata/glsa/glsa-200405-07.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-07">
+  <title>Exim verify=header_syntax buffer overflow</title>
+  <synopsis>
+    When the verify=header_syntax option is set, there is a buffer overflow in
+    Exim that allows remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Exim</product>
+  <announced>2004-05-14</announced>
+  <revised count="01">2004-05-14</revised>
+  <bug>50217</bug>
+  <access>remote </access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.33-r1</unaffected>
+      <vulnerable range="le">4.33</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Exim is an highly configurable message transfer agent (MTA) developed at
+    the University of Cambridge.
+    </p>
+  </background>
+  <description>
+    <p>
+    When the option "verify = header_syntax" is used in an ACL in the
+    configuration file, Exim is vulnerable to a buffer overflow attack that can
+    be triggered remotely by sending malicious headers in an email message.
+    Note that this option is not enabled in Exim's default configuration file.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    This vulnerability can be exploited to trigger a denial of service attack
+    and potentially execute arbitrary code with the rights of the user used by
+    the Exim daemon (by default this is the "mail" user in Gentoo Linux).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Make sure the verify=header_syntax option is not used in your exim.conf
+    file.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of Exim should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=mail-mta/exim-4.33-r1"
+    # emerge "&gt;=mail-mta/exim-4.33-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0400">CAN-2004-0400</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-08.xml b/metadata/glsa/glsa-200405-08.xml
new file mode 100644
index 000000000000..d092d90bc05c
--- /dev/null
+++ b/metadata/glsa/glsa-200405-08.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-08">
+  <title>Pound format string vulnerability</title>
+  <synopsis>
+    There is a format string flaw in Pound, allowing remote execution of
+    arbitrary code with the rights of the Pound process.
+  </synopsis>
+  <product type="ebuild">pound</product>
+  <announced>2004-05-18</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>50421</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/pound" auto="yes" arch="*">
+      <unaffected range="ge">1.6</unaffected>
+      <vulnerable range="le">1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pound is a reverse proxy, load balancer and HTTPS front-end. It allows
+    to distribute the load on several web servers and offers a SSL wrapper
+    for web servers that do not support SSL directly.
+    </p>
+  </background>
+  <description>
+    <p>
+    A format string flaw in the processing of syslog messages was
+    discovered and corrected in Pound.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    This flaw may allow remote execution of arbitrary code with the rights
+    of the Pound daemon process. By default, Gentoo uses the "nobody" user
+    to run the Pound daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to
+    upgrade to the latest available version of Pound.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of Pound should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-servers/pound-1.6"
+    # emerge "&gt;=www-servers/pound-1.6"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000">Pound announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2026">CVE-2004-2026</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-09.xml b/metadata/glsa/glsa-200405-09.xml
new file mode 100644
index 000000000000..30ae02d9ec1a
--- /dev/null
+++ b/metadata/glsa/glsa-200405-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-09">
+  <title>ProFTPD Access Control List bypass vulnerability</title>
+  <synopsis>
+    Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based
+    Access Control Lists (ACLs) to be treated as "AllowAll", thereby
+    allowing remote users full access to files available to the FTP daemon.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2004-05-19</announced>
+  <revised count="01">2004-05-19</revised>
+  <bug>49496</bug>
+  <access>remote </access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.2.9-r2</unaffected>
+      <vulnerable range="eq">1.2.9-r1</vulnerable>
+      <vulnerable range="eq">1.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ProFTPD is an FTP daemon.
+    </p>
+  </background>
+  <description>
+    <p>
+    ProFTPD 1.2.9 introduced a vulnerability that allows CIDR-based ACLs (such
+    as 10.0.0.1/24) to be bypassed. The CIDR ACLs are disregarded, with the net
+    effect being similar to an "AllowAll" directive.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    This vulnerability may allow unauthorized files, including critical system
+    files to be downloaded and/or modified, thereby allowing a potential remote
+    compromise of the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Users may work around the problem by avoiding use of CIDR-based ACLs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    ProFTPD users are encouraged to upgrade to the latest version of the
+    package:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-ftp/proftpd-1.2.9-r2"
+    # emerge "&gt;=net-ftp/proftpd-1.2.9-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0432">CAN-2004-0432</uri>
+  </references>
+  <metadata tag="submitter">
+    klieber
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-10.xml b/metadata/glsa/glsa-200405-10.xml
new file mode 100644
index 000000000000..94f49fc1e46a
--- /dev/null
+++ b/metadata/glsa/glsa-200405-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-10">
+  <title>Icecast denial of service vulnerability</title>
+  <synopsis>
+    Icecast is vulnerable to a denial of service attack allowing remote users
+    to crash the application.
+  </synopsis>
+  <product type="ebuild">icecast</product>
+  <announced>2004-05-19</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>50935</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/icecast" auto="yes" arch="*">
+      <unaffected range="ge">2.0.1</unaffected>
+      <vulnerable range="le">2.0.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Icecast is a program that streams audio data to listeners over the
+    Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is an out-of-bounds read error in the web interface of Icecast
+    when handling Basic Authorization requests. This vulnerability can
+    theorically be exploited by sending a specially crafted Authorization
+    header to the server.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By exploiting this vulnerability, it is possible to crash the Icecast
+    server remotely, resulting in a denial of service attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to
+    upgrade to the latest available version of Icecast.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of Icecast should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/icecast-2.0.1"
+    # emerge "&gt;=net-misc/icecast-2.0.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.xiph.org/archives/icecast/7144.html">Icecast 2.0.1 announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2027">CVE-2004-2027</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-11.xml b/metadata/glsa/glsa-200405-11.xml
new file mode 100644
index 000000000000..ef08f85a9fb3
--- /dev/null
+++ b/metadata/glsa/glsa-200405-11.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-11">
+  <title>KDE URI Handler Vulnerabilities</title>
+  <synopsis>
+    Vulnerabilities in KDE URI handlers makes your system vulnerable to various
+    attacks.
+  </synopsis>
+  <product type="ebuild">kdelibs</product>
+  <announced>2004-05-19</announced>
+  <revised count="01">2004-05-19</revised>
+  <bug>51276</bug>
+  <access>remote </access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.2.2-r1</unaffected>
+      <unaffected range="eq">3.1.5-r1</unaffected>
+      <vulnerable range="le">3.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The K Desktop Environment (KDE) is a powerful Free Software graphical
+    desktop environment. KDE makes use of URI handlers to trigger various
+    programs when specific URLs are received.
+    </p>
+  </background>
+  <description>
+    <p>
+    The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-'
+    at the beginning of the hostname passed. By crafting a malicious URI and
+    entice an user to click on it, it is possible to pass an option to the
+    programs started by the handlers (typically telnet, kmail...).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If the attacker controls the options passed to the URI handling programs,
+    it becomes possible for example to overwrite arbitrary files (possibly
+    leading to denial of service), to open kmail on an attacker-controlled
+    remote display or with an alternate configuration file (possibly leading to
+    control of the user account).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to a corrected version of kdelibs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users of KDE 3.1 should upgrade to the corrected version of kdelibs:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "=kde-base/kdelibs-3.1.5-r1"
+    # emerge "=kde-base/kdelibs-3.1.5-r1"</code>
+    <p>
+    Users of KDE 3.2 should upgrade to the latest available version of kdelibs:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=kde-base/kdelibs-3.2.2-r1"
+    # emerge "&gt;=kde-base/kdelibs-3.2.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411">CAN-2004-0411</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-12.xml b/metadata/glsa/glsa-200405-12.xml
new file mode 100644
index 000000000000..47d6f3e0f5a5
--- /dev/null
+++ b/metadata/glsa/glsa-200405-12.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-12">
+  <title>CVS heap overflow vulnerability</title>
+  <synopsis>
+    CVS is subject to a heap overflow vulnerability allowing source repository
+    compromise.
+  </synopsis>
+  <product type="ebuild">cvs</product>
+  <announced>2004-05-20</announced>
+  <revised count="01">2004-05-20</revised>
+  <bug>51460</bug>
+  <access>remote </access>
+  <affected>
+    <package name="dev-util/cvs" auto="yes" arch="*">
+      <unaffected range="ge">1.11.16</unaffected>
+      <vulnerable range="le">1.11.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CVS (Concurrent Versions System) is an open-source network-transparent
+    version control system. It contains both a client utility and a server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser discovered a heap overflow in the CVS server, which can be
+    triggered by sending malicious "Entry" lines and manipulating the flags
+    related to that Entry. This vulnerability was proven to be exploitable.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can execute arbitrary code on the CVS server, with the
+    rights of the CVS server. By default, Gentoo uses the "cvs" user to run the
+    CVS server. In particular, this flaw allows a complete compromise of CVS
+    source repositories. If you're not running a server, then you are not
+    vulnerable.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to the latest available version of CVS.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users running a CVS server should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-util/cvs-1.11.16"
+    # emerge "&gt;=dev-util/cvs-1.11.16"</code>
+  </resolution>
+  <references>
+    <uri link="http://security.e-matters.de/advisories/072004.html">E-matters advisory 07/2004</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396">CAN-2004-0396</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-13.xml b/metadata/glsa/glsa-200405-13.xml
new file mode 100644
index 000000000000..ae8207774b12
--- /dev/null
+++ b/metadata/glsa/glsa-200405-13.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-13">
+  <title>neon heap-based buffer overflow</title>
+  <synopsis>
+    A vulnerability potentially allowing remote execution of arbitrary code has
+    been discovered in the neon library.
+  </synopsis>
+  <product type="ebuild">neon</product>
+  <announced>2004-05-20</announced>
+  <revised count="01">2004-05-20</revised>
+  <bug>51490</bug>
+  <access>remote </access>
+  <affected>
+    <package name="net-misc/neon" auto="yes" arch="*">
+      <unaffected range="ge">0.24.6</unaffected>
+      <vulnerable range="le">0.24.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    neon provides an HTTP and WebDAV client library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser discovered a vulnerability in the code of the neon library :
+    if a malicious date string is passed to the ne_rfc1036_parse() function, it
+    can trigger a string overflow into static heap variables.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Depending on the application linked against libneon and when connected to a
+    malicious WebDAV server, this vulnerability could allow execution of
+    arbitrary code with the rights of the user running that application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to the latest available version of neon.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of neon should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-misc/neon-0.24.6"
+    # emerge "&gt;=net-misc/neon-0.24.6"</code>
+  </resolution>
+  <references>
+    <uri link="http://security.e-matters.de/advisories/062004.html">E-matters advisory 06/2004</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398">CAN-2004-0398</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-14.xml b/metadata/glsa/glsa-200405-14.xml
new file mode 100644
index 000000000000..77f806fb3b3d
--- /dev/null
+++ b/metadata/glsa/glsa-200405-14.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-14">
+  <title>Buffer overflow in Subversion</title>
+  <synopsis>
+    There is a vulnerability in the Subversion date parsing code which may lead
+    to denial of service attacks, or execution of arbitrary code. Both the
+    client and server are vulnerable.
+  </synopsis>
+  <product type="ebuild">subversion</product>
+  <announced>2004-05-20</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>51462</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="le">1.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Subversion is a version control system intended to eventually replace
+    CVS. Like CVS, it has an optional client-server architecture (where the
+    server can be an Apache server running mod_svn, or an ssh program as in
+    CVS's :ext: method). In addition to supporting the features found in
+    CVS, Subversion also provides support for moving and copying files and
+    directories.
+    </p>
+  </background>
+  <description>
+    <p>
+    All releases of Subversion prior to 1.0.3 have a vulnerability in the
+    date-parsing code. This vulnerability may allow denial of service or
+    arbitrary code execution as the Subversion user. Both the client and
+    server are vulnerable, and write access is NOT required to the server's
+    repository.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    All servers and clients are vulnerable. Specifically, clients that
+    allow other users to write to administrative files in a working copy
+    may be exploited. Additionally all servers (whether they are httpd/DAV
+    or svnserve) are vulnerable. Write access to the server is not
+    required; public read-only Subversion servers are also exploitable.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Subversion users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-util/subversion-1.0.3"
+    # emerge "&gt;=dev-util/subversion-1.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://subversion.tigris.org/servlets/ReadMsg?list=announce&amp;msgNo=125">Subversion Announcement</uri>
+    <uri link="http://security.e-matters.de/advisories/082004.html">E-Matters Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397">CVE-2004-0397</uri>
+  </references>
+  <metadata tag="submitter">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-15.xml b/metadata/glsa/glsa-200405-15.xml
new file mode 100644
index 000000000000..5cf103c4ab89
--- /dev/null
+++ b/metadata/glsa/glsa-200405-15.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-15">
+  <title>cadaver heap-based buffer overflow</title>
+  <synopsis>
+    There is a heap-based buffer overflow vulnerability in the neon library
+    used in cadaver, possibly leading to execution of arbitrary code when
+    connected to a malicious server.
+  </synopsis>
+  <product type="ebuild">cadaver</product>
+  <announced>2004-05-20</announced>
+  <revised count="01">2004-05-20</revised>
+  <bug>51461</bug>
+  <access>remote </access>
+  <affected>
+    <package name="net-misc/cadaver" auto="yes" arch="*">
+      <unaffected range="ge">0.22.2</unaffected>
+      <vulnerable range="le">0.22.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cadaver is a command-line WebDAV client.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser discovered a vulnerability in the code of the neon library
+    (see GLSA 200405-13). This library is also included in cadaver.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    When connected to a malicious WebDAV server, this vulnerability could allow
+    remote execution of arbitrary code with the rights of the user running
+    cadaver.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to the latest available version of cadaver.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of cadaver should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-misc/cadaver-0.22.2"
+    # emerge "&gt;=net-misc/cadaver-0.22.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398">CAN-2004-0398</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-16.xml b/metadata/glsa/glsa-200405-16.xml
new file mode 100644
index 000000000000..e447645a74a1
--- /dev/null
+++ b/metadata/glsa/glsa-200405-16.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-16">
+  <title>Multiple XSS Vulnerabilities in SquirrelMail</title>
+  <synopsis>
+    SquirrelMail is subject to several XSS and one SQL injection vulnerability.
+  </synopsis>
+  <product type="ebuild">SquirrelMail</product>
+  <announced>2004-05-25</announced>
+  <revised count="04">2006-05-27</revised>
+  <bug>49675</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3_rc1</unaffected>
+      <vulnerable range="lt">1.4.3_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SquirrelMail is a webmail package written in PHP. It supports IMAP and
+    SMTP, and can optionally be installed with SQL support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several unspecified cross-site scripting (XSS) vulnerabilities and a
+    well hidden SQL injection vulnerability were found. An XSS attack
+    allows an attacker to insert malicious code into a web-based
+    application. SquirrelMail does not check for code when parsing
+    variables received via the URL query string.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    One of the XSS vulnerabilities could be exploited by an attacker to
+    steal cookie-based authentication credentials from the user's browser.
+    The SQL injection issue could potentially be used by an attacker to run
+    arbitrary SQL commands inside the SquirrelMail database with privileges
+    of the SquirrelMail database user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to
+    upgrade to version 1.4.3_rc1 or higher of SquirrelMail.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SquirrelMail users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=mail-client/squirrelmail-1.4.3_rc1"
+    # emerge "&gt;=mail-client/squirrelmail-1.4.3_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/mailarchive/forum.php?thread_id=4199060&amp;forum_id=1988">SquirrelMail 1.4.3_rc1 release annoucement</uri>
+    <uri link="http://www.securityfocus.com/bid/10246/">Bugtraq security annoucement</uri>
+    <uri link="https://www.cert.org/advisories/CA-2000-02.html">CERT description of XSS</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0519">CVE-2004-0519</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0521">CVE-2004-0521</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-17.xml b/metadata/glsa/glsa-200405-17.xml
new file mode 100644
index 000000000000..9eff948cbf1c
--- /dev/null
+++ b/metadata/glsa/glsa-200405-17.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-17">
+  <title>Multiple vulnerabilities in metamail</title>
+  <synopsis>
+    Several format string bugs and buffer overflows were discovered in
+    metamail, potentially allowing execution of arbitrary code remotely.
+  </synopsis>
+  <product type="ebuild">metamail</product>
+  <announced>2004-05-21</announced>
+  <revised count="01">2004-05-21</revised>
+  <bug>42133</bug>
+  <access>remote </access>
+  <affected>
+    <package name="net-mail/metamail" auto="yes" arch="*">
+      <unaffected range="ge">2.7.45.3</unaffected>
+      <vulnerable range="lt">2.7.45.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Metamail is a program that decodes MIME encoded mail. It is therefore often
+    automatically called when an email is received or read.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar found two format string bugs and two buffer overflow bugs in
+    Metamail.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a malicious email message and execute
+    arbitrary code with the rights of the process calling the Metamail program.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of Metamail should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-mail/metamail-2.7.45.3"
+    # emerge "&gt;=net-mail/metamail-2.7.45.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104">CAN-2004-0104</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105">CAN-2004-0105</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-18.xml b/metadata/glsa/glsa-200405-18.xml
new file mode 100644
index 000000000000..993fc4a0d592
--- /dev/null
+++ b/metadata/glsa/glsa-200405-18.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-18">
+  <title>Buffer Overflow in Firebird</title>
+  <synopsis>
+    A buffer overflow via environmental variables in Firebird may allow a local
+    user to manipulate or destroy local databases and trojan the Firebird
+    binaries.
+  </synopsis>
+  <product type="ebuild">firebird</product>
+  <announced>2004-05-23</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>20837</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-db/firebird" auto="yes" arch="*">
+      <unaffected range="ge">1.5</unaffected>
+      <vulnerable range="lt">1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Firebird is an open source relational database that runs on Linux,
+    Windows, and various UNIX systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow exists in three Firebird binaries (gds_inet_server,
+    gds_lock_mgr, and gds_drop) that is exploitable by setting a large
+    value to the INTERBASE environment variable.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could control program execution, allowing privilege
+    escalation to the UID of Firebird, full access to Firebird databases,
+    and trojaning the Firebird binaries. An attacker could use this to
+    compromise other user or root accounts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest version of Firebird:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-db/firebird-1.5"
+    # emerge "&gt;=dev-db/firebird-1.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://securityfocus.com/bid/7546/info/">Bugtraq Security Announcement</uri>
+    <uri link=" https://sourceforge.net/tracker/?group_id=9028&amp;atid=109028&amp;func=detail&amp;aid=739480">Sourceforge BugTracker Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0281">CVE-2003-0281</uri>
+  </references>
+  <metadata tag="submitter">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-19.xml b/metadata/glsa/glsa-200405-19.xml
new file mode 100644
index 000000000000..0e2f2535748d
--- /dev/null
+++ b/metadata/glsa/glsa-200405-19.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-19">
+  <title>Opera telnet URI handler file creation/truncation vulnerability</title>
+  <synopsis>
+    A vulnerability exists in Opera's telnet URI handler that may allow a
+    remote attacker to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2004-05-25</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>50857</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">7.50_beta1</unaffected>
+      <vulnerable range="lt">7.50_beta1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    The telnet URI handler in Opera does not check for leading '-'
+    characters in the host name. Consequently, a maliciously-crafted
+    telnet:// link may be able to pass options to the telnet program
+    itself. One example would be the following:
+    </p>
+    <p>
+    telnet://-nMyFile
+    </p>
+    <p>
+    If MyFile exists in the user's home directory and the user clicking on
+    the link has write permissions to it, the contents of the file will be
+    overwritten with the output of the telnet trace information. If MyFile
+    does not exist, the file will be created in the user's home directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This exploit has two possible impacts. First, it may create new files
+    in the user's home directory. Second, and far more serious, it may
+    overwrite existing files that the user has write permissions to. An
+    attacker with some knowledge of a user's home directory might be able
+    to destroy important files stored within.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the telnet URI handler from within Opera.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users are encouraged to upgrade to the latest version of the
+    program:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-client/opera-7.50_beta1"
+    # emerge "&gt;=www-client/opera-7.50_beta1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=104&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Security Advisory 05.12.04</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0473">CVE-2004-0473</uri>
+  </references>
+  <metadata tag="submitter">
+    klieber
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-20.xml b/metadata/glsa/glsa-200405-20.xml
new file mode 100644
index 000000000000..880c01beb54a
--- /dev/null
+++ b/metadata/glsa/glsa-200405-20.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-20">
+  <title>Insecure Temporary File Creation In MySQL</title>
+  <synopsis>
+    Two MySQL utilities create temporary files with hardcoded paths, allowing
+    an attacker to use a symlink to trick MySQL into overwriting important
+    data.
+  </synopsis>
+  <product type="ebuild">MySQL</product>
+  <announced>2004-05-25</announced>
+  <revised count="01">2004-05-25</revised>
+  <bug>46242</bug>
+  <access>local </access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">4.0.18-r2</unaffected>
+      <vulnerable range="lt">4.0.18-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular open-source multi-threaded, multi-user SQL database
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    The MySQL bug reporting utility (mysqlbug) creates a temporary file to log
+    bug reports to. A malicious local user with write access to the /tmp
+    directory could create a symbolic link of the name mysqlbug-<i>N</i>
+    pointing to a protected file, such as /etc/passwd, such that when mysqlbug
+    creates the <i>N</i>th log file, it would end up overwriting the target
+    file. A similar vulnerability exists with the mysql_multi utility, which
+    creates a temporary file called mysql_multi.log.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Since mysql_multi runs as root, a local attacker could use this to destroy
+    any other users' data or corrupt and destroy system files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    One could modify both scripts to log to a directory that users do not have
+    write permission to, such as /var/log/mysql/.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest stable version of MySQL.
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-db/mysql-4.0.18-r2"
+    # emerge "&gt;=dev-db/mysql-4.0.18-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381">CAN-2004-0381</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388">CAN-2004-0388</uri>
+  </references>
+  <metadata tag="submitter">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-21.xml b/metadata/glsa/glsa-200405-21.xml
new file mode 100644
index 000000000000..bbcfcb9687bc
--- /dev/null
+++ b/metadata/glsa/glsa-200405-21.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-21">
+  <title>Midnight Commander: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple security issues have been discovered in Midnight Commander
+    including several buffer overflows and string format vulnerabilities.
+  </synopsis>
+  <product type="ebuild">MC</product>
+  <announced>2004-05-26</announced>
+  <revised count="01">2004-05-26</revised>
+  <bug>49990</bug>
+  <access>local </access>
+  <affected>
+    <package name="app-misc/mc" auto="yes" arch="*">
+      <unaffected range="ge">4.6.0-r7</unaffected>
+      <vulnerable range="le">4.6.0-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Midnight Commander is a visual console file manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    Numerous security issues have been discovered in Midnight Commander,
+    including several buffer overflow vulnerabilities, multiple vulnerabilities
+    in the handling of temporary file and directory creation, and multiple
+    format string vulnerabilities.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The buffer overflows and format string vulnerabilities may allow attackers
+    to cause a denial of service or execute arbitrary code with permissions of
+    the user running MC. The insecure creation of temporary files and
+    directories could lead to a privilege escalation, including root
+    privileges, for a local attacker.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to version 4.6.0-r7 or higher of Midnight Commander.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Midnight Commander users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-misc/mc-4.6.0-r7
+    # emerge "&gt;=app-misc/mc-4.6.0-r7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226">CAN-2004-0226</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231">CAN-2004-0231</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232">CAN-2004-0232</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-22.xml b/metadata/glsa/glsa-200405-22.xml
new file mode 100644
index 000000000000..c8519fbe2962
--- /dev/null
+++ b/metadata/glsa/glsa-200405-22.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-22">
+  <title>Apache 1.3: Multiple vulnerabilities</title>
+  <synopsis>
+    Several security vulnerabilities have been fixed in the latest release of
+    Apache 1.3.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2004-05-26</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>51815</bug>
+  <access>remote </access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">1.3.31</unaffected>
+      <vulnerable range="lt">1.3.31</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP Server Project is an effort to develop and maintain an
+    open-source HTTP server for modern operating systems. The goal of this
+    project is to provide a secure, efficient and extensible server that
+    provides services in tune with the current HTTP standards.
+    </p>
+  </background>
+  <description>
+    <p>
+    On 64-bit big-endian platforms, mod_access does not properly parse
+    Allow/Deny rules using IP addresses without a netmask which could result in
+    failure to match certain IP addresses.
+    </p>
+    <p>
+    Terminal escape sequences are not filtered from error logs. This could be
+    used by an attacker to insert escape sequences into a terminal emulater
+    vulnerable to escape sequences.
+    </p>
+    <p>
+    mod_digest does not properly verify the nonce of a client response by using
+    a AuthNonce secret. This could permit an attacker to replay the response of
+    another website. This does not affect mod_auth_digest.
+    </p>
+    <p>
+    On certain platforms there is a starvation issue where listening sockets
+    fails to handle short-lived connection on a rarely-accessed listening
+    socket. This causes the child to hold the accept mutex and block out new
+    connections until another connection arrives on the same rarely-accessed
+    listening socket thus leading to a denial of service.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities could lead to attackers bypassing intended access
+    restrictions, denial of service, and possibly execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest stable version of Apache 1.3.
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-servers/apache-1.3.31"
+    # emerge "&gt;=www-servers/apache-1.3.31"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993">CAN-2003-0993</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-23.xml b/metadata/glsa/glsa-200405-23.xml
new file mode 100644
index 000000000000..ada0d684e753
--- /dev/null
+++ b/metadata/glsa/glsa-200405-23.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-23">
+  <title>Heimdal: Kerberos 4 buffer overflow in kadmin</title>
+  <synopsis>
+    A possible buffer overflow in the Kerberos 4 component of Heimdal has been
+    discovered.
+  </synopsis>
+  <product type="ebuild">Heimdal</product>
+  <announced>2004-05-27</announced>
+  <revised count="01">2004-05-27</revised>
+  <bug>50208</bug>
+  <access>remote </access>
+  <affected>
+    <package name="app-crypt/heimdal" auto="yes" arch="*">
+      <unaffected range="ge">0.6.2</unaffected>
+      <vulnerable range="lt">0.6.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heimdal is a free implementation of Kerberos.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow was discovered in kadmind, a server for administrative
+    access to the Kerberos database.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a specially formatted message to kadmind, a remote attacker may
+    be able to crash kadmind causing a denial of service, or execute arbitrary
+    code with the permissions of the kadmind process.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For a temporary workaround, providing you do not require Kerberos 4
+    support, you may turn off Kerberos 4 kadmin by running kadmind with the
+    --no-kerberos4 option.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Heimdal users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-crypt/heimdal-0.6.2"
+    # emerge "&gt;=app-crypt/heimdal-0.6.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.pdc.kth.se/heimdal/advisory/2004-05-06/">Heimdal 0.6.2 Release Notice</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0434">CAN-2004-0434</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-24.xml b/metadata/glsa/glsa-200405-24.xml
new file mode 100644
index 000000000000..bef6d315dcdd
--- /dev/null
+++ b/metadata/glsa/glsa-200405-24.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-24">
+  <title>MPlayer, xine-lib: vulnerabilities in RTSP stream handling</title>
+  <synopsis>
+    Multiple vulnerabilities, including remotely exploitable buffer overflows,
+    have been found in code common to MPlayer and the xine library.
+  </synopsis>
+  <product type="ebuild">mplayer</product>
+  <announced>2004-05-28</announced>
+  <revised count="01">2004-05-28</revised>
+  <bug>49387</bug>
+  <access>remote </access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_pre4</unaffected>
+      <unaffected range="le">0.92-r1</unaffected>
+      <vulnerable range="lt">1.0_pre4</vulnerable>
+    </package>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1_rc4</unaffected>
+      <unaffected range="le">0.9.13-r3</unaffected>
+      <vulnerable range="lt">1_rc4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a movie player capable of handling multiple multimedia file
+    formats. xine-lib is a multimedia player library used by several graphical
+    user interfaces, including xine-ui. They both use the same code to handle
+    Real-Time Streaming Protocol (RTSP) streams from RealNetworks servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been found and fixed in the RTSP handling
+    code common to recent versions of these two packages. These vulnerabilities
+    include several remotely exploitable buffer overflows.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker, posing as a RTSP stream server, can execute arbitrary
+    code with the rights of the user of the software playing the stream
+    (MPlayer or any player using xine-lib). Another attacker may entice a user
+    to use a maliciously crafted URL or playlist to achieve the same results.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For MPlayer, there is no known workaround at this time. For xine-lib, you
+    can delete the xineplug_inp_rtsp.so file.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to non-vulnerable versions of MPlayer and
+    xine-lib:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-video/mplayer-1.0_pre4"
+    # emerge "&gt;=media-video/mplayer-1.0_pre4"
+
+    # emerge -pv "&gt;=media-libs/xine-lib-1_rc4"
+    # emerge "&gt;=media-libs/xine-lib-1_rc4"</code>
+  </resolution>
+  <references>
+    <uri link="http://xinehq.de/index.php/security/XSA-2004-3">Xine security advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0433">CAN-2004-0433</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200405-25.xml b/metadata/glsa/glsa-200405-25.xml
new file mode 100644
index 000000000000..c9fc4e0d5a03
--- /dev/null
+++ b/metadata/glsa/glsa-200405-25.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-25">
+  <title>tla: Multiple vulnerabilities in included libneon</title>
+  <synopsis>
+    tla includes a vulnerable version of the neon library.
+  </synopsis>
+  <product type="ebuild">tla</product>
+  <announced>2004-05-30</announced>
+  <revised count="02">2004-06-02</revised>
+  <bug>51586</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/tla" auto="yes" arch="*">
+      <unaffected range="ge">1.2-r2</unaffected>
+      <vulnerable range="le">1.2-r1</vulnerable>
+      <vulnerable range="eq">1.2.1_pre1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Arch (tla) is a revision control system suited for widely distributed
+    development.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple format string vulnerabilities and a heap overflow vulnerability
+    were discovered in the code of the neon library (GLSA 200405-01 and
+    200405-13). Current versions of the tla package include their own version
+    of this library.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    When connected to a malicious WebDAV server, these vulnerabilities could
+    allow execution of arbitrary code with the rights of the user running tla.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of tla should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-util/tla-1.2-r2"
+    # emerge "&gt;=dev-util/tla-1.2-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-01.xml">GLSA 200405-01</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-01.xml b/metadata/glsa/glsa-200406-01.xml
new file mode 100644
index 000000000000..15770adf4dfd
--- /dev/null
+++ b/metadata/glsa/glsa-200406-01.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-01">
+  <title>Ethereal: Multiple security problems</title>
+  <synopsis>
+    Multiple vulnerabilities including one buffer overflow exist in Ethereal,
+    which may allow an attacker to run arbitrary code or crash the program.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2004-06-04</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>51022</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.4</unaffected>
+      <vulnerable range="le">0.10.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are multiple vulnerabilities in versions of Ethereal earlier than
+    0.10.4, including:
+    </p>
+    <ul>
+    <li>A buffer overflow in the MMSE dissector.</li>
+    <li>Under specific conditions a SIP packet could make Ethereal
+    crash.</li>
+    <li>The AIM dissector could throw an assertion, causing Ethereal to
+    crash.</li>
+    <li>The SPNEGO dissector could dereference a null pointer, causing a
+    crash.</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could use these vulnerabilities to crash Ethereal or even
+    execute arbitrary code with the permissions of the user running
+    Ethereal, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For a temporary workaround you can disable all affected protocol
+    dissectors by selecting Analyze-&gt;Enabled Protocols... and deselecting
+    them from the list. However, it is strongly recommended to upgrade to
+    the latest stable release.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-analyzer/ethereal-0.10.4"
+    # emerge "&gt;=net-analyzer/ethereal-0.10.4"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00014.html">Ethereal enpa-sa-00014</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0504">CVE-2004-0504</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0505">CVE-2004-0505</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0506">CVE-2004-0506</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0507">CVE-2004-0507</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-02.xml b/metadata/glsa/glsa-200406-02.xml
new file mode 100644
index 000000000000..e769d94788c1
--- /dev/null
+++ b/metadata/glsa/glsa-200406-02.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-02">
+  <title>tripwire: Format string vulnerability</title>
+  <synopsis>
+    A vulnerability allowing arbitrary code execution under certain
+    circumstances has been found.
+  </synopsis>
+  <product type="ebuild">tripwire</product>
+  <announced>2004-06-04</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>52945</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/tripwire" auto="yes" arch="*">
+      <unaffected range="ge">2.3.1.2-r1</unaffected>
+      <vulnerable range="le">2.3.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    tripwire is an open source file integrity checker.
+    </p>
+  </background>
+  <description>
+    <p>
+    The code that generates email reports contains a format string
+    vulnerability in pipedmailmessage.cpp.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    With a carefully crafted filename on a local filesystem an attacker
+    could cause execution of arbitrary code with permissions of the user
+    running tripwire, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All tripwire users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-admin/tripwire-2.3.1.2-r1"
+    # emerge "&gt;=app-admin/tripwire-2.3.1.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/365036/2004-05-31/2004-06-06/0">Bugtraq Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0536">CVE-2004-0536</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-03.xml b/metadata/glsa/glsa-200406-03.xml
new file mode 100644
index 000000000000..c6b5509e8437
--- /dev/null
+++ b/metadata/glsa/glsa-200406-03.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-03">
+  <title>sitecopy: Multiple vulnerabilities in included libneon</title>
+  <synopsis>
+    sitecopy includes a vulnerable version of the neon library.
+  </synopsis>
+  <product type="ebuild">sitecopy</product>
+  <announced>2004-06-05</announced>
+  <revised count="04">2004-08-15</revised>
+  <bug>51585</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/sitecopy" auto="yes" arch="*">
+      <unaffected range="ge">0.13.4-r2</unaffected>
+      <vulnerable range="le">0.13.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sitecopy easily maintains remote websites. It makes it simple to keep a
+    remote site synchronized with the local site with one command.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple format string vulnerabilities and a heap overflow vulnerability
+    were discovered in the code of the neon library (GLSA 200405-01 and
+    200405-13). Current versions of the sitecopy package include their own
+    version of this library.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    When connected to a malicious WebDAV server, these vulnerabilities could
+    allow execution of arbitrary code with the rights of the user running
+    sitecopy.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of sitecopy.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sitecopy users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-misc/sitecopy-0.13.4-r2"
+    # emerge "&gt;=net-misc/sitecopy-0.13.4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-01.xml">GLSA 200405-01</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-04.xml b/metadata/glsa/glsa-200406-04.xml
new file mode 100644
index 000000000000..417f0605ee3e
--- /dev/null
+++ b/metadata/glsa/glsa-200406-04.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-04">
+  <title>Mailman: Member password disclosure vulnerability</title>
+  <synopsis>
+    Mailman contains a bug allowing 3rd parties to retrieve member passwords.
+  </synopsis>
+  <product type="ebuild">mailman</product>
+  <announced>2004-06-09</announced>
+  <revised count="01">2004-06-09</revised>
+  <bug>51671</bug>
+  <access>remote  </access>
+  <affected>
+    <package name="net-mail/mailman" auto="yes" arch="*">
+      <unaffected range="ge">2.1.5</unaffected>
+      <vulnerable range="lt">2.1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mailman is a python-based mailing list server with an extensive web
+    interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mailman contains an unspecified vulnerability in the handling of request
+    emails.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a carefully crafted email request to the mailman server an
+    attacker could obtain member passwords.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of Mailman should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-mail/mailman-2.1.5"
+    # emerge "&gt;=net-mail/mailman-2.1.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://mail.python.org/pipermail/mailman-announce/2004-May/000072.html">Mailman 2.1.5 Release Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412">CAN-2004-0412</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-05.xml b/metadata/glsa/glsa-200406-05.xml
new file mode 100644
index 000000000000..16b60a7b66b7
--- /dev/null
+++ b/metadata/glsa/glsa-200406-05.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-05">
+  <title>Apache: Buffer overflow in mod_ssl</title>
+  <synopsis>
+    A bug in mod_ssl may allow a remote attacker to execute remote code when
+    Apache is configured a certain way.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2004-06-09</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>51368</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-www/mod_ssl" auto="yes" arch="*">
+      <unaffected range="ge">2.8.18</unaffected>
+      <vulnerable range="lt">2.8.18</vulnerable>
+    </package>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="lt">2.0</unaffected>
+      <unaffected range="ge">2.0.49-r3</unaffected>
+      <vulnerable range="le">2.0.49-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Apache is the most popular Web server on the Internet. mod_ssl provides
+    Secure Sockets Layer encryption and authentication to Apache 1.3. Apache 2
+    contains the functionality of mod_ssl.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in the function ssl_util_uuencode_binary in ssl_util.c may lead to a
+    remote buffer overflow on a server configured to use FakeBasicAuth that
+    will trust a client certificate with an issuing CA with a subject DN longer
+    than 6k.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Given the right server configuration, an attacker could cause a Denial of
+    Service or execute code as the user running Apache, usually
+    "apache". It is thought to be impossible to exploit this to
+    execute code on the x86 platform, but the possibility for other platforms
+    is unknown. This does not preclude a DoS on x86 systems.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A server should not be vulnerable if it is not configured to use
+    FakeBasicAuth and to trust a client CA with a long subject DN.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Apache 1.x users should upgrade to the latest version of mod_ssl:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-www/mod_ssl-2.8.18"
+    # emerge "&gt;=net-www/mod_ssl-2.8.18"</code>
+    <p>
+    Apache 2.x users should upgrade to the latest version of Apache:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-servers/apache-2.0.49-r3"
+    # emerge "&gt;=www-servers/apache-2.0.49-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</uri>
+  </references>
+  <metadata tag="submitter">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-06.xml b/metadata/glsa/glsa-200406-06.xml
new file mode 100644
index 000000000000..0f441030e6c6
--- /dev/null
+++ b/metadata/glsa/glsa-200406-06.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-06">
+  <title>CVS: additional DoS and arbitrary code execution vulnerabilities</title>
+  <synopsis>
+    Several serious new vulnerabilities have been found in CVS, which may allow
+    an attacker to remotely compromise a CVS server.
+  </synopsis>
+  <product type="ebuild">CVS</product>
+  <announced>2004-06-10</announced>
+  <revised count="01">2004-06-10</revised>
+  <bug>53408</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/cvs" auto="yes" arch="*">
+      <unaffected range="ge">1.11.17</unaffected>
+      <vulnerable range="le">1.11.16-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CVS (Concurrent Versions System) is an open-source network-transparent
+    version control system. It contains both a client utility and a server.
+    </p>
+  </background>
+  <description>
+    <p>
+    A team audit of the CVS source code performed by Stefan Esser and Sebastian
+    Krahmer resulted in the discovery of several remotely exploitable
+    vulnerabilities including:
+    </p>
+    <ul>
+    <li>no-null-termination of "Entry" lines</li>
+    <li>error_prog_name "double-free()"</li>
+    <li>Argument integer overflow</li>
+    <li>serve_notify() out of bounds writes</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could use these vulnerabilities to cause a Denial of Service or
+    execute arbitrary code with the permissions of the user running cvs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are advised to upgrade
+    to the latest available version of CVS.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CVS users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-util/cvs-1.11.17"
+    # emerge "&gt;=dev-util/cvs-1.11.17"</code>
+  </resolution>
+  <references>
+    <uri link="http://security.e-matters.de/advisories/092004.html">E-matters Advisory 09/2004</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414">CAN-2004-0414</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416">CAN-2004-0416</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417">CAN-2004-0417</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418">CAN-2004-0418</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-07.xml b/metadata/glsa/glsa-200406-07.xml
new file mode 100644
index 000000000000..c8dcea56c14b
--- /dev/null
+++ b/metadata/glsa/glsa-200406-07.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-07">
+  <title>Subversion: Remote heap overflow</title>
+  <synopsis>
+    Subversion is vulnerable to a remote Denial of Service that may be
+    exploitable to execute arbitrary code on the server running svnserve.
+  </synopsis>
+  <product type="ebuild">dev-util/subversion</product>
+  <announced>2004-06-10</announced>
+  <revised count="01">2004-06-10</revised>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4-r1</unaffected>
+      <vulnerable range="le">1.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Subversion is a revision control system that aims to be a "compelling
+    replacement for CVS". It enjoys wide use in the open source community.
+    svnserve allows access to Subversion repositories using URIs with the
+    svn://, svn+ssh://, and other tunelled svn+*:// protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    The svn protocol parser trusts the indicated length of a URI string sent by
+    a client. This allows a client to specify a very long string, thereby
+    causing svnserve to allocate enough memory to hold that string. This may
+    cause a Denial of Service. Alternately, given a string that causes an
+    integer overflow in the variable holding the string length, the server
+    might allocate less memory than required, allowing a heap overflow. This
+    heap overflow may then be exploitable, allowing remote code execution. The
+    attacker does not need read or write access to the Subversion repository
+    being served, since even un-authenticated users can send svn protocol
+    requests.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Ranges from remote Denial of Service to potential arbitrary code execution
+    with privileges of the svnserve process.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Servers without svnserve running are not vulnerable. Disable svnserve and
+    use DAV for access instead.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest version of Subversion.
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-util/subversion-1.0.4-r1"
+    # emerge "&gt;=dev-util/subversion-1.0.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0413">CAN-2004-0413</uri>
+  </references>
+  <metadata tag="submitter">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-08.xml b/metadata/glsa/glsa-200406-08.xml
new file mode 100644
index 000000000000..5a11f07033b5
--- /dev/null
+++ b/metadata/glsa/glsa-200406-08.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-08">
+  <title>Squirrelmail: Another XSS vulnerability</title>
+  <synopsis>
+    Squirrelmail fails to properly sanitize user input, which could lead to a
+    compromise of webmail accounts.
+  </synopsis>
+  <product type="ebuild">Squirrelmail</product>
+  <announced>2004-06-15</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>52434</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3</unaffected>
+      <vulnerable range="le">1.4.3_rc1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SquirrelMail is a webmail package written in PHP. It supports IMAP and
+    SMTP, and can optionally be installed with SQL support.
+    </p>
+  </background>
+  <description>
+    <p>
+    A new cross-site scripting (XSS) vulnerability in
+    Squirrelmail-1.4.3_rc1 has been discovered. In functions/mime.php
+    Squirrelmail fails to properly sanitize user input.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to read a specially crafted e-mail, an attacker can
+    execute arbitrary scripts running in the context of the victim's
+    browser. This could lead to a compromise of the user's webmail account,
+    cookie theft, etc.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SquirrelMail users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=mail-client/squirrelmail-1.4.3"
+    # emerge "&gt;=mail-client/squirrelmail-1.4.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt">RS-Labs Advisory</uri>
+    <uri link="https://www.cert.org/advisories/CA-2000-02.html">CERT description of XSS</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0520">CVE-2004-0520</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-09.xml b/metadata/glsa/glsa-200406-09.xml
new file mode 100644
index 000000000000..7b8cc6023347
--- /dev/null
+++ b/metadata/glsa/glsa-200406-09.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-09">
+  <title>Horde-Chora: Remote code execution</title>
+  <synopsis>
+    A vulnerability in Chora allows remote code execution and file upload.
+  </synopsis>
+  <product type="ebuild">www-apps/horde-chora</product>
+  <announced>2004-06-15</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>53800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde-chora" auto="yes" arch="*">
+      <unaffected range="ge">1.2.2</unaffected>
+      <vulnerable range="lt">1.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Chora is a PHP-based SVN/CVS repository viewer by the HORDE project.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability in the diff viewer of Chora allows an attacker to inject
+    shellcode. An attacker can exploit PHP's file upload functionality to
+    upload a malicious binary to a vulnerable server, chmod it as executable,
+    and run the file.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could remotely execute arbitrary binaries with the permissions
+    of the PHP script, conceivably allowing further exploitation of local
+    vulnerabilities and remote root access.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are advised to upgrade to the latest version of Chora:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-apps/horde-chora-1.2.2"
+    # emerge "&gt;=www-apps/horde-chora-1.2.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://security.e-matters.de/advisories/102004.html">e-matters Advisory</uri>
+  </references>
+  <metadata tag="submitter">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-10.xml b/metadata/glsa/glsa-200406-10.xml
new file mode 100644
index 000000000000..b5bbb1387bee
--- /dev/null
+++ b/metadata/glsa/glsa-200406-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-10">
+  <title>Gallery: Privilege escalation vulnerability</title>
+  <synopsis>
+    There is a vulnerability in the Gallery photo album software which may
+    allow an attacker to gain administrator privileges within Gallery.
+  </synopsis>
+  <product type="ebuild">gallery</product>
+  <announced>2004-06-15</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>52798</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3_p2</unaffected>
+      <vulnerable range="le">1.4.3_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is a web application written in PHP which is used to organize
+    and publish photo albums. It allows multiple users to build and
+    maintain their own albums. It also supports the mirroring of images on
+    other servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a vulnerability in the Gallery photo album software which may
+    allow an attacker to gain administrator privileges within Gallery. A
+    Gallery administrator has full access to all albums and photos on the
+    server, thus attackers may add or delete photos at will.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Attackers may gain full access to all Gallery albums. There is no risk
+    to the webserver itself, or the server on which it runs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version of Gallery.
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/gallery-1.4.3_p2"
+    # emerge "&gt;=www-apps/gallery-1.4.3_p2"</code>
+  </resolution>
+  <references>
+    <uri link="http://gallery.menalto.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=123&amp;mode=thread&amp;order=0&amp;thold=0">Gallery Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0522">CVE-2004-0522</uri>
+  </references>
+  <metadata tag="submitter">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-11.xml b/metadata/glsa/glsa-200406-11.xml
new file mode 100644
index 000000000000..315c962ee716
--- /dev/null
+++ b/metadata/glsa/glsa-200406-11.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-11">
+  <title>Horde-IMP: Input validation vulnerability</title>
+  <synopsis>
+    An input validation vulnerability has been discovered in Horde-IMP.
+  </synopsis>
+  <product type="ebuild">horde-imp</product>
+  <announced>2004-06-16</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>53862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde-imp" auto="yes" arch="*">
+      <unaffected range="ge">3.2.4</unaffected>
+      <vulnerable range="le">3.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Horde-IMP is the Internet Messaging Program. It is written in PHP and
+    provides webmail access to IMAP and POP3 accounts.
+    </p>
+  </background>
+  <description>
+    <p>
+    Horde-IMP fails to properly sanitize email messages that contain
+    malicious HTML or script code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to read a specially crafted e-mail, an attacker can
+    execute arbitrary scripts running in the context of the victim's
+    browser. This could lead to a compromise of the user's webmail account,
+    cookie theft, etc.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde-IMP users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/horde-imp-3.2.4"
+    # emerge "&gt;=www-apps/horde-imp-3.2.4"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/10501">Bugtraq Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0584">CVE-2004-0584</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-12.xml b/metadata/glsa/glsa-200406-12.xml
new file mode 100644
index 000000000000..1c56fd779d0f
--- /dev/null
+++ b/metadata/glsa/glsa-200406-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-12">
+  <title>Webmin: Multiple vulnerabilities</title>
+  <synopsis>
+    Webmin contains two security vulnerabilities which could lead to a Denial
+    of Service attack and information disclosure.
+  </synopsis>
+  <product type="ebuild">webmin</product>
+  <announced>2004-06-16</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>53375</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/webmin" auto="yes" arch="*">
+      <unaffected range="ge">1.150</unaffected>
+      <vulnerable range="le">1.140-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Webmin is a web-based administration tool for Unix. It supports a wide
+    range of applications including Apache, DNS, file sharing and others.
+    </p>
+  </background>
+  <description>
+    <p>
+    Webmin contains two security vulnerabilities. One allows any user to
+    view the configuration of any module and the other could allow an
+    attacker to lock out a valid user by sending an invalid username and
+    password.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An authenticated user could use these vulnerabilities to view the
+    configuration of any module thus potentially obtaining important
+    knowledge about configuration settings. Furthermore an attacker could
+    lock out legitimate users by sending invalid login information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Webmin users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-admin/app-admin/webmin-1.150"
+    # emerge "&gt;=app-admin/app-admin/webmin-1.150"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/10474">Bugtraq Announcement</uri>
+    <uri link="http://www.webmin.com/changes-1.150.html">Webmin Changelog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0582">CVE-2004-0582</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0583">CVE-2004-0583</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-13.xml b/metadata/glsa/glsa-200406-13.xml
new file mode 100644
index 000000000000..8f81e1499a17
--- /dev/null
+++ b/metadata/glsa/glsa-200406-13.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-13">
+  <title>Squid: NTLM authentication helper buffer overflow</title>
+  <synopsis>
+    Squid contains a bug where it fails to properly check bounds of the 'pass'
+    variable.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2004-06-17</announced>
+  <revised count="02">2004-09-02</revised>
+  <bug>53367</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.5.5-r2</unaffected>
+      <vulnerable range="le">2.5.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid contains a bug in the function ntlm_check_auth(). It fails to do
+    proper bounds checking on the values copyied to the 'pass' variable.
+    </p>
+  </background>
+  <description>
+    <p>
+    Squid is a full-featured Web Proxy Cache designed to run on Unix systems.
+    It supports proxying and caching of HTTP, FTP, and other URLs, as well as
+    SSL support, cache hierarchies, transparent caching, access control lists
+    and many other features.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    If Squid is configured to use NTLM authentication, an attacker could
+    exploit this vulnerability by sending a very long password. This could lead
+    to arbitrary code execution with the permissions of the user running Squid.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-proxy/squid-2.5.5-r2"
+    # emerge "&gt;=net-proxy/squid-2.5.5-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0541">CAN-2004-0541</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-14.xml b/metadata/glsa/glsa-200406-14.xml
new file mode 100644
index 000000000000..87e9fdb1855c
--- /dev/null
+++ b/metadata/glsa/glsa-200406-14.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-14">
+  <title>aspell: Buffer overflow in word-list-compress</title>
+  <synopsis>
+    A bug in the aspell utility word-list-compress can allow an attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">aspell</product>
+  <announced>2004-06-17</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>53389</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/aspell" auto="yes" arch="*">
+      <unaffected range="ge">0.50.5-r4</unaffected>
+      <vulnerable range="le">0.50.5-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    aspell is a popular spell-checker. Dictionaries are available for many
+    languages.
+    </p>
+  </background>
+  <description>
+    <p>
+    aspell includes a utility for handling wordlists called
+    word-list-compress. This utility fails to do proper bounds checking
+    when processing words longer than 256 bytes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If an attacker could entice a user to handle a wordlist containing very
+    long word lengths it could result in the execution of arbitrary code
+    with the permissions of the user running the program.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version of aspell.
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-text/aspell-0.50.5-r4"
+    # emerge "&gt;=app-text/aspell-0.50.5-r4"</code>
+  </resolution>
+  <references>
+    <uri link="http://nettwerked.mg2.org/advisories/wlc">Nettwerked Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0548">CVE-2004-0548</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-15.xml b/metadata/glsa/glsa-200406-15.xml
new file mode 100644
index 000000000000..80ea283d0b0c
--- /dev/null
+++ b/metadata/glsa/glsa-200406-15.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-15">
+  <title>Usermin: Multiple vulnerabilities</title>
+  <synopsis>
+    Usermin contains two security vulnerabilities which could lead to a Denial
+    of Service attack and information disclosure.
+  </synopsis>
+  <product type="ebuild">Usermin</product>
+  <announced>2004-06-18</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>54030</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/usermin" auto="yes" arch="*">
+      <unaffected range="ge">1.080</unaffected>
+      <vulnerable range="le">1.070-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Usermin is a web-based administration tool for Unix. It supports a wide
+    range of user applications including configuring mail forwarding,
+    setting up SSH or reading mail.
+    </p>
+  </background>
+  <description>
+    <p>
+    Usermin contains two security vulnerabilities. One fails to properly
+    sanitize email messages that contain malicious HTML or script code and
+    the other could allow an attacker to lock out a valid user by sending
+    an invalid username and password.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted e-mail, an attacker can execute
+    arbitrary scripts running in the context of the victim's browser. This
+    can be lead to cookie theft and potentially to compromise of user
+    accounts. Furthermore, an attacker could lock out legitimate users by
+    sending invalid login information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Usermin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-admin/usermin-1.080"
+    # emerge "&gt;=app-admin/usermin-1.080"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/10521">Bugtraq Announcement</uri>
+    <uri link="http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html">SNS Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0583">CVE-2004-0583</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0588">CVE-2004-0588</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-16.xml b/metadata/glsa/glsa-200406-16.xml
new file mode 100644
index 000000000000..b81f203fad2b
--- /dev/null
+++ b/metadata/glsa/glsa-200406-16.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-16">
+  <title>Apache 1.3: Buffer overflow in mod_proxy</title>
+  <synopsis>
+    A bug in mod_proxy may allow a remote attacker to execute arbitrary code
+    when Apache is configured a certain way.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2004-06-21</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>53544</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">1.3.31-r2</unaffected>
+      <vulnerable range="le">1.3.31-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP Server Project is an effort to develop and maintain an
+    open-source HTTP server for modern operating systems. The goal of this
+    project is to provide a secure, efficient and extensible server that
+    provides services in tune with the current HTTP standards.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in the proxy_util.c file may lead to a remote buffer overflow. To
+    trigger the vulnerability an attacker would have to get mod_proxy to
+    connect to a malicous server which returns an invalid (negative)
+    Content-Length.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could cause a Denial of Service as the Apache child handling
+    the request, which will die and under some circumstances execute arbitrary
+    code as the user running Apache, usually "apache".
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version:
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Apache 1.x users should upgrade to the latest version of Apache:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-servers/apache-1.3.31-r2"
+    # emerge "&gt;=www-servers/apache-1.3.31-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.guninski.com/modproxy1.html">Georgi Guninski security advisory #69, 2004</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-17.xml b/metadata/glsa/glsa-200406-17.xml
new file mode 100644
index 000000000000..7768236bf810
--- /dev/null
+++ b/metadata/glsa/glsa-200406-17.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-17">
+  <title>IPsec-Tools: authentication bug in racoon</title>
+  <synopsis>
+    racoon provided as part of IPsec-Tools fails do proper authentication.
+  </synopsis>
+  <product type="ebuild">IPsec-Tools</product>
+  <announced>2004-06-22</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>53915</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-firewall/ipsec-tools" auto="yes" arch="*">
+      <unaffected range="ge">0.3.3</unaffected>
+      <vulnerable range="lt">0.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    IPsec-Tools is a port of KAME's implementation of the IPsec utilities.
+    It contains a collection of network monitoring tools, including racoon,
+    ping, and ping6.
+    </p>
+  </background>
+  <description>
+    <p>
+    The KAME IKE daemon racoon is used to authenticate peers during Phase 1
+    when using either preshared keys, GSS-API, or RSA signatures. When
+    using RSA signatures racoon validates the X.509 certificate but not the
+    RSA signature.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a valid and trusted X.509 certificate and any private key an
+    attacker could exploit this vulnerability to perform man-in-the-middle
+    attacks and initiate unauthorized connections.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IPsec-Tools users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-firewall/ipsec-tools-0.3.3"
+    # emerge "&gt;=net-firewall/ipsec-tools-0.3.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://ipsec-tools.sourceforge.net/x509sig.html">IPsec-Tools Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0155">CVE-2004-0155</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0607">CVE-2004-0607</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-18.xml b/metadata/glsa/glsa-200406-18.xml
new file mode 100644
index 000000000000..96511680d3ba
--- /dev/null
+++ b/metadata/glsa/glsa-200406-18.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-18">
+  <title>gzip: Insecure creation of temporary files</title>
+  <synopsis>
+    gzip contain a bug potentially allowing an attacker to execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">gzip</product>
+  <announced>2004-06-24</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>54890</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-arch/gzip" auto="yes" arch="*">
+      <unaffected range="ge">1.3.3-r4</unaffected>
+      <vulnerable range="le">1.3.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gzip (GNU zip) is popular compression program. The included gzexe
+    utility allows you to compress executables in place and have them
+    automatically uncompress and execute when you run them.
+    </p>
+  </background>
+  <description>
+    <p>
+    The script gzexe included with gzip contains a bug in the code that
+    handles tempfile creation. If the creation of a temp file fails when
+    using gzexe fails instead of bailing out it executes the command given
+    as argument.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This could lead to priviege escalation by running commands under the
+    rights of the user running the self extracting file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gzip users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-arch/gzip-1.3.3-r4"
+    # emerge "&gt;=app-arch/gzip-1.3.3-r4"</code>
+    <p>
+    Additionally, once the upgrade is complete, all self extracting files
+    created with earlier versions gzexe should be recreated, since the
+    vulnerability is actually embedded in those executables.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0603">CVE-2004-0603</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-19.xml b/metadata/glsa/glsa-200406-19.xml
new file mode 100644
index 000000000000..7083de8de6eb
--- /dev/null
+++ b/metadata/glsa/glsa-200406-19.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-19">
+  <title>giFT-FastTrack: remote denial of service attack</title>
+  <synopsis>
+    There is a vulnerability where a carefully crafted signal sent to the
+    giFT-FastTrack plugin will cause the giFT daemon to crash.
+  </synopsis>
+  <product type="ebuild">giFT-FastTrack</product>
+  <announced>2004-06-24</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>54452</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/gift-fasttrack" auto="yes" arch="*">
+      <unaffected range="ge">0.8.7</unaffected>
+      <vulnerable range="le">0.8.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    giFT-FastTrack is a plugin for the giFT file-sharing application. It
+    allows giFT users to connect to the fasttrack network to share files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alan Fitton found a vulnerability in the giFT-FastTrack plugin in
+    version 0.8.6 and earlier. It can be used to remotely crash the giFT
+    daemon.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Attackers may use this vulnerability to perform a Denial of Service
+    attack against the giFT daemon. There is no risk of code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version of
+    gift-fasttrack:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-p2p/gift-fasttrack-0.8.7"
+    # emerge "&gt;=net-p2p/gift-fasttrack-0.8.7"</code>
+  </resolution>
+  <references>
+    <uri link="http://gift-fasttrack.berlios.de/">giFT-FastTrack announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0604">CVE-2004-0604</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-20.xml b/metadata/glsa/glsa-200406-20.xml
new file mode 100644
index 000000000000..b442a8057d7b
--- /dev/null
+++ b/metadata/glsa/glsa-200406-20.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-20">
+  <title>FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling</title>
+  <synopsis>
+    FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs when
+    authenticating PKCS#7 certificates. This could allow an attacker to
+    authenticate with a fake certificate.
+  </synopsis>
+  <product type="ebuild">Openswan</product>
+  <announced>2004-06-25</announced>
+  <revised count="02">2006-05-22</revised>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/freeswan" auto="yes" arch="*">
+      <unaffected range="ge">2.04-r1</unaffected>
+      <unaffected range="eq">1.99-r1</unaffected>
+      <vulnerable range="lt">2.04-r1</vulnerable>
+    </package>
+    <package name="net-misc/openswan" auto="yes" arch="*">
+      <unaffected range="ge">2.1.4</unaffected>
+      <unaffected range="eq">1.0.6_rc1</unaffected>
+      <vulnerable range="lt">2.1.4</vulnerable>
+    </package>
+    <package name="net-misc/strongswan" auto="yes" arch="*">
+      <unaffected range="ge">2.1.3</unaffected>
+      <vulnerable range="lt">2.1.3</vulnerable>
+    </package>
+    <package name="net-misc/super-freeswan" auto="yes" arch="*">
+      <vulnerable range="le">1.99.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN are Open Source
+    implementations of IPsec for the Linux operating system. They are all
+    based on the discontinued FreeS/WAN project.
+    </p>
+  </background>
+  <description>
+    <p>
+    All these IPsec implementations have several bugs in the
+    verify_x509cert() function, which performs certificate validation, that
+    make them vulnerable to malicious PKCS#7 wrapped objects.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    With a carefully crafted certificate payload an attacker can
+    successfully authenticate against FreeS/WAN, Openswan, strongSwan or
+    Super-FreeS/WAN, or make the daemon go into an endless loop.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeS/WAN 1.9x users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "=net-misc/freeswan-1.99-r1"
+    # emerge "=net-misc/freeswan-1.99-r1"</code>
+    <p>
+    All FreeS/WAN 2.x users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/freeswan-2.04-r1"
+    # emerge "&gt;=net-misc/freeswan-2.04-r1"</code>
+    <p>
+    All Openswan 1.x users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "=net-misc/openswan-1.0.6_rc1"
+    # emerge "=net-misc/openswan-1.0.6_rc1"</code>
+    <p>
+    All Openswan 2.x users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/openswan-2.1.4"
+    # emerge "&gt;=net-misc/openswan-2.1.4"</code>
+    <p>
+    All strongSwan users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/strongswan-2.1.3"
+    # emerge "&gt;=net-misc/strongswan-2.1.3"</code>
+    <p>
+    All Super-FreeS/WAN users should migrate to the latest stable version
+    of Openswan. Note that Portage will force a move for Super-FreeS/WAN
+    users to Openswan.
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "=net-misc/openswan-1.0.6_rc1"
+    # emerge "=net-misc/openswan-1.0.6_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://lists.openswan.org/pipermail/dev/2004-June/000370.html">Openswan/strongSwan Authentication Bug</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0590">CVE-2004-0590</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-21.xml b/metadata/glsa/glsa-200406-21.xml
new file mode 100644
index 000000000000..3b01b15c27ff
--- /dev/null
+++ b/metadata/glsa/glsa-200406-21.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-21">
+  <title>mit-krb5: Multiple buffer overflows in krb5_aname_to_localname</title>
+  <synopsis>
+    mit-krb5 contains multiple buffer overflows in the function
+    krb5_aname_to_localname(). This could potentially lead to a complete remote
+    system compromise.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2004-06-29</announced>
+  <revised count="01">2004-06-29</revised>
+  <bug>52744</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.3.3-r1</unaffected>
+      <vulnerable range="le">1.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mit-krb5 is the free implementation of the Kerberos network authentication
+    protocol by the Massachusetts Institute of Technology.
+    </p>
+  </background>
+  <description>
+    <p>
+    The library function krb5_aname_to_localname() contains multiple buffer
+    overflows. This is only exploitable if explicit mapping or rules-based
+    mapping is enabled. These are not enabled as default.
+    </p>
+    <p>
+    With explicit mapping enabled, an attacker must authenticate using a
+    principal name listed in the explicit mapping list.
+    </p>
+    <p>
+    With rules-based mapping enabled, an attacker must first be able to create
+    arbitrary principal names either in the local realm Kerberos realm or in a
+    remote realm from which the local realm's service are reachable by
+    cross-realm authentication.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could use these vulnerabilities to execute arbitrary code with
+    the permissions of the user running mit-krb5, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    mit-krb5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-crypt/mit-krb5-1.3.3-r1"
+    # emerge "&gt;=app-crypt/mit-krb5-1.3.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523">CAN-2004-0523</uri>
+    <uri link="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt">MIT krb5 Security Advisory</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200406-22.xml b/metadata/glsa/glsa-200406-22.xml
new file mode 100644
index 000000000000..f58cfbfc2420
--- /dev/null
+++ b/metadata/glsa/glsa-200406-22.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200406-22">
+  <title>Pavuk: Remote buffer overflow</title>
+  <synopsis>
+    Pavuk contains a bug potentially allowing an attacker to run arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">Pavuk</product>
+  <announced>2004-06-30</announced>
+  <revised count="02">2006-05-22</revised>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/pavuk" auto="yes" arch="*">
+      <unaffected range="ge">0.9.28-r2</unaffected>
+      <vulnerable range="le">0.9.28-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pavuk is web spider and website mirroring tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    When Pavuk connects to a web server and the server sends back the HTTP
+    status code 305 (Use Proxy), Pavuk copies data from the HTTP Location
+    header in an unsafe manner.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could cause a stack-based buffer overflow which could lead
+    to arbitrary code execution with the rights of the user running Pavuk.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pavuk users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/pavuk-0.9.28-r2"
+    # emerge "&gt;="net-misc/pavuk-0.9.28-r2</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0456">CVE-2004-0456</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-01.xml b/metadata/glsa/glsa-200407-01.xml
new file mode 100644
index 000000000000..06a82445316d
--- /dev/null
+++ b/metadata/glsa/glsa-200407-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-01">
+  <title>Esearch: Insecure temp file handling</title>
+  <synopsis>
+    The eupdatedb utility in esearch creates a file in /tmp without first
+    checking for symlinks. This makes it possible for any user to create
+    arbitrary files.
+  </synopsis>
+  <product type="ebuild">esearch</product>
+  <announced>2004-07-01</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>55424</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-portage/esearch" auto="yes" arch="*">
+      <unaffected range="ge">0.6.2</unaffected>
+      <vulnerable range="le">0.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Esearch is a replacement for the Portage command "emerge search". It
+    uses an index to speed up searching of the Portage tree.
+    </p>
+  </background>
+  <description>
+    <p>
+    The eupdatedb utility uses a temporary file (/tmp/esearchdb.py.tmp) to
+    indicate that the eupdatedb process is running. When run, eupdatedb
+    checks to see if this file exists, but it does not check to see if it
+    is a broken symlink. In the event that the file is a broken symlink,
+    the script will create the file pointed to by the symlink, instead of
+    printing an error and exiting.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could create a symlink from /tmp/esearchdb.py.tmp to a
+    nonexistent file (such as /etc/nologin), and the file will be created
+    the next time esearchdb is run.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users should upgrade to
+    the latest available version of esearch.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version of esearch, as
+    follows:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-portage/esearch-0.6.2"
+    # emerge "&gt;=app-portage/esearch-0.6.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0655">CVE-2004-0655</uri>
+  </references>
+  <metadata tag="submitter">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-02.xml b/metadata/glsa/glsa-200407-02.xml
new file mode 100644
index 000000000000..297daa0e0bec
--- /dev/null
+++ b/metadata/glsa/glsa-200407-02.xml
@@ -0,0 +1,319 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-02">
+  <title>Linux Kernel: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in the Linux kernel used by
+    GNU/Linux systems. Patched, or updated versions of these kernels have been
+    released and details are included in this advisory.
+  </synopsis>
+  <product type="ebuild">Kernel</product>
+  <announced>2004-07-03</announced>
+  <revised count="04">2011-03-27</revised>
+  <bug>47881</bug>
+  <bug>49637</bug>
+  <bug>53804</bug>
+  <bug>54976</bug>
+  <bug>55698</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-kernel/aa-sources" auto="no" arch="*">
+      <unaffected range="eq">2.4.23-r2</unaffected>
+      <vulnerable range="lt">2.4.23-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/alpha-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21-r8</unaffected>
+      <vulnerable range="lt">2.4.21-r8</vulnerable>
+    </package>
+    <package name="sys-kernel/ck-sources" auto="no" arch="*">
+      <unaffected range="eq">2.4.26-r1</unaffected>
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/compaq-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.9.32.7-r7</unaffected>
+      <vulnerable range="lt">2.4.9.32.7-r7</vulnerable>
+    </package>
+    <package name="sys-kernel/development-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+    <package name="sys-kernel/gaming-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.20-r14</unaffected>
+      <vulnerable range="lt">2.4.20-r14</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.19-r17</unaffected>
+      <unaffected range="rge">2.4.20-r20</unaffected>
+      <unaffected range="rge">2.4.22-r12</unaffected>
+      <unaffected range="rge">2.4.25-r5</unaffected>
+      <unaffected range="ge">2.4.26-r3</unaffected>
+      <vulnerable range="lt">2.4.26-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/grsec-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26.2.0-r5</unaffected>
+      <vulnerable range="lt">2.4.26.2.0-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/gs-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25_pre7-r7</unaffected>
+      <vulnerable range="lt">2.4.25_pre7-r7</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26_p6</unaffected>
+      <vulnerable range="lt">2.4.26_p6</vulnerable>
+    </package>
+    <package name="sys-kernel/ia64-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r5</unaffected>
+      <vulnerable range="lt">2.4.24-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r3</unaffected>
+      <vulnerable range="lt">2.4.26-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/mm-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.22-r10</unaffected>
+      <vulnerable range="lt">2.4.22-r10</vulnerable>
+    </package>
+    <package name="sys-kernel/pac-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r8</unaffected>
+      <vulnerable range="lt">2.4.23-r8</vulnerable>
+    </package>
+    <package name="sys-kernel/pegasos-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+    <package name="sys-kernel/pegasos-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21-r10</unaffected>
+      <vulnerable range="lt">2.4.21-r10</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc64-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+    <package name="sys-kernel/rsbac-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/rsbac-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/selinux-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/sparc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/uclinux-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26_p0-r2</unaffected>
+      <vulnerable range="lt">2.4.26_p0-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.24-r5</unaffected>
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/vserver-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.0</unaffected>
+      <vulnerable range="lt">2.0</vulnerable>
+      <vulnerable range="ge">2.4</vulnerable>
+      <vulnerable range="lt">2.4.26.1.3.9-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/wolk-sources" auto="yes" arch="*">
+      <unaffected range="rge">4.9-r9</unaffected>
+      <unaffected range="rge">4.11-r6</unaffected>
+      <unaffected range="ge">4.14-r3</unaffected>
+      <vulnerable range="lt">4.14-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/xbox-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+    <package name="sys-kernel/xfs-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r8</unaffected>
+      <vulnerable range="lt">2.4.24-r8</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.27</unaffected>
+      <vulnerable range="le">2.4.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux kernel is responsible for managing the core aspects of a
+    GNU/Linux system, providing an interface for core system applications
+    as well as providing the essential structure and capability to access
+    hardware that is needed for a running system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple flaws have been discovered in the Linux kernel. This advisory
+    corrects the following issues:
+    </p>
+    <ul>
+    <li>
+    CAN-2004-0109: This vulnerability allows privilege escalation using
+    ISO9660 file systems through a buffer overflow via a malformed file
+    system containing a long symbolic link entry. This can allow arbitrary
+    code execution at kernel level.
+    </li>
+    <li>
+    CAN-2004-0133: The XFS file system in 2.4 series kernels has an
+    information leak by which data in the memory can be written to the
+    device hosting the file system, allowing users to obtain portions of
+    kernel memory by reading the raw block device.
+    </li>
+    <li>
+    CAN-2004-0177: The ext3 file system in 2.4 series kernels does not
+    properly initialize journal descriptor blocks, causing an information
+    leak by which data in the memory can be written to the device hosting
+    the file system, allowing users to obtain portions of kernel memory by
+    reading the raw device.
+    </li>
+    <li>
+    CAN-2004-0181: The JFS file system in 2.4 series kernels has an
+    information leak by which data in the memory can be written to the
+    device hosting the file system, allowing users to obtain portions of
+    kernel memory by reading the raw device.
+    </li>
+    <li>
+    CAN-2004-0178: The OSS Sound Blaster [R] Driver has a Denial of Service
+    vulnerability since it does not handle certain sample sizes properly.
+    This allows local users to hang the kernel.
+    </li>
+    <li>
+    CAN-2004-0228: Due to an integer signedness error in the CPUFreq /proc
+    handler code in 2.6 series Linux kernels, local users can escalate
+    their privileges.
+    </li>
+    <li>
+    CAN-2004-0229: The framebuffer driver in 2.6 series kernel drivers does
+    not use the fb_copy_cmap method of copying structures. The impact of
+    this issue is unknown, however.
+    </li>
+    <li>
+    CAN-2004-0394: A buffer overflow in the panic() function of 2.4 series
+    Linux kernels exists, but it may not be exploitable under normal
+    circumstances due to its functionality.
+    </li>
+    <li>
+    CAN-2004-0427: The do_fork() function in both 2.4 and 2.6 series Linux
+    kernels does not properly decrement the mm_count counter when an error
+    occurs, triggering a memory leak that allows local users to cause a
+    Denial of Service by exhausting other applications of memory; causing
+    the kernel to panic or to kill services.
+    </li>
+    <li>
+    CAN-2004-0495: Multiple vulnerabilities found by the Sparse source
+    checker in the kernel allow local users to escalate their privileges or
+    gain access to kernel memory.
+    </li>
+    <li>
+    CAN-2004-0535: The e1000 NIC driver does not properly initialize memory
+    structures before using them, allowing users to read kernel memory.
+    </li>
+    <li>
+    CAN-2004-0554: 2.4 and 2.6 series kernels running on an x86 or an AMD64
+    architecture allow local users to cause a Denial of Service by a total
+    system hang, due to an infinite loop that triggers a signal handler
+    with a certain sequence of fsave and frstor instructions.
+    </li>
+    <li>
+    Local DoS in PaX: If ASLR is enabled as a GRSecurity PaX feature, a
+    Denial of Service can be achieved by putting the kernel into an
+    infinite loop. Only 2.6 series GRSecurity kernels are affected by this
+    issue.
+    </li>
+    <li>
+    RSBAC 1.2.3 JAIL issues: A flaw in the RSBAC JAIL implementation allows
+    suid/sgid files to be created inside the jail since the relevant module
+    does not check the corresponding mode values. This can allow privilege
+    escalation inside the jail. Only rsbac-(dev-)sources are affected by
+    this issue.
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    Arbitrary code with normal non-super-user privileges may be able to
+    exploit any of these vulnerabilities; gaining kernel level access to
+    memory structures and hardware devices. This may be used for further
+    exploitation of the system, to leak sensitive data or to cause a Denial
+    of Service on the affected kernel.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Although users may not be affected by certain vulnerabilities, all
+    kernels are affected by the CAN-2004-0394, CAN-2004-0427 and
+    CAN-2004-0554 issues which have no workaround. As a result, all users
+    are urged to upgrade their kernels to patched versions.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to upgrade to the latest available sources for
+    their system:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv your-favorite-sources
+    # emerge your-favorite-sources
+    
+    # # Follow usual procedure for compiling and installing a kernel.
+    # # If you use genkernel, run genkernel as you would do normally.</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0109">CVE-2004-0109</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0133">CVE-2004-0133</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0177">CVE-2004-0177</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0178">CVE-2004-0178</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0181">CVE-2004-0181</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0228">CVE-2004-0228</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0229">CVE-2004-0229</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0394">CVE-2004-0394</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0427">CVE-2004-0427</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0495">CVE-2004-0495</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0535">CVE-2004-0535</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0554">CVE-2004-0554</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1983">CVE-2004-1983</uri>
+  </references>
+  <metadata tag="submitter">
+    plasmaroo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-03.xml b/metadata/glsa/glsa-200407-03.xml
new file mode 100644
index 000000000000..4375a5008541
--- /dev/null
+++ b/metadata/glsa/glsa-200407-03.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-03">
+  <title>Apache 2: Remote denial of service attack</title>
+  <synopsis>
+    A bug in Apache may allow a remote attacker to perform a Denial of Service
+    attack. With certain configurations this could lead to a heap based buffer
+    overflow.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2004-07-04</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>55441</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.49-r4</unaffected>
+      <unaffected range="lt">2</unaffected>
+      <vulnerable range="le">2.0.49-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP Server Project is an effort to develop and maintain an
+    open-source HTTP server for modern operating systems. The goal of this
+    project is to provide a secure, efficient and extensible server that
+    provides services in tune with the current HTTP standards.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in the protocol.c file handling header lines will cause Apache to
+    allocate memory for header lines starting with TAB or SPACE.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can exploit this vulnerability to perform a Denial of Service
+    attack by causing Apache to exhaust all memory. On 64 bit systems with more
+    than 4GB of virtual memory a possible integer signedness error could lead
+    to a buffer based overflow causing Apache to crash and under some
+    circumstances execute arbitrary code as the user running Apache, usually
+    "apache".
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version:
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Apache 2 users should upgrade to the latest version of Apache:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-servers/apache-2.0.49-r4"
+    # emerge "&gt;=www-servers/apache-2.0.49-r4"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.guninski.com/httpd1.html">Georgi Guninski security advisory #70, 2004</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493">CAN-2004-0493</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-04.xml b/metadata/glsa/glsa-200407-04.xml
new file mode 100644
index 000000000000..670de15bd3ce
--- /dev/null
+++ b/metadata/glsa/glsa-200407-04.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-04">
+  <title>Pure-FTPd: Potential DoS when maximum connections is reached</title>
+  <synopsis>
+    Pure-FTPd contains a bug potentially allowing a Denial of Service attack
+    when the maximum number of connections is reached.
+  </synopsis>
+  <product type="ebuild">Pure-FTPd</product>
+  <announced>2004-07-04</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>54590</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/pure-ftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.0.18-r1</unaffected>
+      <vulnerable range="le">1.0.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pure-FTPd is a fast, production-quality and standards-compliant FTP
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Pure-FTPd contains a bug in the accept_client function handling the
+    setup of new connections.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    When the maximum number of connections is reached an attacker could
+    exploit this vulnerability to perform a Denial of Service attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pure-FTPd users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-ftp/pure-ftpd-1.0.18-r1"
+    # emerge "&gt;=net-ftp/pure-ftpd-1.0.18-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.pureftpd.org">Pure-FTPd website</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0656">CVE-2004-0656</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-05.xml b/metadata/glsa/glsa-200407-05.xml
new file mode 100644
index 000000000000..24a17c4638d5
--- /dev/null
+++ b/metadata/glsa/glsa-200407-05.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-05">
+  <title>XFree86, X.org: XDM ignores requestPort setting</title>
+  <synopsis>
+    XDM will open TCP sockets for its chooser, even if the
+    DisplayManager.requestPort setting is set to 0. This may allow authorized
+    users to access a machine remotely via X, even if the administrator has
+    configured XDM to refuse such connections.
+  </synopsis>
+  <product type="ebuild">xdm</product>
+  <announced>2004-07-05</announced>
+  <revised count="01">2004-07-05</revised>
+  <bug>53226</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-base/xfree" auto="yes" arch="*">
+      <unaffected range="ge">4.3.0-r6</unaffected>
+      <vulnerable range="le">4.3.0-r5</vulnerable>
+    </package>
+    <package name="x11-base/xorg-x11" auto="yes" arch="*">
+      <unaffected range="ge">6.7.0-r1</unaffected>
+      <vulnerable range="le">6.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The X Display Manager (XDM) is a program which provides a graphical login
+    prompt to users on the console or on remote X terminals. It has largely
+    been superseded by programs such as GDM and KDM.
+    </p>
+  </background>
+  <description>
+    <p>
+    XDM will open TCP sockets for its chooser, even if the
+    DisplayManager.requestPort setting is set to 0. Remote clients can use this
+    port to connect to XDM and request a login window, thus allowing access to
+    the system.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Authorized users may be able to login remotely to a machine running XDM,
+    even if this option is disabled in XDM's configuration. Please note that an
+    attacker must have a preexisting account on the machine in order to exploit
+    this vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users should upgrade to the
+    latest available version of X.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    If you are using XFree86, you should run the following:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=x11-base/xfree-4.3.0-r6"
+    # emerge "&gt;=x11-base/xfree-4.3.0-r6"</code>
+    <p>
+    If you are using X.org's X11 server, you should run the following:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=x11-base/xorg-x11-6.7.0-r1"
+    # emerge "&gt;=x11-base/xorg-x11-6.7.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0419">CAN 2004-0419</uri>
+    <uri link="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86 Bug</uri>
+  </references>
+  <metadata tag="submitter">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-06.xml b/metadata/glsa/glsa-200407-06.xml
new file mode 100644
index 000000000000..75f33bb95d8b
--- /dev/null
+++ b/metadata/glsa/glsa-200407-06.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-06">
+  <title>libpng: Buffer overflow on row buffers</title>
+  <synopsis>
+    libpng contains a buffer overflow vulnerability potentially allowing an
+    attacker to perform a Denial of Service attack or even execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2004-07-08</announced>
+  <revised count="01">2004-07-08</revised>
+  <bug>56307</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.5-r7</unaffected>
+      <vulnerable range="le">1.2.5-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is a standard library used to process PNG (Portable Network
+    Graphics) images. It is used by several other programs, including web
+    browsers and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to a wrong calculation of loop offset values, libpng contains a buffer
+    overflow vulnerability on the row buffers. This vulnerability was initially
+    patched in January 2003 but since it has been discovered that libpng
+    contains the same vulnerability in two other places.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability to cause programs linked
+    against the library to crash or execute arbitrary code with the permissions
+    of the user running the vulnerable program, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpng users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-libs/libpng-1.2.5-r7"
+    # emerge "&gt;=media-libs/libpng-1.2.5-r7"</code>
+    <p>
+    You should also run revdep-rebuild to rebuild any packages that depend on
+    older versions of libpng :
+    </p>
+    <code>
+    # revdep-rebuild</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363">CAN-2002-1363</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-07.xml b/metadata/glsa/glsa-200407-07.xml
new file mode 100644
index 000000000000..370a26a4fff6
--- /dev/null
+++ b/metadata/glsa/glsa-200407-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-07">
+  <title>Shorewall : Insecure temp file handling</title>
+  <synopsis>
+    Shorewall contains a bug in the code handling the creation of temporary
+    files and directories. This can allow a non-root user to overwrite
+    arbitrary system files.
+  </synopsis>
+  <product type="ebuild">Shorewall</product>
+  <announced>2004-07-08</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>55675</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-firewall/shorewall" auto="yes" arch="*">
+      <unaffected range="ge">1.4.10f</unaffected>
+      <vulnerable range="le">1.4.10c</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Shorewall is a high level tool for configuring Netfilter, the firewall
+    facility included in the Linux Kernel.
+    </p>
+  </background>
+  <description>
+    <p>
+    Shorewall uses temporary files and directories in an insecure manner. A
+    local user could create symbolic links at specific locations,
+    eventually overwriting other files on the filesystem with the rights of
+    the shorewall process.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability to overwrite arbitrary
+    system files with root privileges, resulting in Denial of Service or
+    further exploitation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users should upgrade to
+    the latest available version of Shorewall.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version of Shorewall,
+    as follows:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-firewall/shorewall-1.4.10f"
+    # emerge "&gt;=net-firewall/shorewall-1.4.10f"</code>
+  </resolution>
+  <references>
+    <uri link="http://lists.shorewall.net/pipermail/shorewall-announce/2004-June/000385.html">Shorewall Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0647">CVE-2004-0647</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-08.xml b/metadata/glsa/glsa-200407-08.xml
new file mode 100644
index 000000000000..8f798dc5ea8b
--- /dev/null
+++ b/metadata/glsa/glsa-200407-08.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-08">
+  <title>Ethereal: Multiple security problems</title>
+  <synopsis>
+    Multiple vulnerabilities including one buffer overflow exist in Ethereal,
+    which may allow an attacker to run arbitrary code or crash the program.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2004-07-09</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>56423</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.5</unaffected>
+      <vulnerable range="le">0.10.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are multiple vulnerabilities in versions of Ethereal earlier than
+    0.10.5, including:
+    </p>
+    <ul>
+    <li>In some cases the iSNS dissector could cause Ethereal to
+    abort.</li>
+    <li>If there was no policy name for a handle for SMB SID snooping it
+    could cause a crash.</li>
+    <li>A malformed or missing community string could cause the SNMP
+    dissector to crash.</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could use these vulnerabilities to crash Ethereal or even
+    execute arbitrary code with the permissions of the user running
+    Ethereal, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For a temporary workaround you can disable all affected protocol
+    dissectors by selecting Analyze-&gt;Enabled Protocols... and deselecting
+    them from the list. For SMB you can disable SID snooping in the SMB
+    protocol preference. However, it is strongly recommended to upgrade to
+    the latest stable version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-analyzer/ethereal-0.10.5"
+    # emerge "&gt;=net-analyzer/ethereal-0.10.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00015.html">Ethereal enpa-sa-00015</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0633">CVE-2004-0633</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0634">CVE-2004-0634</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0635">CVE-2004-0635</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-09.xml b/metadata/glsa/glsa-200407-09.xml
new file mode 100644
index 000000000000..8e38022dd454
--- /dev/null
+++ b/metadata/glsa/glsa-200407-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-09">
+  <title>MoinMoin: Group ACL bypass</title>
+  <synopsis>
+    MoinMoin contains a bug allowing a user to bypass group ACLs (Access
+    Control Lists).
+  </synopsis>
+  <product type="ebuild">MoinMoin</product>
+  <announced>2004-07-11</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>53126</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/moinmoin" auto="yes" arch="*">
+      <unaffected range="ge">1.2.2</unaffected>
+      <vulnerable range="le">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MoinMoin is a Python clone of WikiWiki, based on PikiPiki.
+    </p>
+  </background>
+  <description>
+    <p>
+    MoinMoin contains a bug in the code handling administrative group ACLs.
+    A user created with the same name as an administrative group gains the
+    privileges of the administrative group.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If an administrative group called AdminGroup existed an attacker could
+    create a user called AdminGroup and gain the privileges of the group
+    AdminGroup. This could lead to unauthorized users gaining
+    administrative access.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For every administrative group with special privileges create a user
+    with the same name as the group.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version of MoinMoin,
+    as follows:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/moinmoin-1.2.2"
+    # emerge "&gt;=www-apps/moinmoin-1.2.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/tracker/index.php?func=detail&amp;aid=948103&amp;group_id=8482&amp;atid=108482">MoinMoin Announcement</uri>
+    <uri link="http://www.osvdb.org/6704">OSVDB Entry</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0708">CVE-2004-0708</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-10.xml b/metadata/glsa/glsa-200407-10.xml
new file mode 100644
index 000000000000..ff131b4d96ae
--- /dev/null
+++ b/metadata/glsa/glsa-200407-10.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-10">
+  <title>rsync: Directory traversal in rsync daemon</title>
+  <synopsis>
+    Under specific conditions, the rsync daemon is vulnerable to a directory
+    traversal allowing to write files outside a sync module.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2004-07-12</announced>
+  <revised count="01">2004-07-12</revised>
+  <bug>49534</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">2.6.0-r2</unaffected>
+      <vulnerable range="le">2.6.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rsync is a utility that provides fast incremental file transfers. It is
+    used to efficiently synchronize files between hosts and is used by emerge
+    to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens
+    to connections from rsync clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    When rsyncd is used without chroot ("use chroot = false" in the rsyncd.conf
+    file), the paths sent by the client are not checked thoroughly enough. If
+    rsyncd is used with read-write permissions ("read only = false"), this
+    vulnerability can be used to write files anywhere with the rights of the
+    rsyncd daemon. With default Gentoo installations, rsyncd runs in a chroot,
+    without write permissions and with the rights of the "nobody" user.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    On affected configurations and if the rsync daemon runs under a privileged
+    user, a remote client can exploit this vulnerability to completely
+    compromise the host.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You should never set the rsync daemon to run with "use chroot = false". If
+    for some reason you have to run rsyncd without a chroot, then you should
+    not set "read only = false".
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should update to the latest version of the rsync package.
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-misc/rsync-2.6.0-r2"
+    # emerge "&gt;=net-misc/rsync-2.6.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426">CAN-2004-0426</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-11.xml b/metadata/glsa/glsa-200407-11.xml
new file mode 100644
index 000000000000..1aae330727e8
--- /dev/null
+++ b/metadata/glsa/glsa-200407-11.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-11">
+  <title>wv: Buffer overflow vulnerability</title>
+  <synopsis>
+    A buffer overflow vulnerability exists in the wv library that can allow an
+    attacker to execute arbitrary code with the privileges of the user running
+    the vulnerable application.
+  </synopsis>
+  <product type="ebuild">app-text/wv</product>
+  <announced>2004-07-14</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>56595</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/wv" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0-r1</unaffected>
+      <vulnerable range="lt">1.0.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The wv library allows access to MS Word files. It can parse Word files
+    and allow other applications, such as abiword, to import those files
+    into their native formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    A use of strcat without proper bounds checking leads to an exploitable
+    buffer overflow. The vulnerable code is executed when wv encounters an
+    unrecognized token, so a specially crafted file, loaded in wv, can
+    trigger the vulnerable code and execute it's own arbitrary code. This
+    exploit is only possible when the user loads the document into HTML
+    view mode.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By inducing a user into running wv on a special file, an attacker can
+    execute arbitrary code with the permissions of the user running the
+    vulnerable program.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Users should not view untrusted documents with wvHtml or applications
+    using wv. When loading an untrusted document in an application using
+    the wv library, make sure HTML view is disabled.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version.
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-text/wv-1.0.0-r1"
+    # emerge "&gt;=app-text/wv-1.0.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=115&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0645">CVE-2004-0645</uri>
+  </references>
+  <metadata tag="submitter">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-12.xml b/metadata/glsa/glsa-200407-12.xml
new file mode 100644
index 000000000000..0eb420899056
--- /dev/null
+++ b/metadata/glsa/glsa-200407-12.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-12">
+  <title>Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling</title>
+  <synopsis>
+    A flaw has been discovered in 2.6 series Linux kernels that allows an
+    attacker to send a malformed TCP packet, causing the affected kernel to
+    possibly enter an infinite loop and hang the vulnerable machine.
+  </synopsis>
+  <product type="ebuild">Kernel</product>
+  <announced>2004-07-14</announced>
+  <revised count="02">2004-10-10</revised>
+  <bug>55694</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-kernel/aa-sources" auto="no" arch="*">
+      <unaffected range="ge">2.6.5-r5</unaffected>
+      <unaffected range="lt">2.6</unaffected>
+      <vulnerable range="lt">2.6.5-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/ck-sources" auto="no" arch="*">
+      <unaffected range="ge">2.6.7-r2</unaffected>
+      <unaffected range="lt">2.6</unaffected>
+      <vulnerable range="lt">2.6.7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/development-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.8</unaffected>
+      <vulnerable range="lt">2.6.8</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r7</unaffected>
+      <vulnerable range="lt">2.6.7-r7</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7_p1-r1</unaffected>
+      <vulnerable range="lt">2.6.7_p1-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.4-r4</unaffected>
+      <unaffected range="lt">2.6</unaffected>
+      <vulnerable range="lt">2.6.4-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/mm-sources" auto="no" arch="*">
+      <unaffected range="ge">2.6.7-r4</unaffected>
+      <unaffected range="lt">2.6</unaffected>
+      <vulnerable range="lt">2.6.7-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/pegasos-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/rsbac-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/uclinux-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7_p0-r1</unaffected>
+      <unaffected range="lt">2.6</unaffected>
+      <vulnerable range="lt">2.6.7_p0</vulnerable>
+    </package>
+    <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.6-r2</unaffected>
+      <unaffected range="lt">2.6</unaffected>
+      <vulnerable range="lt">2.6.6-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <unaffected range="lt">2.6</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/xbox-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <unaffected range="lt">2.6</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux kernel is responsible for managing the core aspects of a
+    GNU/Linux system, providing an interface for core system applications as
+    well as providing the essential structure and capability to access hardware
+    that is needed for a running system.
+    </p>
+  </background>
+  <description>
+    <p>
+    An attacker can utilize an erroneous data type in the IPTables TCP option
+    handling code, which lies in an iterator. By making a TCP packet with a
+    header length larger than 127 bytes, a negative integer would be implied in
+    the iterator.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending one malformed packet, the kernel could get stuck in a loop,
+    consuming all of the CPU resources and rendering the machine useless,
+    causing a Denial of Service. This vulnerability requires no local access.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    If users do not use the netfilter functionality or do not use any
+    ``--tcp-option'' rules they are not vulnerable to this exploit. Users that
+    are may remove netfilter support from their kernel or may remove any
+    ``--tcp-option'' rules they might be using. However, all users are urged to
+    upgrade their kernels to patched versions.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to upgrade to the latest available sources for their
+    system:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv your-favorite-sources
+    # emerge your-favorite-sources
+
+    # # Follow usual procedure for compiling and installing a kernel.
+    # # If you use genkernel, run genkernel as you would do normally.</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0626">CAN-2004-0626</uri>
+  </references>
+  <metadata tag="submitter">
+    plasmaroo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-13.xml b/metadata/glsa/glsa-200407-13.xml
new file mode 100644
index 000000000000..7dd6b6e416b7
--- /dev/null
+++ b/metadata/glsa/glsa-200407-13.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-13">
+  <title>PHP: Multiple security vulnerabilities</title>
+  <synopsis>
+    Multiple security vulnerabilities, potentially allowing remote code
+    execution, were found and fixed in PHP.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2004-07-15</announced>
+  <revised count="01">2004-07-15</revised>
+  <bug>56985</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.8</unaffected>
+      <vulnerable range="le">4.3.7-r1</vulnerable>
+    </package>
+    <package name="dev-php/mod_php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.8</unaffected>
+      <vulnerable range="le">4.3.7-r1</vulnerable>
+    </package>
+    <package name="dev-php/php-cgi" auto="yes" arch="*">
+      <unaffected range="ge">4.3.8</unaffected>
+      <vulnerable range="le">4.3.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a general-purpose scripting language widely used to develop
+    web-based applications. It can run inside a web server using the mod_php
+    module or the CGI version of PHP, or can run stand-alone in a CLI.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several security vulnerabilities were found and fixed in version 4.3.8 of
+    PHP. The strip_tags() function, used to sanitize user input, could in
+    certain cases allow tags containing \0 characters (CAN-2004-0595). When
+    memory_limit is used, PHP might unsafely interrupt other functions
+    (CAN-2004-0594). The ftok and itpc functions were missing safe_mode checks.
+    It was possible to bypass open_basedir restrictions using MySQL's LOAD DATA
+    LOCAL function. Furthermore, the IMAP extension was incorrectly allocating
+    memory and alloca() calls were replaced with emalloc() for better stack
+    protection.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Successfully exploited, the memory_limit problem could allow remote
+    excution of arbitrary code. By exploiting the strip_tags vulnerability, it
+    is possible to pass HTML code that would be considered as valid tags by the
+    Microsoft Internet Explorer and Safari browsers. Using ftok, itpc or
+    MySQL's LOAD DATA LOCAL, it is possible to bypass PHP configuration
+    restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround that would solve all these problems. All users
+    are encouraged to upgrade to the latest available versions.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP, mod_php and php-cgi users should upgrade to the latest stable
+    version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-php/php-4.3.8"
+    # emerge "&gt;=dev-php/php-4.3.8"
+
+    # emerge -pv "&gt;=dev-php/mod_php-4.3.8"
+    # emerge "&gt;=dev-php/mod_php-4.3.8"
+
+    # emerge -pv "&gt;=dev-php/php-cgi-4.3.8"
+    # emerge "&gt;=dev-php/php-cgi-4.3.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594">CAN-2004-0594</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595">CAN-2004-0595</uri>
+    <uri link="http://security.e-matters.de/advisories/112004.html">E-Matters Advisory 11/2004</uri>
+    <uri link="http://security.e-matters.de/advisories/122004.html">E-Matters Advisory 12/2004</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-14.xml b/metadata/glsa/glsa-200407-14.xml
new file mode 100644
index 000000000000..ddf44b07d392
--- /dev/null
+++ b/metadata/glsa/glsa-200407-14.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-14">
+  <title>Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries</title>
+  <synopsis>
+    Game servers based on the Unreal engine are vulnerable to remote code
+    execution through malformed 'secure' queries.
+  </synopsis>
+  <product type="ebuild">Unreal Tournament</product>
+  <announced>2004-07-19</announced>
+  <revised count="01">2004-07-19</revised>
+  <bug>54726</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-fps/ut2003" auto="yes" arch="*">
+      <unaffected range="ge">2225-r3</unaffected>
+      <vulnerable range="le">2225-r2</vulnerable>
+    </package>
+    <package name="games-server/ut2003-ded" auto="yes" arch="*">
+      <unaffected range="ge">2225-r2</unaffected>
+      <vulnerable range="le">2225-r1</vulnerable>
+    </package>
+    <package name="games-fps/ut2004" auto="yes" arch="*">
+      <unaffected range="ge">3236</unaffected>
+      <vulnerable range="lt">3236</vulnerable>
+    </package>
+    <package name="games-fps/ut2004-demo" auto="yes" arch="*">
+      <unaffected range="ge">3120-r4</unaffected>
+      <vulnerable range="le">3120-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Unreal Tournament 2003 and 2004 are popular first-person-shooter games.
+    They are both based on the Unreal engine, and can be used in a game server
+    / client setup.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Unreal-based game servers support a specific type of query called
+    'secure'. Part of the Gamespy protocol, this query is used to ask if the
+    game server is able to calculate an exact response using a provided string.
+    Luigi Auriemma found that sending a long 'secure' query triggers a buffer
+    overflow in the game server.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a malicious UDP-based 'secure' query, an attacker could execute
+    arbitrary code on the game server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Users can avoid this vulnerability by not using Unreal Tournament to host
+    games as a server. All users running a server should upgrade to the latest
+    versions.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Unreal Tournament users should upgrade to the latest available
+    versions:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=games-fps/ut2003-2225-r3"
+    # emerge "&gt;=games-fps/ut2003-2225-r3"
+
+    # emerge -pv "&gt;=games-server/ut2003-ded-2225-r2"
+    # emerge "&gt;=games-server/ut2003-ded-2225-r2"
+
+    # emerge -pv "&gt;=games-fps/ut2004-3236"
+    # emerge "&gt;=games-fps/ut2004-3236"
+
+    # emerge -pv "&gt;=games-fps/ut2004-demo-3120-r4"
+    # emerge "&gt;=games-fps/ut2004-demo-3120-r4"</code>
+  </resolution>
+  <references>
+    <uri link="http://aluigi.altervista.org/adv/unsecure-adv.txt">Luigi Auriemma advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0608">CAN-2004-0608</uri>
+  </references>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-15.xml b/metadata/glsa/glsa-200407-15.xml
new file mode 100644
index 000000000000..851a55752a22
--- /dev/null
+++ b/metadata/glsa/glsa-200407-15.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-15">
+  <title>Opera: Multiple spoofing vulnerabilities</title>
+  <synopsis>
+    Opera contains three vulnerabilities, allowing an attacker to impersonate
+    legitimate websites with URI obfuscation or to spoof websites with frame
+    injection.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2004-07-20</announced>
+  <revised count="01">2004-07-20</revised>
+  <bug>56311</bug>
+  <bug>56109</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">7.53</unaffected>
+      <vulnerable range="le">7.52</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Opera fails to remove illegal characters from an URI of a link and to check
+    that the target frame of a link belongs to the same website as the link.
+    Opera also updates the address bar before loading a page. Additionally,
+    Opera contains a certificate verification problem.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities could allow an attacker to impersonate legitimate
+    websites to steal sensitive information from users. This could be done by
+    obfuscating the real URI of a link or by injecting a malicious frame into
+    an arbitrary frame of another browser window.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-client/opera-7.53"
+    # emerge "&gt;=www-client/opera-7.53"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/10517">Bugtraq Announcement</uri>
+    <uri link="https://secunia.com/advisories/11978/">Secunia Advisory SA11978</uri>
+    <uri link="https://secunia.com/advisories/12028/">Secunia Advisory SA12028</uri>
+    <uri link="https://www.opera.com/linux/changelogs/753/">Opera Changelog</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-16.xml b/metadata/glsa/glsa-200407-16.xml
new file mode 100644
index 000000000000..139167009dd3
--- /dev/null
+++ b/metadata/glsa/glsa-200407-16.xml
@@ -0,0 +1,298 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-16">
+  <title>Linux Kernel: Multiple DoS and permission vulnerabilities</title>
+  <synopsis>
+    Multiple permission vulnerabilities have been found in the Linux kernel,
+    allowing an attacker to change the group IDs of files mounted on a remote
+    filesystem (CAN-2004-0497), as well as an issue in 2.6 series kernels which
+    allows /proc permissions to be bypassed. A context sharing vulnerability in
+    vserver-sources is also handled by this advisory as well as CAN-2004-0447,
+    CAN-2004-0496 and CAN-2004-0565. Patched, or updated versions of these
+    kernels have been released and details are included along with this
+    advisory.
+  </synopsis>
+  <product type="ebuild">Kernel</product>
+  <announced>2004-07-22</announced>
+  <revised count="03">2011-03-27</revised>
+  <bug>56171</bug>
+  <bug>56479</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-kernel/aa-sources" auto="no" arch="*">
+      <unaffected range="rge">2.4.23-r2</unaffected>
+      <unaffected range="ge">2.6.5-r5</unaffected>
+      <vulnerable range="lt">2.6.5-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/alpha-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21-r9</unaffected>
+      <vulnerable range="lt">2.4.21-r9</vulnerable>
+    </package>
+    <package name="sys-kernel/ck-sources" auto="no" arch="*">
+      <unaffected range="rge">2.4.26-r1</unaffected>
+      <unaffected range="ge">2.6.7-r5</unaffected>
+      <vulnerable range="lt">2.6.7-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/compaq-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.9.32.7-r8</unaffected>
+      <vulnerable range="lt">2.4.9.32.7-r8</vulnerable>
+    </package>
+    <package name="sys-kernel/development-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.8_rc1</unaffected>
+      <vulnerable range="lt">2.6.8_rc1</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r8</unaffected>
+      <vulnerable range="lt">2.6.7-r8</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.19-r18</unaffected>
+      <unaffected range="rge">2.4.20-r21</unaffected>
+      <unaffected range="rge">2.4.22-r13</unaffected>
+      <unaffected range="rge">2.4.25-r6</unaffected>
+      <unaffected range="ge">2.4.26-r5</unaffected>
+      <vulnerable range="lt">2.4.26-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/grsec-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26.2.0-r6</unaffected>
+      <vulnerable range="lt">2.4.26.2.0-r6</vulnerable>
+    </package>
+    <package name="sys-kernel/gs-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25_pre7-r8</unaffected>
+      <vulnerable range="lt">2.4.25_pre7-r8</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r2</unaffected>
+      <vulnerable range="lt">2.6.7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r3</unaffected>
+      <vulnerable range="lt">2.4.26-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7_p1-r2</unaffected>
+      <vulnerable range="lt">2.6.7_p1-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26_p6-r1</unaffected>
+      <vulnerable range="lt">2.4.26_p6-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/ia64-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r7</unaffected>
+      <vulnerable range="lt">2.4.24-r7</vulnerable>
+    </package>
+    <package name="sys-kernel/mm-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r6</unaffected>
+      <vulnerable range="lt">2.6.7-r6</vulnerable>
+    </package>
+    <package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.22-r11</unaffected>
+      <vulnerable range="lt">2.4.22-r11</vulnerable>
+    </package>
+    <package name="sys-kernel/pac-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r9</unaffected>
+      <vulnerable range="lt">2.4.23-r9</vulnerable>
+    </package>
+    <package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21-r11</unaffected>
+      <vulnerable range="lt">2.4.21-r11</vulnerable>
+    </package>
+    <package name="sys-kernel/pegasos-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r2</unaffected>
+      <vulnerable range="lt">2.6.7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/pegasos-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r3</unaffected>
+      <vulnerable range="lt">2.4.26-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/ppc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r3</unaffected>
+      <vulnerable range="lt">2.4.26-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/rsbac-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r3</unaffected>
+      <vulnerable range="lt">2.4.26-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/rsbac-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r2</unaffected>
+      <vulnerable range="lt">2.6.7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/selinux-sources" auto="no" arch="*">
+      <unaffected range="ge">2.4.26-r2</unaffected>
+      <vulnerable range="lt">2.4.26-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/sparc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r3</unaffected>
+      <vulnerable range="lt">2.4.26-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/uclinux-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.26_p0-r3</unaffected>
+      <unaffected range="ge">2.6.7_p0-r2</unaffected>
+      <vulnerable range="lt">2.6.7_p0-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.24-r6</unaffected>
+      <unaffected range="rge">2.4.26-r3</unaffected>
+      <unaffected range="ge">2.6.6-r4</unaffected>
+      <vulnerable range="lt">2.6.6-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/vserver-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.0</unaffected>
+      <vulnerable range="lt">2.4.26.1.28-r1</vulnerable>
+      <vulnerable range="ge">2.4</vulnerable>
+      <vulnerable range="lt">2.0</vulnerable>
+    </package>
+    <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.26-r3</unaffected>
+      <unaffected range="ge">2.6.7-r2</unaffected>
+      <vulnerable range="lt">2.6.7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/wolk-sources" auto="yes" arch="*">
+      <unaffected range="rge">4.9-r10</unaffected>
+      <unaffected range="rge">4.11-r7</unaffected>
+      <unaffected range="ge">4.14-r4</unaffected>
+      <vulnerable range="lt">4.14-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/xbox-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.26-r3</unaffected>
+      <unaffected range="ge">2.6.7-r2</unaffected>
+      <vulnerable range="lt">2.6.7-r2</vulnerable>
+    </package>
+    <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.27</unaffected>
+      <vulnerable range="lt">2.4.27</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.27</unaffected>
+      <vulnerable range="le">2.4.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux kernel is responsible for managing the core aspects of a
+    GNU/Linux system, providing an interface for core system applications
+    as well as providing the essential structure and capability to access
+    hardware that is needed for a running system.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Linux kernel allows a local attacker to mount a remote file system
+    on a vulnerable Linux host and modify files' group IDs. On 2.4 series
+    kernels this vulnerability only affects shared NFS file systems. This
+    vulnerability has been assigned CAN-2004-0497 by the Common
+    Vulnerabilities and Exposures project.
+    </p>
+    <p>
+    Also, a flaw in the handling of /proc attributes has been found in 2.6
+    series kernels; allowing the unauthorized modification of /proc
+    entries, especially those which rely solely on file permissions for
+    security to vital kernel parameters.
+    </p>
+    <p>
+    An issue specific to the VServer Linux sources has been found, by which
+    /proc related changes in one virtual context are applied to other
+    contexts as well, including the host system.
+    </p>
+    <p>
+    CAN-2004-0447 resolves a local DoS vulnerability on IA64 platforms
+    which can cause unknown behaviour and CAN-2004-0565 resolves a floating
+    point information leak on IA64 platforms by which registers of other
+    processes can be read by a local user.
+    </p>
+    <p>
+    Finally, CAN-2004-0496 addresses some more unknown vulnerabilities in
+    2.6 series Linux kernels older than 2.6.7 which were found by the
+    Sparse source code checking tool.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Bad Group IDs can possibly cause a Denial of Service on parts of a host
+    if the changed files normally require a special GID to properly
+    operate. By exploiting this vulnerability, users in the original file
+    group would also be blocked from accessing the changed files.
+    </p>
+    <p>
+    The /proc attribute vulnerability allows local users with previously no
+    permissions to certain /proc entries to exploit the vulnerability and
+    then gain read, write and execute access to entries.
+    </p>
+    <p>
+    These new privileges can be used to cause unknown behaviour ranging
+    from reduced system performance to a Denial of Service by manipulating
+    various kernel options which are usually reserved for the superuser.
+    This flaw might also be used for opening restrictions set through /proc
+    entries, allowing further attacks to take place through another
+    possibly unexpected attack vector.
+    </p>
+    <p>
+    The VServer issue can also be used to induce similar unexpected
+    behaviour to other VServer contexts, including the host. By successful
+    exploitation, a Denial of Service for other contexts can be caused
+    allowing only root to read certain /proc entries. Such a change would
+    also be replicated to other contexts, forbidding normal users on those
+    contexts to read /proc entries which could contain details needed by
+    daemons running as a non-root user, for example.
+    </p>
+    <p>
+    Additionally, this vulnerability allows an attacker to read information
+    from another context, possibly hosting a different server, gaining
+    critical information such as what processes are running. This may be
+    used for furthering the exploitation of either context.
+    </p>
+    <p>
+    CAN-2004-0447 and CAN-2004-0496 permit various local unknown Denial of
+    Service vulnerabilities with unknown impacts - these vulnerabilities
+    can be used to possibly elevate privileges or access reserved kernel
+    memory which can be used for further exploitation of the system.
+    </p>
+    <p>
+    CAN-2004-0565 allows FPU register values of other processes to be read
+    by a local user setting the MFH bit during a floating point operation -
+    since no check was in place to ensure that the FPH bit was owned by the
+    requesting process, but only an MFH bit check, an attacker can simply
+    set the MFH bit and access FPU registers of processes running as other
+    users, possibly those running as root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    2.4 users may not be affected by CAN-2004-0497 if they do not use
+    remote network filesystems and do not have support for any such
+    filesystems in their kernel configuration. All 2.6 users are affected
+    by the /proc attribute issue and the only known workaround is to
+    disable /proc support. The VServer flaw applies only to
+    vserver-sources, and no workaround is currently known for the issue.
+    There is no known fix to CAN-2004-0447, CAN-2004-0496 or CAN-2004-0565
+    other than to upgrade the kernel to a patched version.
+    </p>
+    <p>
+    As a result, all users affected by any of these vulnerabilities should
+    upgrade their kernels to ensure the integrity of their systems.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to upgrade to the latest available sources for
+    their system:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv your-favorite-sources
+    # emerge your-favorite-sources
+    
+    # # Follow usual procedure for compiling and installing a kernel.
+    # # If you use genkernel, run genkernel as you would do normally.</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0447">CAN-2004-0447</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0496">CAN-2004-0496</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0497">CAN-2004-0497</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0565">CAN-2004-0565</uri>
+    <uri link="http://www.securityfocus.com/archive/1/367977">VServer /proc Context Vulnerability</uri>
+  </references>
+  <metadata tag="submitter">
+    plasmaroo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-17.xml b/metadata/glsa/glsa-200407-17.xml
new file mode 100644
index 000000000000..f765f391633b
--- /dev/null
+++ b/metadata/glsa/glsa-200407-17.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-17">
+  <title>l2tpd: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow in l2tpd could lead to remote code execution. It is not
+    known whether this bug is exploitable.
+  </synopsis>
+  <product type="ebuild">net-dialup/l2tpd</product>
+  <announced>2004-07-22</announced>
+  <revised count="01">2004-07-22</revised>
+  <bug>53009</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/l2tpd" auto="yes" arch="*">
+      <unaffected range="ge">0.69-r2</unaffected>
+      <vulnerable range="lt">0.69-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    l2tpd is a GPL implentation of the Layer 2 Tunneling Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Thomas Walpuski discovered a buffer overflow that may be exploitable by
+    sending a specially crafted packet. In order to exploit the vulnerable
+    code, an attacker would need to fake the establishment of an L2TP tunnel.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker may be able to execute arbitrary code with the privileges
+    of the user running l2tpd.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround for this vulnerability.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users are recommended to upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-l2tpd-0.69-r2"
+    # emerge "&gt;=net-l2tpd-0.69-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0649">CAN-2004-0649</uri>
+    <uri link="http://seclists.org/lists/fulldisclosure/2004/Jun/0094.html">Full Disclosure Report</uri>
+  </references>
+  <metadata tag="requester">
+    koon
+  </metadata>
+  <metadata tag="submitter">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-18.xml b/metadata/glsa/glsa-200407-18.xml
new file mode 100644
index 000000000000..126e9fa57233
--- /dev/null
+++ b/metadata/glsa/glsa-200407-18.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-18">
+  <title>mod_ssl: Format string vulnerability</title>
+  <synopsis>
+    A bug in mod_ssl may allow a remote attacker to execute arbitrary code when
+    Apache is configured to use mod_ssl and mod_proxy.
+  </synopsis>
+  <product type="ebuild">mod_ssl</product>
+  <announced>2004-07-22</announced>
+  <revised count="01">2004-07-22</revised>
+  <bug>57379</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-www/mod_ssl" auto="yes" arch="*">
+      <unaffected range="ge">2.8.19</unaffected>
+      <vulnerable range="le">2.8.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mod_ssl provides Secure Sockets Layer encryption and authentication to
+    Apache 1.3.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in ssl_engine_ext.c makes mod_ssl vulnerable to a ssl_log() related
+    format string vulnerability in the mod_proxy hook functions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Given the right server configuration, an attacker could execute code as the
+    user running Apache, usually "apache".
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    A server should not be vulnerable if it is not using both mod_ssl and
+    mod_proxy. Otherwise there is no workaround other than to disable mod_ssl.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mod_ssl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-www/mod_ssl-2.8.19"
+    # emerge "&gt;=net-www/mod_ssl-2.8.19"</code>
+  </resolution>
+  <references>
+    <uri link="http://marc.theaimsgroup.com/?l=apache-modssl&amp;m=109001100906749&amp;w=2">mod_ssl Announcement</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-19.xml b/metadata/glsa/glsa-200407-19.xml
new file mode 100644
index 000000000000..cf9085d675da
--- /dev/null
+++ b/metadata/glsa/glsa-200407-19.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-19">
+  <title>Pavuk: Digest authentication helper buffer overflow</title>
+  <synopsis>
+    Pavuk contains a bug that can allow an attacker to run arbitrary code.
+  </synopsis>
+  <product type="ebuild">Pavuk</product>
+  <announced>2004-07-26</announced>
+  <revised count="02">2006-05-22</revised>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/pavuk" auto="yes" arch="*">
+      <unaffected range="ge">0.9.28-r3</unaffected>
+      <vulnerable range="le">0.9.28-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pavuk is web spider and website mirroring tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Pavuk contains several buffer overflow vulnerabilities in the code
+    handling digest authentication.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could cause a buffer overflow, leading to arbitrary code
+    execution with the rights of the user running Pavuk.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Pavuk.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pavuk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/pavuk-0.9.28-r3"
+    # emerge "&gt;=net-misc/pavuk-0.9.28-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1437">CVE-2004-1437</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-20.xml b/metadata/glsa/glsa-200407-20.xml
new file mode 100644
index 000000000000..0642f08d6067
--- /dev/null
+++ b/metadata/glsa/glsa-200407-20.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-20">
+  <title>Subversion: Vulnerability in mod_authz_svn</title>
+  <synopsis>
+    Users with write access to parts of a Subversion repository may bypass read
+    restrictions in mod_authz_svn and read any part of the repository they
+    wish.
+  </synopsis>
+  <product type="ebuild">subversion</product>
+  <announced>2004-07-26</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>57747</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6</unaffected>
+      <vulnerable range="le">1.0.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Subversion is an advanced version control system, similar to CVS, which
+    supports additional functionality such as the ability to move, copy and
+    delete files and directories. A Subversion server may be run as an
+    Apache module, a standalone server (svnserve), or on-demand over ssh (a
+    la CVS' ":ext:" protocol). The mod_authz_svn Apache module works with
+    Subversion in Apache to limit access to parts of Subversion
+    repositories based on policy set by the administrator.
+    </p>
+  </background>
+  <description>
+    <p>
+    Users with write access to part of a Subversion repository may bypass
+    read restrictions on any part of that repository. This can be done
+    using an "svn copy" command to copy the portion of a repository the
+    user wishes to read into an area where they have write access.
+    </p>
+    <p>
+    Since copies are versioned, any such copy attempts will be readily
+    apparent.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    This is a low-risk vulnerability. It affects only users of Subversion
+    who are running servers inside Apache and using mod_authz_svn.
+    Additionally, this vulnerability may be exploited only by users with
+    write access to some portion of a repository.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Keep sensitive content separated into different Subversion
+    repositories, or disable the Apache Subversion server and use svnserve
+    instead.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Subversion users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-util/subversion-1.0.6"
+    # emerve "&gt;=dev-util/subversion-1.0.6"</code>
+  </resolution>
+  <references>
+    <uri link="http://svn.collab.net/repos/svn/tags/1.0.6/CHANGES">ChangeLog for Subversion 1.0.6</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1438">CVE-2004-1438</uri>
+  </references>
+  <metadata tag="requester">
+    koon
+  </metadata>
+  <metadata tag="submitter">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-21.xml b/metadata/glsa/glsa-200407-21.xml
new file mode 100644
index 000000000000..e2debe5e913a
--- /dev/null
+++ b/metadata/glsa/glsa-200407-21.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-21">
+  <title>Samba: Multiple buffer overflows</title>
+  <synopsis>
+    Two buffer overflows vulnerabilities were found in Samba, potentially
+    allowing the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Samba</product>
+  <announced>2004-07-29</announced>
+  <revised count="02">2004-07-29</revised>
+  <bug>57962</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.5</unaffected>
+      <vulnerable range="le">3.0.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a package which allows *nix systems to act as file servers for
+    Windows computers. It also allows *nix systems to mount shares exported by
+    a Samba/CIFS/Windows server. The Samba Web Administration Tool (SWAT) is a
+    web-based configuration tool part of the Samba package.
+    </p>
+  </background>
+  <description>
+    <p>
+    Evgeny Demidov found a buffer overflow in SWAT, located in the base64 data
+    decoder used to handle HTTP basic authentication (CAN-2004-0600). The same
+    flaw is present in the code used to handle the sambaMungedDial attribute
+    value, when using the ldapsam passdb backend. Another buffer overflow was
+    found in the code used to support the 'mangling method = hash' smb.conf
+    option (CAN-2004-0686). Note that the default Samba value for this option
+    is 'mangling method = hash2' which is not vulnerable.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The SWAT authentication overflow could be exploited to execute arbitrary
+    code with the rights of the Samba daemon process. The overflow in the
+    sambaMungedDial handling code is not thought to be exploitable. The buffer
+    overflow in 'mangling method = hash' code could also be used to execute
+    arbitrary code on vulnerable configurations.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Users disabling SWAT, not using ldapsam passdb backends and not using the
+    'mangling method = hash' option are not vulnerable.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-fs/samba-3.0.5"
+    # emerge "&gt;=net-fs/samba-3.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.samba.org/samba/whatsnew/samba-3.0.5.html">Samba 3.0.5 Release Notes</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600">CAN-2004-0600</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686">CAN-2004-0686</uri>
+  </references>
+  <metadata tag="requester">
+    koon
+  </metadata>
+  <metadata tag="submitter">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-22.xml b/metadata/glsa/glsa-200407-22.xml
new file mode 100644
index 000000000000..e86f3f41ec1c
--- /dev/null
+++ b/metadata/glsa/glsa-200407-22.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-22">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a
+    valid user account to alter configuration variables and execute arbitrary
+    PHP code.
+  </synopsis>
+  <product type="ebuild">dev-db/phpmyadmin</product>
+  <announced>2004-07-29</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>57890</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.5.7_p1</unaffected>
+      <vulnerable range="le">2.5.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a popular, web-based MySQL administration tool written in
+    PHP. It allows users to administer a MySQL database from a web-browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two serious vulnerabilities exist in phpMyAdmin. The first allows any
+    user to alter the server configuration variables (including host, name,
+    and password) by appending new settings to the array variables that
+    hold the configuration in a GET statement. The second allows users to
+    include arbitrary PHP code to be executed within an eval() statement in
+    table name configuration settings. This second vulnerability is only
+    exploitable if $cfg['LeftFrameLight'] is set to FALSE.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Authenticated users can alter configuration variables for their running
+    copy of phpMyAdmin. The impact of this should be minimal. However, the
+    second vulnerability would allow an authenticated user to execute
+    arbitrary PHP code with the permissions of the webserver, potentially
+    allowing a serious Denial of Service or further remote compromise.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The second, more serious vulnerability is only exploitable if
+    $cfg['LeftFrameLight'] is set to FALSE. In the default Gentoo
+    installation, this is set to TRUE. There is no known workaround for the
+    first.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-db/phpmyadmin-2.5.7_p1"
+    # emerge "&gt;=dev-db/phpmyadmin-2.5.7_p1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/367486">BugTraq Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2631">CVE-2004-2631</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2632">CVE-2004-2632</uri>
+  </references>
+  <metadata tag="requester">
+    koon
+  </metadata>
+  <metadata tag="submitter">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200407-23.xml b/metadata/glsa/glsa-200407-23.xml
new file mode 100644
index 000000000000..fcaed002781a
--- /dev/null
+++ b/metadata/glsa/glsa-200407-23.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200407-23">
+  <title>SoX: Multiple buffer overflows</title>
+  <synopsis>
+    SoX contains two buffer overflow vulnerabilities in the WAV header parser
+    code.
+  </synopsis>
+  <product type="ebuild">SoX</product>
+  <announced>2004-07-30</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>58733</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/sox" auto="yes" arch="*">
+      <unaffected range="ge">12.17.4-r2</unaffected>
+      <vulnerable range="le">12.17.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SoX is a command line utility that can convert various formats of
+    computer audio files in to other formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar discovered two buffer overflows in the sox and play
+    commands when handling WAV files with specially crafted header fields.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to play or convert a specially crafted WAV file an
+    attacker could execute arbitrary code with the permissions of the user
+    running SoX.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of SoX.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SoX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=media-sound/sox-12.17.4-r2"
+    # emerge "&gt;=media-sound/sox-12.17.4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1141.html">Full Disclosure Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0557">CVE-2004-0557</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-01.xml b/metadata/glsa/glsa-200408-01.xml
new file mode 100644
index 000000000000..f6bfedbbca64
--- /dev/null
+++ b/metadata/glsa/glsa-200408-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-01">
+  <title>MPlayer: GUI filename handling overflow</title>
+  <synopsis>
+    When compiled with GUI support MPlayer is vulnerable to a remotely
+    exploitable buffer overflow attack.
+  </synopsis>
+  <product type="ebuild">MPlayer</product>
+  <announced>2004-08-01</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>55456</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_pre4-r7</unaffected>
+      <vulnerable range="lt">1.0_pre4-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player capable of handling multiple multimedia file
+    formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    The MPlayer GUI code contains several buffer overflow vulnerabilities,
+    and at least one in the TranslateFilename() function is exploitable.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to play a file with a carefully crafted filename an
+    attacker could execute arbitrary code with the permissions of the user
+    running MPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    To work around this issue, users can compile MPlayer without GUI
+    support by disabling the gtk USE flag. All users are encouraged to
+    upgrade to the latest available version of MPlayer.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=media-video/mplayer-1.0_pre4-r7"
+    # emerge "&gt;=media-video/mplayer-1.0_pre4-r7"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/10615/">Bugtraq Announcement</uri>
+    <uri link="http://www.open-security.org/advisories/5">Open-Security Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0659">CVE-2004-0659</uri>
+  </references>
+  <metadata tag="requester">
+    koon
+  </metadata>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-02.xml b/metadata/glsa/glsa-200408-02.xml
new file mode 100644
index 000000000000..44f5ffcf1072
--- /dev/null
+++ b/metadata/glsa/glsa-200408-02.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-02">
+  <title>Courier: Cross-site scripting vulnerability in SqWebMail</title>
+  <synopsis>
+    The SqWebMail web application, included in the Courier suite, is vulnerable
+    to cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">Courier</product>
+  <announced>2004-08-04</announced>
+  <revised count="01">2004-08-04</revised>
+  <bug>58020</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/courier" auto="yes" arch="*">
+      <unaffected range="ge">0.45.6.20040618</unaffected>
+      <vulnerable range="le">0.45.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Courier is an integrated mail and groupware server based on open protocols.
+    It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a
+    single framework. The webmail functionality included in Courier called
+    SqWebMail allows you to access mailboxes from a web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luca Legato found that SqWebMail is vulnerable to a cross-site scripting
+    (XSS) attack. An XSS attack allows an attacker to insert malicious code
+    into a web-based application. SqWebMail doesn't filter appropriately data
+    coming from message headers before displaying them.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a carefully crafted message, an attacker can inject and execute
+    script code in the victim's browser window. This allows to modify the
+    behaviour of the SqWebMail application, and/or leak session information
+    such as cookies to the attacker.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Courier.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Courier users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=mail-mta/courier-0.45.6.20040618"
+    # emerge "&gt;=mail-mta/courier-0.45.6.20040618"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0591">CAN-2004-0591</uri>
+    <uri link="https://www.cert.org/advisories/CA-2000-02.html">XSS definition</uri>
+  </references>
+  <metadata tag="requester">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-03T15:23:08Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-03.xml b/metadata/glsa/glsa-200408-03.xml
new file mode 100644
index 000000000000..8d630a436c53
--- /dev/null
+++ b/metadata/glsa/glsa-200408-03.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-03">
+  <title>libpng: Numerous vulnerabilities</title>
+  <synopsis>
+    libpng contains numerous vulnerabilities potentially allowing an attacker
+    to perform a Denial of Service attack or even execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2004-08-05</announced>
+  <revised count="01">2004-08-05</revised>
+  <bug>59424</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.5-r8</unaffected>
+      <vulnerable range="le">1.2.5-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is a standard library used to process PNG (Portable Network
+    Graphics) images. It is used by several other programs, including web
+    browsers and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>
+    libpng contains numerous vulnerabilities including null pointer dereference
+    errors and boundary errors in various functions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to cause programs linked
+    against the library to crash or execute arbitrary code with the permissions
+    of the user running the vulnerable program, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpng users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-libs/libpng-1.2.5-r8"
+    # emerge "&gt;=media-libs/libpng-1.2.5-r8"</code>
+    <p>
+    You should also run revdep-rebuild to rebuild any packages that depend on
+    older versions of libpng :
+    </p>
+    <code>
+    # revdep-rebuild</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597">CAN-2004-0597</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598">CAN-2004-0598</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599">CAN-2004-0599</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-05T09:45:46Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-04.xml b/metadata/glsa/glsa-200408-04.xml
new file mode 100644
index 000000000000..e3c6fb882a8e
--- /dev/null
+++ b/metadata/glsa/glsa-200408-04.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-04">
+  <title>PuTTY: Pre-authentication arbitrary code execution</title>
+  <synopsis>
+    PuTTY contains a vulnerability allowing a SSH server to execute arbitrary
+    code on the connecting client.
+  </synopsis>
+  <product type="ebuild">PuTTY</product>
+  <announced>2004-08-05</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>59383</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/putty" auto="yes" arch="*">
+      <unaffected range="ge">0.55</unaffected>
+      <vulnerable range="le">0.54</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PuTTY is a free implementation of Telnet and SSH for Win32 and Unix
+    platforms, along with an xterm terminal emulator.
+    </p>
+  </background>
+  <description>
+    <p>
+    PuTTY contains a vulnerability allowing a malicious server to execute
+    arbitrary code on the connecting client before host key verification.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    When connecting to a server using the SSH2 protocol an attacker is able
+    to execute arbitrary code with the permissions of the user running
+    PuTTY by sending specially crafted packets to the client during the
+    authentication process but before host key verification.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of PuTTY.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PuTTY users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/putty-0.55"
+    # emerge "&gt;=net-misc/putty-0.55"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.coresecurity.com/common/showdoc.php?idx=417&amp;idxseccion=10">Corelabs Advisory</uri>
+    <uri link="https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html">PuTTY ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1440">CVE-2004-1440</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-04T17:20:53Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-05T09:03:08Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-05.xml b/metadata/glsa/glsa-200408-05.xml
new file mode 100644
index 000000000000..dd1cbb7529ea
--- /dev/null
+++ b/metadata/glsa/glsa-200408-05.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-05">
+  <title>Opera: Multiple new vulnerabilities</title>
+  <synopsis>
+    Several new vulnerabilities were found and fixed in Opera, including one
+    allowing an attacker to read the local filesystem remotely.
+  </synopsis>
+  <product type="ebuild">Opera</product>
+  <announced>2004-08-05</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>59503</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">7.54</unaffected>
+      <vulnerable range="le">7.53</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been found in the Opera web browser.
+    Opera fails to deny write access to the "location" browser object. An
+    attacker can overwrite methods in this object and gain script access to
+    any page that uses one of these methods. Furthermore, access to file://
+    URLs is possible even from pages loaded using other protocols. Finally,
+    spoofing a legitimate web page is still possible, despite the fixes
+    announced in GLSA 200407-15.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing an user to visit specially crafted web pages, an attacker
+    can read files located on the victim's file system, read emails written
+    or received by M2, Opera's mail program, steal cookies, spoof URLs,
+    track user browsing history, etc.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-client/opera-7.54"
+    # emerge "&gt;=www-client/opera-7.54"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.opera.com/linux/changelogs/754/">Opera Changelog</uri>
+    <uri link="http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html">Address bar spoofing issue disclosure</uri>
+    <uri link="http://www.greymagic.com/security/advisories/gm008-op/">GreyMagic Security Advisory GM#008-OP</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2570">CVE-2004-2570</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-05T18:21:29Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-06.xml b/metadata/glsa/glsa-200408-06.xml
new file mode 100644
index 000000000000..13e3ce248dae
--- /dev/null
+++ b/metadata/glsa/glsa-200408-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-06">
+  <title>SpamAssassin: Denial of Service vulnerability</title>
+  <synopsis>
+    SpamAssassin is vulnerable to a Denial of Service attack when handling
+    certain malformed messages.
+  </synopsis>
+  <product type="ebuild">SpamAssassin</product>
+  <announced>2004-08-09</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>59483</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/spamassassin" auto="yes" arch="*">
+      <unaffected range="ge">2.64</unaffected>
+      <vulnerable range="le">2.63-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SpamAssassin is an extensible email filter which is used to identify
+    spam.
+    </p>
+  </background>
+  <description>
+    <p>
+    SpamAssassin contains an unspecified Denial of Service vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted message an attacker could cause a Denial
+    of Service attack against the SpamAssassin service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of SpamAssassin.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SpamAssassin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=mail-filter/spamassassin-2.64"
+    # emerge "&gt;=mail-filter/spamassassin-2.64"</code>
+  </resolution>
+  <references>
+    <uri link="http://marc.theaimsgroup.com/?l=spamassassin-announce&amp;m=109168121628767&amp;w=2">SpamAssassin Release Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0796">CVE-2004-0796</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-05T09:14:09Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-05T11:01:34Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-07.xml b/metadata/glsa/glsa-200408-07.xml
new file mode 100644
index 000000000000..d03f0152fc39
--- /dev/null
+++ b/metadata/glsa/glsa-200408-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-07">
+  <title>Horde-IMP: Input validation vulnerability for Internet Explorer users</title>
+  <synopsis>
+    An input validation vulnerability has been discovered in Horde-IMP. This
+    only affects users of Internet Explorer.
+  </synopsis>
+  <product type="ebuild">horde-imp</product>
+  <announced>2004-08-10</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>59336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde-imp" auto="yes" arch="*">
+      <unaffected range="ge">3.2.5</unaffected>
+      <vulnerable range="le">3.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Horde-IMP is the Internet Messaging Program. It is written in PHP and
+    provides webmail access to IMAP and POP3 accounts.
+    </p>
+  </background>
+  <description>
+    <p>
+    Horde-IMP fails to properly sanitize email messages that contain
+    malicious HTML or script code so that it is not safe for users of
+    Internet Explorer when using the inline MIME viewer for HTML messages.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to read a specially crafted e-mail, an attacker can
+    execute arbitrary scripts running in the context of the victim's
+    browser. This could lead to a compromise of the user's webmail account,
+    cookie theft, etc.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not use Internet Explorer to access Horde-IMP.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde-IMP users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/horde-imp-3.2.5"
+    # emerge "&gt;=www-apps/horde-imp-3.2.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&amp;r2=1.389.2.109&amp;ty=h">Horde-IMP Changelog</uri>
+    <uri link="https://secunia.com/advisories/12202/">Secunia Advisory SA12202</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1443">CVE-2004-1443</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-08T18:55:04Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-08.xml b/metadata/glsa/glsa-200408-08.xml
new file mode 100644
index 000000000000..1b7d0c4ef812
--- /dev/null
+++ b/metadata/glsa/glsa-200408-08.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-08">
+  <title>Cfengine: RSA Authentication Heap Corruption</title>
+  <synopsis>
+    Cfengine is vulnerable to a remote root exploit from clients in
+    AllowConnectionsFrom.
+  </synopsis>
+  <product type="ebuild">Cfengine</product>
+  <announced>2004-08-10</announced>
+  <revised count="05">2006-05-22</revised>
+  <bug>59895</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/cfengine" auto="yes" arch="*">
+      <unaffected range="ge">2.1.8</unaffected>
+      <unaffected range="lt">2.0.0</unaffected>
+      <vulnerable range="le">2.1.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cfengine is an agent/software robot and a high level policy language
+    for building expert systems to administrate and configure large
+    computer networks.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two vulnerabilities have been found in cfservd. One is a buffer
+    overflow in the AuthenticationDialogue function and the other is a
+    failure to check the proper return value of the ReceiveTransaction
+    function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could use the buffer overflow to execute arbitrary code
+    with the permissions of the user running cfservd, which is usually the
+    root user. However, before such an attack could be mounted, the
+    IP-based ACL would have to be bypassed. With the second vulnerability,
+    an attacker could cause a denial of service attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Cfengine. (It should be
+    noted that disabling cfservd will work around this particular problem.
+    However, in many cases, doing so will cripple your Cfengine setup.
+    Upgrading is strongly recommended.)
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cfengine users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/cfengine-2.1.8"
+    # emerge "&gt;=net-misc/cfengine-2.1.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.coresecurity.com/common/showdoc.php?idx=387&amp;idxseccion=10">Corelabs Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1701">CVE-2004-1701</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1702">CVE-2004-1702</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-09T21:29:04Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-09.xml b/metadata/glsa/glsa-200408-09.xml
new file mode 100644
index 000000000000..82e7075cb14c
--- /dev/null
+++ b/metadata/glsa/glsa-200408-09.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-09">
+  <title>Roundup: Filesystem access vulnerability</title>
+  <synopsis>
+    Roundup will make files owned by the user that it's running as accessable
+    to a remote attacker.
+  </synopsis>
+  <product type="ebuild">Roundup</product>
+  <announced>2004-08-11</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>53494</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/roundup" auto="yes" arch="*">
+      <unaffected range="ge">0.7.6</unaffected>
+      <vulnerable range="le">0.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Roundup is a simple to use issue-tracking system with command-line,
+    web, and e-mail interfaces.
+    </p>
+  </background>
+  <description>
+    <p>
+    Improper handling of a specially crafted URL allows access to the
+    server's filesystem, which could contain sensitive information.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could view files owned by the user running Roundup. This
+    will never be root however, as Roundup will not run as root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Roundup.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Roundup users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/roundup-0.7.6"
+    # emerge "&gt;=www-apps/roundup-0.7.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/11801/">Secunia Advisory SA11801</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1444">CVE-2004-1444</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-09T18:49:24Z">
+    chriswhite
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-10.xml b/metadata/glsa/glsa-200408-10.xml
new file mode 100644
index 000000000000..0b5cfe3d8fd7
--- /dev/null
+++ b/metadata/glsa/glsa-200408-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-10">
+  <title>gv: Exploitable Buffer Overflow</title>
+  <synopsis>
+    gv contains an exploitable buffer overflow that allows an attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gv</product>
+  <announced>2004-08-12</announced>
+  <revised count="01">2004-08-12</revised>
+  <bug>59385</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/gv" auto="yes" arch="*">
+      <unaffected range="ge">3.5.8-r4</unaffected>
+      <vulnerable range="le">3.5.8-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gv is a PostScript and PDF viewer for X which provides a user interface for
+    the ghostscript interpreter.
+    </p>
+  </background>
+  <description>
+    <p>
+    gv contains a buffer overflow vulnerability where an unsafe sscanf() call
+    is used to interpret PDF and PostScript files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to view a malformed PDF or PostScript file an attacker
+    could execute arbitrary code with the permissions of the user running gv.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of gv.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gv users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-text/gv-3.5.8-r4"
+    # emerge "&gt;=app-text/gv-3.5.8-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838">CAN-2002-0838</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-05T09:15:36Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-08T20:43:19Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-11.xml b/metadata/glsa/glsa-200408-11.xml
new file mode 100644
index 000000000000..6fa5e94620c3
--- /dev/null
+++ b/metadata/glsa/glsa-200408-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-11">
+  <title>Nessus: "adduser" race condition vulnerability</title>
+  <synopsis>
+    Nessus contains a vulnerability allowing a user to perform a privilege
+    escalation attack.
+  </synopsis>
+  <product type="ebuild">Nessus</product>
+  <announced>2004-08-12</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>58014</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/nessus" auto="yes" arch="*">
+      <unaffected range="ge">2.0.12</unaffected>
+      <vulnerable range="le">2.0.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Nessus is a free and powerful network security scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    A race condition can occur in "nessus-adduser" if the user has not
+    configured their TMPDIR variable.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious user could exploit this bug to escalate privileges to the
+    rights of the user running "nessus-adduser".
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Nessus.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Nessus users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-analyzer/nessus-2.0.12"
+    # emerge "&gt;=net-analyzer/nessus-2.0.12"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/12127/">Secunia Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1445">CVE-2004-1445</uri>
+  </references>
+  <metadata tag="requester">
+    koon
+  </metadata>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-12.xml b/metadata/glsa/glsa-200408-12.xml
new file mode 100644
index 000000000000..86038b2d56e9
--- /dev/null
+++ b/metadata/glsa/glsa-200408-12.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-12">
+  <title>Gaim: MSN protocol parsing function buffer overflow</title>
+  <synopsis>
+    Gaim contains a remotely exploitable buffer overflow vulnerability in the
+    MSN-protocol parsing code that may allow remote execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">gaim</product>
+  <announced>2004-08-12</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>60034</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">0.81-r1</unaffected>
+      <vulnerable range="le">0.81</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a multi-protocol instant messaging client for Linux which
+    supports many instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer of the SuSE Security Team has discovered a remotely
+    exploitable buffer overflow vulnerability in the code handling MSN
+    protocol parsing.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a carefully-crafted message, an attacker may execute
+    arbitrary code with the permissions of the user running Gaim.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Gaim.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gaim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-im/gaim-0.81-r1"
+    # emerge "&gt;=net-im/gaim-0.81-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.osvdb.org/displayvuln.php?osvdb_id=8382">OSVDB ID: 8382</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0500">CVE-2004-0500</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-12T16:07:01Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-13.xml b/metadata/glsa/glsa-200408-13.xml
new file mode 100644
index 000000000000..c31dcdbb2536
--- /dev/null
+++ b/metadata/glsa/glsa-200408-13.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-13">
+  <title>kdebase, kdelibs: Multiple security issues</title>
+  <synopsis>
+    KDE contains three security issues that can allow an attacker to compromise
+    system accounts, cause a Denial of Service, or spoof websites via frame
+    injection.
+  </synopsis>
+  <product type="ebuild">kde, kdebase, kdelibs</product>
+  <announced>2004-08-12</announced>
+  <revised count="01">2004-08-12</revised>
+  <bug>60068</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="kde-base/kdebase" auto="yes" arch="*">
+      <unaffected range="ge">3.2.3-r1</unaffected>
+      <vulnerable range="lt">3.2.3-r1</vulnerable>
+    </package>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.2.3-r1</unaffected>
+      <vulnerable range="lt">3.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a powerful Free Software graphical desktop environment for Linux and
+    Unix-like Operating Systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    KDE contains three security issues:
+    </p>
+    <ul>
+    <li>Insecure handling of temporary files when running KDE applications
+    outside of the KDE environment</li>
+    <li>DCOPServer creates temporary files in an insecure manner</li>
+    <li>The Konqueror browser allows websites to load webpages into a target
+    frame of any other open frame-based webpage</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to create or overwrite
+    files with the permissions of another user, compromise the account of users
+    running a KDE application and insert arbitrary frames into an otherwise
+    trusted webpage.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of kdebase.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KDE users should upgrade to the latest versions of kdelibs and kdebase:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=kde-base/kdebase-3.2.3-r1"
+    # emerge "&gt;=kde-base/kdebase-3.2.3-r1"
+
+    # emerge -pv "&gt;=kde-base/kdelibs-3.2.3-r1"
+    # emerge "&gt;=kde-base/kdelibs-3.2.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kde.org/info/security/advisory-20040811-1.txt">KDE Advisory: Temporary Directory Vulnerability</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20040811-2.txt">KDE Advisory: DCOPServer Temporary Filename Vulnerability</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20040811-3.txt">KDE Advisory: Konqueror Frame Injection Vulnerability</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-11T17:47:27Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-14.xml b/metadata/glsa/glsa-200408-14.xml
new file mode 100644
index 000000000000..d0b4e5b3fb72
--- /dev/null
+++ b/metadata/glsa/glsa-200408-14.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-14">
+  <title>acroread: UUDecode filename buffer overflow</title>
+  <synopsis>
+    acroread contains two errors in the handling of UUEncoded filenames that
+    may lead to execution of arbitrary code or programs.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2004-08-15</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>60205</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">5.09</unaffected>
+      <vulnerable range="le">5.08</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    acroread is Adobe's Acrobat PDF reader for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    acroread contains two errors in the handling of UUEncoded filenames.
+    First, it fails to check the length of a filename before copying it
+    into a fixed size buffer and, secondly, it fails to check for the
+    backtick shell metacharacter in the filename before executing a command
+    with a shell.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a PDF with a specially crafted filename, an
+    attacker could execute arbitrary code or programs with the permissions
+    of the user running acroread.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of acroread.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All acroread users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-text/acroread-5.09"
+    # emerge "&gt;=app-text/acroread-5.09"</code>
+  </resolution>
+  <references>
+    <uri link="http://idefense.com/application/poi/display?id=124&amp;type=vulnerabilities">iDEFENSE Advisory 124</uri>
+    <uri link="http://idefense.com/application/poi/display?id=125&amp;type=vulnerabilities">iDEFENSE Advisory 125</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0630">CVE-2004-0630</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0631">CVE-2004-0631</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-14T07:56:36Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-15.xml b/metadata/glsa/glsa-200408-15.xml
new file mode 100644
index 000000000000..8fd38c398a74
--- /dev/null
+++ b/metadata/glsa/glsa-200408-15.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-15">
+  <title>Tomcat: Insecure installation</title>
+  <synopsis>
+    Improper file ownership may allow a member of the tomcat group to execute
+    scripts as root.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2004-08-15</announced>
+  <revised count="04">2006-05-22</revised>
+  <bug>59232</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge">5.0.27-r3</unaffected>
+      <unaffected range="rge">4.1.30-r4</unaffected>
+      <unaffected range="rge">3.3.2-r2</unaffected>
+      <vulnerable range="lt">5.0.27-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tomcat is the Apache Jakarta Project's official implementation of Java
+    Servlets and Java Server Pages.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init
+    scripts as tomcat:tomcat, but those scripts are executed with root
+    privileges when the system is started. This may allow a member of the
+    tomcat group to run arbitrary code with root privileges when the Tomcat
+    init scripts are run.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This could lead to a local privilege escalation or root compromise by
+    authenticated users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Users may change the ownership of /etc/init.d/tomcat* and
+    /etc/conf.d/tomcat* to be root:root:
+    </p>
+    <code>
+    # chown -R root:root /etc/init.d/tomcat*
+    # chown -R root:root /etc/conf.d/tomcat*</code>
+  </workaround>
+  <resolution>
+    <p>
+    All Tomcat users can upgrade to the latest stable version, or simply
+    apply the workaround:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv "&gt;=www-servers/tomcat-5.0.27-r3"
+    # emerge "&gt;=www-servers/tomcat-5.0.27-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1452">CVE-2004-1452</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-08T20:54:24Z">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-16.xml b/metadata/glsa/glsa-200408-16.xml
new file mode 100644
index 000000000000..1e99c098f5ad
--- /dev/null
+++ b/metadata/glsa/glsa-200408-16.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-16">
+  <title>glibc: Information leak with LD_DEBUG</title>
+  <synopsis>
+    glibc contains an information leak vulnerability allowing the debugging of
+    SUID binaries.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2004-08-16</announced>
+  <revised count="04">2006-05-28</revised>
+  <bug>59526</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="alpha arm hppa ia64 sparc s390">
+      <unaffected range="ge">2.3.2-r11</unaffected>
+      <vulnerable range="le">2.3.2-r10</vulnerable>
+    </package>
+    <package name="sys-libs/glibc" auto="yes" arch="x86 ppc">
+      <unaffected range="ge">2.3.3.20040420-r1</unaffected>
+      <vulnerable range="le">2.3.3.20040420</vulnerable>
+    </package>
+    <package name="sys-libs/glibc" auto="yes" arch="mips">
+      <unaffected range="ge">2.3.4.20040619-r1</unaffected>
+      <vulnerable range="le">2.3.3.20040420</vulnerable>
+    </package>
+    <package name="sys-libs/glibc" auto="yes" arch="amd64">
+      <unaffected range="ge">2.3.4.20040619-r1</unaffected>
+      <vulnerable range="le">2.3.4.20040619</vulnerable>
+    </package>
+    <package name="sys-libs/glibc" auto="yes" arch="ppc64">
+      <unaffected range="ge">2.3.4.20040808</unaffected>
+      <vulnerable range="le">2.3.4.20040605</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU C library defines various Unix-like "system calls" and other
+    basic facilities needed for a standard POSIX-like application to
+    operate.
+    </p>
+  </background>
+  <description>
+    <p>
+    Silvio Cesare discovered a potential information leak in glibc. It
+    allows LD_DEBUG on SUID binaries where it should not be allowed. This
+    has various security implications, which may be used to gain
+    confidentional information.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker can gain the list of symbols a SUID application uses and
+    their locations and can then use a trojaned library taking precendence
+    over those symbols to gain information or perform further exploitation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of glibc.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All glibc users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv your_version
+    # emerge your_version</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1453">CVE-2004-1453</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-05T17:16:41Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-17.xml b/metadata/glsa/glsa-200408-17.xml
new file mode 100644
index 000000000000..e7614c5faaa7
--- /dev/null
+++ b/metadata/glsa/glsa-200408-17.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-17">
+  <title>rsync: Potential information leakage</title>
+  <synopsis>
+    rsync fails to properly sanitize paths. This vulnerability could allow the
+    listing of arbitrary files and allow file overwriting outside module's path
+    on rsync server configurations that allow uploading.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2004-08-17</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>60309</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">2.6.0-r3</unaffected>
+      <vulnerable range="le">2.6.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rsync is a utility that provides fast incremental file transfers. It is
+    used to efficiently synchronize files between hosts and is used by
+    emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon,
+    which listens to connections from rsync clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    The paths sent by the rsync client are not checked thoroughly enough.
+    It does not affect the normal send/receive filenames that specify what
+    files should be transferred. It does affect certain option paths that
+    cause auxilliary files to be read or written.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    When rsyncd is used without chroot ("use chroot = false" in the
+    rsyncd.conf file), this vulnerability could allow the listing of
+    arbitrary files outside module's path and allow file overwriting
+    outside module's path on rsync server configurations that allows
+    uploading. Both possibilities are exposed only when chroot option is
+    disabled.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You should never set the rsync daemon to run with "use chroot = false".
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should update to the latest version of the rsync package.
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-misc/rsync-2.6.0-r3"
+    # emerge "&gt;=net-misc/rsync-2.6.0-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://samba.org/rsync/#security_aug04">rsync Advisory</uri>
+    <uri link="https://lists.samba.org/archive/rsync-announce/2004/000017.html">rsync 2.6.2 announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0792">CVE-2004-0792</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-14T19:22:18Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-18.xml b/metadata/glsa/glsa-200408-18.xml
new file mode 100644
index 000000000000..ae5ed1e8e145
--- /dev/null
+++ b/metadata/glsa/glsa-200408-18.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-18">
+  <title>xine-lib: VCD MRL buffer overflow</title>
+  <synopsis>
+    xine-lib contains an exploitable buffer overflow in the VCD handling code
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2004-08-17</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>59948</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1_rc5-r3</unaffected>
+      <vulnerable range="le">1_rc5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is a multimedia library which can be utilized to create
+    multimedia frontends.
+    </p>
+  </background>
+  <description>
+    <p>
+    xine-lib contains a bug where it is possible to overflow the vcd://
+    input source identifier management buffer through carefully crafted
+    playlists.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may construct a carefully-crafted playlist file which will
+    cause xine-lib to execute arbitrary code with the permissions of the
+    user. In order to conform with the generic naming standards of most
+    Unix-like systems, playlists can have extensions other than .asx (the
+    standard xine playlist format), and made to look like another file
+    (MP3, AVI, or MPEG for example). If an attacker crafts a playlist with
+    a valid header, they can insert a VCD playlist line that can cause a
+    buffer overflow and possible shellcode execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of xine-lib.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=media-libs/xine-lib-1_rc5-r3"
+    # emerge "&gt;=media-libs/xine-lib-1_rc5-r3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.open-security.org/advisories/6">Open Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1475">CVE-2004-1475</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-14T05:07:02Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-19.xml b/metadata/glsa/glsa-200408-19.xml
new file mode 100644
index 000000000000..268a9c4c9b14
--- /dev/null
+++ b/metadata/glsa/glsa-200408-19.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-19">
+  <title>courier-imap: Remote Format String Vulnerability</title>
+  <synopsis>
+    There is a format string vulnerability in non-standard configurations of
+    courier-imapd which may be exploited remotely. An attacker may be able to
+    execute arbitrary code as the user running courier-imapd (oftentimes root).
+  </synopsis>
+  <product type="ebuild">courier-imap</product>
+  <announced>2004-08-19</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>60865</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/courier-imap" auto="yes" arch="*">
+      <unaffected range="ge">3.0.5</unaffected>
+      <vulnerable range="le">3.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Courier-IMAP is an IMAP server which is part of the Courier mail
+    system. It provides access only to maildirs.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a format string vulnerability in the auth_debug() function
+    which can be exploited remotely, potentially leading to arbitrary code
+    execution as the user running the IMAP daemon (oftentimes root). A
+    remote attacker may send username or password information containing
+    printf() format tokens (such as "%s"), which will crash the server or
+    cause it to execute arbitrary code.
+    </p>
+    <p>
+    This vulnerability can only be exploited if DEBUG_LOGIN is set to
+    something other than 0 in the imapd config file.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    If DEBUG_LOGIN is enabled in the imapd configuration, a remote attacker
+    may execute arbitrary code as the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Set the DEBUG_LOGIN option in /etc/courier-imap/imapd to 0. (This is
+    the default value.)
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All courier-imap users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-mail/courier-imap-3.0.5"
+    # emerge "&gt;=net-mail/courier-imap-3.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=131&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0777">CVE-2004-0777</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-19T18:47:27Z">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-20.xml b/metadata/glsa/glsa-200408-20.xml
new file mode 100644
index 000000000000..eac89e7672bd
--- /dev/null
+++ b/metadata/glsa/glsa-200408-20.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-20">
+  <title>Qt: Image loader overflows</title>
+  <synopsis>
+    There are several bugs in Qt's image-handling code which could lead to
+    crashes or arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">Qt</product>
+  <announced>2004-08-22</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>60855</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/qt" auto="yes" arch="*">
+      <unaffected range="ge">3.3.3</unaffected>
+      <vulnerable range="le">3.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qt is a cross-platform GUI toolkit used by KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are several unspecified bugs in the QImage class which may cause
+    crashes or allow execution of arbitrary code as the user running the Qt
+    application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image
+    types.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may exploit these bugs by causing a user to open a
+    carefully-constructed image file in any one of these formats. This may
+    be accomplished through e-mail attachments (if the user uses KMail), or
+    by simply placing a malformed image on a website and then convicing the
+    user to load the site in a Qt-based browser (such as Konqueror).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Qt.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Qt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=x11-libs/qt-3.3.3"
+    # emerge "&gt;=x11-libs/qt-3.3.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:085">Mandrake Advisory</uri>
+    <uri link="http://www.trolltech.com/developer/changes/changes-3.3.3.html">Qt 3.3.3 ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0691">CVE-2004-0691</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0692">CVE-2004-0692</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0693">CVE-2004-0693</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-20T22:45:25Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-21T19:29:43Z">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-21.xml b/metadata/glsa/glsa-200408-21.xml
new file mode 100644
index 000000000000..bd3e443d0d52
--- /dev/null
+++ b/metadata/glsa/glsa-200408-21.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-21">
+  <title>Cacti: SQL injection vulnerability</title>
+  <synopsis>
+    With special configurations of Cacti it is possible to change passwords via
+    a SQL injection attack.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2004-08-23</announced>
+  <revised count="04">2006-05-22</revised>
+  <bug>60630</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">0.8.5a-r1</unaffected>
+      <vulnerable range="le">0.8.5a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cacti is a complete web-based front end to rrdtool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cacti is vulnerable to a SQL injection attack where an attacker may
+    inject SQL into the Username field.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could compromise the Cacti service and potentially execute
+    programs with the permissions of the user running Cacti. Only systems
+    with php_flag magic_quotes_gpc set to Off are vulnerable. By default,
+    Gentoo Linux installs PHP with this option set to On.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Cacti.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version of Cacti, as
+    follows:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-analyzer/cacti-0.8.5a-r1"
+    # emerge "&gt;=net-analyzer/cacti-0.8.5a-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0717.html">Full Disclosure Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1737">CVE-2004-1737</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-19T05:36:15Z">
+    dmargoli
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-19T08:02:41Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-22.xml b/metadata/glsa/glsa-200408-22.xml
new file mode 100644
index 000000000000..dd446b6cab2c
--- /dev/null
+++ b/metadata/glsa/glsa-200408-22.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-22">
+  <title>Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities</title>
+  <synopsis>
+    New releases of Mozilla, Epiphany, Galeon, Mozilla Thunderbird, and Mozilla
+    Firefox fix several vulnerabilities, including remote DoS and buffer
+    overflows.
+  </synopsis>
+  <product type="ebuild">www-client/mozilla, www-client/mozilla-firefox, mail-client/mozilla-thunderbird, www-client/galeon, www-client/epiphany</product>
+  <announced>2004-08-23</announced>
+  <revised count="06">2007-12-30</revised>
+  <bug>57380</bug>
+  <bug>59419</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2</unaffected>
+      <vulnerable range="lt">1.7.2</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3</unaffected>
+      <vulnerable range="lt">0.9.3</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">0.7.3</unaffected>
+      <vulnerable range="lt">0.7.3</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2</unaffected>
+      <vulnerable range="lt">1.7.2</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3</unaffected>
+      <vulnerable range="lt">0.9.3</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">0.7.3</unaffected>
+      <vulnerable range="lt">0.7.3</vulnerable>
+    </package>
+    <package name="www-client/epiphany" auto="yes" arch="*">
+      <unaffected range="ge">1.2.7-r1</unaffected>
+      <vulnerable range="lt">1.2.7-r1</vulnerable>
+    </package>
+    <package name="www-client/galeon" auto="yes" arch="*">
+      <unaffected range="ge">1.3.17</unaffected>
+      <vulnerable range="lt">1.3.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla is a popular web browser that includes a mail and newsreader.
+    Galeon and Epiphany are both web browsers that use gecko, the Mozilla
+    rendering engine. Mozilla Firefox is the next-generation browser from
+    the Mozilla project that incorporates advanced features that are yet to
+    be incorporated into Mozilla. Mozilla Thunderbird is the
+    next-generation mail client from the Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mozilla, Galeon, Epiphany, Mozilla Firefox and Mozilla Thunderbird
+    contain the following vulnerabilities:
+    </p>
+    <ul>
+    <li>All Mozilla tools use libpng for graphics. This library contains a
+    buffer overflow which may lead to arbitrary code execution.</li>
+    <li>If a user imports a forged Certificate Authority (CA) certificate,
+    it may overwrite and corrupt the valid CA already installed on the
+    machine.</li>
+    </ul>
+    <p>
+    Mozilla, Mozilla Firefox, and other gecko-based browsers also contain a
+    bug in their caching which may allow the SSL icon to remain visible,
+    even when the site in question is an insecure site.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Users of Mozilla, Mozilla Firefox, and other gecko-based browsers are
+    susceptible to SSL certificate spoofing, a Denial of Service against
+    legitimate SSL sites, crashes, and arbitrary code execution. Users of
+    Mozilla Thunderbird are susceptible to crashes and arbitrary code
+    execution via malicious e-mails.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround for most of these vulnerabilities. All
+    users are advised to upgrade to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv your-version
+    # emerge your-version</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763">CAN-2004-0763</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758">CAN-2004-0758</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597">CAN-2004-0597</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598">CAN-2004-0598</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599">CAN-2004-0599</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-05T18:21:36Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-05T19:57:21Z">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-23.xml b/metadata/glsa/glsa-200408-23.xml
new file mode 100644
index 000000000000..2b2e6db826e9
--- /dev/null
+++ b/metadata/glsa/glsa-200408-23.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-23">
+  <title>kdelibs: Cross-domain cookie injection vulnerability</title>
+  <synopsis>
+    The cookie manager component in kdelibs contains a vulnerability allowing
+    an attacker to potentially gain access to a user's session on a legitimate
+    web server.
+  </synopsis>
+  <product type="ebuild">kdelibs</product>
+  <announced>2004-08-24</announced>
+  <revised count="01">2004-08-24</revised>
+  <bug>61389</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.2.3-r2</unaffected>
+      <vulnerable range="le">3.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a widely-used desktop environment based on the Qt toolkit.
+    kcookiejar in kdelibs is responsible for storing and managing HTTP cookies.
+    Konqueror uses kcookiejar for storing and managing cookies.
+    </p>
+  </background>
+  <description>
+    <p>
+    kcookiejar contains a vulnerability which may allow a malicious website to
+    set cookies for other websites under the same second-level domain.
+    </p>
+    <p>
+    This vulnerability applies to country-specific secondary top level domains
+    that use more than 2 characters in the secondary part of the domain name,
+    and that use a secondary part other than com, net, mil, org, gov, edu or
+    int. However, certain popular domains, such as co.uk, are not affected.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Users visiting a malicious website using the Konqueror browser may have a
+    session cookie set for them by that site. Later, when the user visits
+    another website under the same domain, the attacker's session cookie will
+    be used instead of the cookie issued by the legitimate site. Depending on
+    the design of the legitimate site, this may allow an attacker to gain
+    access to the user's session. For further explanation on this type of
+    attack, see the paper titled "Session Fixation Vulnerability in
+    Web-based Applications" (reference 2).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of kdelibs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=kde-base/kdelibs-3.2.3-r2"
+    # emerge "&gt;=kde-base/kdelibs-3.2.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kde.org/info/security/advisory-20040823-1.txt">KDE Advisory</uri>
+    <uri link="http://www.acros.si/papers/session_fixation.pdf">Session Fixation Vulnerability in Web-based Applications</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-23T20:45:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-24T19:26:35Z">
+    condordes
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-24.xml b/metadata/glsa/glsa-200408-24.xml
new file mode 100644
index 000000000000..60cb3a7e3200
--- /dev/null
+++ b/metadata/glsa/glsa-200408-24.xml
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-24">
+  <title>Linux Kernel: Multiple information leaks</title>
+  <synopsis>
+    Multiple information leaks have been found in the Linux kernel, allowing an
+    attacker to obtain sensitive data which may be used for further
+    exploitation of the system.
+  </synopsis>
+  <product type="ebuild">Kernel</product>
+  <announced>2004-08-25</announced>
+  <revised count="03">2011-03-27</revised>
+  <bug>59378</bug>
+  <bug>59769</bug>
+  <bug>59905</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-kernel/aa-sources" auto="no" arch="*">
+      <unaffected range="rge">2.4.23-r2</unaffected>
+      <unaffected range="ge">2.6.5-r5</unaffected>
+      <vulnerable range="lt">2.6.5-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/alpha-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.21-r12</unaffected>
+      <vulnerable range="lt">2.4.21-r12</vulnerable>
+    </package>
+    <package name="sys-kernel/ck-sources" auto="no" arch="*">
+      <unaffected range="rge">2.4.26-r1</unaffected>
+      <unaffected range="ge">2.6.7-r5</unaffected>
+      <vulnerable range="lt">2.6.7-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/development-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.8</unaffected>
+      <vulnerable range="lt">2.6.8</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r12</unaffected>
+      <vulnerable range="lt">2.6.7-r12</vulnerable>
+    </package>
+    <package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.19-r22</unaffected>
+      <unaffected range="rge">2.4.20-r25</unaffected>
+      <unaffected range="rge">2.4.22-r16</unaffected>
+      <unaffected range="rge">2.4.25-r9</unaffected>
+      <unaffected range="ge">2.4.26-r9</unaffected>
+      <vulnerable range="lt">2.4.26-r9</vulnerable>
+    </package>
+    <package name="sys-kernel/grsec-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.27.2.0.1-r1</unaffected>
+      <vulnerable range="lt">2.4.27.2.0.1-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/gs-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25_pre7-r11</unaffected>
+      <vulnerable range="lt">2.4.25_pre7-r11</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r7</unaffected>
+      <vulnerable range="lt">2.6.7-r7</vulnerable>
+    </package>
+    <package name="sys-kernel/hardened-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.27-r1</unaffected>
+      <vulnerable range="lt">2.4.27-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7_p14-r1</unaffected>
+      <vulnerable range="lt">2.6.7_p14-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/hppa-sources" auto="no" arch="*">
+      <unaffected range="ge">2.4.26_p7-r1</unaffected>
+      <vulnerable range="lt">2.4.26_p7-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/ia64-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r10</unaffected>
+      <vulnerable range="lt">2.4.24-r10</vulnerable>
+    </package>
+    <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.25-r8</unaffected>
+      <unaffected range="rge">2.4.26-r8</unaffected>
+      <unaffected range="rge">2.6.4-r8</unaffected>
+      <unaffected range="rge">2.6.6-r8</unaffected>
+      <unaffected range="ge">2.6.7-r5</unaffected>
+      <vulnerable range="lt">2.6.6-r8</vulnerable>
+    </package>
+    <package name="sys-kernel/mm-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.8_rc4-r1</unaffected>
+      <vulnerable range="lt">2.6.8_rc4-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.24-r4</unaffected>
+      <vulnerable range="lt">2.4.24-r4</vulnerable>
+    </package>
+    <package name="sys-kernel/pac-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.23-r12</unaffected>
+      <vulnerable range="lt">2.4.23-r12</vulnerable>
+    </package>
+    <package name="sys-kernel/pegasos-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.8</unaffected>
+      <vulnerable range="lt">2.6.8</vulnerable>
+    </package>
+    <package name="sys-kernel/rsbac-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r5</unaffected>
+      <vulnerable range="lt">2.4.26-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/rsbac-dev-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r5</unaffected>
+      <vulnerable range="lt">2.6.7-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/selinux-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.26-r3</unaffected>
+      <vulnerable range="lt">2.4.26-r3</vulnerable>
+    </package>
+    <package name="sys-kernel/sparc-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.27-r1</unaffected>
+      <vulnerable range="lt">2.4.27-r1</vulnerable>
+    </package>
+    <package name="sys-kernel/uclinux-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.26_p0-r6</unaffected>
+      <unaffected range="ge">2.6.7_p0-r5</unaffected>
+      <vulnerable range="lt">2.6.7_p0-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.24-r9</unaffected>
+      <unaffected range="rge">2.4.26-r6</unaffected>
+      <unaffected range="ge">2.6.6-r6</unaffected>
+      <vulnerable range="lt">2.6.6-r6</vulnerable>
+    </package>
+    <package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.4.27</unaffected>
+      <vulnerable range="lt">2.4.27</vulnerable>
+    </package>
+    <package name="sys-kernel/vserver-sources" auto="yes" arch="*">
+      <unaffected range="ge">2.0</unaffected>
+      <vulnerable range="lt">2.4.26.1.28-r4</vulnerable>
+      <vulnerable range="lt">2.0</vulnerable>
+      <vulnerable range="ge">2.4</vulnerable>
+    </package>
+    <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.26-r6</unaffected>
+      <unaffected range="ge">2.6.7-r2</unaffected>
+      <vulnerable range="lt">2.6.7-r5</vulnerable>
+    </package>
+    <package name="sys-kernel/wolk-sources" auto="yes" arch="*">
+      <unaffected range="rge">4.9-r14</unaffected>
+      <unaffected range="rge">4.11-r10</unaffected>
+      <unaffected range="ge">4.14-r7</unaffected>
+      <vulnerable range="lt">4.14-r7</vulnerable>
+    </package>
+    <package name="sys-kernel/xbox-sources" auto="yes" arch="*">
+      <unaffected range="rge">2.4.27-r1</unaffected>
+      <unaffected range="ge">2.6.7-r5</unaffected>
+      <vulnerable range="lt">2.6.7-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux kernel is responsible for managing the core aspects of a
+    GNU/Linux system, providing an interface for core system applications
+    as well as providing the essential structure and capability to access
+    hardware that is needed for a running system.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Linux kernel allows a local attacker to obtain sensitive kernel
+    information by gaining access to kernel memory via several leaks in the
+    /proc interfaces. These vulnerabilities exist in various drivers which
+    make up a working Linux kernel, some of which are present across all
+    architectures and configurations.
+    </p>
+    <p>
+    CAN-2004-0415 deals with addressing invalid 32 to 64 bit conversions in
+    the kernel, as well as insecure direct access to file offset pointers
+    in kernel code which can be modified by the open(...), lseek(...) and
+    other core system I/O functions by an attacker.
+    </p>
+    <p>
+    CAN-2004-0685 deals with certain USB drivers using uninitialized
+    structures and then using the copy_to_user(...) kernel call to copy
+    these structures. This may leak uninitialized kernel memory, which can
+    contain sensitive information from user applications.
+    </p>
+    <p>
+    Finally, a race condition with the /proc/.../cmdline node was found,
+    allowing environment variables to be read while the process was still
+    spawning. If the race is won, environment variables of the process,
+    which might not be owned by the attacker, can be read.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities allow a local unprivileged attacker to access
+    segments of kernel memory or environment variables which may contain
+    sensitive information. Kernel memory may contain passwords, data
+    transferred between processes and any memory which applications did not
+    clear upon exiting as well as the kernel cache and kernel buffers.
+    </p>
+    <p>
+    This information may be used to read sensitive data, open other attack
+    vectors for further exploitation or cause a Denial of Service if the
+    attacker can gain superuser access via the leaked information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no temporary workaround for any of these information leaks
+    other than totally disabling /proc support - otherwise, a kernel
+    upgrade is required. A list of unaffected kernels is provided along
+    with this announcement.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users are encouraged to upgrade to the latest available sources for
+    their system:
+    </p>
+    <code>
+    # emerge sync
+    # emerge -pv your-favorite-sources
+    # emerge your-favorite-sources
+    
+    # # Follow usual procedure for compiling and installing a kernel.
+    # # If you use genkernel, run genkernel as you would normally.</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0415">CAN-2004-0415</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685">CAN-2004-0685</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1058">CVE-2004-1058</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-17T02:16:55Z">
+    plasmaroo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-25.xml b/metadata/glsa/glsa-200408-25.xml
new file mode 100644
index 000000000000..7d9f2cba967f
--- /dev/null
+++ b/metadata/glsa/glsa-200408-25.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-25">
+  <title>MoinMoin: Group ACL bypass</title>
+  <synopsis>
+    MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access
+    Control Lists) and carry out operations that should be limited to
+    authorized users.
+  </synopsis>
+  <product type="ebuild">MoinMoin</product>
+  <announced>2004-08-26</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>57913</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/moinmoin" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <vulnerable range="le">1.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MoinMoin is a Python clone of WikiWiki, based on PikiPiki.
+    </p>
+  </background>
+  <description>
+    <p>
+    MoinMoin contains two unspecified bugs, one allowing anonymous users
+    elevated access when not using ACLs, and the other in the ACL handling
+    in the PageEditor.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Restrictions on anonymous users were not properly enforced. This could
+    lead to unauthorized users gaining administrative access to functions
+    such as "revert" and "delete". Sites are vulnerable whether or not they
+    are using ACLs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version of MoinMoin,
+    as follows:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/moinmoin-1.2.3"
+    # emerge "&gt;=www-apps/moinmoin-1.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/project/shownotes.php?group_id=8482&amp;release_id=254801">MoinMoin Announcement</uri>
+    <uri link="http://www.osvdb.org/displayvuln.php?osvdb_id=8194">OSVDB Advisory 8194</uri>
+    <uri link="http://www.osvdb.org/displayvuln.php?osvdb_id=8195">OSVDB Advisory 8195</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1462">CVE-2004-1462</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1463">CVE-2004-1463</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-19T05:10:31Z">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-26.xml b/metadata/glsa/glsa-200408-26.xml
new file mode 100644
index 000000000000..aebe24910d39
--- /dev/null
+++ b/metadata/glsa/glsa-200408-26.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-26">
+  <title>zlib: Denial of service vulnerability</title>
+  <synopsis>
+    The zlib library contains a Denial of Service vulnerability.
+  </synopsis>
+  <product type="ebuild">zlib</product>
+  <announced>2004-08-27</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>61749</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/zlib" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1-r3</unaffected>
+      <vulnerable range="le">1.2.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    zlib is a general-purpose data-compression library.
+    </p>
+  </background>
+  <description>
+    <p>
+    zlib contains a bug in the handling of errors in the "inflate()" and
+    "inflateBack()" functions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability to launch a Denial of
+    Service attack on any application using the zlib library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of zlib.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All zlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=sys-libs/zlib-1.2.1-r3"
+    # emerge "&gt;=sys-libs/zlib-1.2.1-r3"</code>
+    <p>
+    You should also run revdep-rebuild to rebuild any packages that depend
+    on older versions of zlib :
+    </p>
+    <code>
+    # revdep-rebuild</code>
+  </resolution>
+  <references>
+    <uri link="http://www.openpkg.org/security/OpenPKG-SA-2004.038-zlib.html">OpenPKG-SA-2004.038-zlib</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0797">CVE-2004-0797</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-26T19:08:52Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-27T05:21:24Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200408-27.xml b/metadata/glsa/glsa-200408-27.xml
new file mode 100644
index 000000000000..a4bd5cad3c6c
--- /dev/null
+++ b/metadata/glsa/glsa-200408-27.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200408-27">
+  <title>Gaim: New vulnerabilities</title>
+  <synopsis>
+    Gaim contains several security issues that might allow an attacker to
+    execute arbitrary code or commands.
+  </synopsis>
+  <product type="ebuild">Gaim</product>
+  <announced>2004-08-27</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>61457</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">0.81-r5</unaffected>
+      <vulnerable range="lt">0.81-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a multi-protocol instant messaging client for Linux which
+    supports many instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gaim fails to do proper bounds checking when:
+    </p>
+    <ul>
+    <li>Handling MSN messages (partially fixed with GLSA 200408-12).</li>
+    <li>Handling rich text format messages.</li>
+    <li>Resolving local hostname.</li>
+    <li>Receiving long URLs.</li>
+    <li>Handling groupware messages.</li>
+    <li>Allocating memory for webpages with fake content-length
+    header.</li>
+    </ul>
+    <p>
+    Furthermore Gaim fails to escape filenames when using drag and drop
+    installation of smiley themes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities could allow an attacker to crash Gaim or execute
+    arbitrary code or commands with the permissions of the user running
+    Gaim.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Gaim.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gaim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-im/gaim-0.81-r5"
+    # emerge "&gt;=net-im/gaim-0.81-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://gaim.sourceforge.net/security/index.php">Gaim security issues</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0500">CVE-2004-0500</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0754">CVE-2004-0754</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0784">CVE-2004-0784</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0785">CVE-2004-0785</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-26T15:30:26Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-26T19:01:27Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-01.xml b/metadata/glsa/glsa-200409-01.xml
new file mode 100644
index 000000000000..f41f3ead985e
--- /dev/null
+++ b/metadata/glsa/glsa-200409-01.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-01">
+  <title>vpopmail: Multiple vulnerabilities</title>
+  <synopsis>
+    vpopmail contains several bugs making it vulnerable to several SQL
+    injection exploits as well as one buffer overflow and one format string
+    exploit when using Sybase. This could lead to the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">vpopmail</product>
+  <announced>2004-09-01</announced>
+  <revised count="01">2004-09-01</revised>
+  <bug>60844</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/vpopmail" auto="yes" arch="*">
+      <unaffected range="ge">5.4.6</unaffected>
+      <vulnerable range="lt">5.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    vpopmail handles virtual mail domains for qmail and Postfix.
+    </p>
+  </background>
+  <description>
+    <p>
+    vpopmail is vulnerable to several unspecified SQL injection exploits.
+    Furthermore when using Sybase as the backend database vpopmail is
+    vulnerable to a buffer overflow and format string exploit.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    These vulnerabilities could allow an attacker to execute code with the
+    permissions of the user running vpopmail.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of vpopmail.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All vpopmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-mail/vpopmail-5.4.6"
+    # emerge "&gt;=net-mail/vpopmail-5.4.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/forum/forum.php?forum_id=400873">vpopmail Announcement</uri>
+    <uri link="http://www.securityfocus.com/archive/1/371913/2004-08-15/2004-08-21/0">Bugtraq Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-26T17:42:34Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-02.xml b/metadata/glsa/glsa-200409-02.xml
new file mode 100644
index 000000000000..7eec2681ea8e
--- /dev/null
+++ b/metadata/glsa/glsa-200409-02.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-02">
+  <title>MySQL: Insecure temporary file creation in mysqlhotcopy</title>
+  <synopsis>
+    The mysqlhotcopy utility can create temporary files with predictable paths,
+    allowing an attacker to use a symlink to trick MySQL into overwriting
+    important data.
+  </synopsis>
+  <product type="ebuild">MySQL</product>
+  <announced>2004-09-01</announced>
+  <revised count="01">2004-09-01</revised>
+  <bug>60744</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">4.0.20-r1</unaffected>
+      <vulnerable range="le">4.0.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular open-source multi-threaded, multi-user SQL database
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jeroen van Wolffelaar discovered that the MySQL database hot copy utility
+    (mysqlhotcopy.sh), when using the scp method, uses temporary files with
+    predictable names. A malicious local user with write access to the /tmp
+    directory could create a symbolic link pointing to a file, which may then
+    be overwritten. In cases where mysqlhotcopy is run as root, a malicious
+    user could create a symlink to a critical file such as /etc/passwd and
+    cause it to be overwritten.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could use this vulnerability to destroy other users' data
+    or corrupt and destroy system files, possibly leading to a denial of
+    service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-db/mysql-4.0.20-r1"
+    # emerge "&gt;=dev-db/mysql-4.0.20-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457">CAN-2004-0457</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-31T08:03:33Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-31T15:42:33Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-03.xml b/metadata/glsa/glsa-200409-03.xml
new file mode 100644
index 000000000000..0480e52e4fc0
--- /dev/null
+++ b/metadata/glsa/glsa-200409-03.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-03">
+  <title>Python 2.2: Buffer overflow in getaddrinfo()</title>
+  <synopsis>
+    Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a
+    malformed IPV6 address is encountered by getaddrinfo().
+  </synopsis>
+  <product type="ebuild">Python</product>
+  <announced>2004-09-02</announced>
+  <revised count="01">2004-09-02</revised>
+  <bug>62440</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">2.2.2</unaffected>
+      <unaffected range="lt">2.2</unaffected>
+      <vulnerable range="lt">2.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented, cross-platform
+    programming language.
+    </p>
+  </background>
+  <description>
+    <p>
+    If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6
+    DNS requests properly and a buffer overflow occurs.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker can execute arbitrary code as the user running python.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Users with IPV6 enabled are not affected by this vulnerability.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Python 2.2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-lang/python-2.2.2"
+    # emerge "&gt;=dev-lang/python-2.2.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0150">CVE-2004-0150</uri>
+    <uri link="http://www.osvdb.org/4172">OSVDB:4172</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-08-31T22:51:44Z">
+    chriswhite
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-04.xml b/metadata/glsa/glsa-200409-04.xml
new file mode 100644
index 000000000000..178c58c27db7
--- /dev/null
+++ b/metadata/glsa/glsa-200409-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-04">
+  <title>Squid: Denial of service when using NTLM authentication</title>
+  <synopsis>
+    Squid is vulnerable to a denial of service attack which could crash its
+    NTLM helpers.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2004-09-02</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>61280</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.5.6-r2</unaffected>
+      <unaffected range="lt">2.5</unaffected>
+      <vulnerable range="le">2.5.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a full-featured Web Proxy Cache designed to run on Unix
+    systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+    as well as SSL support, cache hierarchies, transparent caching, access
+    control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>
+    Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string()
+    and ntlm_get_string() which lack checking the int32_t offset "o" for
+    negative values.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause a denial of service situation by sending
+    certain malformed NTLMSSP packets if NTLM authentication is enabled.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable NTLM authentication by removing any "auth_param ntlm program
+    ..." directives from squid.conf or use ntlm_auth from Samba-3.x.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-www/squid-2.5.6-r2"
+    # emerge "&gt;=net-www/squid-2.5.6-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string">Squid-2.5 Patches</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832">CVE-2004-0832</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-02T10:25:32Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-05.xml b/metadata/glsa/glsa-200409-05.xml
new file mode 100644
index 000000000000..25991ca02873
--- /dev/null
+++ b/metadata/glsa/glsa-200409-05.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-05">
+  <title>Gallery: Arbitrary command execution</title>
+  <synopsis>
+    The Gallery image upload code contains a temporary file handling
+    vulnerability which could lead to execution of arbitrary commands.
+  </synopsis>
+  <product type="ebuild">Gallery</product>
+  <announced>2004-09-02</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>60742</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4_p2</unaffected>
+      <vulnerable range="lt">1.4.4_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is a PHP script for maintaining online photo albums.
+    </p>
+  </background>
+  <description>
+    <p>
+    The upload handling code in Gallery places uploaded files in a
+    temporary directory. After 30 seconds, these files are deleted if they
+    are not valid images. However, since the file exists for 30 seconds, a
+    carefully crafted script could be initiated by the remote attacker
+    during this 30 second timeout. Note that the temporary directory has to
+    be located inside the webroot and an attacker needs to have upload
+    rights either as an authenticated user or via "EVERYBODY".
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could run arbitrary code as the user running PHP.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are several workarounds to this vulnerability:
+    </p>
+    <ul>
+    <li>Make sure that your temporary directory is not contained in the
+    webroot; by default it is located outside the webroot.</li>
+    <li>Disable upload rights to all albums for "EVERYBODY"; upload is
+    disabled by default.</li>
+    <li>Disable debug and dev mode; these settings are disabled by
+    default.</li>
+    <li>Disable allow_url_fopen in php.ini.</li>
+    </ul>
+  </workaround>
+  <resolution>
+    <p>
+    All Gallery users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/gallery-1.4.4_p2"
+    # emerge "&gt;=www-apps/gallery-1.4.4_p2"</code>
+  </resolution>
+  <references>
+    <uri link="http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html">Full Disclosure Announcement</uri>
+    <uri link="http://gallery.menalto.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=134&amp;mode=thread&amp;order=0&amp;thold=0">Gallery Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1466">CVE-2004-1466</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-22T09:02:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-08-25T23:33:36Z">
+    chriswhite
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-06.xml b/metadata/glsa/glsa-200409-06.xml
new file mode 100644
index 000000000000..2443ded9ce96
--- /dev/null
+++ b/metadata/glsa/glsa-200409-06.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-06">
+  <title>eGroupWare: Multiple XSS vulnerabilities</title>
+  <synopsis>
+    The eGroupWare software contains multiple cross site scripting
+    vulnerabilities.
+  </synopsis>
+  <product type="ebuild">eGroupWare</product>
+  <announced>2004-09-02</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>61510</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/egroupware" auto="yes" arch="*">
+      <unaffected range="ge">1.0.00.004</unaffected>
+      <vulnerable range="le">1.0.00.003</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    eGroupWare is a suite of web-based group applications including
+    calendar, address book, messenger and email.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joxean Koret recently discovered multiple cross site scripting
+    vulnerabilities in various modules for the eGroupWare suite. This
+    includes the calendar, address book, messenger and ticket modules.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities give an attacker the ability to inject and
+    execute malicious script code, potentially compromising the victim's
+    browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of eGroupWare.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All eGroupWare users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/egroupware-1.0.00.004"
+    # emerge "&gt;=www-apps/egroupware-1.0.00.004"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/forum/forum.php?forum_id=401807">eGroupWare Announcement</uri>
+    <uri link="http://www.securityfocus.com/archive/1/372603/2004-08-21/2004-08-27/0">Bugtraq Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1467">CVE-2004-1467</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-01T13:44:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-01T19:01:03Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-07.xml b/metadata/glsa/glsa-200409-07.xml
new file mode 100644
index 000000000000..8e0ca9e0706d
--- /dev/null
+++ b/metadata/glsa/glsa-200409-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-07">
+  <title>xv: Buffer overflows in image handling</title>
+  <synopsis>
+    xv contains multiple exploitable buffer overflows in the image handling
+    code.
+  </synopsis>
+  <product type="ebuild">xv</product>
+  <announced>2004-09-03</announced>
+  <revised count="01">2004-09-03</revised>
+  <bug>61619</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xv" auto="yes" arch="*">
+      <unaffected range="ge">3.10a-r7</unaffected>
+      <vulnerable range="lt">3.10a-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xv is a multi-format image manipulation utility.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple buffer overflow and integer handling vulnerabilities have been
+    discovered in xv's image processing code. These vulnerabilities have been
+    found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker might be able to embed malicious code into an image, which
+    would lead to the execution of arbitrary code under the privileges of the
+    user viewing the image.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xv users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-gfx/xv-3.10a-r7"
+    # emerge "&gt;=media-gfx/xv-3.10a-r7"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/372345/2004-08-15/2004-08-21/0">BugTraq Advisory</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0802">CAN-2004-0802</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-02T20:38:02Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-02T23:57:51Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-08.xml b/metadata/glsa/glsa-200409-08.xml
new file mode 100644
index 000000000000..455efcd14b13
--- /dev/null
+++ b/metadata/glsa/glsa-200409-08.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-08">
+  <title>Ruby: CGI::Session creates files insecurely</title>
+  <synopsis>
+    When used for CGI scripting, Ruby creates session files in /tmp with the
+    permissions of the default umask. Depending on that umask, local users may
+    be able to read sensitive data stored in session files.
+  </synopsis>
+  <product type="ebuild">dev-lang/ruby</product>
+  <announced>2004-09-03</announced>
+  <revised count="01">2004-09-03</revised>
+  <bug>60525</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="rge">1.6.8-r11</unaffected>
+      <unaffected range="rge">1.8.0-r7</unaffected>
+      <unaffected range="ge">1.8.2_pre2</unaffected>
+      <vulnerable range="lt">1.8.2_pre2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is an Object Oriented, interpreted scripting language used for many
+    system scripting tasks. It can also be used for CGI web applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    The CGI::Session::FileStore implementation (and presumably
+    CGI::Session::PStore), which allow data associated with a particular
+    Session instance to be written to a file, writes to a file in /tmp with no
+    regard for secure permissions. As a result, the file is left with whatever
+    the default umask permissions are, which commonly would allow other local
+    users to read the data from that session file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Depending on the default umask, any data stored using these methods could
+    be read by other users on the system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    By changing the default umask on the system to not permit read access to
+    other users (e.g. 0700), one can prevent these files from being readable by
+    other users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-lang/ruby-your_version"
+    # emerge "&gt;=dev-lang/ruby-your_version"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755">CAN-2004-0755</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-08-28T23:01:05Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-01T04:27:07Z">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-09.xml b/metadata/glsa/glsa-200409-09.xml
new file mode 100644
index 000000000000..2b8fe41de343
--- /dev/null
+++ b/metadata/glsa/glsa-200409-09.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-09">
+  <title>MIT krb5: Multiple vulnerabilities</title>
+  <synopsis>
+    MIT krb5 contains several double-free vulnerabilities, potentially allowing
+    the execution of arbitrary code, as well as a denial of service
+    vulnerability.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2004-09-06</announced>
+  <revised count="01">2004-09-06</revised>
+  <bug>62417</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.3.4</unaffected>
+      <vulnerable range="lt">1.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT krb5 is the free implementation of the Kerberos network authentication
+    protocol by the Massachusetts Institute of Technology.
+    </p>
+  </background>
+  <description>
+    <p>
+    The implementation of the Key Distribution Center (KDC) and the MIT krb5
+    library contain double-free vulnerabilities, making client programs as well
+    as application servers vulnerable.
+    </p>
+    <p>
+    The ASN.1 decoder library is vulnerable to a denial of service attack,
+    including the KDC.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The double-free vulnerabilities could allow an attacker to execute
+    arbitrary code on a KDC host and hosts running krb524d or vulnerable
+    services. In the case of a KDC host, this can lead to a compromise of the
+    entire Kerberos realm. Furthermore, an attacker impersonating a legitimate
+    KDC or application server can potentially execute arbitrary code on
+    authenticating clients.
+    </p>
+    <p>
+    An attacker can cause a denial of service for a KDC or application server
+    and clients, the latter if impersonating a legitimate KDC or application
+    server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mit-krb5 users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-crypt/mit-krb5-1.3.4"
+    # emerge "&gt;=app-crypt/mit-krb5-1.3.4"</code>
+  </resolution>
+  <references>
+    <uri link="http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt">MIT krb5 Security Advisory 2004-002</uri>
+    <uri link="http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-003-asn1.txt">MIT krb5 Security Advisory 2004-003</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642">CAN-2004-0642</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643">CAN-2004-0643</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644">CAN-2004-0644</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772">CAN-2004-0772</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-03T20:07:22Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-04T16:18:26Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-10.xml b/metadata/glsa/glsa-200409-10.xml
new file mode 100644
index 000000000000..32ff648884f3
--- /dev/null
+++ b/metadata/glsa/glsa-200409-10.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-10">
+  <title>multi-gnome-terminal: Information leak</title>
+  <synopsis>
+    Active keystroke logging in multi-gnome-terminal has been discovered in
+    potentially world-readable files. This could allow any authorized user on
+    the system to read sensitive data, including passwords.
+  </synopsis>
+  <product type="ebuild">multi-gnome-terminal</product>
+  <announced>2004-09-06</announced>
+  <revised count="01">2004-09-06</revised>
+  <bug>62322</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-terms/multi-gnome-terminal" auto="yes" arch="*">
+      <unaffected range="ge">1.6.2-r1</unaffected>
+      <vulnerable range="lt">1.6.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    multi-gnome-terminal is an enhanced terminal emulator that is derived from
+    gnome-terminal.
+    </p>
+  </background>
+  <description>
+    <p>
+    multi-gnome-terminal contains debugging code that has been known to output
+    active keystrokes to a potentially unsafe location. Output has been seen to
+    show up in the '.xsession-errors' file in the users home directory. Since
+    this file is world-readable on many machines, this bug has the potential to
+    leak sensitive information to anyone using the system.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Any authorized user on the local machine has the ability to read any
+    critical data that has been entered into the terminal, including passwords.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All multi-gnome-terminal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=x11-terms/multi-gnome-terminal-1.6.2-r1"
+    # emerge "&gt;=x11-terms/multi-gnome-terminal-1.6.2-r1"</code>
+  </resolution>
+  <references/>
+  <metadata tag="requester" timestamp="2004-09-05T20:51:40Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-06T00:32:18Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-06T17:31:16Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-11.xml b/metadata/glsa/glsa-200409-11.xml
new file mode 100644
index 000000000000..6cfee5e192e2
--- /dev/null
+++ b/metadata/glsa/glsa-200409-11.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-11">
+  <title>star: Suid root vulnerability</title>
+  <synopsis>
+    star contains a suid root vulnerability which could potentially grant
+    unauthorized root access to an attacker.
+  </synopsis>
+  <product type="ebuild">star</product>
+  <announced>2004-09-07</announced>
+  <revised count="03">2006-05-30</revised>
+  <bug>61797</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-arch/star" auto="yes" arch="*">
+      <unaffected range="ge">1.5_alpha46</unaffected>
+      <vulnerable range="lt">1.5_alpha46</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    star is an enhanced tape archiver, much like tar, that is recognized
+    for it's speed as well as it's enhanced mt/rmt support.
+    </p>
+  </background>
+  <description>
+    <p>
+    A suid root vulnerability exists in versions of star that are
+    configured to use ssh for remote tape access.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Attackers with local user level access could potentially gain root
+    level access.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All star users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-arch/star-1.5_alpha46"
+    # emerge "&gt;=app-arch/star-1.5_alpha46"</code>
+  </resolution>
+  <references>
+    <uri link="https://lists.berlios.de/pipermail/star-users/2004-August/000239.html">Star Mailing List Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0850">CVE-2004-0850</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-03T20:05:50Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-04T19:37:00Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-07T20:59:47Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-12.xml b/metadata/glsa/glsa-200409-12.xml
new file mode 100644
index 000000000000..327f6ceddc03
--- /dev/null
+++ b/metadata/glsa/glsa-200409-12.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-12">
+  <title>ImageMagick, imlib, imlib2: BMP decoding buffer overflows</title>
+  <synopsis>
+    ImageMagick, imlib and imlib2 contain exploitable buffer overflow
+    vulnerabilities in the BMP image processing code.
+  </synopsis>
+  <product type="ebuild">imagemagick imlib</product>
+  <announced>2004-09-08</announced>
+  <revised count="01">2004-09-08</revised>
+  <bug>62309</bug>
+  <bug>62487</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.0.7.1</unaffected>
+      <vulnerable range="lt">6.0.7.1</vulnerable>
+    </package>
+    <package name="media-libs/imlib" auto="yes" arch="*">
+      <unaffected range="ge">1.9.14-r2</unaffected>
+      <vulnerable range="lt">1.9.14-r2</vulnerable>
+    </package>
+    <package name="media-libs/imlib2" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2</unaffected>
+      <vulnerable range="lt">1.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a suite of image manipulation utilities and libraries used
+    for a wide variety of image formats. imlib is a general image loading and
+    rendering library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to improper bounds checking, ImageMagick and imlib are vulnerable to a
+    buffer overflow when decoding runlength-encoded bitmaps. This bug can be
+    exploited using a specially-crafted BMP image and could potentially allow
+    remote code execution when this image is decoded by the user.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A specially-crafted runlength-encoded BMP could lead ImageMagick and imlib
+    to crash or potentially execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-gfx/imagemagick-6.0.7.1"
+    # emerge "&gt;=media-gfx/imagemagick-6.0.7.1"</code>
+    <p>
+    All imlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-libs/imlib-1.9.14-r2"
+    # emerge "&gt;=media-libs/imlib-1.9.14-r2"</code>
+    <p>
+    All imlib2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-libs/imlib2-1.1.2"
+    # emerge "&gt;=media-libs/imlib2-1.1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0817">CAN-2004-0817</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0802">CAN-2004-0802</uri>
+    <uri link="https://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html">ImageMagick Mailing List</uri>
+    <uri link="http://securitytracker.com/alerts/2004/Aug/1011104.html">SecurityTracker #1011104</uri>
+    <uri link="http://securitytracker.com/alerts/2004/Aug/1011105.html">SecurityTracker #1011105</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-06T16:14:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-06T23:42:01Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-08T07:22:02Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-13.xml b/metadata/glsa/glsa-200409-13.xml
new file mode 100644
index 000000000000..c37af5d57c51
--- /dev/null
+++ b/metadata/glsa/glsa-200409-13.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-13">
+  <title>LHa: Multiple vulnerabilities</title>
+  <synopsis>
+    Several buffer overflows and a shell metacharacter command execution
+    vulnerability have been found in LHa. These vulnerabilities can be used to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">lha</product>
+  <announced>2004-09-08</announced>
+  <revised count="02">2006-10-20</revised>
+  <bug>62618</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/lha" auto="yes" arch="*">
+      <unaffected range="rge">114i-r4</unaffected>
+      <vulnerable range="rle">114i-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LHa is a console-based program for packing and unpacking LHarc archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    The command line argument as well as the archive parsing code of LHa lack
+    sufficient bounds checking. Furthermore, a shell meta character command
+    execution vulnerability exists in LHa, since it does no proper filtering on
+    directory names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Using a specially crafted command line argument or archive, an attacker can
+    cause a buffer overflow and could possibly run arbitrary code. The shell
+    meta character command execution could lead to the execution of arbitrary
+    commands by an attacker using directories containing shell meta characters
+    in their names.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LHa users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-arch/lha-114i-r4"
+    # emerge "&gt;=app-arch/lha-114i-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0694">CAN-2004-0694</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0745">CAN-2004-0745</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0769">CAN-2004-0769</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0771">CAN-2004-0771</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-08T13:12:24Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-08T19:32:24Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-14.xml b/metadata/glsa/glsa-200409-14.xml
new file mode 100644
index 000000000000..22fa006b226f
--- /dev/null
+++ b/metadata/glsa/glsa-200409-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-14">
+  <title>Samba: Remote printing non-vulnerability</title>
+  <synopsis>
+    Samba has a bug with out of sequence print change notification requests,
+    but it cannot be used to perform a remote denial of service attack.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2004-09-09</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>62476</bug>
+  <access>remote</access>
+  <affected>
+  </affected>
+  <background>
+    <p>
+    Samba is a freely available SMB/CIFS implementation which allows
+    seamless interoperability of file and print services to other SMB/CIFS
+    clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to a bug in the printer_notify_info() function, authorized users
+    could potentially crash their smbd process by sending improperly
+    handled print change notification requests in an invalid order. Windows
+    XP SP2 clients can trigger this behavior by sending a
+    FindNextPrintChangeNotify() request before previously sending a
+    FindFirstPrintChangeNotify() request.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    We incorrectly thought that this bug could be exploited to deny service
+    to all Samba users. It is not the case, this bug has no security impact
+    whatsoever. Many thanks to Jerry Carter from the Samba team for
+    correcting our mistake.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no need for a workaround.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Samba users can keep their current versions.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://samba.org/samba/history/samba-3.0.6.html">Samba Release Notes</uri>
+    <uri link="https://bugzilla.samba.org/show_bug.cgi?id=1520">Samba Bug #1520</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0829">CVE-2004-0829</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-03T20:09:15Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-04T18:44:38Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-09T04:56:22Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-15.xml b/metadata/glsa/glsa-200409-15.xml
new file mode 100644
index 000000000000..c1f1ed6418e1
--- /dev/null
+++ b/metadata/glsa/glsa-200409-15.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-15">
+  <title>Webmin, Usermin: Multiple vulnerabilities in Usermin</title>
+  <synopsis>
+    A vulnerability in the webmail function of Usermin could be used by an
+    attacker to execute shell code via a specially-crafted e-mail. A bug in the
+    installation script of Webmin and Usermin also allows a local user to
+    execute a symlink attack at installation time.
+  </synopsis>
+  <product type="ebuild">Usermin</product>
+  <announced>2004-09-12</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>63167</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/usermin" auto="yes" arch="*">
+      <unaffected range="ge">1.090</unaffected>
+      <vulnerable range="lt">1.090</vulnerable>
+    </package>
+    <package name="app-admin/webmin" auto="yes" arch="*">
+      <unaffected range="ge">1.160</unaffected>
+      <vulnerable range="lt">1.160</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Webmin and Usermin are web-based system administration consoles. Webmin
+    allows an administrator to easily configure servers and other features.
+    Usermin allows users to configure their own accounts, execute commands,
+    and read e-mail. The Usermin functionality, including webmail, is also
+    included in Webmin.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is an input validation bug in the webmail feature of Usermin.
+    </p>
+    <p>
+    Additionally, the Webmin and Usermin installation scripts write to
+    /tmp/.webmin without properly checking if it exists first.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The first vulnerability allows a remote attacker to inject arbitrary
+    shell code in a specially-crafted e-mail. This could lead to remote
+    code execution with the privileges of the user running Webmin or
+    Usermin.
+    </p>
+    <p>
+    The second could allow local users who know Webmin or Usermin is going
+    to be installed to have arbitrary files be overwritten by creating a
+    symlink by the name /tmp/.webmin that points to some target file, e.g.
+    /etc/passwd.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Usermin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-admin/usermin-1.090"
+    # emerge "&gt;=app-admin/usermin-1.090"</code>
+    <p>
+    All Webmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-admin/webmin-1.160"
+    # emerge "&gt;=app-admin/webmin-1.160"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/12488/">Secunia Advisory SA12488</uri>
+    <uri link="http://www.webmin.com/uchanges.html">Usermin Changelog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0559">CVE-2004-0559</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1468">CVE-2004-1468</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-10T12:32:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-11T10:07:56Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-11T16:34:02Z">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-16.xml b/metadata/glsa/glsa-200409-16.xml
new file mode 100644
index 000000000000..6bb849a868df
--- /dev/null
+++ b/metadata/glsa/glsa-200409-16.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-16">
+  <title>Samba: Denial of Service vulnerabilities</title>
+  <synopsis>
+    Two Denial of Service vulnerabilities have been found and fixed in Samba.
+  </synopsis>
+  <product type="ebuild">Samba</product>
+  <announced>2004-09-13</announced>
+  <revised count="01">2004-09-13</revised>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.7</unaffected>
+      <unaffected range="lt">3.0</unaffected>
+      <vulnerable range="lt">3.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a freely available SMB/CIFS implementation which allows seamless
+    interoperability of file and print services to other SMB/CIFS clients. smbd
+    and nmbd are two daemons used by the Samba server.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a defect in smbd's ASN.1 parsing. A bad packet received during the
+    authentication request could throw newly-spawned smbd processes into an
+    infinite loop (CAN-2004-0807). Another defect was found in nmbd's
+    processing of mailslot packets, where a bad NetBIOS request could crash the
+    nmbd process (CAN-2004-0808).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted packets to trigger both
+    defects. The ASN.1 parsing issue can be exploited to exhaust all available
+    memory on the Samba host, potentially denying all service to that server.
+    The nmbd issue can be exploited to crash the nmbd process, resulting in a
+    Denial of Service condition on the Samba server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba 3.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-fs/samba-3.0.7"
+    # emerge "&gt;=net-fs/samba-3.0.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807">CAN-2004-0807</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808">CAN-2004-0808</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-11T15:16:21Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-13T12:15:40Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-17.xml b/metadata/glsa/glsa-200409-17.xml
new file mode 100644
index 000000000000..4daaa7c6ae16
--- /dev/null
+++ b/metadata/glsa/glsa-200409-17.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-17">
+  <title>SUS: Local root vulnerability</title>
+  <synopsis>
+    SUS contains a string format bug that could lead to local privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">SUS</product>
+  <announced>2004-09-14</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>63927</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sus" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r1</unaffected>
+      <vulnerable range="lt">2.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SUS is a utility that allows regular users to be able to execute
+    certain commands as root.
+    </p>
+  </background>
+  <description>
+    <p>
+    Leon Juranic found a bug in the logging functionality of SUS that can
+    lead to local privilege escalation. A format string vulnerability
+    exists in the log() function due to an incorrect call to the syslog()
+    function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker with local user privileges can potentially exploit this
+    vulnerability to gain root access.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SUS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-admin/sus-2.0.2-r1"
+    # emerge "&gt;=app-admin/sus-2.0.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://pdg.uow.edu.au/sus/CHANGES">SUS ChangeLog</uri>
+    <uri link="http://www.securityfocus.com/archive/1/375109/2004-09-11/2004-09-17/0">BugTraq Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1469">CVE-2004-1469</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-13T21:20:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-14T00:10:33Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-14T10:08:46Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-18.xml b/metadata/glsa/glsa-200409-18.xml
new file mode 100644
index 000000000000..82e3be9e856e
--- /dev/null
+++ b/metadata/glsa/glsa-200409-18.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-18">
+  <title>cdrtools: Local root vulnerability in cdrecord if set SUID root</title>
+  <synopsis>
+    cdrecord, if manually set SUID root, is vulnerable to a local root exploit
+    allowing users to escalate privileges.
+  </synopsis>
+  <product type="ebuild">cdrtools</product>
+  <announced>2004-09-14</announced>
+  <revised count="01">2004-09-14</revised>
+  <bug>63187</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-cdr/cdrtools" auto="yes" arch="*">
+      <unaffected range="ge">2.01_alpha37-r1</unaffected>
+      <unaffected range="rge">2.01_alpha28-r2</unaffected>
+      <vulnerable range="le">2.01_alpha37</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The cdrtools package is a set of tools for CD recording, including the
+    popular cdrecord command-line utility.
+    </p>
+  </background>
+  <description>
+    <p>
+    Max Vozeler discovered that the cdrecord utility, when set to SUID root,
+    fails to drop root privileges before executing a user-supplied RSH program.
+    By default, Gentoo does not ship the cdrecord utility as SUID root and
+    therefore is not vulnerable. However, many users (and CD-burning
+    front-ends) set this manually after installation.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could specify a malicious program using the $RSH
+    environment variable and have it executed by the SUID cdrecord, resulting
+    in root privileges escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    As a workaround, you could remove the SUID rights from your cdrecord
+    utility :
+    </p>
+    <code>
+    # chmod a-s /usr/bin/cdrecord</code>
+  </workaround>
+  <resolution>
+    <p>
+    All cdrtools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-cdr/cdrtools-2.01_alpha37-r1"
+    # emerge "&gt;=app-cdr/cdrtools-2.01_alpha37-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0806">CAN-2004-0806</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-14T07:01:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-14T15:13:17Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-14T20:25:30Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-19.xml b/metadata/glsa/glsa-200409-19.xml
new file mode 100644
index 000000000000..4838df07b581
--- /dev/null
+++ b/metadata/glsa/glsa-200409-19.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-19">
+  <title>Heimdal: ftpd root escalation</title>
+  <synopsis>
+    Several bugs exist in the Heimdal ftp daemon which could allow a remote
+    attacker to gain root privileges.
+  </synopsis>
+  <product type="ebuild">heimdal</product>
+  <announced>2004-09-16</announced>
+  <revised count="01">2004-09-16</revised>
+  <bug>61412</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/heimdal" auto="yes" arch="*">
+      <unaffected range="ge">0.6.3</unaffected>
+      <vulnerable range="lt">0.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heimdal is an implementation of Kerberos 5.
+    </p>
+  </background>
+  <description>
+    <p>
+    Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply
+    to Heimdal ftpd's out-of-band signal handling code.
+    </p>
+    <p>
+    Additionally, a potential vulnerability that could lead to Denial of
+    Service by the Key Distribution Center (KDC) has been fixed in this
+    version.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could be able to run arbitrary code with escalated
+    privileges, which can result in a total compromise of the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Heimdal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-crypt/heimdal-0.6.3"
+    # emerge "&gt;=app-crypt/heimdal-0.6.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.pdc.kth.se/heimdal/advisory/2004-09-13/">Heimdal advisory</uri>
+    <uri link="http://www.frasunek.com/lukemftpd.txt">Advisory by Przemyslaw Frasunek</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0794">CAN-2004-0794</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-13T14:06:46Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-16T04:33:06Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-20.xml b/metadata/glsa/glsa-200409-20.xml
new file mode 100644
index 000000000000..89fc3b3c08a9
--- /dev/null
+++ b/metadata/glsa/glsa-200409-20.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-20">
+  <title>mpg123: Buffer overflow vulnerability</title>
+  <synopsis>
+    mpg123 decoding routines contain a buffer overflow bug that might
+    lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">mpg123</product>
+  <announced>2004-09-16</announced>
+  <revised count="01">2004-09-16</revised>
+  <bug>63079</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mpg123" auto="yes" arch="*">
+      <unaffected range="ge">0.59s-r4</unaffected>
+      <vulnerable range="le">0.59s-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mpg123 is a MPEG Audio Player.
+    </p>
+  </background>
+  <description>
+    <p>
+    mpg123 contains a buffer overflow in the code that handles layer2
+    decoding of media files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can possibly exploit this bug with a specially-crafted mp3 or mp2 file
+    to execute arbitrary code with the permissions of the user running mpg123.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mpg123 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-sound/mpg123-0.59s-r4"
+    # emerge "&gt;=media-sound/mpg123-0.59s-r4"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/374433/2004-09-05/2004-09-11/0">BugTraq Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0805">CAN-2004-0805</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-14T21:37:49Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-15T15:59:24Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-15T18:43:15Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-21.xml b/metadata/glsa/glsa-200409-21.xml
new file mode 100644
index 000000000000..6345f083d8e9
--- /dev/null
+++ b/metadata/glsa/glsa-200409-21.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-21">
+  <title>Apache 2, mod_dav: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities have been found in Apache 2 and mod_dav for Apache
+    1.3 which could allow a remote attacker to cause a Denial of Service or a
+    local user to get escalated privileges.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2004-09-16</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>62626</bug>
+  <bug>63948</bug>
+  <bug>64145</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.51</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.0.51</vulnerable>
+    </package>
+    <package name="net-www/mod_dav" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3-r2</unaffected>
+      <vulnerable range="le">1.0.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of most popular web servers on the internet.
+    mod_ssl provides SSL v2/v3 and TLS v1 support for it and mod_dav is the
+    Apache module for Distributed Authoring and Versioning (DAV).
+    </p>
+  </background>
+  <description>
+    <p>
+    A potential infinite loop has been found in the input filter of mod_ssl
+    (CAN-2004-0748) as well as a possible segmentation fault in the
+    char_buffer_read function if reverse proxying to a SSL server is being used
+    (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or
+    mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can
+    be triggered remotely (CAN-2004-0809). The third issue is an input
+    validation error found in the IPv6 URI parsing routines within the apr-util
+    library (CAN-2004-0786). Additionally a possible buffer overflow has been
+    reported when expanding environment variables during the parsing of
+    configuration files (CAN-2004-0747).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause a Denial of Service either by aborting a SSL
+    connection in a special way, resulting in CPU consumption, by exploiting
+    the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker
+    could also crash a httpd child process by sending a specially crafted URI.
+    The last vulnerabilty could be used by a local user to gain the privileges
+    of a httpd child, if the server parses a carefully prepared .htaccess file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache 2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-servers/apache-2.0.51"
+    # emerge "&gt;=www-servers/apache-2.0.51"</code>
+    <p>
+    All mod_dav users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-www/mod_dav-1.0.3-r2"
+    # emerge "&gt;=net-www/mod_dav-1.0.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747">CAN-2004-0747</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748">CAN-2004-0748</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751">CAN-2004-0751</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786">CAN-2004-0786</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809">CAN-2004-0809</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-09T04:54:03Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-10T18:02:25Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-16T20:45:09Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-22.xml b/metadata/glsa/glsa-200409-22.xml
new file mode 100644
index 000000000000..f2e7831f0edb
--- /dev/null
+++ b/metadata/glsa/glsa-200409-22.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-22">
+  <title>phpGroupWare: XSS vulnerability in wiki module</title>
+  <synopsis>
+    The phpGroupWare software contains a cross site scripting vulnerability in
+    the wiki module.
+  </synopsis>
+  <product type="ebuild">phpGroupWare</product>
+  <announced>2004-09-16</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>63063</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpgroupware" auto="yes" arch="*">
+      <unaffected range="ge">0.9.16.003</unaffected>
+      <vulnerable range="lt">0.9.16.003</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpGroupWare is a web-based suite of group applications including
+    calendar, todo-list, addressbook, email, wiki, news headlines, and a
+    file manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to an input validation error, the wiki module in the phpGroupWare
+    suite is vulnerable to cross site scripting attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This vulnerability gives an attacker the ability to inject and execute
+    malicious script code, potentially compromising the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpGroupWare users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=www-apps/phpgroupware-0.9.16.003"
+    # emerge "&gt;=www-apps/phpgroupware-0.9.16.003"</code>
+  </resolution>
+  <references>
+    <uri link="http://downloads.phpgroupware.org/changelog">phpGroupWare ChangeLog</uri>
+    <uri link="https://secunia.com/advisories/12466/">Secunia Advisory SA12466</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0875">CVE-2004-0875</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-10T12:36:45Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-12T14:15:58Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-16T21:55:15Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-23.xml b/metadata/glsa/glsa-200409-23.xml
new file mode 100644
index 000000000000..06b92cfe9b53
--- /dev/null
+++ b/metadata/glsa/glsa-200409-23.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-23">
+  <title>SnipSnap: HTTP response splitting</title>
+  <synopsis>
+    SnipSnap is vulnerable to HTTP response splitting attacks such as web cache
+    poisoning, cross-user defacement, and cross-site scripting.
+  </synopsis>
+  <product type="ebuild">snipsnap</product>
+  <announced>2004-09-17</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>64154</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/snipsnap-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0_beta1</unaffected>
+      <vulnerable range="lt">1.0_beta1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SnipSnap is a user friendly content management system with features
+    such as wiki and weblog.
+    </p>
+  </background>
+  <description>
+    <p>
+    SnipSnap contains various HTTP response splitting vulnerabilities that
+    could potentially compromise the sites data. Some of these attacks
+    include web cache poisoning, cross-user defacement, hijacking pages
+    with sensitive user information, and cross-site scripting. This
+    vulnerability is due to the lack of illegal input checking in the
+    software.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A malicious user could inject and execute arbitrary script code,
+    potentially compromising the victim's data or browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SnipSnap users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-java/snipsnap-bin-1.0_beta1"
+    # emerge "&gt;=dev-java/snipsnap-bin-1.0beta1"</code>
+  </resolution>
+  <references>
+    <uri link="http://snipsnap.org/space/start/2004-09-14/1#SnipSnap_1.0b1_(uttoxeter)_released">SnipSnap Release Notes</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1470">CVE-2004-1470</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-16T20:00:37Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-16T20:40:46Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-24.xml b/metadata/glsa/glsa-200409-24.xml
new file mode 100644
index 000000000000..a9938e0e082a
--- /dev/null
+++ b/metadata/glsa/glsa-200409-24.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-24">
+  <title>Foomatic: Arbitrary command execution in foomatic-rip filter</title>
+  <synopsis>
+    The foomatic-rip filter in foomatic-filters contains a vulnerability which
+    may allow arbitrary command execution on the print server.
+  </synopsis>
+  <product type="ebuild">foomatic</product>
+  <announced>2004-09-20</announced>
+  <revised count="01">2004-09-20</revised>
+  <bug>64166</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/foomatic" auto="yes" arch="*">
+      <unaffected range="ge">3.0.2</unaffected>
+      <vulnerable range="le">3.0.1</vulnerable>
+    </package>
+    <package name="net-print/foomatic-filters" auto="yes" arch="*">
+      <unaffected range="ge">3.0.2</unaffected>
+      <vulnerable range="le">3.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Foomatic is a system for connecting printer drivers with spooler systems
+    such as CUPS and LPD. The foomatic-filters package contains wrapper scripts
+    which are designed to be used with Foomatic.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a vulnerability in the foomatic-filters package. This
+    vulnerability is due to insufficient checking of command-line parameters
+    and environment variables in the foomatic-rip filter.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    This vulnerability may allow both local and remote attackers to execute
+    arbitrary commands on the print server with the permissions of the spooler
+    (oftentimes the "lp" user).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All foomatic users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-print/foomatic-3.0.2"
+    # emerge "&gt;=net-print/foomatic-3.0.2"</code>
+    <p>
+    PLEASE NOTE: You should update foomatic, instead of foomatic-filters. This
+    will help to ensure that all other foomatic components remain functional.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://www.linuxprinting.org/pipermail/foomatic-devel/2004q3/001996.html">Foomatic Announcement</uri>
+    <uri link="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:094">Mandrakesoft Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0801">CAN 2004-0801</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-16T17:39:12Z">
+    condordes
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-20T01:02:29Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-25.xml b/metadata/glsa/glsa-200409-25.xml
new file mode 100644
index 000000000000..1bb2e72b5269
--- /dev/null
+++ b/metadata/glsa/glsa-200409-25.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-25">
+  <title>CUPS: Denial of service vulnerability</title>
+  <synopsis>
+    A vulnerability in CUPS allows remote attackers to cause a denial of
+    service when sending a carefully-crafted UDP packet to the IPP port.
+  </synopsis>
+  <product type="ebuild">CUPS</product>
+  <announced>2004-09-20</announced>
+  <revised count="02">2004-09-21</revised>
+  <bug>64168</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.1.20-r2</unaffected>
+      <vulnerable range="lt">1.1.20-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Common UNIX Printing System (CUPS) is a cross-platform print spooler.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing
+    Protocol (IPP) implementation that allows remote attackers to cause CUPS to
+    stop listening on the IPP port.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote user with malicious intent can easily cause a denial of service to
+    the CUPS daemon by sending a specially-crafted UDP datagram packet to the
+    IPP port.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-print/cups-1.1.20-r2"
+    # emerge "&gt;=net-print/cups-1.1.20-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cups.org/str.php?L863">CUPS Software Trouble Report</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558">CAN-2004-0558</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-19T06:22:23Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-20T00:58:55Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-20T00:59:53Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-26.xml b/metadata/glsa/glsa-200409-26.xml
new file mode 100644
index 000000000000..d59247b06656
--- /dev/null
+++ b/metadata/glsa/glsa-200409-26.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-26">
+  <title>Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities</title>
+  <synopsis>
+    New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox
+    fix several vulnerabilities, including the remote execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">Mozilla</product>
+  <announced>2004-09-20</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>63996</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.3</unaffected>
+      <vulnerable range="lt">1.7.3</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0_pre</unaffected>
+      <vulnerable range="lt">1.0_pre</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">0.8</unaffected>
+      <vulnerable range="lt">0.8</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.3</unaffected>
+      <vulnerable range="lt">1.7.3</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0_pre</unaffected>
+      <vulnerable range="lt">1.0_pre</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">0.8</unaffected>
+      <vulnerable range="lt">0.8</vulnerable>
+    </package>
+    <package name="www-client/epiphany" auto="yes" arch="*">
+      <unaffected range="ge">1.2.9-r1</unaffected>
+      <vulnerable range="lt">1.2.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla is a popular web browser that includes a mail and newsreader.
+    Epiphany is a web browser that uses Gecko, the Mozilla rendering
+    engine. Mozilla Firefox and Mozilla Thunderbird are respectively the
+    next-generation browser and mail client from the Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mozilla-based products are vulnerable to multiple security issues.
+    Firstly routines handling the display of BMP images and VCards contain
+    an integer overflow and a stack buffer overrun. Specific pages with
+    long links, when sent using the "Send Page" function, and links with
+    non-ASCII hostnames could both cause heap buffer overruns.
+    </p>
+    <p>
+    Several issues were found and fixed in JavaScript rights handling:
+    untrusted script code could read and write to the clipboard, signed
+    scripts could build confusing grant privileges dialog boxes, and when
+    dragged onto trusted frames or windows, JavaScript links could access
+    information and rights of the target frame or window. Finally,
+    Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are
+    vulnerable to a heap overflow caused by invalid POP3 mail server
+    responses.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker might be able to run arbitrary code with the rights of the
+    user running the software by enticing the user to perform one of the
+    following actions: view a specially-crafted BMP image or VCard, use the
+    "Send Page" function on a malicious page, follow links with malicious
+    hostnames, drag multiple JavaScript links in a row to another window,
+    or connect to an untrusted POP3 mail server. An attacker could also use
+    a malicious page with JavaScript to disclose clipboard contents or
+    abuse previously-given privileges to request XPI installation
+    privileges through a confusing dialog.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround covering all vulnerabilities.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv your-version
+    # emerge your-version</code>
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3">Mozilla Security Advisory</uri>
+    <uri link="https://www.us-cert.gov/cas/techalerts/TA04-261A.html">US-CERT Security Alert TA04-261A</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0902">CVE-2004-0902</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0903">CVE-2004-0903</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0904">CVE-2004-0904</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0905">CVE-2004-0905</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0906">CVE-2004-0906</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0907">CVE-2004-0907</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0908">CVE-2004-0908</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0909">CVE-2004-0909</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-19T12:09:02Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-20T15:58:46Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-27.xml b/metadata/glsa/glsa-200409-27.xml
new file mode 100644
index 000000000000..0c6bcad800ac
--- /dev/null
+++ b/metadata/glsa/glsa-200409-27.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-27">
+  <title>glFTPd: Local buffer overflow vulnerability</title>
+  <synopsis>
+    glFTPd is vulnerable to a local buffer overflow which may allow arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">glftpd</product>
+  <announced>2004-09-21</announced>
+  <revised count="01">2004-09-21</revised>
+  <bug>64809</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-ftp/glftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.32-r1</unaffected>
+      <vulnerable range="lt">1.32-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    glFTPd is a highly configurable FTP server with many features.
+    </p>
+  </background>
+  <description>
+    <p>
+    The glFTPd server is vulnerable to a buffer overflow in the 'dupescan'
+    program. This vulnerability is due to an unsafe strcpy() call which can
+    cause the program to crash when a large argument is passed.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local user with malicious intent can pass a parameter to the dupescan
+    program that exceeds the size of the buffer, causing it to overflow. This
+    can lead the program to crash, and potentially allow arbitrary code
+    execution with the permissions of the user running glFTPd, which could be
+    the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All glFTPd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-ftp/glftpd-1.32-r1"
+    # emerge "&gt;=net-ftp/glftpd-1.32-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/375775/2004-09-17/2004-09-23/0">BugTraq Advisory</uri>
+    <uri link="http://www.glftpd.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=23&amp;mode=thread&amp;order=0&amp;thold=0">glFTPd Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-21T03:12:24Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-21T03:12:31Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-28.xml b/metadata/glsa/glsa-200409-28.xml
new file mode 100644
index 000000000000..374361b9bbcf
--- /dev/null
+++ b/metadata/glsa/glsa-200409-28.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-28">
+  <title>GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities</title>
+  <synopsis>
+    The GdkPixbuf library, which is also included in GTK+ 2, contains several
+    vulnerabilities that could lead to a Denial of Service or the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">gtk+</product>
+  <announced>2004-09-21</announced>
+  <revised count="01">2004-09-21</revised>
+  <bug>64230</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gtk+" auto="yes" arch="*">
+      <unaffected range="ge">2.4.9-r1</unaffected>
+      <unaffected range="lt">2.0.0</unaffected>
+      <vulnerable range="lt">2.4.9-r1</vulnerable>
+    </package>
+    <package name="media-libs/gdk-pixbuf" auto="yes" arch="*">
+      <unaffected range="ge">0.22.0-r3</unaffected>
+      <vulnerable range="lt">0.22.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GTK+ (GIMP Toolkit +) is a toolkit for creating graphical user interfaces.
+    The GdkPixbuf library provides facilities for image handling. It is
+    available as a standalone library as well as shipped with GTK+ 2.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been discovered in the BMP image preprocessor
+    (CAN-2004-0753). Furthermore, Chris Evans found a possible integer overflow
+    in the pixbuf_create_from_xpm() function, resulting in a heap overflow
+    (CAN-2004-0782). He also found a potential stack-based buffer overflow in
+    the xpm_extract_color() function (CAN-2004-0783). A possible integer
+    overflow has also been found in the ICO decoder.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    With a specially crafted BMP image an attacker could cause an affected
+    application to enter an infinite loop when that image is being processed.
+    Also, by making use of specially crafted XPM or ICO images an attacker
+    could trigger the overflows, which potentially allows the execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GTK+ 2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=x11-libs/gtk+-2.4.9-r1"
+    # emerge "&gt;=x11-libs/gtk+-2.4.9-r1"</code>
+    <p>
+    All GdkPixbuf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-libs/gdk-pixbuf-0.22.0-r3"
+    # emerge "&gt;=media-libs/gdk-pixbuf-0.22.0-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753">CAN-2004-0753</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782">CAN-2004-0782</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783">CAN-2004-0783</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788">CAN-2004-0788</uri>
+    <uri link="https://bugzilla.gnome.org/show_bug.cgi?id=150601">GNOME Bug 150601</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-20T06:35:32Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-21T11:29:51Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-21T13:51:30Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-29.xml b/metadata/glsa/glsa-200409-29.xml
new file mode 100644
index 000000000000..717b6a7a7455
--- /dev/null
+++ b/metadata/glsa/glsa-200409-29.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-29">
+  <title>FreeRADIUS: Multiple Denial of Service vulnerabilities</title>
+  <synopsis>
+    Multiple Denial of Service vulnerabilities were found and fixed in
+    FreeRADIUS.
+  </synopsis>
+  <product type="ebuild">FreeRADIUS</product>
+  <announced>2004-09-22</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>60587</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeRADIUS is an open source RADIUS authentication server
+    implementation.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are undisclosed defects in the way FreeRADIUS handles incorrect
+    received packets.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially-crafted packets to the
+    FreeRADIUS server to deny service to other users by crashing the
+    server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeRADIUS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-dialup/freeradius-1.0.1"
+    # emerge "&gt;=net-dialup/freeradius-1.0.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.freeradius.org/security.html">FreeRADIUS Vulnerability Notifications</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0938">CVE-2004-0938</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0960">CVE-2004-0960</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0961">CVE-2004-0961</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-20T13:27:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-20T15:22:58Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-21T11:24:01Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-30.xml b/metadata/glsa/glsa-200409-30.xml
new file mode 100644
index 000000000000..a32d5ff7261d
--- /dev/null
+++ b/metadata/glsa/glsa-200409-30.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-30">
+  <title>xine-lib: Multiple vulnerabilities</title>
+  <synopsis>
+    xine-lib contains several vulnerabilities potentially allowing the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2004-09-22</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>64348</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1_rc6</unaffected>
+      <vulnerable range="le">1_rc5-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is a multimedia library which can be utilized to create
+    multimedia frontends.
+    </p>
+  </background>
+  <description>
+    <p>
+    xine-lib contains two stack-based overflows and one heap-based
+    overflow. In the code reading VCD disc labels, the ISO disc label is
+    copied into an unprotected stack buffer of fixed size. Also, there is a
+    buffer overflow in the code that parses subtitles and prepares them for
+    display (XSA-2004-4). Finally, xine-lib contains a heap-based overflow
+    in the DVD sub-picture decoder (XSA-2004-5).
+    </p>
+    <p>
+    (Please note that the VCD MRL issue mentioned in XSA-2004-4 was fixed
+    with GLSA 200408-18.)
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    With carefully-crafted VCDs, DVDs, MPEGs or subtitles, an attacker may
+    cause xine-lib to execute arbitrary code with the permissions of the
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=media-libs/xine-lib-1_rc6"
+    # emerge "&gt;=media-libs/xine-lib-1_rc6"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0">BugTraq Announcement (XSA-2004-4)</uri>
+    <uri link="http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0">BugTraq Announcement (XSA-2004-5)</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1379">CVE-2004-1379</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1475">CVE-2004-1475</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1476">CVE-2004-1476</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-20T06:34:44Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-21T20:55:54Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-22T11:19:16Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-31.xml b/metadata/glsa/glsa-200409-31.xml
new file mode 100644
index 000000000000..9dd34b5cfc52
--- /dev/null
+++ b/metadata/glsa/glsa-200409-31.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-31">
+  <title>jabberd 1.x: Denial of Service vulnerability</title>
+  <synopsis>
+    The jabberd server was found to be vulnerable to a remote Denial of Service
+    attack.
+  </synopsis>
+  <product type="ebuild">jabberd</product>
+  <announced>2004-09-23</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>64741</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/jabberd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3-r4</unaffected>
+      <vulnerable range="le">1.4.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Jabber is a set of streaming XML protocols enabling message, presence,
+    and other structured information exchange between two hosts. jabberd is
+    the original implementation of the Jabber protocol server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jose Antonio Calvo found a defect in routines handling XML parsing of
+    incoming data. jabberd 1.x may crash upon reception of invalid data on
+    any socket connection on which XML is parsed.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may send a specific sequence of bytes to an open
+    socket to crash the jabberd server, resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All jabberd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-im/jabberd-1.4.3-r4"
+    # emerge "&gt;=net-im/jabberd-1.4.3-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.jabber.org/pipermail/jabberd/2004-September/002004.html">Vulnerability disclosure</uri>
+    <uri link="https://www.jabber.org/pipermail/jadmin/2004-September/018046.html">Jabber announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1378">CVE-2004-1378</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-21T11:27:04Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-21T15:51:07Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-22T17:38:09Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-32.xml b/metadata/glsa/glsa-200409-32.xml
new file mode 100644
index 000000000000..45ac42840f58
--- /dev/null
+++ b/metadata/glsa/glsa-200409-32.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-32">
+  <title>getmail: Filesystem overwrite vulnerability</title>
+  <synopsis>
+    getmail contains a vulnerability that could potentially allow any local
+    user to create or overwrite files in any directory on the system. This flaw
+    can be escalated further and possibly lead to a complete system compromise.
+  </synopsis>
+  <product type="ebuild">getmail</product>
+  <announced>2004-09-23</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>64643</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-mail/getmail" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0</unaffected>
+      <vulnerable range="lt">4.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    getmail is a reliable fetchmail replacement that supports Maildir,
+    Mboxrd and external MDA delivery.
+    </p>
+  </background>
+  <description>
+    <p>
+    David Watson discovered a vulnerability in getmail when it is
+    configured to run as root and deliver mail to the maildirs/mbox files
+    of untrusted local users. A malicious local user can then exploit a
+    race condition, or a similar symlink attack, and potentially cause
+    getmail to create or overwrite files in any directory on the system.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An untrusted local user could potentially create or overwrite files in
+    any directory on the system. This vulnerability may also be exploited
+    to have arbitrary commands executed as root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run getmail as a privileged user; or, in version 4, use an
+    external MDA with explicitly configured user and group privileges.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All getmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-mail/getmail-4.2.0"
+    # emerge "&gt;=net-mail/getmail-4.2.0"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG">getmail ChangeLog</uri>
+    <uri link="https://article.gmane.org/gmane.mail.getmail.user/1430">getmail Mailing List</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0880">CVE-2004-0880</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0881">CVE-2004-0881</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-21T21:51:14Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-21T21:52:24Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-33.xml b/metadata/glsa/glsa-200409-33.xml
new file mode 100644
index 000000000000..f7de696a1ded
--- /dev/null
+++ b/metadata/glsa/glsa-200409-33.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-33">
+  <title>Apache: Exposure of protected directories</title>
+  <synopsis>
+    A bug in the way Apache handles the Satisfy directive can lead to the
+    exposure of protected directories to unauthorized users.
+  </synopsis>
+  <product type="ebuild">net=www/apache</product>
+  <announced>2004-09-24</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>64804</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.51-r1</unaffected>
+      <unaffected range="lt">2.0.51</unaffected>
+      <vulnerable range="eq">2.0.51</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of most popular web servers on the Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in the way Apache handles the Satisfy directive, which is used to
+    require that certain conditions (client host, client authentication, etc)
+    be met before access to a certain directory is granted, could allow the
+    exposure of protected directories to unauthorized clients.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Directories containing protected data could be exposed to all visitors to
+    the webserver.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-servers/apache-2.0.51-r1"
+    # emerge "&gt;=www-servers/apache-2.0.51-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://issues.apache.org/bugzilla/show_bug.cgi?id=31315">Apache Bug #31315</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811">CAN-2004-0811</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-21T16:24:09Z">
+    dmargoli
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-24T04:13:15Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-34.xml b/metadata/glsa/glsa-200409-34.xml
new file mode 100644
index 000000000000..5ba3029237bc
--- /dev/null
+++ b/metadata/glsa/glsa-200409-34.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-34">
+  <title>X.org, XFree86: Integer and stack overflows in libXpm</title>
+  <synopsis>
+    libXpm, the X Pixmap library that is a part of the X Window System,
+    contains multiple stack and integer overflows that may allow a
+    carefully-crafted XPM file to crash applications linked against libXpm,
+    potentially allowing the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">X</product>
+  <announced>2004-09-27</announced>
+  <revised count="02">2006-05-27</revised>
+  <bug>64152</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-base/xorg-x11" auto="yes" arch="*">
+      <unaffected range="rge">6.7.0-r2</unaffected>
+      <unaffected range="ge">6.8.0-r1</unaffected>
+      <vulnerable range="lt">6.7.0-r2</vulnerable>
+      <vulnerable range="eq">6.8.0</vulnerable>
+    </package>
+    <package name="x11-base/xfree" auto="yes" arch="alpha x86">
+      <unaffected range="ge">4.3.0-r7</unaffected>
+      <vulnerable range="lt">4.3.0-r7</vulnerable>
+    </package>
+    <package name="x11-base/xfree" auto="yes" arch="amd64 hppa ia64 mips ppc sparc">
+      <vulnerable range="lt">4.3.0-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XFree86 and X.org are both implementations of the X Window System.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans has discovered multiple integer and stack overflow
+    vulnerabilities in the X Pixmap library, libXpm, which is a part of the
+    X Window System. These overflows can be exploited by the execution of a
+    malicious XPM file, which can crash applications that are dependent on
+    libXpm.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A carefully-crafted XPM file could crash applications that are linked
+    against libXpm, potentially allowing the execution of arbitrary code
+    with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=x11-base/xorg-x11-6.7.0-r2"
+    # emerge "&gt;=x11-base/xorg-x11-6.7.0-r2"</code>
+    <p>
+    All XFree86 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=x11-base/xfree-4.3.0-r7"
+    # emerge "&gt;=x11-base/xfree-4.3.0-r7"</code>
+    <p>
+    Note: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS,
+    PPC and SPARC architectures: XFree86 users on those architectures
+    should switch to X.org rather than upgrading XFree86.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://freedesktop.org/pipermail/xorg/2004-September/003196.html">X.org Security Advisory</uri>
+    <uri link="https://freedesktop.org/pipermail/xorg/2004-September/003172.html">X11R6.8.1 Release Notes</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687">CAN-2004-0687</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688">CAN-2004-0688</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-18T17:10:48Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-20T05:29:54Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-26T20:54:15Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200409-35.xml b/metadata/glsa/glsa-200409-35.xml
new file mode 100644
index 000000000000..341aca50c98d
--- /dev/null
+++ b/metadata/glsa/glsa-200409-35.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-35">
+  <title>Subversion: Metadata information leak</title>
+  <synopsis>
+    An information leak in mod_authz_svn could allow sensitive metadata of
+    protected areas to be leaked to unauthorized users.
+  </synopsis>
+  <product type="ebuild">Subversion</product>
+  <announced>2004-09-29</announced>
+  <revised count="01">2004-09-29</revised>
+  <bug>65085</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8</unaffected>
+      <vulnerable range="lt">1.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Subversion is a versioning system designed to be a replacement for CVS.
+    mod_authz_svn is an Apache module to do path-based authentication for
+    Subversion repositories.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a bug in mod_authz_svn that causes it to reveal logged metadata
+    regarding commits to protected areas.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Protected files themselves will not be revealed, but an attacker could use
+    the metadata to reveal the existence of protected areas, such as paths,
+    file versions, and the commit logs from those areas.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Rather than using mod_authz_svn, move protected areas into seperate
+    repositories and use native Apache authentication to make these
+    repositories unreadable.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Subversion users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-util/subversion-1.0.8"
+    # emerge "&gt;=dev-util/subversion-1.0.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0749">CAN-2004-0749</uri>
+    <uri link="http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt">Subversion Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-27T08:34:50Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-27T23:33:38Z">
+    dmargoli
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-29T19:12:44Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-01.xml b/metadata/glsa/glsa-200410-01.xml
new file mode 100644
index 000000000000..592bd035b569
--- /dev/null
+++ b/metadata/glsa/glsa-200410-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-01">
+  <title>sharutils: Buffer overflows in shar.c and unshar.c</title>
+  <synopsis>
+    sharutils contains two buffer overflow vulnerabilities that could lead to
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">sharutils</product>
+  <announced>2004-10-01</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>65773</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/sharutils" auto="yes" arch="*">
+      <unaffected range="ge">4.2.1-r10</unaffected>
+      <vulnerable range="le">4.2.1-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sharutils contains utilities to manage shell archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    sharutils contains two buffer overflows. Ulf Harnhammar discovered a
+    buffer overflow in shar.c, where the length of data returned by the wc
+    command is not checked. Florian Schilhabel discovered another buffer
+    overflow in unshar.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to execute arbitrary
+    code as the user running one of the sharutils programs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sharutils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-arch/sharutils-4.2.1-r10"
+    # emerge "&gt;=app-arch/sharutils-4.2.1-r10"</code>
+  </resolution>
+  <references>
+    <uri link="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265904">Debian Bug #265904</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1773">CVE-2004-1773</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-30T04:54:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-09-30T18:01:09Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-01T08:08:15Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-02.xml b/metadata/glsa/glsa-200410-02.xml
new file mode 100644
index 000000000000..afcab45310f4
--- /dev/null
+++ b/metadata/glsa/glsa-200410-02.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-02">
+  <title>Netpbm: Multiple temporary file issues</title>
+  <synopsis>
+    Utilities included in old Netpbm versions are vulnerable to multiple
+    temporary files issues, potentially allowing a local attacker to overwrite
+    files with the rights of the user running the utility.
+  </synopsis>
+  <product type="ebuild">Netpbm</product>
+  <announced>2004-10-04</announced>
+  <revised count="01">2004-10-04</revised>
+  <bug>65647</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-libs/netpbm" auto="yes" arch="*">
+      <unaffected range="ge">10.0</unaffected>
+      <vulnerable range="le">9.12-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Netpbm is a toolkit containing more than 200 separate utilities for
+    manipulation and conversion of graphic images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Utilities contained in the Netpbm package prior to the 9.25 version contain
+    defects in temporary file handling. They create temporary files with
+    predictable names without checking first that the target file doesn't
+    already exist.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When a
+    user or a tool calls one of the affected utilities, this would result in
+    file overwriting with the rights of the user running the utility.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Netpbm users should upgrade to an unaffected version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-libs/netpbm-10.0"
+    # emerge "&gt;=media-libs/netpbm-10.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0924">CVE-2003-0924</uri>
+    <uri link="https://www.kb.cert.org/vuls/id/487102">US-CERT VU#487102</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-02T00:18:31Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-03T10:07:45Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-03T13:46:27Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-03.xml b/metadata/glsa/glsa-200410-03.xml
new file mode 100644
index 000000000000..02ebe45e7a68
--- /dev/null
+++ b/metadata/glsa/glsa-200410-03.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-03">
+  <title>NetKit-telnetd: buffer overflows in telnet and telnetd</title>
+  <synopsis>
+    Buffer overflows exist in the telnet client and daemon provided by
+    netkit-telnetd, which could possibly allow a remote attacker to gain root
+    privileges and compromise the system.
+  </synopsis>
+  <product type="ebuild">netkit-telnetd</product>
+  <announced>2004-10-05</announced>
+  <revised count="01">2004-10-05</revised>
+  <bug>64632</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/netkit-telnetd" auto="yes" arch="*">
+      <unaffected range="ge">0.17-r4</unaffected>
+      <vulnerable range="le">0.17-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NetKit-telnetd is a standard Linux telnet client and server from the NetKit
+    utilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    A possible buffer overflow exists in the parsing of option strings by the
+    telnet daemon, where proper bounds checking is not applied when writing to
+    a buffer. Additionaly, another possible buffer overflow has been found by
+    Josh Martin in the handling of the environment variable HOME.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker sending a specially-crafted options string to the telnet
+    daemon could be able to run arbitrary code with the privileges of the user
+    running the telnet daemon, usually root. Furthermore, an attacker could
+    make use of an overlong HOME variable to cause a buffer overflow in the
+    telnet client, potentially leading to the local execution of arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NetKit-telnetd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-misc/netkit-telnetd-0.17-r4"
+    # emerge "&gt;=net-misc/netkit-telnetd-0.17-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0554">CVE-2001-0554</uri>
+    <uri link="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=264846">Debian Bug #264846</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-04T14:59:18Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-04T16:13:52Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-05T14:10:00Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-04.xml b/metadata/glsa/glsa-200410-04.xml
new file mode 100644
index 000000000000..1df42a038714
--- /dev/null
+++ b/metadata/glsa/glsa-200410-04.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-04">
+  <title>PHP: Memory disclosure and arbitrary location file upload</title>
+  <synopsis>
+    Two bugs in PHP may allow the disclosure of portions of memory and allow
+    remote attackers to upload files to arbitrary locations.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2004-10-06</announced>
+  <revised count="01">2004-10-06</revised>
+  <bug>64223</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.9 </unaffected>
+      <vulnerable range="lt">4.3.9</vulnerable>
+    </package>
+    <package name="dev-php/mod_php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.9</unaffected>
+      <vulnerable range="lt">4.3.9</vulnerable>
+    </package>
+    <package name="dev-php/php-cgi" auto="yes" arch="*">
+      <unaffected range="ge">4.3.9</unaffected>
+      <vulnerable range="lt">4.3.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a general-purpose scripting language widely used to develop
+    web-based applications. It can run inside a web server using the mod_php
+    module or the CGI version of PHP, or can run stand-alone in a CLI.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefano Di Paola discovered two bugs in PHP. The first is a parse error in
+    php_variables.c that could allow a remote attacker to view the contents of
+    the target machine's memory. Additionally, an array processing error in the
+    SAPI_POST_HANDLER_FUNC() function inside rfc1867.c could lead to the
+    $_FILES array being overwritten.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit the first vulnerability to view memory
+    contents. On a server with a script that provides file uploads, an attacker
+    could exploit the second vulnerability to upload files to an arbitrary
+    location. On systems where the HTTP server is allowed to write in a
+    HTTP-accessible location, this could lead to remote execution of arbitrary
+    commands with the rights of the HTTP server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP, mod_php and php-cgi users should upgrade to the latest stable
+    version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-php/php-4.3.9"
+    # emerge "&gt;=dev-php/php-4.3.9"
+
+    # emerge -pv "&gt;=dev-php/mod_php-4.3.9"
+    # emerge "&gt;=dev-php/mod_php-4.3.9"
+
+    # emerge -pv "&gt;=dev-php/php-cgi-4.3.9"
+    # emerge "&gt;=dev-php/php-cgi-4.3.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/12560/">Secunia Advisory</uri>
+    <uri link="http://www.securityfocus.com/archive/1/375294">BugTraq post regarding the php_variables.c issue</uri>
+    <uri link="http://www.securityfocus.com/archive/1/375370">BugTraq post regarding the rfc1867.c issue</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-09-29T20:40:17Z">
+    dmargoli
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-30T20:25:12Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-03T18:04:56Z">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-05.xml b/metadata/glsa/glsa-200410-05.xml
new file mode 100644
index 000000000000..02ff6e97f81e
--- /dev/null
+++ b/metadata/glsa/glsa-200410-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-05">
+  <title>Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities</title>
+  <synopsis>
+    Cyrus-SASL contains two vulnerabilities that might allow an attacker to
+    completely compromise the vulnerable system.
+  </synopsis>
+  <product type="ebuild">Cyrus-SASL</product>
+  <announced>2004-10-07</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>56016</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/cyrus-sasl" auto="yes" arch="*">
+      <unaffected range="ge">2.1.18-r2</unaffected>
+      <vulnerable range="le">2.1.18-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cyrus-SASL is an implementation of the Simple Authentication and
+    Security Layer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file.
+    Additionally, under certain conditions it is possible for a local user
+    to exploit a vulnerability in the way the SASL_PATH environment
+    variable is honored (CAN-2004-0884).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to execute arbitrary code with the Effective
+    ID of the application calling the Cyrus-SASL libraries.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cyrus-SASL users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-libs/cyrus-sasl-2.1.18-r2"
+    # emerge "&gt;=dev-libs/cyrus-sasl-2.1.18-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884">CAN-2004-0884</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0373">CVE-2005-0373</uri>
+  </references>
+  <metadata tag="submitter">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-02T04:16:09Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-06.xml b/metadata/glsa/glsa-200410-06.xml
new file mode 100644
index 000000000000..1b6049bceb15
--- /dev/null
+++ b/metadata/glsa/glsa-200410-06.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-06">
+  <title>CUPS: Leakage of sensitive information</title>
+  <synopsis>
+    CUPS leaks information about user names and passwords when using remote
+    printing to SMB-shared printers which require authentication.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2004-10-09</announced>
+  <revised count="01">2004-10-09</revised>
+  <bug>66501</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="rge">1.1.20-r3</unaffected>
+      <unaffected range="ge">1.1.21-r1</unaffected>
+      <vulnerable range="le">1.1.20-r2</vulnerable>
+      <vulnerable range="eq">1.1.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Common UNIX Printing System (CUPS) is a cross-platform print spooler.
+    </p>
+  </background>
+  <description>
+    <p>
+    When printing to a SMB-shared printer requiring authentication, CUPS leaks
+    the user name and password to a logfile.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local user could gain knowledge of sensitive authentication data.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-print/cups-1.1.20-r3"
+    # emerge "&gt;=net-print/cups-1.1.20-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923">CAN-2004-0923</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-10-08T18:27:07Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-08T21:07:38Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-07.xml b/metadata/glsa/glsa-200410-07.xml
new file mode 100644
index 000000000000..cdf7277cdb53
--- /dev/null
+++ b/metadata/glsa/glsa-200410-07.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-07">
+  <title>ed: Insecure temporary file handling</title>
+  <synopsis>
+    The ed utility is vulnerable to symlink attacks, potentially allowing a
+    local user to overwrite or change rights on arbitrary files with the rights
+    of the user running ed, which could be the root user.
+  </synopsis>
+  <product type="ebuild">ed</product>
+  <announced>2004-10-09</announced>
+  <revised count="01">2004-10-09</revised>
+  <bug>66400</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/ed" auto="yes" arch="*">
+      <unaffected range="ge">0.2-r4</unaffected>
+      <vulnerable range="le">0.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ed is a line-oriented text editor, used to create or modify text files,
+    both interactively and via shell scripts.
+    </p>
+  </background>
+  <description>
+    <p>
+    ed insecurely creates temporary files in world-writeable directories with
+    predictable names. Given that ed is used in various system shell scripts,
+    they are by extension affected by the same vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When ed is
+    called, this would result in file access with the rights of the user
+    running the utility, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ed users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=sys-apps/ed-0.2-r4"
+    # emerge "&gt;=sys-apps/ed-0.2-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1137">CVE-2000-1137</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-08T21:10:12Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-08T21:10:49Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-09T09:43:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-08.xml b/metadata/glsa/glsa-200410-08.xml
new file mode 100644
index 000000000000..c218f0655791
--- /dev/null
+++ b/metadata/glsa/glsa-200410-08.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-08">
+  <title>ncompress: Buffer overflow</title>
+  <synopsis>
+    compress and uncompress, which could be used by daemon programs, contain a
+    buffer overflow that could lead to remote execution of arbitrary code with
+    the rights of the daemon process.
+  </synopsis>
+  <product type="ebuild">ncompress</product>
+  <announced>2004-10-09</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>66251</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/ncompress" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4-r1</unaffected>
+      <vulnerable range="le">4.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ncompress is a utility handling compression and decompression of
+    Lempel-Ziv archives, compatible with the original *nix compress and
+    uncompress utilities (.Z extensions).
+    </p>
+  </background>
+  <description>
+    <p>
+    compress and uncompress do not properly check bounds on command line
+    options, including the filename. Large parameters would trigger a
+    buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By supplying a carefully crafted filename or other option, an attacker
+    could execute arbitrary code on the system. A local attacker could only
+    execute code with his own rights, but since compress and uncompress are
+    called by various daemon programs, this might also allow a remote
+    attacker to execute code with the rights of the daemon making use of
+    ncompress.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ncompress users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-arch/ncompress-4.2.4-r1"
+    # emerge "&gt;=app-arch/ncompress-4.2.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kb.cert.org/vuls/id/176363">US-CERT Vulnerability Note VU#176363</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1413">CVE-2001-1413</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-08T21:09:39Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-08T21:11:15Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-09T10:24:20Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-09.xml b/metadata/glsa/glsa-200410-09.xml
new file mode 100644
index 000000000000..506bb70ffb87
--- /dev/null
+++ b/metadata/glsa/glsa-200410-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-09">
+  <title>LessTif: Integer and stack overflows in libXpm</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in libXpm, which is included
+    in LessTif, that can potentially lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">lesstif</product>
+  <announced>2004-10-09</announced>
+  <revised count="01">2004-10-09</revised>
+  <bug>66647</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/lesstif" auto="yes" arch="*">
+      <unaffected range="ge">0.93.97</unaffected>
+      <vulnerable range="lt">0.93.97</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LessTif is a clone of OSF/Motif, which is the standard user interface
+    toolkit available on Unix and Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans has discovered various integer and stack overflows in libXpm,
+    which is shipped as a part of the X Window System. LessTif, an application
+    that includes this library, is susceptible to the same issues.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A carefully-crafted XPM file could crash applications that are linked
+    against libXpm, such as LessTif, potentially allowing the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LessTif users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=x11-libs/lesstif-0.93.97"
+    # emerge "&gt;=x11-libs/lesstif-0.93.97"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687">CAN-2004-0687</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688">CAN-2004-0688</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200409-34.xml">GLSA-200409-34</uri>
+    <uri link="http://www.lesstif.org/ReleaseNotes.html">LessTif Release Notes</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-10-08T16:33:39Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-09T05:48:24Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-10.xml b/metadata/glsa/glsa-200410-10.xml
new file mode 100644
index 000000000000..03090614692a
--- /dev/null
+++ b/metadata/glsa/glsa-200410-10.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-10">
+  <title>gettext: Insecure temporary file handling</title>
+  <synopsis>
+    The gettext utility is vulnerable to symlink attacks, potentially allowing
+    a local user to overwrite or change permissions on arbitrary files with the
+    rights of the user running gettext, which could be the root user.
+  </synopsis>
+  <product type="ebuild">gettext</product>
+  <announced>2004-10-10</announced>
+  <revised count="04">2006-05-22</revised>
+  <bug>66355</bug>
+  <bug>85766</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/gettext" auto="yes" arch="*">
+      <unaffected range="ge">0.14.1-r1</unaffected>
+      <unaffected range="rge">0.12.1-r2</unaffected>
+      <vulnerable range="lt">0.14.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gettext is a set of utilities for the GNU Translation Project which
+    provides a set of tools and documentation to help produce multi-lingual
+    messages in programs.
+    </p>
+  </background>
+  <description>
+    <p>
+    gettext insecurely creates temporary files in world-writeable
+    directories with predictable names.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    gettext is called, this would result in file access with the rights of
+    the user running the utility, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gettext users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-devel/gettext-0.14.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/advisories/7263">BugTraq Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0966">CVE-2004-0966</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-10T10:51:13Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-10T10:51:21Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-10T21:46:28Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-11.xml b/metadata/glsa/glsa-200410-11.xml
new file mode 100644
index 000000000000..5d60dfae035b
--- /dev/null
+++ b/metadata/glsa/glsa-200410-11.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-11">
+  <title>tiff: Buffer overflows in image decoding</title>
+  <synopsis>
+    Multiple heap-based overflows have been found in the tiff library image
+    decoding routines, potentially allowing to execute arbitrary code with the
+    rights of the user viewing a malicious image.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2004-10-13</announced>
+  <revised count="01">2004-10-13</revised>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">3.6.1-r2</unaffected>
+      <vulnerable range="lt">3.6.1-r2</vulnerable>
+    </package>
+    <package name="media-gfx/xv" auto="yes" arch="*">
+      <unaffected range="ge">3.10a-r8</unaffected>
+      <vulnerable range="le">3.10a-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The tiff library contains encoding and decoding routines for the Tag Image
+    File Format. It is called by numerous programs, including GNOME and KDE, to
+    help in displaying TIFF images. xv is a multi-format image manipulation
+    utility that is statically linked to the tiff library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans found heap-based overflows in RLE decoding routines in
+    tif_next.c, tif_thunder.c and potentially tif_luv.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a carefully crafted TIFF
+    image file, which would potentially lead to execution of arbitrary code
+    with the rights of the user viewing the image. This affects any program
+    that makes use of the tiff library, including GNOME and KDE web browsers or
+    mail readers.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All tiff library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-libs/tiff-3.6.1-r2"
+    # emerge "&gt;=media-libs/tiff-3.6.1-r2"</code>
+    <p>
+    xv makes use of the tiff library and needs to be recompiled to receive the
+    new patched version of the library. All xv users should also upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=media-gfx/xv-3.10a-r8"
+    # emerge "&gt;=media-gfx/xv-3.10a-r8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803">CAN-2004-0803</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-10-11T13:05:01Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-13T14:38:12Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-12.xml b/metadata/glsa/glsa-200410-12.xml
new file mode 100644
index 000000000000..b2f1cab1d94a
--- /dev/null
+++ b/metadata/glsa/glsa-200410-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-12">
+  <title>WordPress: HTTP response splitting and XSS vulnerabilities</title>
+  <synopsis>
+    WordPress contains HTTP response splitting and cross-site scripting
+    vulnerabilities.
+  </synopsis>
+  <product type="ebuild">wordpress</product>
+  <announced>2004-10-14</announced>
+  <revised count="04">2006-05-22</revised>
+  <bug>65798</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <unaffected range="ge">1.2.2</unaffected>
+      <vulnerable range="lt">1.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a PHP and MySQL based content management and publishing
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to the lack of input validation in the administration panel
+    scripts, WordPress is vulnerable to HTTP response splitting and
+    cross-site scripting attacks.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A malicious user could inject arbitrary response data, leading to
+    content spoofing, web cache poisoning and other cross-site scripting or
+    HTTP response splitting attacks. This could result in compromising the
+    victim's data or browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WordPress users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-1.2.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://wordpress.org/development/2004/12/one-point-two-two/">WordPress 1.2.2 Release Notes</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1584">CVE-2004-1584</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-12T11:43:21Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-12T11:44:27Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-12T21:40:26Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-13.xml b/metadata/glsa/glsa-200410-13.xml
new file mode 100644
index 000000000000..beb54b04098a
--- /dev/null
+++ b/metadata/glsa/glsa-200410-13.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-13">
+  <title>BNC: Input validation flaw</title>
+  <synopsis>
+    BNC contains an input validation flaw which might allow a remote attacker
+    to issue arbitrary IRC related commands.
+  </synopsis>
+  <product type="ebuild">bnc</product>
+  <announced>2004-10-15</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>66912</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/bnc" auto="yes" arch="*">
+      <unaffected range="ge">2.8.9</unaffected>
+      <vulnerable range="lt">2.8.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BNC is an IRC proxying server
+    </p>
+  </background>
+  <description>
+    <p>
+    A flaw exists in the input parsing of BNC where part of the
+    sbuf_getmsg() function handles the backspace character incorrectly.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote user could issue commands using fake authentication
+    credentials and possibly gain access to scripts running on the client
+    side.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BNC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-irc/bnc-2.8.9"
+    # emerge "&gt;=net-irc/bnc-2.8.9"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.gotbnc.com/changes.html#2.8.9">BNC Changes</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1482">CVE-2004-1482</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-12T11:44:17Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-12T11:44:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-13T08:51:33Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-14.xml b/metadata/glsa/glsa-200410-14.xml
new file mode 100644
index 000000000000..ea26984ea23d
--- /dev/null
+++ b/metadata/glsa/glsa-200410-14.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-14">
+  <title>phpMyAdmin: Vulnerability in MIME-based transformation system</title>
+  <synopsis>
+    A vulnerability has been found in the MIME-based transformation system of
+    phpMyAdmin, which may allow remote execution of arbitrary commands if PHP's
+    "safe mode" is disabled.
+  </synopsis>
+  <product type="ebuild">phpMyAdmin</product>
+  <announced>2004-10-18</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>67409</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.6.0_p2</unaffected>
+      <vulnerable range="lt">2.6.0_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a popular web-based MySQL administration tool written in
+    PHP. It allows users to browse and administer a MySQL database from a
+    web-browser. Transformations are a phpMyAdmin feature allowing plug-ins
+    to rewrite the contents of any column seen in phpMyAdmin's Browsing
+    mode, including using insertion of PHP or JavaScript code.
+    </p>
+  </background>
+  <description>
+    <p>
+    A defect was found in phpMyAdmin's MIME-based transformation system,
+    when used with "external" transformations.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to execute arbitrary
+    commands on the server with the rights of the HTTP server user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Enabling PHP safe mode ("safe_mode = On" in php.ini) may serve as a
+    temporary workaround.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-db/phpmyadmin-2.6.0_p2"
+    # emerge "&gt;=dev-db/phpmyadmin-2.6.0_p2"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/forum/forum.php?forum_id=414281">phpMyAdmin 2.6.0_pl2 Release Announcement</uri>
+    <uri link="https://secunia.com/advisories/12813/">Secunia Advisory SA12813</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2630">CVE-2004-2630</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-14T19:19:23Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-16T10:34:28Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-17T17:40:28Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-15.xml b/metadata/glsa/glsa-200410-15.xml
new file mode 100644
index 000000000000..81240a259bef
--- /dev/null
+++ b/metadata/glsa/glsa-200410-15.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-15">
+  <title>Squid: Remote DoS vulnerability</title>
+  <synopsis>
+    Squid contains a vulnerability in the SNMP module which may lead to a
+    denial of service.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2004-10-18</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>67167</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.5.7</unaffected>
+      <vulnerable range="lt">2.5.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a full-featured Web proxy cache designed to run on Unix
+    systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+    as well as SSL support, cache hierarchies, transparent caching, access
+    control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>
+    A parsing error exists in the SNMP module of Squid where a
+    specially-crafted UDP packet can potentially cause the server to
+    restart, closing all current connections. This vulnerability only
+    exists in versions of Squid compiled with the 'snmp' USE flag.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can repeatedly send these malicious UDP packets to the
+    Squid server, leading to a denial of service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable SNMP support or filter the port that has SNMP processing
+    (default is 3401) to allow only SNMP data from trusted hosts.
+    </p>
+    <p>
+    To disable SNMP support put the entry snmp_port 0 in the squid.conf
+    configuration file.
+    </p>
+    <p>
+    To allow only the local interface to process SNMP, add the entry
+    "snmp_incoming_address 127.0.0.1" in the squid.conf configuration file.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=net-proxy/squid-2.5.7"
+    # emerge "&gt;=net-proxy/squid-2.5.7"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=152&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918">CVE-2004-0918</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-17T17:38:48Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-17T17:38:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-17T18:44:11Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-16.xml b/metadata/glsa/glsa-200410-16.xml
new file mode 100644
index 000000000000..a27e3ca66a79
--- /dev/null
+++ b/metadata/glsa/glsa-200410-16.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-16">
+  <title>PostgreSQL: Insecure temporary file use in make_oidjoins_check</title>
+  <synopsis>
+    The make_oidjoins_check script, part of the PostgreSQL package, is
+    vulnerable to symlink attacks, potentially allowing a local user to
+    overwrite arbitrary files with the rights of the user running the utility.
+  </synopsis>
+  <product type="ebuild">PostgreSQL</product>
+  <announced>2004-10-18</announced>
+  <revised count="04">2009-05-28</revised>
+  <bug>66371</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge">7.4.5-r2</unaffected>
+      <unaffected range="rge">7.3.7-r2</unaffected>
+      <unaffected range="rge">7.3.15</unaffected>
+      <unaffected range="rge">7.3.16</unaffected>
+      <unaffected range="rge">7.3.18</unaffected>
+      <unaffected range="rge">7.3.21</unaffected>
+      <vulnerable range="le">7.4.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PostgreSQL is an open source database based on the POSTGRES database
+    management system. It includes several contributed scripts including
+    the make_oidjoins_check script.
+    </p>
+  </background>
+  <description>
+    <p>
+    The make_oidjoins_check script insecurely creates temporary files in
+    world-writeable directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    make_oidjoins_check is called, this would result in file overwrite with
+    the rights of the user running the utility, which could be the root
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PostgreSQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=dev-db/postgresql-7.4.5-r2"
+    # emerge "&gt;=dev-db/postgresql-7.4.5-r2"</code>
+    <p>
+    Upgrade notes: PostgreSQL 7.3.x users should upgrade to the latest
+    available 7.3.x version to retain database compatibility.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.trustix.org/errata/2004/0050/">Trustix Advisory #2004-0050</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0977">CVE-2004-0977</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-10-18T13:31:59Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-18T13:32:56Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-17.xml b/metadata/glsa/glsa-200410-17.xml
new file mode 100644
index 000000000000..1e39209c59eb
--- /dev/null
+++ b/metadata/glsa/glsa-200410-17.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-17">
+  <title>OpenOffice.org: Temporary files disclosure</title>
+  <synopsis>
+    OpenOffice.org uses insecure temporary files which could allow a malicious
+    local user to gain knowledge of sensitive information from other users'
+    documents.
+  </synopsis>
+  <product type="ebuild">openoffice</product>
+  <announced>2004-10-20</announced>
+  <revised count="01">2004-10-20</revised>
+  <bug>63556</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="lt">1.1.2</unaffected>
+      <unaffected range="ge">1.1.3</unaffected>
+      <vulnerable range="eq">1.1.2</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="lt">1.1.2</unaffected>
+      <unaffected range="ge">1.1.3</unaffected>
+      <vulnerable range="eq">1.1.2</vulnerable>
+    </package>
+    <package name="app-office/openoffice-ximian" auto="yes" arch="*">
+      <unaffected range="lt">1.1.60</unaffected>
+      <unaffected range="ge">1.3.4</unaffected>
+      <vulnerable range="eq">1.1.60</vulnerable>
+      <vulnerable range="eq">1.1.61</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an office productivity suite, including word processing,
+    spreadsheets, presentations, drawings, data charting, formula editing, and
+    file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    On start-up, OpenOffice.org 1.1.2 creates a temporary directory with
+    insecure permissions. When a document is saved, a compressed copy of it can
+    be found in that directory.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A malicious local user could obtain the temporary files and thus read
+    documents belonging to other users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All affected OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-office/openoffice-1.1.3"
+    # emerge "&gt;=app-office/openoffice-1.1.3"</code>
+    <p>
+    All affected OpenOffice.org binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-office/openoffice-bin-1.1.3"
+    # emerge "&gt;=app-office/openoffice-bin-1.1.3"</code>
+    <p>
+    All affected OpenOffice.org Ximian users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-office/openoffice-ximian-1.3.4"
+    # emerge "&gt;=app-office/openoffice-1.3.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752">CAN-2004-0752</uri>
+    <uri link="https://www.openoffice.org/issues/show_bug.cgi?id=33357">OpenOffice.org Issue 33357</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-18T17:29:15Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-19T09:04:12Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-19T12:14:40Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-18.xml b/metadata/glsa/glsa-200410-18.xml
new file mode 100644
index 000000000000..2454ef90474e
--- /dev/null
+++ b/metadata/glsa/glsa-200410-18.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-18">
+  <title>Ghostscript: Insecure temporary file use in multiple scripts</title>
+  <synopsis>
+    Multiple scripts in the Ghostscript package are vulnerable to symlink
+    attacks, potentially allowing a local user to overwrite arbitrary files
+    with the rights of the user running the script.
+  </synopsis>
+  <product type="ebuild">Ghostscript</product>
+  <announced>2004-10-20</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>66357</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/ghostscript-esp" auto="yes" arch="*">
+      <unaffected range="ge">7.07.1-r7</unaffected>
+      <unaffected range="rge">7.05.6-r2</unaffected>
+      <vulnerable range="lt">7.07.1-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ghostscript is a software package providing an interpreter for the
+    PostScript language and the PDF file format. It also provides output
+    drivers for various file formats and printers.
+    </p>
+  </background>
+  <description>
+    <p>
+    The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files
+    in world-writeable directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When an
+    affected script is called, this would result in the file to be overwritten
+    with the rights of the user running the script, which could be the root
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Ghostscript users on all architectures except PPC should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-text/ghostscript-esp-7.07.1-r7"
+    # emerge "&gt;=app-text/ghostscript-esp-7.07.1-r7"</code>
+    <p>
+    Ghostscript users on the PPC architecture should upgrade to the latest
+    stable version on their architecture:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=app-text/ghostscript-esp-7.05.6-r2"
+    # emerge "&gt;=app-text/ghostscript-esp-7.05.6-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0967">CAN-2004-0967</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-10-19T12:27:11Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-19T12:27:18Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-19.xml b/metadata/glsa/glsa-200410-19.xml
new file mode 100644
index 000000000000..97d3496f10a3
--- /dev/null
+++ b/metadata/glsa/glsa-200410-19.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-19">
+  <title>glibc: Insecure tempfile handling in catchsegv script</title>
+  <synopsis>
+    The catchsegv script in the glibc package is vulnerable to symlink attacks,
+    potentially allowing a local user to overwrite arbitrary files with the
+    rights of the user running the script.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2004-10-21</announced>
+  <revised count="01">2004-10-21</revised>
+  <bug>66358</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="rge">2.2.5-r9</unaffected>
+      <unaffected range="rge">2.3.2-r12</unaffected>
+      <unaffected range="rge">2.3.3.20040420-r2</unaffected>
+      <unaffected range="rge">2.3.4.20040619-r2</unaffected>
+      <unaffected range="ge">2.3.4.20040808-r1</unaffected>
+      <vulnerable range="le">2.3.4.20040808</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    glibc is a package that contains the GNU C library.
+    </p>
+  </background>
+  <description>
+    <p>
+    The catchsegv script creates temporary files in world-writeable directories
+    with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    catchsegv script is called, this would result in the file being overwritten
+    with the rights of the user running the utility, which could be the root
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All glibc users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv sys-libs/glibc
+    # emerge sys-libs/glibc</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968">CAN-2004-0968</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-20T14:29:16Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-20T14:29:39Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-20T16:11:58Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-20.xml b/metadata/glsa/glsa-200410-20.xml
new file mode 100644
index 000000000000..d8b98b45600d
--- /dev/null
+++ b/metadata/glsa/glsa-200410-20.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-20">
+  <title>Xpdf, CUPS: Multiple integer overflows</title>
+  <synopsis>
+    Multiple integer overflows were discovered in Xpdf, potentially resulting
+    in execution of arbitrary code upon viewing a malicious PDF file. CUPS
+    includes Xpdf code and therefore is vulnerable to the same issues.
+  </synopsis>
+  <product type="ebuild">Xpdf</product>
+  <announced>2004-10-21</announced>
+  <revised count="02">2004-11-06</revised>
+  <bug>69662</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.00-r5</unaffected>
+      <vulnerable range="le">3.00-r4</vulnerable>
+    </package>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.1.20-r5</unaffected>
+      <vulnerable range="le">1.1.20-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xpdf is an open source viewer for Portable Document Format (PDF) files. The
+    Common UNIX Printing System (CUPS) is a cross-platform print spooler that
+    includes some Xpdf code.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans discovered multiple integer overflow issues in Xpdf.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice an user to open a specially-crafted PDF file,
+    potentially resulting in execution of arbitrary code with the rights of the
+    user running Xpdf. By enticing an user to directly print the PDF file to a
+    CUPS printer, an attacker could also crash the CUPS spooler or execute
+    arbitrary code with the rights of the CUPS spooler, which is usually the
+    "lp" user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/xpdf-3.00-r5"</code>
+    <p>
+    All CUPS users should also upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.1.20-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888">CAN-2004-0888</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889">CAN-2004-0889</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-10-21T10:10:18Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-21T14:18:53Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-21.xml b/metadata/glsa/glsa-200410-21.xml
new file mode 100644
index 000000000000..f9379704c09e
--- /dev/null
+++ b/metadata/glsa/glsa-200410-21.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-21">
+  <title>Apache 2, mod_ssl: Bypass of SSLCipherSuite directive</title>
+  <synopsis>
+    In certain configurations, it can be possible to bypass restrictions set by
+    the "SSLCipherSuite" directive of mod_ssl.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2004-10-21</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>66807</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.52</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.0.52</vulnerable>
+    </package>
+    <package name="net-www/mod_ssl" auto="yes" arch="*">
+      <unaffected range="ge">2.8.20</unaffected>
+      <vulnerable range="lt">2.8.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and
+    is also included in Apache 2.
+    </p>
+  </background>
+  <description>
+    <p>
+    A flaw has been found in mod_ssl where the "SSLCipherSuite" directive could
+    be bypassed in certain configurations if it is used in a directory or
+    location context to restrict the set of allowed cipher suites.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could gain access to a location using any cipher suite
+    allowed by the server/virtual host configuration, disregarding the
+    restrictions by "SSLCipherSuite" for that location.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache 2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=www-servers/apache-2.0.52"
+    # emerge "&gt;=www-servers/apache-2.0.52"</code>
+    <p>
+    All mod_ssl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-www/mod_ssl-2.8.20"
+    # emerge "&gt;=net-www/mod_ssl-2.8.20"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885">CAN-2004-0885</uri>
+    <uri link="https://issues.apache.org/bugzilla/show_bug.cgi?id=31505">Apache HTTPD Bug 31505</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-08T21:14:18Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-13T20:52:28Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-21T04:34:44Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-22.xml b/metadata/glsa/glsa-200410-22.xml
new file mode 100644
index 000000000000..52db20acb4be
--- /dev/null
+++ b/metadata/glsa/glsa-200410-22.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-22">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities including privilege abuse, Denial of Service, and
+    potentially remote arbitrary code execution have been discovered in MySQL.
+  </synopsis>
+  <product type="ebuild">MySQL</product>
+  <announced>2004-10-24</announced>
+  <revised count="01">2004-10-24</revised>
+  <bug>67062</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">4.0.21</unaffected>
+      <vulnerable range="lt">4.0.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular open-source, multi-threaded, multi-user SQL database
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in MySQL:
+    </p>
+    <p>
+    Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT
+    rights of the old table instead of the new one (CAN-2004-0835). Another
+    privilege checking bug allowed users to grant rights on a database they had
+    no rights on.
+    </p>
+    <p>
+    Dean Ellis found a defect where multiple threads ALTERing the MERGE tables
+    to change the UNION could cause the server to crash (CAN-2004-0837).
+    Another crash was found in MATCH ... AGAINST() queries with missing closing
+    double quote.
+    </p>
+    <p>
+    Finally, a buffer overrun in the mysql_real_connect function was found by
+    Lukasz Wojtow (CAN-2004-0836).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The privilege checking issues could be used by remote users to bypass their
+    rights on databases. The two crashes issues could be exploited by a remote
+    user to perform a Denial of Service attack on MySQL server. The buffer
+    overrun issue could also be exploited as a Denial of Service attack, and
+    may allow to execute arbitrary code with the rights of the MySQL daemon
+    (typically, the "mysql" user).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=dev-db/mysql-4.0.21"
+    # emerge "&gt;=dev-db/mysql-4.0.21"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835">CAN-2004-0835</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836">CAN-2004-0836</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837">CAN-2004-0837</uri>
+    <uri link="https://bugs.mysql.com/bug.php?id=3933">Privilege granting bug</uri>
+    <uri link="https://bugs.mysql.com/bug.php?id=3870">MATCH ... AGAINST crash bug</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-19T17:45:22Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-22T20:06:53Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-23T08:53:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-23.xml b/metadata/glsa/glsa-200410-23.xml
new file mode 100644
index 000000000000..25b44d6c2b07
--- /dev/null
+++ b/metadata/glsa/glsa-200410-23.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-23">
+  <title>Gaim: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in Gaim which could allow a remote
+    attacker to crash the application, or possibly execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gaim</product>
+  <announced>2004-10-24</announced>
+  <revised count="01">2004-10-24</revised>
+  <bug>68271</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a full featured instant messaging client which handls a variety of
+    instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    A possible buffer overflow exists in the code processing MSN SLP messages
+    (CAN-2004-0891). memcpy() was used without validating the size of the
+    buffer, and an incorrect buffer was used as destination under certain
+    circumstances. Additionally, memory allocation problems were found in the
+    processing of MSN SLP messages and the receiving of files. These issues
+    could lead Gaim to try to allocate more memory than available, resulting in
+    the crash of the application.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could crash Gaim and possibly execute arbitrary code by
+    exploiting the buffer overflow.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gaim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-im/gaim-1.0.2"
+    # emerge "&gt;=net-im/gaim-1.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891">CAN-2004-0891</uri>
+    <uri link="https://gaim.sourceforge.net/security/">Gaim Security Issues</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-22T00:52:11Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-22T08:35:43Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-23T13:06:09Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-24.xml b/metadata/glsa/glsa-200410-24.xml
new file mode 100644
index 000000000000..f05a81d6ee3c
--- /dev/null
+++ b/metadata/glsa/glsa-200410-24.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-24">
+  <title>MIT krb5: Insecure temporary file use in send-pr.sh</title>
+  <synopsis>
+    The send-pr.sh script, included in the mit-krb5 package, is vulnerable to
+    symlink attacks, potentially allowing a local user to overwrite arbitrary
+    files with the rights of the user running the utility.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2004-10-25</announced>
+  <revised count="02">2005-01-30</revised>
+  <bug>66359</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.3.5-r1</unaffected>
+      <unaffected range="rge">1.3.4-r1</unaffected>
+      <vulnerable range="le">1.3.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT krb5 is the free implementation of the Kerberos network
+    authentication protocol written by the Massachusetts Institute of
+    Technology.
+    </p>
+  </background>
+  <description>
+    <p>
+    The send-pr.sh script creates temporary files in world-writeable
+    directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    send-pr.sh is called, this would result in the file being overwritten
+    with the rights of the user running the utility, which could be the
+    root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT krb5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv "&gt;=app-crypt/mit-krb5-1.3.4-r1"
+    # emerge "&gt;=app-crypt/mit-krb5-1.3.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0971">CAN-2004-0971</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-10-19T17:38:41Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-25T13:03:38Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-25.xml b/metadata/glsa/glsa-200410-25.xml
new file mode 100644
index 000000000000..21b97c5be877
--- /dev/null
+++ b/metadata/glsa/glsa-200410-25.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-25">
+  <title>Netatalk: Insecure tempfile handling in etc2ps.sh</title>
+  <synopsis>
+    The etc2ps.sh script, included in the Netatalk package, is vulnerable to
+    symlink attacks, potentially allowing a local user to overwrite arbitrary
+    files with the rights of the user running the utility.
+  </synopsis>
+  <product type="ebuild">Netatalk</product>
+  <announced>2004-10-25</announced>
+  <revised count="01">2004-10-25</revised>
+  <bug>66370</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-fs/netatalk" auto="yes" arch="*">
+      <unaffected range="ge">1.6.4-r1</unaffected>
+      <vulnerable range="lt">1.6.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Netatalk is a kernel level implementation of the AppleTalk Protocol Suite,
+    which allows Unix hosts to act as file, print, and time servers for Apple
+    computers. It includes several script utilities, including etc2ps.sh.
+    </p>
+  </background>
+  <description>
+    <p>
+    The etc2ps.sh script creates temporary files in world-writeable directories
+    with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    etc2ps.sh is executed, this would result in the file being overwritten with
+    the rights of the user running the utility, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Netatalk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-fs/netatalk-1.6.4-r1"
+    # emerge "&gt;=net-fs/netatalk-1.6.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0974">CAN-2004-0974</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-10-10T22:02:01Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-25T13:03:51Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-26.xml b/metadata/glsa/glsa-200410-26.xml
new file mode 100644
index 000000000000..5c3cdf3ed815
--- /dev/null
+++ b/metadata/glsa/glsa-200410-26.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-26">
+  <title>socat: Format string vulnerability</title>
+  <synopsis>
+    socat contains a format string vulnerability that can potentially lead to
+    remote or local execution of arbitrary code with the privileges of the
+    socat process.
+  </synopsis>
+  <product type="ebuild">socat</product>
+  <announced>2004-10-25</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>68547</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/socat" auto="yes" arch="*">
+      <unaffected range="ge">1.4.0.3</unaffected>
+      <vulnerable range="lt">1.4.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    socat is a multipurpose bidirectional relay, similar to netcat.
+    </p>
+  </background>
+  <description>
+    <p>
+    socat contains a syslog() based format string vulnerablility in the
+    '_msg()' function of 'error.c'. Exploitation of this bug is only
+    possible when socat is run with the '-ly' option, causing it to log
+    messages to syslog.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote exploitation is possible when socat is used as a HTTP proxy
+    client and connects to a malicious server. Local privilege escalation
+    can be achieved when socat listens on a UNIX domain socket. Potential
+    execution of arbitrary code with the privileges of the socat process is
+    possible with both local and remote exploitations.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable logging to syslog by not using the '-ly' option when starting
+    socat.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All socat users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/socat-1.4.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.dest-unreach.org/socat/advisory/socat-adv-1.html">socat Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1484">CVE-2004-1484</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-23T13:12:08Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-23T13:30:23Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-24T21:38:40Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-27.xml b/metadata/glsa/glsa-200410-27.xml
new file mode 100644
index 000000000000..8e32d7e21b2d
--- /dev/null
+++ b/metadata/glsa/glsa-200410-27.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-27">
+  <title>mpg123: Buffer overflow vulnerabilities</title>
+  <synopsis>
+    Buffer overflow vulnerabilities have been found in mpg123 which could lead
+    to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mpg123</product>
+  <announced>2004-10-27</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>68343</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mpg123" auto="yes" arch="*">
+      <unaffected range="ge">0.59s-r5</unaffected>
+      <vulnerable range="lt">0.59s-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mpg123 is a MPEG Audio Player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Buffer overflow vulnerabilities in the getauthfromURL() and http_open()
+    functions have been reported by Carlos Barros. Additionally, the Gentoo
+    Linux Sound Team fixed additional boundary checks which were found to
+    be lacking.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a malicious playlist or URL or making use of
+    a specially-crafted symlink, an attacker could possibly execute
+    arbitrary code with the rights of the user running mpg123.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mpg123 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/mpg123-0.59s-r5"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt">Security Advisory by Carlos Barros</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0982">CVE-2004-0982</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-22T21:04:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-24T17:06:55Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-26T11:02:34Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-28.xml b/metadata/glsa/glsa-200410-28.xml
new file mode 100644
index 000000000000..1a70dac06277
--- /dev/null
+++ b/metadata/glsa/glsa-200410-28.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-28">
+  <title>rssh: Format string vulnerability</title>
+  <synopsis>
+    rssh is vulnerable to a format string vulnerability that allows arbitrary
+    execution of code with the rights of the connected user, thereby bypassing
+    rssh restrictions.
+  </synopsis>
+  <product type="ebuild">rssh</product>
+  <announced>2004-10-27</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>66988</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-shells/rssh" auto="yes" arch="*">
+      <unaffected range="ge">2.2.2</unaffected>
+      <vulnerable range="lt">2.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rssh is a restricted shell, allowing only a few commands like scp or
+    sftp. It is often used as a complement to OpenSSH to provide limited
+    access to users.
+    </p>
+  </background>
+  <description>
+    <p>
+    Florian Schilhabel from the Gentoo Linux Security Audit Team found a
+    format string vulnerability in rssh syslogging of failed commands.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Using a malicious command, it may be possible for a remote
+    authenticated user to execute arbitrary code on the target machine with
+    user rights, effectively bypassing any restriction of rssh.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All rssh users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-shells/rssh-2.2.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.pizzashack.org/rssh/security.shtml">rssh security announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1628">CVE-2004-1628</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-25T13:31:44Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-25T13:31:54Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-26T13:24:10Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-29.xml b/metadata/glsa/glsa-200410-29.xml
new file mode 100644
index 000000000000..eedde950e8a8
--- /dev/null
+++ b/metadata/glsa/glsa-200410-29.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-29">
+  <title>PuTTY: Pre-authentication buffer overflow</title>
+  <synopsis>
+    PuTTY contains a vulnerability allowing an SSH server to execute arbitrary
+    code on the connecting client.
+  </synopsis>
+  <product type="ebuild">putty</product>
+  <announced>2004-10-27</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>69123</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/putty" auto="yes" arch="*">
+      <unaffected range="ge">0.56</unaffected>
+      <vulnerable range="le">0.55</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PuTTY is a free implementation of Telnet and SSH for Win32 and Unix
+    platforms, along with an xterm terminal emulator.
+    </p>
+  </background>
+  <description>
+    <p>
+    PuTTY fails to do proper bounds checking on SSH2_MSG_DEBUG packets. The
+    "stringlen" parameter value is incorrectly checked due to signedness
+    issues. Note that this vulnerability is similar to the one described in
+    GLSA 200408-04 but not the same.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    When PuTTY connects to a server using the SSH2 protocol, an attacker
+    may be able to send specially crafted packets to the client, resulting
+    in the execution of arbitrary code with the permissions of the user
+    running PuTTY. Note that this is possible during the authentication
+    process but before host key verification.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PuTTY users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/putty-0.56"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=155">iDEFENSE Security Advisory 10.27.04</uri>
+    <uri link="https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html">PuTTY ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1008">CVE-2004-1008</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-27T15:40:45Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-27T15:40:58Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-27T16:43:51Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-30.xml b/metadata/glsa/glsa-200410-30.xml
new file mode 100644
index 000000000000..0acdd74f14d1
--- /dev/null
+++ b/metadata/glsa/glsa-200410-30.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-30">
+  <title>GPdf, KPDF, KOffice: Vulnerabilities in included xpdf</title>
+  <synopsis>
+    GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF
+    files, making them vulnerable to execution of arbitrary code upon viewing a
+    malicious PDF file.
+  </synopsis>
+  <product type="ebuild">GPdf</product>
+  <announced>2004-10-28</announced>
+  <revised count="02">2004-11-06</revised>
+  <bug>68558</bug>
+  <bug>68665</bug>
+  <bug>68571</bug>
+  <bug>69936</bug>
+  <bug>69624</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/koffice" auto="yes" arch="*">
+      <unaffected range="ge">1.3.4-r1</unaffected>
+      <unaffected range="rge">1.3.3-r2</unaffected>
+      <vulnerable range="lt">1.3.4-r1</vulnerable>
+    </package>
+    <package name="app-text/gpdf" auto="yes" arch="*">
+      <unaffected range="ge">2.8.0-r2</unaffected>
+      <unaffected range="rge">0.132-r2</unaffected>
+      <vulnerable range="lt">2.8.0-r2</vulnerable>
+    </package>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="ge">3.3.1-r2</unaffected>
+      <unaffected range="rge">3.3.0-r2</unaffected>
+      <unaffected range="rge">3.2.3-r2</unaffected>
+      <vulnerable range="lt">3.3.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GPdf is a Gnome-based PDF viewer. KPDF, part of the kdegraphics package, is
+    a KDE-based PDF viewer. KOffice is an integrated office suite for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is
+    vulnerable to multiple integer overflows, as described in GLSA 200410-20.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially-crafted PDF file,
+    potentially resulting in execution of arbitrary code with the rights of the
+    user running the affected utility.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GPdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/gpdf-0.132-r2"</code>
+    <p>
+    All KDE users should upgrade to the latest version of kdegraphics:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdegraphics-3.3.0-r2"</code>
+    <p>
+    All KOffice users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/koffice-1.3.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200410-20.xml">GLSA 200410-20</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888">CAN-2004-0888</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889">CAN-2004-0889</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-26T18:40:10Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-27T10:09:49Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-28T07:24:07Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200410-31.xml b/metadata/glsa/glsa-200410-31.xml
new file mode 100644
index 000000000000..0b3c9b01b943
--- /dev/null
+++ b/metadata/glsa/glsa-200410-31.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200410-31">
+  <title>Archive::Zip: Virus detection evasion</title>
+  <synopsis>
+    Email virus scanning software relying on Archive::Zip can be fooled into
+    thinking a ZIP attachment is empty while it contains a virus, allowing
+    detection evasion.
+  </synopsis>
+  <product type="ebuild">Archive::Zip</product>
+  <announced>2004-10-29</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>68616</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/Archive-Zip" auto="yes" arch="*">
+      <unaffected range="ge">1.14</unaffected>
+      <vulnerable range="lt">1.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Archive::Zip is a Perl module containing functions to handle ZIP
+    archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    Archive::Zip can be used by email scanning software (like amavisd-new)
+    to uncompress attachments before virus scanning. By modifying the
+    uncompressed size of archived files in the global header of the ZIP
+    file, it is possible to fool Archive::Zip into thinking some files
+    inside the archive have zero length.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could send a carefully crafted ZIP archive containing a
+    virus file and evade detection on some email virus-scanning software
+    relying on Archive::Zip for decompression.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Archive::Zip users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-perl/Archive-Zip-1.14"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=153">iDEFENSE Security Advisory 10.18.04</uri>
+    <uri link="https://rt.cpan.org/NoAuth/Bug.html?id=8077">rt.cpan.org bug #8077</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1096">CVE-2004-1096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-27T12:10:39Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-10-27T12:10:53Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-29T12:32:54Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-01.xml b/metadata/glsa/glsa-200411-01.xml
new file mode 100644
index 000000000000..6f967b16ef3e
--- /dev/null
+++ b/metadata/glsa/glsa-200411-01.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-01">
+  <title>ppp: No denial of service vulnerability</title>
+  <synopsis>
+    pppd contains a bug that allows an attacker to crash his own connection,
+    but it cannot be used to deny service to other users.
+  </synopsis>
+  <product type="ebuild">ppp</product>
+  <announced>2004-11-01</announced>
+  <revised count="02">2004-11-02</revised>
+  <bug>69152</bug>
+  <access>remote</access>
+  <affected>
+  </affected>
+  <background>
+    <p>
+    ppp is a Unix implementation of the Point-to-Point Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    The pppd server improperly verifies header fields, potentially leading to a
+    crash of the pppd process handling the connection. However, since a
+    separate pppd process handles each ppp connection, this would not affect
+    any other connection, or prevent new connections from being established.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    We incorrectly thought that this bug could be exploited to deny service to
+    all ppp users. It is not the case, this bug has no security impact
+    whatsoever. Many thanks to Paul Mackerras from the Samba team for
+    correcting our mistake.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no need for a workaround.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    ppp users can keep their current versions.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/379450">Incorrect BugTraq Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-01T10:32:16Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-01T10:32:28Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-01T16:53:20Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-02.xml b/metadata/glsa/glsa-200411-02.xml
new file mode 100644
index 000000000000..62383da4e78e
--- /dev/null
+++ b/metadata/glsa/glsa-200411-02.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-02">
+  <title>Cherokee: Format string vulnerability</title>
+  <synopsis>
+    Cherokee contains a format string vulnerability that could lead to denial
+    of service or the execution of arbitary code.
+  </synopsis>
+  <product type="ebuild">cherokee</product>
+  <announced>2004-11-01</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>67667</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/cherokee" auto="yes" arch="*">
+      <unaffected range="ge">0.4.17.1</unaffected>
+      <vulnerable range="le">0.4.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cherokee is an extra-light web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Florian Schilhabel from the Gentoo Linux Security Audit Team found a
+    format string vulnerability in the cherokee_logger_ncsa_write_string()
+    function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Using a specially crafted URL when authenticating via auth_pam, a
+    malicious user may be able to crash the server or execute arbitrary
+    code on the target machine with permissions of the user running
+    Cherokee.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cherokee users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/cherokee-0.4.17.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1097">CVE-2004-1097</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-01T10:17:11Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-01T11:49:51Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-01T15:51:07Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-03.xml b/metadata/glsa/glsa-200411-03.xml
new file mode 100644
index 000000000000..368ae1bfbd08
--- /dev/null
+++ b/metadata/glsa/glsa-200411-03.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-03">
+  <title>Apache 1.3: Buffer overflow vulnerability in mod_include</title>
+  <synopsis>
+    A buffer overflow vulnerability exists in mod_include which could possibly
+    allow a local attacker to gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2004-11-02</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>68564</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">1.3.32-r1</unaffected>
+      <vulnerable range="lt">1.3.32-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    internet. mod_include is an Apache module to handle Server Side Includes
+    (SSI).
+    </p>
+  </background>
+  <description>
+    <p>
+    A possible buffer overflow exists in the get_tag() function of
+    mod_include.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If Server Side Includes (SSI) are enabled, a local attacker may be able to
+    run arbitrary code with the rights of an httpd child process by making use
+    of a specially-crafted document with malformed SSI.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-1.3.32-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940">CAN-2004-0940</uri>
+    <uri link="http://www.apacheweek.com/features/security-13">Security vulnerabilities in Apache httpd 1.3</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-27T10:11:41Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-29T12:38:27Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-02T11:16:30Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-04.xml b/metadata/glsa/glsa-200411-04.xml
new file mode 100644
index 000000000000..20990b150221
--- /dev/null
+++ b/metadata/glsa/glsa-200411-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-04">
+  <title>Speedtouch USB driver: Privilege escalation vulnerability</title>
+  <synopsis>
+    A vulnerability in the Speedtouch USB driver can be exploited to allow
+    local users to execute arbitrary code with escalated privileges.
+  </synopsis>
+  <product type="ebuild">speedtouch</product>
+  <announced>2004-11-02</announced>
+  <revised count="01">2004-11-02</revised>
+  <bug>68436</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dialup/speedtouch" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1</unaffected>
+      <vulnerable range="lt">1.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The speedtouch package contains a driver for the ADSL SpeedTouch USB modem.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Speedtouch USB driver contains multiple format string vulnerabilities
+    in modem_run, pppoa2 and pppoa3. This flaw is due to an improperly made
+    syslog() system call.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A malicious local user could exploit this vulnerability by causing a buffer
+    overflow, and potentially allowing the execution of arbitrary code with
+    escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Speedtouch USB driver users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dialup/speedtouch-1.3.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0834">CAN-2004-0834</uri>
+    <uri link="https://speedtouch.sourceforge.net/index.php?/news.en.html">Speedtouch Project News Announcements</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-29T08:13:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-29T13:15:40Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-02T13:27:33Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-05.xml b/metadata/glsa/glsa-200411-05.xml
new file mode 100644
index 000000000000..ea637eca71b3
--- /dev/null
+++ b/metadata/glsa/glsa-200411-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-05">
+  <title>libxml2: Remotely exploitable buffer overflow</title>
+  <synopsis>
+    libxml2 contains multiple buffer overflows which could lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2004-11-02</announced>
+  <revised count="01">2004-11-02</revised>
+  <bug>69154</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.6.15</unaffected>
+      <vulnerable range="lt">2.6.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libxml2 is an XML parsing library written in C.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple buffer overflows have been detected in the nanoftp and nanohttp
+    modules. These modules are responsible for parsing URLs with ftp
+    information, and resolving names via DNS.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit an application that uses libxml2 by forcing it to
+    parse a specially-crafted XML file, potentially causing remote execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libxml2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.6.15"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/379383">BugTraq Advisory</uri>
+    <uri link="http://www.xmlsoft.org/ChangeLog.html">libxml2 ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989">CAN-2004-0989</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-10-30T16:39:51Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-10-31T21:35:49Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-01T23:01:51Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-06.xml b/metadata/glsa/glsa-200411-06.xml
new file mode 100644
index 000000000000..f0d1df810fb5
--- /dev/null
+++ b/metadata/glsa/glsa-200411-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-06">
+  <title>MIME-tools: Virus detection evasion</title>
+  <synopsis>
+    MIME-tools doesn't handle empty MIME boundaries correctly. This may prevent
+    some virus-scanning programs which use MIME-tools from detecting certain
+    viruses.
+  </synopsis>
+  <product type="ebuild">MIME-tools</product>
+  <announced>2004-11-02</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>69181</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/MIME-tools" auto="yes" arch="*">
+      <unaffected range="ge">5.415</unaffected>
+      <vulnerable range="lt">5.415</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIME-tools is a Perl module containing functions to handle MIME
+    attachments.
+    </p>
+  </background>
+  <description>
+    <p>
+    MIME-tools doesn't correctly parse attachment boundaries with an empty
+    name (boundary="").
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could send a carefully crafted email and evade detection on
+    some email virus-scanning programs using MIME-tools for attachment
+    decoding.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIME-tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-perl/MIME-tools-5.415"</code>
+  </resolution>
+  <references>
+    <uri link="https://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html">MIMEDefang announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1098">CVE-2004-1098</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-02T13:33:38Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-02T13:34:00Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-02T17:50:24Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-07.xml b/metadata/glsa/glsa-200411-07.xml
new file mode 100644
index 000000000000..5463bdb35b8a
--- /dev/null
+++ b/metadata/glsa/glsa-200411-07.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-07">
+  <title>Proxytunnel: Format string vulnerability</title>
+  <synopsis>
+    Proxytunnel is vulnerable to a format string vulnerability, potentially
+    allowing a remote server to execute arbitrary code with the rights of the
+    Proxytunnel process.
+  </synopsis>
+  <product type="ebuild">Proxytunnel</product>
+  <announced>2004-11-03</announced>
+  <revised count="01">2004-11-03</revised>
+  <bug>69379</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/proxytunnel" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <vulnerable range="lt">1.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Proxytunnel is a program that tunnels connections to a remote server
+    through a standard HTTPS proxy.
+    </p>
+  </background>
+  <description>
+    <p>
+    Florian Schilhabel of the Gentoo Linux Security Audit project found a
+    format string vulnerability in Proxytunnel. When the program is started in
+    daemon mode (-a [port]), it improperly logs invalid proxy answers to
+    syslog.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious remote server could send specially-crafted invalid answers to
+    exploit the format string vulnerability, potentially allowing the execution
+    of arbitrary code on the tunnelling host with the rights of the Proxytunnel
+    process.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You can mitigate the issue by only allowing connections to trusted remote
+    servers.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Proxytunnel users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/proxytunnel-1.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0992">CAN-2004-0992</uri>
+    <uri link="https://proxytunnel.sourceforge.net/news.html">Proxytunnel News</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-02T21:56:56Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-03T09:32:39Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-03T14:02:21Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-08.xml b/metadata/glsa/glsa-200411-08.xml
new file mode 100644
index 000000000000..5236824f617a
--- /dev/null
+++ b/metadata/glsa/glsa-200411-08.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-08">
+  <title>GD: Integer overflow</title>
+  <synopsis>
+    The PNG image decoding routines in the GD library contain an integer
+    overflow that may allow execution of arbitrary code with the rights of the
+    program decoding a malicious PNG image.
+  </synopsis>
+  <product type="ebuild">GD</product>
+  <announced>2004-11-03</announced>
+  <revised count="01">2004-11-03</revised>
+  <bug>69070</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gd" auto="yes" arch="*">
+      <unaffected range="ge">2.0.32</unaffected>
+      <vulnerable range="lt">2.0.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GD graphics library is an open source library which allows programmers
+    to easily generate PNG, JPEG, GIF and WBMP images from many different
+    programming languages.
+    </p>
+  </background>
+  <description>
+    <p>
+    infamous41md found an integer overflow in the memory allocation procedure
+    of the GD routine that handles loading PNG image files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to load a carefully crafted PNG image
+    file in a GD-powered application, or send a PNG image to a web application
+    which uses GD PNG decoding functions. This could potentially lead to
+    execution of arbitrary code with the rights of the program loading the
+    image.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/gd-2.0.32"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/379382">Original BugTraq advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0990">CAN-2004-0990</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-01T10:23:54Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-02T21:56:13Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-03T20:55:19Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-09.xml b/metadata/glsa/glsa-200411-09.xml
new file mode 100644
index 000000000000..3d8b4b922763
--- /dev/null
+++ b/metadata/glsa/glsa-200411-09.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-09">
+  <title>shadow: Unauthorized modification of account information</title>
+  <synopsis>
+    A flaw in the chfn and chsh utilities might allow modification of account
+    properties by unauthorized users.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2004-11-04</announced>
+  <revised count="02">2004-11-05</revised>
+  <bug>69212</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.0.5-r1</unaffected>
+      <vulnerable range="lt">4.0.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    shadow provides a set of utilities to deal with user accounts.
+    </p>
+  </background>
+  <description>
+    <p>
+    Martin Schulze reported a flaw in the passwd_check() function in
+    "libmisc/pwdcheck.c" which is used by chfn and chsh.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A logged-in local user with an expired password may be able to use chfn and
+    chsh to change his standard shell or GECOS information (full name, phone
+    number...) without being required to change his password.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All shadow users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.0.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://ftp.pld.org.pl/software/shadow/NEWS">shadow NEWS file</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1001">CAN-2004-1001</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-03T20:36:10Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-03T20:36:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-03T21:01:01Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-10.xml b/metadata/glsa/glsa-200411-10.xml
new file mode 100644
index 000000000000..9473bdac5d52
--- /dev/null
+++ b/metadata/glsa/glsa-200411-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-10">
+  <title>Gallery: Cross-site scripting vulnerability</title>
+  <synopsis>
+    Gallery is vulnerable to cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">gallery</product>
+  <announced>2004-11-06</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>69904</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4_p4</unaffected>
+      <vulnerable range="lt">1.4.4_p4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is a web application written in PHP which is used to organize
+    and publish photo albums. It allows multiple users to build and
+    maintain their own albums. It also supports the mirroring of images on
+    other servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jim Paris has discovered a cross-site scripting vulnerability in
+    Gallery.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By sending a carefully crafted URL, an attacker can inject and execute
+    script code in the victim's browser window, and potentially compromise
+    the users gallery.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gallery users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/gallery-1.4.4_p4"</code>
+  </resolution>
+  <references>
+    <uri link="http://gallery.menalto.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=142&amp;mode=thread&amp;order=0&amp;thold=0">Gallery Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1106">CVE-2004-1106</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-11-05T01:49:40Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-06T09:24:41Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-11.xml b/metadata/glsa/glsa-200411-11.xml
new file mode 100644
index 000000000000..db0a5d1a0217
--- /dev/null
+++ b/metadata/glsa/glsa-200411-11.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-11">
+  <title>ImageMagick: EXIF buffer overflow</title>
+  <synopsis>
+    ImageMagick contains an error in boundary checks when handling EXIF
+    information, which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2004-11-06</announced>
+  <revised count="01">2004-11-06</revised>
+  <bug>69825</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.1.3.2</unaffected>
+      <vulnerable range="lt">6.1.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a collection of tools to read, write and manipulate images
+    in many formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    ImageMagick fails to do proper bounds checking when handling image files
+    with EXIF information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could use an image file with specially-crafted EXIF information
+    to cause arbitrary code execution with the permissions of the user running
+    ImageMagick.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.1.3.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981">CAN-2004-0981</uri>
+    <uri link="https://www.imagemagick.org/www/Changelog.html">ImageMagick ChangeLog</uri>
+    <uri link="https://secunia.com/advisories/12995/">SA 12995</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-05T13:21:51Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-06T13:00:12Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-06T18:34:28Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-12.xml b/metadata/glsa/glsa-200411-12.xml
new file mode 100644
index 000000000000..4bafdda5968d
--- /dev/null
+++ b/metadata/glsa/glsa-200411-12.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-12">
+  <title>zgv: Multiple buffer overflows</title>
+  <synopsis>
+    zgv contains multiple buffer overflows that can potentially lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">zgv</product>
+  <announced>2004-11-07</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>69150</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/zgv" auto="yes" arch="*">
+      <unaffected range="ge">5.8</unaffected>
+      <vulnerable range="lt">5.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    zgv is a console image viewer based on svgalib.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple arithmetic overflows have been detected in the image
+    processing code of zgv.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially-crafted image file,
+    potentially resulting in execution of arbitrary code with the rights of
+    the user running zgv.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All zgv users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/zgv-5.8"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/379472">BugTraq Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1095">CVE-2004-1095</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-06T19:26:29Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-06T20:47:51Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-06T21:08:18Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-13.xml b/metadata/glsa/glsa-200411-13.xml
new file mode 100644
index 000000000000..2c5d7845bcc2
--- /dev/null
+++ b/metadata/glsa/glsa-200411-13.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-13">
+  <title>Portage, Gentoolkit: Temporary file vulnerabilities</title>
+  <synopsis>
+    dispatch-conf (included in Portage) and qpkg (included in Gentoolkit) are
+    vulnerable to symlink attacks, potentially allowing a local user to
+    overwrite arbitrary files with the rights of the user running the script.
+  </synopsis>
+  <product type="ebuild">portage gentoolkit</product>
+  <announced>2004-11-07</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>68846</bug>
+  <bug>69147</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/portage" auto="yes" arch="*">
+      <unaffected range="ge">2.0.51-r3</unaffected>
+      <vulnerable range="le">2.0.51-r2</vulnerable>
+    </package>
+    <package name="app-portage/gentoolkit" auto="yes" arch="*">
+      <unaffected range="ge">0.2.0_pre10-r1</unaffected>
+      <unaffected range="rge">0.2.0_pre8-r1</unaffected>
+      <vulnerable range="le">0.2.0_pre10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Portage is Gentoo's package management tool. The dispatch-conf utility
+    allows for easy rollback of configuration file changes and automatic
+    updates of configurations files never modified by users. Gentoolkit is
+    a collection of Gentoo specific administration scripts, one of which is
+    the portage querying tool qpkg.
+    </p>
+  </background>
+  <description>
+    <p>
+    dispatch-conf and qpkg use predictable filenames for temporary files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    an affected script is called, this would result in the file to be
+    overwritten with the rights of the user running the dispatch-conf or
+    qpkg, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Portage users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/portage-2.0.51-r3"</code>
+    <p>
+    All Gentoolkit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-portage/gentoolkit-0.2.0_pre8-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1107">CVE-2004-1107</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1108">CVE-2004-1108</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-02T14:02:06Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-02T17:41:31Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-07T11:16:08Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-14.xml b/metadata/glsa/glsa-200411-14.xml
new file mode 100644
index 000000000000..bb0f1551b2f7
--- /dev/null
+++ b/metadata/glsa/glsa-200411-14.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-14">
+  <title>Kaffeine, gxine: Remotely exploitable buffer overflow</title>
+  <synopsis>
+    Kaffeine and gxine both contain a buffer overflow that can be exploited
+    when accessing content from a malicious HTTP server with specially crafted
+    headers.
+  </synopsis>
+  <product type="ebuild">kaffeine gxine</product>
+  <announced>2004-11-07</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>69663</bug>
+  <bug>70055</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/kaffeine" auto="yes" arch="*">
+      <unaffected range="ge">0.5_rc1-r1</unaffected>
+      <unaffected range="rge">0.4.3b-r1</unaffected>
+      <vulnerable range="lt">0.5_rc1-r1</vulnerable>
+    </package>
+    <package name="media-video/gxine" auto="yes" arch="*">
+      <unaffected range="ge">0.3.3-r1</unaffected>
+      <vulnerable range="lt">0.3.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Kaffeine and gxine are graphical front-ends for xine-lib multimedia
+    library.
+    </p>
+  </background>
+  <description>
+    <p>
+    KF of Secure Network Operations has discovered an overflow that occurs
+    during the Content-Type header processing of Kaffeine. The vulnerable
+    code in Kaffeine is reused from gxine, making gxine vulnerable as well.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could create a specially-crafted Content-type header from a
+    malicious HTTP server, and crash a user's instance of Kaffeine or
+    gxine, potentially allowing the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Kaffeine users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/kaffeine-0.4.3b-r1"</code>
+    <p>
+    All gxine users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/gxine-0.3.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://securitytracker.com/alerts/2004/Oct/1011936.html">SecurityTracker Advisory</uri>
+    <uri link="https://sourceforge.net/tracker/index.php?func=detail&amp;aid=1060299&amp;group_id=9655&amp;atid=109655">gxine Bug Report</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1034">CVE-2004-1034</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-03T13:13:11Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-05T01:34:00Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-07T19:19:00Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-15.xml b/metadata/glsa/glsa-200411-15.xml
new file mode 100644
index 000000000000..431a862755fb
--- /dev/null
+++ b/metadata/glsa/glsa-200411-15.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-15">
+  <title>OpenSSL, Groff: Insecure tempfile handling</title>
+  <synopsis>
+    groffer, included in the Groff package, and the der_chop script, included
+    in the OpenSSL package, are both vulnerable to symlink attacks, potentially
+    allowing a local user to overwrite arbitrary files with the rights of the
+    user running the utility.
+  </synopsis>
+  <product type="ebuild">OpenSSL</product>
+  <announced>2004-11-08</announced>
+  <revised count="02">2006-08-23</revised>
+  <bug>68404</bug>
+  <bug>68407</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.7d-r2</unaffected>
+      <vulnerable range="lt">0.9.7d-r2</vulnerable>
+    </package>
+    <package name="sys-apps/groff" auto="yes" arch="*">
+      <unaffected range="ge">1.19.1-r2</unaffected>
+      <unaffected range="rge">1.18.1.1</unaffected>
+      <vulnerable range="lt">1.19.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is a toolkit implementing the Secure Sockets Layer and
+    Transport Layer Security protocols as well as a general-purpose
+    cryptography library. It includes the der_chop script, which is used to
+    convert DER-encoded certificates to PEM format. Groff (GNU Troff) is a
+    typesetting package which reads plain text mixed with formatting
+    commands and produces formatted output. It includes groffer, a command
+    used to display groff files and man pages on X and tty.
+    </p>
+  </background>
+  <description>
+    <p>
+    groffer and the der_chop script create temporary files in
+    world-writeable directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    groffer or der_chop is executed, this would result in the file being
+    overwritten with the rights of the user running the utility, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Groff users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose sys-apps/groff</code>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.7d-r2"</code>
+    <p>
+    Note: /etc/ssl/misc/der_chop is protected by Portage as a configuration
+    file. Don't forget to use etc-update and overwrite the old version with
+    the new one.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0969">CAN-2004-0969</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975">CAN-2004-0975</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-11-07T18:43:48Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-07T18:44:31Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-16.xml b/metadata/glsa/glsa-200411-16.xml
new file mode 100644
index 000000000000..f526ea900f97
--- /dev/null
+++ b/metadata/glsa/glsa-200411-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-16">
+  <title>zip: Path name buffer overflow</title>
+  <synopsis>
+    zip contains a buffer overflow when creating a ZIP archive of files with
+    very long path names. This could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">zip</product>
+  <announced>2004-11-09</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>70227</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/zip" auto="yes" arch="*">
+      <unaffected range="ge">2.3-r4</unaffected>
+      <vulnerable range="le">2.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    zip is a compression and file packaging utility.
+    </p>
+  </background>
+  <description>
+    <p>
+    zip does not check the resulting path length when doing recursive
+    folder compression.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this by enticing another user or web
+    application to create an archive including a specially-crafted path
+    name, potentially resulting in the execution of arbitrary code with the
+    permissions of the user running zip.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All zip users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/zip-2.3-r4"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.hexview.com/docs/20041103-1.txt">HexView zip Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1010">CVE-2004-1010</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-07T18:59:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-08T15:14:42Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-08T20:46:08Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-17.xml b/metadata/glsa/glsa-200411-17.xml
new file mode 100644
index 000000000000..3ae85fe3404d
--- /dev/null
+++ b/metadata/glsa/glsa-200411-17.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-17">
+  <title>mtink: Insecure tempfile handling</title>
+  <synopsis>
+    mtink is vulnerable to symlink attacks, potentially allowing a local user
+    to overwrite arbitrary files with the rights of the user running the
+    utility.
+  </synopsis>
+  <product type="ebuild">mtink</product>
+  <announced>2004-11-09</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>70310</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-print/mtink" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mtink is a status monitor and inkjet cartridge changer for some Epson
+    printers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy from Gentoo Linux discovered that mtink uses insecure
+    permissions on temporary files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    mtink is executed, this would result in the file being overwritten with
+    the rights of the user running the utility, which could be the root
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mtink users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/mtink-1.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1110">CVE-2004-1110</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-08T11:16:34Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-08T11:16:46Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-08T21:01:51Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-18.xml b/metadata/glsa/glsa-200411-18.xml
new file mode 100644
index 000000000000..c5bb52f60330
--- /dev/null
+++ b/metadata/glsa/glsa-200411-18.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-18">
+  <title>Apache 2.0: Denial of Service by memory consumption</title>
+  <synopsis>
+    A flaw in Apache 2.0 could allow a remote attacker to cause a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2004-11-10</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>70138</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.52-r1</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.0.52-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP Server is one of the most popular web servers on the Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a large amount of specially-crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache 2.0 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.0.52-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942">CAN-2004-0942</uri>
+    <uri link="http://www.apacheweek.com/features/security-20">Security vulnerabilities in Apache httpd 2.0</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-11-08T09:58:15Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-09T20:43:00Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-19.xml b/metadata/glsa/glsa-200411-19.xml
new file mode 100644
index 000000000000..8e8e6bf70120
--- /dev/null
+++ b/metadata/glsa/glsa-200411-19.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-19">
+  <title>Pavuk: Multiple buffer overflows</title>
+  <synopsis>
+    Pavuk contains multiple buffer overflows that can allow a remote attacker
+    to run arbitrary code.
+  </synopsis>
+  <product type="ebuild">pavuk</product>
+  <announced>2004-11-10</announced>
+  <revised count="01">2004-11-10</revised>
+  <bug>70516</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/pavuk" auto="yes" arch="*">
+      <unaffected range="ge">0.9.31</unaffected>
+      <vulnerable range="lt">0.9.31</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pavuk is web spider and website mirroring tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause a buffer overflow, leading to arbitrary code execution with the rights of the user running Pavuk.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pavuk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/pavuk-0.9.31"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200407-19.xml">GLSA-200407-19</uri>
+    <uri link="https://secunia.com/advisories/13120/">SA13120</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0456">CAN-2004-0456</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-10T07:00:44Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-10T15:50:02Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-10T15:51:22Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-20.xml b/metadata/glsa/glsa-200411-20.xml
new file mode 100644
index 000000000000..a961493f14d0
--- /dev/null
+++ b/metadata/glsa/glsa-200411-20.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-20">
+  <title>ez-ipupdate: Format string vulnerability</title>
+  <synopsis>
+    ez-ipupdate contains a format string vulnerability that could lead to
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ez-ipupdate</product>
+  <announced>2004-11-11</announced>
+  <revised count="01">2004-11-11</revised>
+  <bug>69658</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/ez-ipupdate" auto="yes" arch="*">
+      <unaffected range="ge">3.0.11_beta8-r1</unaffected>
+      <vulnerable range="le">3.0.11_beta8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this to execute arbitrary code with the permissions of the user running ez-ipupdate, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ez-ipupdate users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/ez-ipupdate-3.0.11_beta8-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0980">CAN-2004-0980</uri>
+    <uri link="http://lists.netsys.com/pipermail/full-disclosure/2004-November/028590.html">Full Disclosure Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-11-09T20:12:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-11T14:43:17Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-21.xml b/metadata/glsa/glsa-200411-21.xml
new file mode 100644
index 000000000000..92b70f718843
--- /dev/null
+++ b/metadata/glsa/glsa-200411-21.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-21">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>
+    Samba is vulnerable to a buffer overflow that could lead to execution of
+    arbitrary code (CAN-2004-0882). Another flaw in Samba may allow a remote
+    attacker to cause a Denial of Service by excessive consumption of CPU
+    cycles (CAN-2004-0930).
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2004-11-11</announced>
+  <revised count="02">2004-11-15</revised>
+  <bug>70429</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.8</unaffected>
+      <unaffected range="lt">3.0</unaffected>
+      <vulnerable range="lt">3.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a freely available SMB/CIFS implementation which allows
+    seamless interoperability of file and print services to other SMB/CIFS
+    clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    Samba fails to do proper bounds checking when handling
+    TRANSACT2_QFILEPATHINFO replies. Additionally an input validation flaw
+    exists in ms_fnmatch.c when matching filenames that contain wildcards.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may be able to execute arbitrary code with the permissions
+    of the user running Samba. A remote attacker may also be able to cause
+    an abnormal consumption of CPU resources, resulting in slower
+    performance of the server or even a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.samba.org/samba/security/CAN-2004-0930.html">Samba Security Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930">CAN-2004-0930</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882">CAN-2004-0882</uri>
+    <uri link="http://security.e-matters.de/advisories/132004.html">E-Matters Advisory 13/2004</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-10T10:26:07Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-10T20:53:51Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-11T10:18:49Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-22.xml b/metadata/glsa/glsa-200411-22.xml
new file mode 100644
index 000000000000..142b27c0aaec
--- /dev/null
+++ b/metadata/glsa/glsa-200411-22.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-22">
+  <title>Davfs2, lvm-user: Insecure tempfile handling</title>
+  <synopsis>
+    Davfs2 and the lvmcreate_initrd script (included in the lvm-user package)
+    are both vulnerable to symlink attacks, potentially allowing a local user
+    to overwrite arbitrary files with the rights of the user running them.
+  </synopsis>
+  <product type="ebuild">davfs2</product>
+  <announced>2004-11-11</announced>
+  <revised count="01">2004-11-11</revised>
+  <bug>68406</bug>
+  <bug>69149</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-fs/davfs2" auto="yes" arch="*">
+      <unaffected range="ge">0.2.2-r1</unaffected>
+      <vulnerable range="lt">0.2.2-r1</vulnerable>
+    </package>
+    <package name="sys-fs/lvm-user" auto="yes" arch="*">
+      <unaffected range="ge">1.0.7-r2</unaffected>
+      <vulnerable range="lt">1.0.7-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Davfs2 is a file system driver that allows you to mount a WebDAV
+    server as a local disk drive. lvm-user is a package providing userland
+    utilities for LVM (Logical Volume Management) 1.x features.
+    </p>
+  </background>
+  <description>
+    <p>
+    Florian Schilhabel from the Gentoo Linux Security Audit Team found
+    that Davfs2 insecurely created .pid files in /tmp. Furthermore, Trustix
+    Secure Linux found that the lvmcreate_initrd script, included in the
+    lvm-user Gentoo package, also creates temporary files in
+    world-writeable directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When Davfs2 or lvmcreate_initrd is called, this would result in the
+    file being overwritten with the rights of the user running the
+    software, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Davfs2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/davfs2-0.2.2-r1"</code>
+    <p>
+    All lvm-user users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-fs/lvm-user-1.0.7-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0972">CAN-2004-0972</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-11-10T09:15:59Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-11T20:29:52Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-23.xml b/metadata/glsa/glsa-200411-23.xml
new file mode 100644
index 000000000000..2291fd7f3113
--- /dev/null
+++ b/metadata/glsa/glsa-200411-23.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-23">
+  <title>Ruby: Denial of Service issue</title>
+  <synopsis>
+    The CGI module in Ruby can be sent into an infinite loop, resulting in a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">Ruby</product>
+  <announced>2004-11-16</announced>
+  <revised count="01">2004-11-16</revised>
+  <bug>69985</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="rge">1.6.8-r12</unaffected>
+      <unaffected range="ge">1.8.2_pre3</unaffected>
+      <vulnerable range="lt">1.8.2_pre3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is an interpreted scripting language for quick and easy
+    object-oriented programming. Ruby's CGI module can be used to build web
+    applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ruby's developers found and fixed an issue in the CGI module that
+    can be triggered remotely and cause an infinite loop.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could trigger the vulnerability through an
+    exposed Ruby web application and cause the server to use unnecessary
+    CPU resources, potentially resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby 1.6.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.6.8-r12"</code>
+    <p>
+    All Ruby 1.8.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.2_pre3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0983">CAN-2004-0983</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-15T10:02:12Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-15T10:02:22Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-15T20:10:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-24.xml b/metadata/glsa/glsa-200411-24.xml
new file mode 100644
index 000000000000..640947bfce58
--- /dev/null
+++ b/metadata/glsa/glsa-200411-24.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-24">
+  <title>BNC: Buffer overflow vulnerability</title>
+  <synopsis>
+    BNC contains a buffer overflow vulnerability that may lead to Denial of
+    Service and execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">BNC</product>
+  <announced>2004-11-16</announced>
+  <revised count="01">2004-11-16</revised>
+  <bug>70674</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/bnc" auto="yes" arch="*">
+      <unaffected range="ge">2.9.1</unaffected>
+      <vulnerable range="lt">2.9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BNC (BouNCe) is an IRC proxy server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Leon Juranic discovered that BNC fails to do proper bounds
+    checking when checking server response.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this to cause a Denial of Service and
+    potentially execute arbitary code with the permissions of the user
+    running BNC.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BNC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/bnc-2.9.1"</code>
+  </resolution>
+  <references>
+    <uri link="http://gotbnc.com/changes.html">BNC ChangeLog</uri>
+    <uri link="http://security.lss.hr/en/index.php?page=details&amp;ID=LSS-2004-11-03">LSS-2004-11-03</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-11T20:17:39Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-11T21:49:41Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-12T23:44:26Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-25.xml b/metadata/glsa/glsa-200411-25.xml
new file mode 100644
index 000000000000..9b3e8047bb14
--- /dev/null
+++ b/metadata/glsa/glsa-200411-25.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-25">
+  <title>SquirrelMail: Encoded text XSS vulnerability</title>
+  <synopsis>
+    Squirrelmail fails to properly sanitize user input, which could lead to a
+    compromise of webmail accounts.
+  </synopsis>
+  <product type="ebuild">SquirrelMail</product>
+  <announced>2004-11-17</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>70739</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3a-r2</unaffected>
+      <vulnerable range="lt">1.4.3a-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SquirrelMail is a webmail package written in PHP. It supports IMAP and
+    SMTP, and can optionally be installed with SQL support.
+    </p>
+  </background>
+  <description>
+    <p>
+    SquirrelMail fails to properly sanitize certain strings when decoding
+    specially-crafted headers.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By enticing a user to read a specially-crafted e-mail, an attacker can
+    execute arbitrary scripts running in the context of the victim's
+    browser. This could lead to a compromise of the user's webmail account,
+    cookie theft, etc.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SquirrelMail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/squirrelmail-1.4.3a-r2"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://article.gmane.org/gmane.mail.squirrelmail.user/21169">SquirrelMail Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1036">CVE-2004-1036</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-13T07:50:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-14T18:02:58Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-14T18:40:00Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-26.xml b/metadata/glsa/glsa-200411-26.xml
new file mode 100644
index 000000000000..cef38b73b45c
--- /dev/null
+++ b/metadata/glsa/glsa-200411-26.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-26">
+  <title>GIMPS, SETI@home, ChessBrain: Insecure installation</title>
+  <synopsis>
+    Improper file ownership allows user-owned files to be run with root
+    privileges by init scripts.
+  </synopsis>
+  <product type="ebuild">GIMPS,SETI@home,ChessBrain</product>
+  <announced>2004-11-17</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>69868</bug>
+  <access>local</access>
+  <affected>
+    <package name="sci-misc/gimps" auto="yes" arch="*">
+      <unaffected range="ge">23.9-r1</unaffected>
+      <vulnerable range="le">23.9</vulnerable>
+    </package>
+    <package name="sci-misc/setiathome" auto="yes" arch="*">
+      <unaffected range="ge">3.08-r4</unaffected>
+      <unaffected range="rge">3.03-r2</unaffected>
+      <vulnerable range="le">3.08-r3</vulnerable>
+    </package>
+    <package name="sci-misc/chessbrain" auto="yes" arch="*">
+      <unaffected range="ge">20407-r1</unaffected>
+      <vulnerable range="le">20407</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GIMPS is a client for the distributed Great Internet Mersenne Prime
+    Search. SETI@home is the client for the Search for Extraterrestrial
+    Intelligence (SETI) project. ChessBrain is the client for the
+    distributed chess supercomputer.
+    </p>
+  </background>
+  <description>
+    <p>
+    GIMPS, SETI@home and ChessBrain ebuilds install user-owned binaries and
+    init scripts which are executed with root privileges.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    This could lead to a local privilege escalation or root compromise.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GIMPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sci-misc/gimps-23.9-r1"</code>
+    <p>
+    All SETI@home users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sci-misc/setiathome-3.03-r2"</code>
+    <p>
+    All ChessBrain users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sci-misc/chessbrain-20407-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1115">CVE-2004-1115</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1116">CVE-2004-1116</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1117">CVE-2004-1117</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-13T08:00:15Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-14T18:34:14Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-14T18:38:42Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-27.xml b/metadata/glsa/glsa-200411-27.xml
new file mode 100644
index 000000000000..04591f91d4e6
--- /dev/null
+++ b/metadata/glsa/glsa-200411-27.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-27">
+  <title>Fcron: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Fcron can allow a local user to potentially
+    cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">fcron</product>
+  <announced>2004-11-18</announced>
+  <revised count="01">2004-11-18</revised>
+  <bug>71311</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-process/fcron" auto="yes" arch="*">
+      <unaffected range="rge">2.0.2</unaffected>
+      <unaffected range="ge">2.9.5.1</unaffected>
+      <vulnerable range="le">2.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Fcron is a command scheduler with extended capabilities over cron
+    and anacron.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to design errors in the fcronsighup program, Fcron may allow a
+    local user to bypass access restrictions (CAN-2004-1031), view the
+    contents of root owned files (CAN-2004-1030), remove arbitrary files or
+    create empty files (CAN-2004-1032), and send a SIGHUP to any process. A
+    vulnerability also exists in fcrontab which may allow local users to
+    view the contents of fcron.allow and fcron.deny (CAN-2004-1033).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit these vulnerabilities to perform a
+    Denial of Service on the system running Fcron.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Make sure the fcronsighup and fcrontab binaries are only
+    executable by trusted users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Fcron users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-process/fcron-2.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1030">CAN-2004-1030</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1031">CAN-2004-1031</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1032">CAN-2004-1032</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1033">CAN-2004-1033</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-16T16:18:47Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-16T19:52:12Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-17T19:04:05Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-28.xml b/metadata/glsa/glsa-200411-28.xml
new file mode 100644
index 000000000000..7507b1cf774e
--- /dev/null
+++ b/metadata/glsa/glsa-200411-28.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-28">
+  <title>X.Org, XFree86: libXpm vulnerabilities</title>
+  <synopsis>
+    libXpm contains several vulnerabilities that could lead to a Denial of
+    Service and arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">X.Org, XFree86</product>
+  <announced>2004-11-19</announced>
+  <revised count="01">2004-11-19</revised>
+  <bug>68544</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-base/xorg-x11" auto="yes" arch="*">
+      <unaffected range="ge">6.8.0-r3</unaffected>
+      <unaffected range="rge">6.7.0-r3</unaffected>
+      <vulnerable range="lt">6.8.0-r3</vulnerable>
+    </package>
+    <package name="x11-base/xfree" auto="yes" arch="*">
+      <unaffected range="ge">4.3.0-r8</unaffected>
+      <vulnerable range="lt">4.3.0-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libXpm is a pixmap manipulation library for the X Window System,
+    included in both X.Org and XFree86.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several issues were discovered in libXpm, including integer
+    overflows, out-of-bounds memory accesses, insecure path traversal and
+    an endless loop.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious pixmap file and entice a user
+    to use it with an application linked against libXpm. This could lead to
+    Denial of Service or arbitrary code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.Org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-x11-6.7.0-r3"</code>
+    <p>
+    All XFree86 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xfree-x11-4.3.0-r8"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914">CAN-2004-0914</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-17T20:14:27Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-17T20:53:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-18T10:05:15Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-29.xml b/metadata/glsa/glsa-200411-29.xml
new file mode 100644
index 000000000000..5e7ce88ffbab
--- /dev/null
+++ b/metadata/glsa/glsa-200411-29.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-29">
+  <title>unarj: Long filenames buffer overflow and a path traversal vulnerability</title>
+  <synopsis>
+    unarj contains a buffer overflow and a directory traversal vulnerability.
+    This could lead to overwriting of arbitrary files or the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">unarj</product>
+  <announced>2004-11-19</announced>
+  <revised count="01">2004-11-19</revised>
+  <bug>70966</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/unarj" auto="yes" arch="*">
+      <unaffected range="ge">2.63a-r2</unaffected>
+      <vulnerable range="lt">2.63a-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    unarj is an ARJ archive decompressor.
+    </p>
+  </background>
+  <description>
+    <p>
+    unarj has a bounds checking vulnerability within the handling of
+    long filenames in archives. It also fails to properly sanitize paths
+    when extracting an archive (if the "x" option is used to preserve
+    paths).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could trigger a buffer overflow or a path traversal by
+    enticing a user to open an archive containing specially-crafted path
+    names, potentially resulting in the overwrite of files or execution of
+    arbitrary code with the permissions of the user running unarj.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All unarj users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/unarj-2.63a-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0947">CAN-2004-0947</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1027">CAN-2004-1027</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-18T16:42:36Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-18T16:42:55Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-19T09:32:28Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-30.xml b/metadata/glsa/glsa-200411-30.xml
new file mode 100644
index 000000000000..c7f115fc23ad
--- /dev/null
+++ b/metadata/glsa/glsa-200411-30.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-30">
+  <title>pdftohtml: Vulnerabilities in included Xpdf</title>
+  <synopsis>
+    pdftohtml includes vulnerable Xpdf code to handle PDF files, making it
+    vulnerable to execution of arbitrary code upon converting a malicious PDF
+    file.
+  </synopsis>
+  <product type="ebuild">pdftohtml</product>
+  <announced>2004-11-23</announced>
+  <revised count="01">2004-11-23</revised>
+  <bug>69019</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/pdftohtml" auto="yes" arch="*">
+      <unaffected range="ge">0.36-r1</unaffected>
+      <vulnerable range="le">0.36</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pdftohtml is a utility to convert PDF files to HTML or XML
+    formats. It makes use of Xpdf code to decode PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Xpdf is vulnerable to multiple integer overflows, as described in
+    GLSA 200410-20.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to convert a specially-crafted PDF
+    file, potentially resulting in execution of arbitrary code with the
+    rights of the user running pdftohtml.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pdftohtml users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/pdftohtml-0.36-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200410-20.xml">GLSA 200410-20</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888">CAN-2004-0888</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-11-22T17:05:12Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-22T17:05:20Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-31.xml b/metadata/glsa/glsa-200411-31.xml
new file mode 100644
index 000000000000..5a56b6bc239d
--- /dev/null
+++ b/metadata/glsa/glsa-200411-31.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-31">
+  <title>ProZilla: Multiple vulnerabilities</title>
+  <synopsis>
+    ProZilla contains several buffer overflow vulnerabilities that can be
+    exploited by a malicious server to execute arbitrary code with the rights
+    of the user running ProZilla.
+  </synopsis>
+  <product type="ebuild">ProZilla</product>
+  <announced>2004-11-23</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>70090</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/prozilla" auto="yes" arch="*">
+      <vulnerable range="le">1.3.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ProZilla is a download accelerator for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    ProZilla contains several exploitable buffer overflows in the code
+    handling the network protocols.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could setup a malicious server and entice a user to
+    retrieve files from that server using ProZilla. This could lead to the
+    execution of arbitrary code with the rights of the user running
+    ProZilla.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Currently, there is no released version of ProZilla that contains a fix
+    for these issues. The original author did not respond to our queries,
+    the code contains several other problems and more secure alternatives
+    exist. Therefore, the ProZilla package has been hard-masked prior to
+    complete removal from Portage, and current users are advised to unmerge
+    the package.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1120">CVE-2004-1120</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-22T17:28:48Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-22T19:27:08Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-22T19:46:53Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-32.xml b/metadata/glsa/glsa-200411-32.xml
new file mode 100644
index 000000000000..9fe7c6383eda
--- /dev/null
+++ b/metadata/glsa/glsa-200411-32.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-32">
+  <title>phpBB: Remote command execution</title>
+  <synopsis>
+    phpBB contains a vulnerability which allows a remote attacker to execute
+    arbitrary commands with the rights of the web server user.
+  </synopsis>
+  <product type="ebuild">phpBB</product>
+  <announced>2004-11-24</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>71681</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpbb" auto="yes" arch="*">
+      <unaffected range="ge">2.0.11</unaffected>
+      <vulnerable range="lt">2.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpBB is an Open Source bulletin board package.
+    </p>
+  </background>
+  <description>
+    <p>
+    phpBB contains a vulnerability in the highlighting code and several
+    vulnerabilities in the username handling code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker can exploit the highlighting vulnerability to access the
+    PHP exec() function without restriction, allowing them to run arbitrary
+    commands with the rights of the web server user (for example the apache
+    user). Furthermore, the username handling vulnerability might be abused
+    to execute SQL statements on the phpBB database.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is a one-line patch which will remediate the remote execution
+    vulnerability.
+    </p>
+    <p>
+    Locate the following block of code in viewtopic.php:
+    </p>
+    <code>
+    //
+    // Was a highlight request part of the URI?
+    //
+    $highlight_match = $highlight = '';
+    if (isset($HTTP_GET_VARS['highlight']))
+    {
+       // Split words and phrases
+       $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
+    
+       for($i = 0; $i &lt; sizeof($words); $i++)
+       {</code>
+    <p>
+    Replace with the following:
+    </p>
+    <code>
+    //
+    // Was a highlight request part of the URI?
+    //
+    $highlight_match = $highlight = '';
+    if (isset($HTTP_GET_VARS['highlight']))
+    {
+       // Split words and phrases
+       $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
+    
+       for($i = 0; $i &lt; sizeof($words); $i++)
+       {</code>
+  </workaround>
+  <resolution>
+    <p>
+    All phpBB users should upgrade to the latest version to fix all known
+    vulnerabilities:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpbb-2.0.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.phpbb.com/phpBB/viewtopic.php?t=240513">phpBB.com Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1315">CVE-2004-1315</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-11-18T17:31:41Z">
+    klieber
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-24T08:51:46Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-33.xml b/metadata/glsa/glsa-200411-33.xml
new file mode 100644
index 000000000000..45dac5022333
--- /dev/null
+++ b/metadata/glsa/glsa-200411-33.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-33">
+  <title>TWiki: Arbitrary command execution</title>
+  <synopsis>
+    A bug in the TWiki search function allows an attacker to execute arbitrary
+    commands with the permissions of the user running TWiki.
+  </synopsis>
+  <product type="ebuild">www-apps/twiki</product>
+  <announced>2004-11-24</announced>
+  <revised count="02">2006-09-08</revised>
+  <bug>71035</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/twiki" auto="yes" arch="*">
+      <unaffected range="ge">20040902 </unaffected>
+      <unaffected range="lt">20000000</unaffected>
+      <vulnerable range="lt">20040902 </vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TWiki is a Web-based groupware tool based around the concept of wiki
+    pages that can be edited by anybody with a Web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    The TWiki search function, which uses a shell command executed via the
+    Perl backtick operator, does not properly escape shell metacharacters
+    in the user-provided search string.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker can insert malicious commands into a search request,
+    allowing the execution of arbitrary commands with the privileges of the
+    user running TWiki (usually the Web server user).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/twiki-20040902"</code>
+  </resolution>
+  <references>
+    <uri link="http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch">TWiki Security Alert</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1037">CAN-2004-1037</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-22T17:14:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-22T23:25:58Z">
+    dmargoli
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-24T08:52:40Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-34.xml b/metadata/glsa/glsa-200411-34.xml
new file mode 100644
index 000000000000..58b9f453b8d1
--- /dev/null
+++ b/metadata/glsa/glsa-200411-34.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-34">
+  <title>Cyrus IMAP Server: Multiple remote vulnerabilities</title>
+  <synopsis>
+    The Cyrus IMAP Server contains multiple vulnerabilities which could lead to
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cyrus-imapd</product>
+  <announced>2004-11-25</announced>
+  <revised count="01">2004-11-25</revised>
+  <bug>72194</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/cyrus-imapd" auto="yes" arch="*">
+      <unaffected range="ge">2.2.10</unaffected>
+      <vulnerable range="lt">2.2.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in the argument
+    parsers of the 'partial' and 'fetch' commands of the Cyrus IMAP Server
+    (CAN-2004-1012, CAN-2004-1013). There are also buffer overflows in the
+    'imap magic plus' code that are vulnerable to exploitation as well
+    (CAN-2004-1011, CAN-2004-1015).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker can exploit these vulnerabilities to execute arbitrary
+    code with the rights of the user running the Cyrus IMAP Server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cyrus-IMAP Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/cyrus-imapd-2.2.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1011">CAN-2004-1011</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1012">CAN-2004-1012</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1013">CAN-2004-1013</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1015">CAN-2004-1015</uri>
+    <uri link="http://security.e-matters.de/advisories/152004.html">e-matters Advisory</uri>
+    <uri link="http://asg.web.cmu.edu/cyrus/download/imapd/changes.html">Cyrus IMAP Server ChangeLog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-23T18:38:38Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-23T22:08:00Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-24T17:22:57Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-35.xml b/metadata/glsa/glsa-200411-35.xml
new file mode 100644
index 000000000000..c579c79e8eb1
--- /dev/null
+++ b/metadata/glsa/glsa-200411-35.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-35">
+  <title>phpWebSite: HTTP response splitting vulnerability</title>
+  <synopsis>
+    phpWebSite is vulnerable to possible HTTP response splitting attacks.
+  </synopsis>
+  <product type="ebuild">phpwebsite</product>
+  <announced>2004-11-26</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>71502</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpwebsite" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3_p4-r2</unaffected>
+      <vulnerable range="lt">0.9.3_p4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpWebSite is a web site content management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to lack of proper input validation, phpWebSite has been found to be
+    vulnerable to HTTP response splitting attacks.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A malicious user could inject arbitrary response data, leading to
+    content spoofing, web cache poisoning and other cross-site scripting or
+    HTTP response splitting attacks. This could result in compromising the
+    victim's data or browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpWebSite users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpwebsite-0.9.3_p4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/380894">BugTraq Posting</uri>
+    <uri link="http://phpwebsite.appstate.edu/index.php?module=announce&amp;ANN_user_op=view&amp;ANN_id=863">phpWebSite Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1516">CVE-2004-1516</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-24T19:21:49Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-25T09:49:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-26T09:12:53Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-36.xml b/metadata/glsa/glsa-200411-36.xml
new file mode 100644
index 000000000000..90f55a388bdf
--- /dev/null
+++ b/metadata/glsa/glsa-200411-36.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-36">
+  <title>phpMyAdmin: Multiple XSS vulnerabilities</title>
+  <synopsis>
+    phpMyAdmin is vulnerable to cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2004-11-27</announced>
+  <revised count="01">2004-11-27</revised>
+  <bug>71819</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.6.0_p3</unaffected>
+      <vulnerable range="lt">2.6.0_p3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL databases from a web-browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cedric Cochin has discovered multiple cross-site scripting
+    vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited
+    through the PmaAbsoluteUri parameter, the zero_rows parameter in
+    read_dump.php, the confirm form, or an error message generated by the
+    internal phpMyAdmin parser.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By sending a specially-crafted request, an attacker can inject and
+    execute malicious script code, potentially compromising the victim's
+    browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.6.0_p3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1055">CAN-2004-1055</uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3">PMASA-2004-3</uri>
+    <uri link="http://www.netvigilance.com/html/advisory0005.htm">netVigilance Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-24T09:03:21Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-26T10:27:24Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-26T19:21:36Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-37.xml b/metadata/glsa/glsa-200411-37.xml
new file mode 100644
index 000000000000..0e2d8fd135c5
--- /dev/null
+++ b/metadata/glsa/glsa-200411-37.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-37">
+  <title>Open DC Hub: Remote code execution</title>
+  <synopsis>
+    Open DC Hub contains a buffer overflow that can be exploited to allow
+    remote code execution.
+  </synopsis>
+  <product type="ebuild">opendchub</product>
+  <announced>2004-11-28</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>72371</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/opendchub" auto="yes" arch="*">
+      <unaffected range="ge">0.7.14-r2</unaffected>
+      <vulnerable range="lt">0.7.14-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Open DC Hub is the hub software for the Direct Connect file sharing
+    network.
+    </p>
+  </background>
+  <description>
+    <p>
+    Donato Ferrante discovered a buffer overflow vulnerability in the
+    RedirectAll command of the Open DC Hub.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Upon exploitation, a remote user with administrative privileges can
+    execute arbitrary code on the system running the Open DC Hub.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Only give administrative rights to trusted users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Open DC Hub users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-p2p/opendchub-0.7.14-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1115.html">Full-Disclosure Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1127">CVE-2004-1127</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-11-28T03:48:46Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-28T03:49:07Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200411-38.xml b/metadata/glsa/glsa-200411-38.xml
new file mode 100644
index 000000000000..44d7fca1b25f
--- /dev/null
+++ b/metadata/glsa/glsa-200411-38.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-38">
+  <title>Sun and Blackdown Java: Applet privilege escalation</title>
+  <synopsis>
+    The Java plug-in security in Sun and Blackdown Java environments can be
+    bypassed to access arbitrary packages, allowing untrusted Java applets to
+    perform unrestricted actions on the host system.
+  </synopsis>
+  <product type="ebuild">Java</product>
+  <announced>2004-11-29</announced>
+  <revised count="02">2006-05-31</revised>
+  <bug>72172</bug>
+  <bug>72221</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="x86 amd64">
+      <unaffected range="ge">1.4.2.06</unaffected>
+      <vulnerable range="lt">1.4.2.06</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="x86 amd64">
+      <unaffected range="ge">1.4.2.06</unaffected>
+      <vulnerable range="lt">1.4.2.06</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jdk" auto="yes" arch="x86 amd64">
+      <unaffected range="ge">1.4.2.01</unaffected>
+      <vulnerable range="lt">1.4.2.01</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jre" auto="yes" arch="x86 amd64">
+      <unaffected range="ge">1.4.2.01</unaffected>
+      <vulnerable range="lt">1.4.2.01</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sun and Blackdown both provide implementations of Java Development Kits
+    (JDK) and Java Runtime Environments (JRE). All these implementations
+    provide a Java plug-in that can be used to execute Java applets in a
+    restricted environment for web browsers.
+    </p>
+  </background>
+  <description>
+    <p>
+    All Java plug-ins are subject to a vulnerability allowing unrestricted
+    Java package access.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could embed a malicious Java applet in a web page and
+    entice a victim to view it. This applet can then bypass security
+    restrictions and execute any command or access any file with the rights
+    of the user running the web browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    As a workaround you could disable Java applets on your web browser.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun JDK users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.4.2.06"</code>
+    <p>
+    All Sun JRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.4.2.06"</code>
+    <p>
+    All Blackdown JDK users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/blackdown-jdk-1.4.2.01"</code>
+    <p>
+    All Blackdown JRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/blackdown-jre-1.4.2.01"</code>
+    <p>
+    Note: You should unmerge all vulnerable versions to be fully protected.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=158&amp;type=vulnerabilities">iDEFENSE Security Advisory 11.22.04</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029">CAN-2004-1029</uri>
+    <uri link="http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2004-01.txt">Blackdown Security Advisory 2004-01</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-25T09:46:01Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-26T21:58:36Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-29T21:15:47Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-01.xml b/metadata/glsa/glsa-200412-01.xml
new file mode 100644
index 000000000000..100a5d68ac62
--- /dev/null
+++ b/metadata/glsa/glsa-200412-01.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-01">
+  <title>rssh, scponly: Unrestricted command execution</title>
+  <synopsis>
+    rssh and scponly do not filter command-line options that can be exploited
+    to execute any command, thereby allowing a remote user to completely bypass
+    the restricted shell.
+  </synopsis>
+  <product type="ebuild">scponly</product>
+  <announced>2004-12-03</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>72815</bug>
+  <bug>72816</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/scponly" auto="yes" arch="*">
+      <unaffected range="ge">4.0</unaffected>
+      <vulnerable range="lt">4.0</vulnerable>
+    </package>
+    <package name="app-shells/rssh" auto="yes" arch="*">
+      <unaffected range="ge">2.2.3</unaffected>
+      <vulnerable range="le">2.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rssh and scponly are two restricted shells, allowing only a few
+    predefined commands. They are often used as a complement to OpenSSH to
+    provide access to remote users without providing any remote execution
+    privileges.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jason Wies discovered that when receiving an authorized command from an
+    authorized user, rssh and scponly do not filter command-line options
+    that can be used to execute any command on the target host.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Using a malicious command, it is possible for a remote authenticated
+    user to execute any command (or upload and execute any file) on the
+    target machine with user rights, effectively bypassing any restriction
+    of scponly or rssh.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All scponly users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/scponly-4.0"</code>
+    <p>
+    All rssh users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-shells/rssh/rssh-2.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/383046/2004-11-30/2004-12-06/0">BugTraq Posting</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1161">CVE-2004-1161</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1162">CVE-2004-1162</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-01T09:03:59Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-02T13:01:44Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-03T13:57:43Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-02.xml b/metadata/glsa/glsa-200412-02.xml
new file mode 100644
index 000000000000..d8a71a9484c5
--- /dev/null
+++ b/metadata/glsa/glsa-200412-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-02">
+  <title>PDFlib: Multiple overflows in the included TIFF library</title>
+  <synopsis>
+    PDFlib is vulnerable to multiple overflows, which can potentially lead to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">PDFlib</product>
+  <announced>2004-12-05</announced>
+  <revised count="01">2004-12-05</revised>
+  <bug>69043</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/pdflib" auto="yes" arch="*">
+      <unaffected range="ge">5.0.4_p1</unaffected>
+      <vulnerable range="lt">5.0.4_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PDFlib is a library providing functions to handle PDF files. It
+    includes a modified TIFF library used to process TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>
+    The TIFF library is subject to several known vulnerabilities (see
+    GLSA 200410-11). Most of these overflows also apply to PDFlib.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or web application to
+    process a carefully crafted PDF file or TIFF image using a
+    PDFlib-powered program. This can potentially lead to the execution of
+    arbitrary code with the rights of the program processing the file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PDFlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/pdflib-5.0.4_p1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.pdflib.com/products/pdflib/info/PDFlib-5.0.4p1-changes.txt">PDFlib ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803">CAN-2004-0803</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804">CAN-2004-0804</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886">CAN-2004-0886</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200410-11.xml">GLSA 200410-11</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-01T14:14:01Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-05T14:12:37Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-03.xml b/metadata/glsa/glsa-200412-03.xml
new file mode 100644
index 000000000000..d2e5a0c5d4d1
--- /dev/null
+++ b/metadata/glsa/glsa-200412-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-03">
+  <title>imlib: Buffer overflows in image decoding</title>
+  <synopsis>
+    Multiple overflows have been found in the imlib library image decoding
+    routines, potentially allowing execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">imlib</product>
+  <announced>2004-12-06</announced>
+  <revised count="01">2004-12-06</revised>
+  <bug>72681</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/imlib" auto="yes" arch="*">
+      <unaffected range="ge">1.9.14-r3</unaffected>
+      <vulnerable range="le">1.9.14-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    imlib is an advanced replacement library for image manipulation
+    libraries like libXpm. It is called by numerous programs, including
+    gkrellm and several window managers, to help in displaying images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Pavel Kankovsky discovered that several overflows found in the
+    libXpm library (see GLSA 200409-34) also applied to imlib. He also
+    fixed a number of other potential flaws.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a carefully-crafted
+    image file, which would potentially lead to execution of arbitrary code
+    with the rights of the user viewing the image. This affects any program
+    that makes use of the imlib library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All imlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/imlib-1.9.14-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200409-34.xml">GLSA 200409-34</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026">CAN-2004-1026</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-06T09:59:18Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-06T09:59:29Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-04.xml b/metadata/glsa/glsa-200412-04.xml
new file mode 100644
index 000000000000..9e30bd0457bd
--- /dev/null
+++ b/metadata/glsa/glsa-200412-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-04">
+  <title>Perl: Insecure temporary file creation</title>
+  <synopsis>
+    Perl is vulnerable to symlink attacks, potentially allowing a local user to
+    overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2004-12-07</announced>
+  <revised count="01">2004-12-07</revised>
+  <bug>66360</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="rge">5.8.5-r2</unaffected>
+      <unaffected range="ge">5.8.6-r1</unaffected>
+      <vulnerable range="lt">5.8.5-r2</vulnerable>
+      <vulnerable range="eq">5.8.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Perl is a stable, cross-platform programming language created by
+    Larry Wall.
+    </p>
+  </background>
+  <description>
+    <p>
+    Some Perl modules create temporary files in world-writable
+    directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When a Perl script is executed, this would result in the file being
+    overwritten with the rights of the user running the utility, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Perl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=perl-5.8.5-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976">CAN-2004-0976</uri>
+    <uri link="https://www.trustix.org/errata/2004/0050/">Trustix Advisory #2004-0050</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-05T01:07:23Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-06T21:18:17Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-05.xml b/metadata/glsa/glsa-200412-05.xml
new file mode 100644
index 000000000000..7ffad0f72fcb
--- /dev/null
+++ b/metadata/glsa/glsa-200412-05.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-05">
+  <title>mirrorselect: Insecure temporary file creation</title>
+  <synopsis>
+    mirrorselect is vulnerable to symlink attacks, potentially allowing a local
+    user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">mirrorselect</product>
+  <announced>2004-12-07</announced>
+  <revised count="04">2006-05-22</revised>
+  <bug>73545</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-portage/mirrorselect" auto="yes" arch="*">
+      <unaffected range="ge">0.89</unaffected>
+      <vulnerable range="lt">0.89</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mirrorselect is a tool to help select distfiles mirrors for Gentoo.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ervin Nemeth discovered that mirrorselect creates temporary files in
+    world-writable directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    mirrorselect is executed, this would result in the file being
+    overwritten with the rights of the user running the utility, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mirrorselect users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-portage/mirrorselect-0.89"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1167">CVE-2004-1167</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-06T21:43:32Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-06T21:51:32Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-06.xml b/metadata/glsa/glsa-200412-06.xml
new file mode 100644
index 000000000000..28022dd4fd6e
--- /dev/null
+++ b/metadata/glsa/glsa-200412-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-06">
+  <title>PHProjekt: setup.php vulnerability</title>
+  <synopsis>
+    PHProjekt contains a vulnerability in the setup procedure allowing remote
+    users without admin rights to change the configuration.
+  </synopsis>
+  <product type="ebuild">PHProjekt</product>
+  <announced>2004-12-10</announced>
+  <revised count="01">2004-12-10</revised>
+  <bug>73021</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phprojekt" auto="yes" arch="*">
+      <unaffected range="ge">4.2-r1</unaffected>
+      <vulnerable range="lt">4.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHProjekt is a modular groupware web application used to
+    coordinate group activities and share files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Martin Muench, from it.sec, found a flaw in the setup.php file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation of the flaw allows a remote attacker
+    without admin rights to make unauthorized changes to PHProjekt
+    configuration.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    As a workaround, you could replace the existing setup.php file in
+    PHProjekt root directory by the one provided on the PHProjekt Advisory
+    (see References).
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHProjekt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phprojekt-4.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.phprojekt.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=189&amp;mode=thread&amp;order=0">PHProjekt Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-09T14:30:29Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-09T16:24:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-10T17:26:05Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-07.xml b/metadata/glsa/glsa-200412-07.xml
new file mode 100644
index 000000000000..a410f4d5bd9f
--- /dev/null
+++ b/metadata/glsa/glsa-200412-07.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-07">
+  <title>file: Arbitrary code execution</title>
+  <synopsis>
+    The code for parsing ELF headers in file contains a flaw which may allow an
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2004-12-13</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>72521</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">4.12</unaffected>
+      <vulnerable range="lt">4.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    file is a utility used to identify the type of a file.
+    </p>
+  </background>
+  <description>
+    <p>
+    A possible stack overflow has been found in the ELF header parsing code
+    of file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may be able to create a specially crafted ELF file which,
+    when processed with file, may allow the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All file users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-4.12"</code>
+  </resolution>
+  <references>
+    <uri link="http://securitytracker.com/id?1012433">SecurityTracker Alert ID 1012433</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1304">CVE-2004-1304</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-11T10:27:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-11T10:27:27Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-12T20:24:04Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-08.xml b/metadata/glsa/glsa-200412-08.xml
new file mode 100644
index 000000000000..a7aeccf5cc25
--- /dev/null
+++ b/metadata/glsa/glsa-200412-08.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-08">
+  <title>nfs-utils: Multiple remote vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in nfs-utils that could lead
+    to a Denial of Service, or the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nfs-utils</product>
+  <announced>2004-12-14</announced>
+  <revised count="01">2004-12-14</revised>
+  <bug>72113</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/nfs-utils" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6-r6</unaffected>
+      <vulnerable range="lt">1.0.6-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    nfs-utils is a package containing the client and daemon
+    implementations for the NFS protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Arjan van de Ven has discovered a buffer overflow on 64-bit
+    architectures in 'rquota_server.c' of nfs-utils (CAN-2004-0946). A
+    remotely exploitable flaw on all architectures also exists in the
+    'statd.c' file of nfs-utils (CAN-2004-1014), which can be triggered by
+    a mishandled SIGPIPE.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could potentially cause a Denial of Service, or
+    even execute arbitrary code (64-bit architectures only) on a remote NFS
+    server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All nfs-utils users should upgarde to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/nfs-utils-1.0.6-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0946">CAN-2004-0946</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014">CAN-2004-1014</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-05T18:33:51Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-06T15:50:26Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-11T10:25:46Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-09.xml b/metadata/glsa/glsa-200412-09.xml
new file mode 100644
index 000000000000..dd978aff66a3
--- /dev/null
+++ b/metadata/glsa/glsa-200412-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-09">
+  <title>ncpfs: Buffer overflow in ncplogin and ncpmap</title>
+  <synopsis>
+    ncpfs is vulnerable to a buffer overflow that could lead to local execution
+    of arbitrary code with elevated privileges.
+  </synopsis>
+  <product type="ebuild">ncpfs</product>
+  <announced>2004-12-15</announced>
+  <revised count="01">2004-12-15</revised>
+  <bug>72820</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-fs/ncpfs" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5</unaffected>
+      <vulnerable range="lt">2.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ncpfs is a NCP protocol network filesystem that allows access to
+    Netware services, for example to mount volumes of NetWare servers or
+    print to NetWare print queues.
+    </p>
+  </background>
+  <description>
+    <p>
+    Karol Wiesek discovered a buffer overflow in the handling of the
+    '-T' option in the ncplogin and ncpmap utilities, which are both
+    installed as SUID root by default.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could trigger the buffer overflow by calling one
+    of these utilities with a carefully crafted command line, potentially
+    resulting in execution of arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ncpfs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/ncpfs-2.2.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://lists.netsys.com/pipermail/full-disclosure/2004-November/029563.html">Full Disclosure Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1079">CAN-2004-1079</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-09T07:35:34Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-14T14:41:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-14T16:10:38Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-10.xml b/metadata/glsa/glsa-200412-10.xml
new file mode 100644
index 000000000000..12e9525e8f2b
--- /dev/null
+++ b/metadata/glsa/glsa-200412-10.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-10">
+  <title>Vim, gVim: Vulnerable options in modelines</title>
+  <synopsis>
+    Several vulnerabilities related to the use of options in modelines have
+    been found and fixed in Vim. They could potentially result in a local user
+    escalating privileges.
+  </synopsis>
+  <product type="ebuild">vim</product>
+  <announced>2004-12-15</announced>
+  <revised count="01">2004-12-15</revised>
+  <bug>73715</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-editors/vim" auto="yes" arch="*">
+      <unaffected range="ge">6.3-r2</unaffected>
+      <vulnerable range="lt">6.3-r2</vulnerable>
+    </package>
+    <package name="app-editors/gvim" auto="yes" arch="*">
+      <unaffected range="ge">6.3-r2</unaffected>
+      <vulnerable range="lt">6.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Vim is an efficient, highly configurable improved version of the
+    classic 'vi' text editor. gVim is the GUI version of Vim.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gentoo's Vim maintainer, Ciaran McCreesh, found several
+    vulnerabilities related to the use of options in Vim modelines. Options
+    like 'termcap', 'printdevice', 'titleold', 'filetype', 'syntax',
+    'backupext', 'keymap', 'patchmode' or 'langmenu' could be abused.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could write a malicious file in a world readable
+    location which, when opened in a modeline-enabled Vim, could trigger
+    arbitrary commands with the rights of the user opening the file,
+    resulting in privilege escalation. Please note that modelines are
+    disabled by default in the /etc/vimrc file provided in Gentoo.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Vim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/vim-6.3-r2"</code>
+    <p>
+    All gVim users should also upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/gvim-6.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138">CAN-2004-1138</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-10T22:32:12Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-13T17:03:31Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-15T14:00:28Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-11.xml b/metadata/glsa/glsa-200412-11.xml
new file mode 100644
index 000000000000..61b065eef973
--- /dev/null
+++ b/metadata/glsa/glsa-200412-11.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-11">
+  <title>Cscope: Insecure creation of temporary files</title>
+  <synopsis>
+    Cscope is vulnerable to symlink attacks, potentially allowing a local user
+    to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">cscope</product>
+  <announced>2004-12-16</announced>
+  <revised count="01">2004-12-16</revised>
+  <bug>71595</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-util/cscope" auto="yes" arch="*">
+      <unaffected range="ge">15.5-r2</unaffected>
+      <vulnerable range="lt">15.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cscope is a developer utility used to browse and manage source
+    code.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cscope creates temporary files in world-writable directories with
+    predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When Cscope is executed, this would result in the file being
+    overwritten with the rights of the user running the utility, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cscope users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/cscope-15.5-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0996">CAN-2004-0996</uri>
+    <uri link="http://www.securityfocus.com/archive/1/381443">BugTraq Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-29T16:19:40Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-29T17:43:04Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-16T20:27:56Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-12.xml b/metadata/glsa/glsa-200412-12.xml
new file mode 100644
index 000000000000..e102b9d2863e
--- /dev/null
+++ b/metadata/glsa/glsa-200412-12.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-12">
+  <title>Adobe Acrobat Reader: Buffer overflow vulnerability</title>
+  <synopsis>
+    Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2004-12-16</announced>
+  <revised count="01">2004-12-16</revised>
+  <bug>74406</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">5.10</unaffected>
+      <vulnerable range="lt">5.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Acrobat Reader is a utility used to view PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow has been discovered in the email processing of
+    Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function,
+    which checks if the input file is an email message containing a PDF
+    file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send the victim a specially-crafted email
+    and PDF attachment, which would trigger the buffer overflow and
+    possibly lead to the execution of arbitrary code with the permissions
+    of the user running Adobe Acrobat Reader.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Acrobat Reader users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-5.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1152">CAN-2004-1152</uri>
+    <uri link="https://www.adobe.com/support/techdocs/331153.html">Adobe Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-15T17:22:59Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-16T15:18:04Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-16T17:02:05Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-13.xml b/metadata/glsa/glsa-200412-13.xml
new file mode 100644
index 000000000000..7f1d372bb207
--- /dev/null
+++ b/metadata/glsa/glsa-200412-13.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-13">
+  <title>Samba: Integer overflow</title>
+  <synopsis>
+    Samba contains a bug that could lead to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Samba</product>
+  <announced>2004-12-17</announced>
+  <revised count="01">2004-12-17</revised>
+  <bug>73943</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.9-r1</unaffected>
+      <vulnerable range="le">3.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a freely available SMB/CIFS implementation which allows
+    seamless interoperability of file and print services to other SMB/CIFS
+    clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    Samba contains a bug when unmarshalling specific MS-RPC requests from
+    clients.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker may be able to execute arbitrary code with the
+    permissions of the user running Samba, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.9-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154">CAN 2004-1154</uri>
+    <uri link="https://www.samba.org/samba/security/CAN-2004-1154.html">Samba Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-15T20:27:23Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-17T19:53:44Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-14.xml b/metadata/glsa/glsa-200412-14.xml
new file mode 100644
index 000000000000..dfe3c05f4483
--- /dev/null
+++ b/metadata/glsa/glsa-200412-14.xml
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-14">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities were found and fixed in PHP, ranging from an
+    information leak and a safe_mode restriction bypass to a potential remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2004-12-19</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>74547</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.10</unaffected>
+      <vulnerable range="lt">4.3.10</vulnerable>
+    </package>
+    <package name="dev-php/mod_php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.10</unaffected>
+      <vulnerable range="lt">4.3.10</vulnerable>
+    </package>
+    <package name="dev-php/php-cgi" auto="yes" arch="*">
+      <unaffected range="ge">4.3.10</unaffected>
+      <vulnerable range="lt">4.3.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a general-purpose scripting language widely used to develop
+    web-based applications. It can run inside a web server using the
+    mod_php module or the CGI version of PHP, or can run stand-alone in a
+    CLI.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser and Marcus Boerger reported several different issues in
+    the unserialize() function, including serious exploitable bugs in the
+    way it handles negative references (CAN-2004-1019).
+    </p>
+    <p>
+    Stefan Esser also discovered that the pack() and unpack() functions are
+    subject to integer overflows that can lead to a heap buffer overflow
+    and a heap information leak. Finally, he found that the way
+    multithreaded PHP handles safe_mode_exec_dir restrictions can be
+    bypassed, and that various path truncation issues also allow to bypass
+    path and safe_mode restrictions.
+    </p>
+    <p>
+    Ilia Alshanetsky found a stack overflow issue in the exif_read_data()
+    function (CAN-2004-1065). Finally, Daniel Fabian found that addslashes
+    and magic_quotes_gpc do not properly escape null characters and that
+    magic_quotes_gpc contains a bug that could lead to one level directory
+    traversal.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    These issues could be exploited by a remote attacker to retrieve web
+    server heap information, bypass safe_mode or path restrictions and
+    potentially execute arbitrary code with the rights of the web server
+    running a PHP application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/php-4.3.10"</code>
+    <p>
+    All mod_php users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/mod_php-4.3.10"</code>
+    <p>
+    All php-cgi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/php-cgi-4.3.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.php.net/release_4_3_10.php">PHP 4.3.10 Release Announcement</uri>
+    <uri link="https://www.hardened-php.net/advisories/012004.txt">Hardened-PHP Security Advisory</uri>
+    <uri link="http://www.securityfocus.com/archive/1/384663/2004-12-15/2004-12-21/0">SEC Consult Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019">CAN-2004-1019</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1020">CAN-2004-1020</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1063">CVE-2004-1063</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1064">CVE-2004-1064</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1065">CVE-2004-1065</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-16T10:35:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-16T11:09:01Z">
+    Koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-18T14:09:43Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-15.xml b/metadata/glsa/glsa-200412-15.xml
new file mode 100644
index 000000000000..a82d524ecf42
--- /dev/null
+++ b/metadata/glsa/glsa-200412-15.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-15">
+  <title>Ethereal: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities exist in Ethereal, which may allow an attacker to
+    run arbitrary code, crash the program or perform DoS by CPU and disk
+    utilization.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2004-12-19</announced>
+  <revised count="01">2004-12-19</revised>
+  <bug>74443</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.8</unaffected>
+      <vulnerable range="lt">0.10.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are multiple vulnerabilities in versions of Ethereal earlier
+    than 0.10.8, including:
+    </p>
+    <ul>
+    <li>Bug in DICOM dissection
+    discovered by Bing could make Ethereal crash (CAN 2004-1139).</li>
+    <li>An invalid RTP timestamp could make Ethereal hang and create a
+    large temporary file (CAN 2004-1140).</li>
+    <li>The HTTP dissector could
+    access previously-freed memory (CAN 2004-1141).</li>
+    <li>Brian Caswell
+    discovered that an improperly formatted SMB could make Ethereal hang
+    (CAN 2004-1142).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to use these vulnerabilities to crash
+    Ethereal, perform DoS by CPU and disk space utilization or even execute
+    arbitrary code with the permissions of the user running Ethereal, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For a temporary workaround you can disable all affected protocol
+    dissectors by selecting Analyze-&gt;Enabled Protocols... and deselecting
+    them from the list. However, it is strongly recommended to upgrade to
+    the latest stable version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ethereal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ethereal-0.10.8"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00016.html">Ethereal enpa-sa-00016</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1139">CAN 2004-1139</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1140">CAN 2004-1140</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1141">CAN 2004-1141</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1142">CAN 2004-1142</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-15T13:06:28Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-19T14:01:55Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-16.xml b/metadata/glsa/glsa-200412-16.xml
new file mode 100644
index 000000000000..e9c0f129fa8a
--- /dev/null
+++ b/metadata/glsa/glsa-200412-16.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-16">
+  <title>kdelibs, kdebase: Multiple vulnerabilities</title>
+  <synopsis>
+    kdelibs and kdebase contain a flaw allowing password disclosure when
+    creating a link to a remote file. Furthermore Konqueror is vulnerable to
+    window injection.
+  </synopsis>
+  <product type="ebuild">KDE</product>
+  <announced>2004-12-19</announced>
+  <revised count="01">2004-12-19</revised>
+  <bug>72804</bug>
+  <bug>73869</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="rge">3.2.3-r4</unaffected>
+      <unaffected range="rge">3.3.1-r2</unaffected>
+      <unaffected range="ge">3.3.2-r1</unaffected>
+      <vulnerable range="lt">3.3.2-r1</vulnerable>
+    </package>
+    <package name="kde-base/kdebase" auto="yes" arch="*">
+      <unaffected range="rge">3.2.3-r3</unaffected>
+      <unaffected range="rge">3.3.1-r2</unaffected>
+      <vulnerable range="lt">3.3.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. The KDE core libraries (kdebase and
+    kdelibs) provide native support for many protocols. Konqueror is the
+    KDE web browser and filemanager.
+    </p>
+  </background>
+  <description>
+    <p>
+    Daniel Fabian discovered that the KDE core libraries contain a
+    flaw allowing password disclosure by making a link to a remote file.
+    When creating this link, the resulting URL contains authentication
+    credentials used to access the remote file (CAN 2004-1171).
+    </p>
+    <p>
+    The Konqueror webbrowser allows websites to load webpages into a window
+    or tab currently used by another website (CAN-2004-1158).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious user could have access to the authentication
+    credentials of other users depending on the file permissions.
+    </p>
+    <p>
+    A malicious website could use the window injection vulnerability to
+    load content in a window apparently belonging to another website.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdelibs-3.2.3-r4"</code>
+    <p>
+    All kdebase users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdebase-3.2.3-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kde.org/info/security/advisory-20041209-1.txt">KDE Security Advisory: plain text password exposure</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1171">CAN 2004-1171</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20041213-1.txt">KDE Security Advisory: Konqueror Window Injection Vulnerability</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158">CAN 2004-1158</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-09T20:24:54Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-19T14:04:36Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-17.xml b/metadata/glsa/glsa-200412-17.xml
new file mode 100644
index 000000000000..9f54e2f00921
--- /dev/null
+++ b/metadata/glsa/glsa-200412-17.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-17">
+  <title>kfax: Multiple overflows in the included TIFF library</title>
+  <synopsis>
+    kfax contains several buffer overflows potentially leading to execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">kfax</product>
+  <announced>2004-12-19</announced>
+  <revised count="04">2005-01-12</revised>
+  <bug>73795</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2</unaffected>
+      <vulnerable range="lt">3.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. kfax (part of kdegraphics) is the KDE fax
+    file viewer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Than Ngo discovered that kfax contains a private copy of the TIFF
+    library and is therefore subject to several known vulnerabilities (see
+    References).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a carefully-crafted TIFF
+    image file with kfax, which would potentially lead to execution of
+    arbitrary code with the rights of the user running kfax.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The KDE Team recommends to remove the kfax binary as well as the
+    kfaxpart.la KPart:
+    </p>
+    <code>
+    rm /usr/kde/3.*/lib/kde3/kfaxpart.la
+    rm /usr/kde/3.*/bin/kfax</code>
+    <p>
+    Note: This will render the kfax functionality useless, if kfax
+    functionality is needed you should upgrade to the KDE 3.3.2 which is
+    not stable at the time of this writing.
+    </p>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kfax users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdegraphics-3.3.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kde.org/info/security/advisory-20041209-2.txt">KDE Security Advisory: kfax libtiff vulnerabilities</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200410-11.xml">GLSA 200410-11</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803">CAN-2004-0803</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804">CAN-2004-0804</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886">CAN-2004-0886</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-10T09:35:12Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-19T16:51:18Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-18.xml b/metadata/glsa/glsa-200412-18.xml
new file mode 100644
index 000000000000..a7a6f749239d
--- /dev/null
+++ b/metadata/glsa/glsa-200412-18.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-18">
+  <title>abcm2ps: Buffer overflow vulnerability</title>
+  <synopsis>
+    abcm2ps is vulnerable to a buffer overflow that could lead to remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">abcm2ps</product>
+  <announced>2004-12-19</announced>
+  <revised count="02">2004-12-19</revised>
+  <bug>74702</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/abcm2ps" auto="yes" arch="*">
+      <unaffected range="ge">3.7.21</unaffected>
+      <vulnerable range="lt">3.7.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    abcm2ps is a utility used to convert ABC music sheet files into
+    PostScript format.
+    </p>
+  </background>
+  <description>
+    <p>
+    Limin Wang has located a buffer overflow inside the put_words()
+    function in the abcm2ps code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could convince the victim to download a
+    specially-crafted ABC file. Upon execution, this file would trigger the
+    buffer overflow and lead to the execution of arbitrary code with the
+    permissions of the user running abcm2ps.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All abcm2ps users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/abcm2ps-3.7.21"</code>
+  </resolution>
+  <references>
+    <uri link="http://moinejf.free.fr/abcm2ps-3.txt">abcm2ps ChangeLog</uri>
+    <uri link="https://secunia.com/advisories/13523/">Secunia Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-19T01:45:11Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-19T14:05:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-19T16:00:19Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-19.xml b/metadata/glsa/glsa-200412-19.xml
new file mode 100644
index 000000000000..c3479137c62f
--- /dev/null
+++ b/metadata/glsa/glsa-200412-19.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-19">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>
+    phpMyAdmin contains multiple vulnerabilities which could lead to file
+    disclosure or command execution.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2004-12-19</announced>
+  <revised count="01">2004-12-19</revised>
+  <bug>74303</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1_rc1</unaffected>
+      <vulnerable range="lt">2.6.1_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL databases from a web-browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nicolas Gregoire (exaprobe.com) has discovered two vulnerabilities
+    that exist only on a webserver where PHP safe_mode is off. These
+    vulnerabilities could lead to command execution or file disclosure.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    On a system where external MIME-based transformations are enabled,
+    an attacker can insert offensive values in MySQL, which would start a
+    shell when the data is browsed. On a system where the UploadDir is
+    enabled, read_dump.php could use the unsanitized sql_localfile variable
+    to disclose a file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You can temporarily enable PHP safe_mode or disable external
+    MIME-based transformation AND disable the UploadDir. But instead, we
+    strongly advise to update your version to 2.6.1_rc1.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.6.1_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1147">CAN-2004-1147</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1148">CAN-2004-1148</uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4">PHPMyAdmin advisory: PMASA-2004-4</uri>
+    <uri link="http://www.exaprobe.com/labs/advisories/esa-2004-1213.html">Exaprobe.com advisory: esa-2004-1213</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-16T13:35:32Z">
+    SeJo
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-18T14:47:08Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-20.xml b/metadata/glsa/glsa-200412-20.xml
new file mode 100644
index 000000000000..e005d940ab55
--- /dev/null
+++ b/metadata/glsa/glsa-200412-20.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-20">
+  <title>NASM: Buffer overflow vulnerability</title>
+  <synopsis>
+    NASM is vulnerable to a buffer overflow that allows an attacker to execute
+    arbitrary code through the use of a malicious object file.
+  </synopsis>
+  <product type="ebuild">NASM</product>
+  <announced>2004-12-20</announced>
+  <revised count="01">2004-12-20</revised>
+  <bug>74477</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/nasm" auto="yes" arch="*">
+      <unaffected range="ge">0.98.38-r1</unaffected>
+      <vulnerable range="le">0.98.38</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NASM is a 80x86 assembler that has been created for portability
+    and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow
+    extensions. It also supports a wide range of objects formats (ELF,
+    a.out, COFF, ...), and has its own disassembler.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jonathan Rockway discovered that NASM-0.98.38 has an unprotected
+    vsprintf() to an array in preproc.c. This code vulnerability may lead
+    to a buffer overflow and potential execution of arbitrary code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a malicious object file which, when
+    supplied in NASM, would result in the execution of arbitrary code with
+    the rights of the user running NASM.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NASM users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/nasm-0.98.38-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/mailarchive/forum.php?thread_id=6166881&amp;forum_id=4978">Original Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-16T22:07:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-16T22:07:54Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-17T11:34:13Z">
+    SeJo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-21.xml b/metadata/glsa/glsa-200412-21.xml
new file mode 100644
index 000000000000..2b3137006bcb
--- /dev/null
+++ b/metadata/glsa/glsa-200412-21.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-21">
+  <title>MPlayer: Multiple overflows</title>
+  <synopsis>
+    Multiple overflow vulnerabilities have been found in MPlayer, potentially
+    resulting in remote executing of arbitrary code.
+  </synopsis>
+  <product type="ebuild">MPlayer</product>
+  <announced>2004-12-20</announced>
+  <revised count="01">2004-12-20</revised>
+  <bug>74473</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_pre5-r5</unaffected>
+      <vulnerable range="le">1.0_pre5-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player capable of handling multiple multimedia
+    file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDEFENSE, Ariel Berkman and the MPlayer development team found
+    multiple vulnerabilities in MPlayer. These include potential heap
+    overflows in Real RTSP and pnm streaming code, stack overflows in MMST
+    streaming code and multiple buffer overflows in BMP demuxer and mp3lib
+    code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a malicious file or design a
+    malicious streaming server. Using MPlayer to view this file or connect
+    to this server could trigger an overflow and execute
+    attacker-controlled code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0_pre5-r5"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=168&amp;type=vulnerabilities">iDEFENSE Advisory</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=167&amp;type=vulnerabilities">iDEFENSE Advisory</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=166&amp;type=vulnerabilities">iDEFENSE Advisory</uri>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/mplayer.txt">Ariel Berkman Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-19T14:28:01Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-19T22:01:07Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-20T09:31:29Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-22.xml b/metadata/glsa/glsa-200412-22.xml
new file mode 100644
index 000000000000..9c32f1ff5399
--- /dev/null
+++ b/metadata/glsa/glsa-200412-22.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-22">
+  <title>mpg123: Playlist buffer overflow</title>
+  <synopsis>
+    mpg123 is vulnerable to a buffer overflow that allows an attacker to
+    execute arbitrary code through the use of a malicious playlist.
+  </synopsis>
+  <product type="ebuild">mpg123</product>
+  <announced>2004-12-21</announced>
+  <revised count="01">2004-12-21</revised>
+  <bug>74692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mpg123" auto="yes" arch="*">
+      <unaffected range="ge">0.59s-r8</unaffected>
+      <vulnerable range="lt">0.59s-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mpg123 is a MPEG Audio Player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Bartlomiej Sieka discovered that mpg123 contains an unsafe
+    strcat() to an array in playlist.c. This code vulnerability may lead to
+    a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a malicious playlist which, when
+    used, would result in the execution of arbitrary code with the rights
+    of the user running mpg123.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mpg123 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/mpg123-0.59s-r8"</code>
+  </resolution>
+  <references>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/mpg123.txt">Original Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1284">CAN-2004-1284</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-20T14:15:47Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-20T21:20:26Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-21T09:35:46Z">
+    SeJo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-23.xml b/metadata/glsa/glsa-200412-23.xml
new file mode 100644
index 000000000000..bcda94c0c62e
--- /dev/null
+++ b/metadata/glsa/glsa-200412-23.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-23">
+  <title>Zwiki: XSS vulnerability</title>
+  <synopsis>
+    Zwiki is vulnerable to cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">zwiki</product>
+  <announced>2004-12-21</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>72315</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-zope/zwiki" auto="yes" arch="*">
+      <unaffected range="ge">0.36.2-r1</unaffected>
+      <vulnerable range="lt">0.36.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to improper input validation, Zwiki can be exploited to perform
+    cross-site scripting attacks.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By enticing a user to read a specially-crafted wiki entry, an attacker
+    can execute arbitrary script code running in the context of the
+    victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Zwiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-zope/zwiki-0.36.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://zwiki.org/925ZwikiXSSVulnerability">Zwiki Bug Report</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1075">CVE-2004-1075</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-21T16:09:23Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-21T16:33:56Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-21T21:14:05Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-24.xml b/metadata/glsa/glsa-200412-24.xml
new file mode 100644
index 000000000000..b5e7e512bb28
--- /dev/null
+++ b/metadata/glsa/glsa-200412-24.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-24">
+  <title>Xpdf, GPdf: New integer overflows</title>
+  <synopsis>
+    New integer overflows were discovered in Xpdf, potentially resulting in the
+    execution of arbitrary code. GPdf includes Xpdf code and therefore is
+    vulnerable to the same issues.
+  </synopsis>
+  <product type="ebuild">Xpdf</product>
+  <announced>2004-12-28</announced>
+  <revised count="01">2004-12-28</revised>
+  <bug>75191</bug>
+  <bug>75201</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.00-r7</unaffected>
+      <vulnerable range="le">3.00-r6</vulnerable>
+    </package>
+    <package name="app-text/gpdf" auto="yes" arch="*">
+      <unaffected range="ge">2.8.1-r1</unaffected>
+      <vulnerable range="le">2.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xpdf is an open source viewer for Portable Document Format (PDF)
+    files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code.
+    </p>
+  </background>
+  <description>
+    <p>
+    A new integer overflow issue was discovered in Xpdf's
+    Gfx::doImage() function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice an user to open a specially-crafted PDF
+    file, potentially resulting in execution of arbitrary code with the
+    rights of the user running Xpdf or GPdf.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/xpdf-3.00-r7"</code>
+    <p>
+    All GPdf users should also upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/gpdf-2.8.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125">CAN-2004-1125</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=172&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-28T09:21:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-28T09:21:29Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-25.xml b/metadata/glsa/glsa-200412-25.xml
new file mode 100644
index 000000000000..eab50da80817
--- /dev/null
+++ b/metadata/glsa/glsa-200412-25.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-25">
+  <title>CUPS: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in CUPS, ranging from local Denial
+    of Service attacks to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">CUPS</product>
+  <announced>2004-12-28</announced>
+  <revised count="02">2005-01-12</revised>
+  <bug>74479</bug>
+  <bug>75197</bug>
+  <bug>77023</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.1.23</unaffected>
+      <vulnerable range="lt">1.1.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Common UNIX Printing System (CUPS) is a cross-platform print
+    spooler, hpgltops is a CUPS filter handling printing of HPGL files and
+    lppasswd is a program used locally to manage spooler passwords.
+    </p>
+  </background>
+  <description>
+    <p>
+    CUPS makes use of vulnerable Xpdf code to handle PDF files
+    (CAN-2004-1125). Furthermore, Ariel Berkman discovered a buffer
+    overflow in the ParseCommand function in hpgl-input.c in the hpgltops
+    program (CAN-2004-1267). Finally, Bartlomiej Sieka discovered several
+    problems in the lppasswd program: it ignores some write errors
+    (CAN-2004-1268), it can leave the passwd.new file in place
+    (CAN-2004-1269) and it does not verify that passwd.new file is
+    different from STDERR (CAN-2004-1270).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The Xpdf and hpgltops vulnerabilities may be exploited by a remote
+    attacker to execute arbitrary code by sending specific print jobs to a
+    CUPS spooler. The lppasswd vulnerabilities may be exploited by a local
+    attacker to write data to the CUPS password file or deny further
+    password modifications.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.1.23"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125">CAN-2004-1125</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267">CAN-2004-1267</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268">CAN-2004-1268</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269">CAN-2004-1269</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270">CAN-2004-1270</uri>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/cups.txt">Ariel Berkman Advisory</uri>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/cups2.txt">Bartlomiej Sieka Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-27T17:52:31Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-28T09:42:46Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-28T12:52:03Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-26.xml b/metadata/glsa/glsa-200412-26.xml
new file mode 100644
index 000000000000..1e6eb3e130cc
--- /dev/null
+++ b/metadata/glsa/glsa-200412-26.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-26">
+  <title>ViewCVS: Information leak and XSS vulnerabilities</title>
+  <synopsis>
+    ViewCVS is vulnerable to an information leak and to cross-site scripting
+    (XSS) issues.
+  </synopsis>
+  <product type="ebuild">ViewCVS</product>
+  <announced>2004-12-28</announced>
+  <revised count="01">2004-12-28</revised>
+  <bug>72461</bug>
+  <bug>73772</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/viewcvs" auto="yes" arch="*">
+      <unaffected range="ge">0.9.2_p20041207-r1</unaffected>
+      <vulnerable range="le">0.9.2_p20041207</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ViewCVS is a browser interface for viewing CVS and Subversion
+    version control repositories through a web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    The tar export functions in ViewCVS bypass the 'hide_cvsroot' and
+    'forbidden' settings and therefore expose information that should be
+    kept secret (CAN-2004-0915). Furthermore, some error messages in
+    ViewCVS do not filter user-provided information, making it vulnerable
+    to a cross-site scripting attack (CAN-2004-1062).
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By using the tar export functions, a remote attacker could access
+    information that is configured as restricted. Through the use of a
+    malicious request, an attacker could also inject and execute malicious
+    script code, potentially compromising another user's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ViewCVS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/viewcvs-0.9.2_p20041207-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0915">CAN-2004-0915</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1062">CAN-2004-1062</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-21T15:31:38Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-28T14:23:36Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200412-27.xml b/metadata/glsa/glsa-200412-27.xml
new file mode 100644
index 000000000000..fd06ced4a99d
--- /dev/null
+++ b/metadata/glsa/glsa-200412-27.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200412-27">
+  <title>PHProjekt: Remote code execution vulnerability</title>
+  <synopsis>
+    PHProjekt contains a vulnerability that allows a remote attacker to execute
+    arbitrary PHP code.
+  </synopsis>
+  <product type="ebuild">PHProjekt</product>
+  <announced>2004-12-30</announced>
+  <revised count="01">2004-12-30</revised>
+  <bug>75858</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phprojekt" auto="yes" arch="*">
+      <unaffected range="ge">4.2-r2</unaffected>
+      <vulnerable range="lt">4.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHProjekt is a modular groupware web application used to
+    coordinate group activities and share files.
+    </p>
+  </background>
+  <description>
+    <p>
+    cYon discovered that the authform.inc.php script allows a remote
+    user to define the global variable $path_pre.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can exploit this vulnerability to force
+    authform.inc.php to download and execute arbitrary PHP code with the
+    privileges of the web server user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHProjekt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phprojekt-4.2-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.phprojekt.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=193&amp;mode=thread&amp;order=0">PHProjekt Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-29T16:45:27Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-12-29T16:45:35Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-01.xml b/metadata/glsa/glsa-200501-01.xml
new file mode 100644
index 000000000000..3cae77d0c884
--- /dev/null
+++ b/metadata/glsa/glsa-200501-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-01">
+  <title>LinPopUp: Buffer overflow in message reply</title>
+  <synopsis>
+    LinPopUp contains a buffer overflow potentially allowing execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">Linpopup</product>
+  <announced>2005-01-04</announced>
+  <revised count="01">2005-01-04</revised>
+  <bug>74705</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/linpopup" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4-r1</unaffected>
+      <vulnerable range="lt">2.0.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LinPopUp is a graphical application that acts as a frontend to
+    Samba client messaging functions, allowing a Linux desktop to
+    communicate with a Microsoft Windows computer that runs Winpopup.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stephen Dranger discovered that LinPopUp contains a buffer
+    overflow in string.c, triggered when replying to a remote user message.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a malicious message that, when
+    replied using LinPopUp, would exploit the buffer overflow. This would
+    result in the execution of arbitrary code with the privileges of the
+    user running LinPopUp.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LinPopUp users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/linpopup-2.0.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1282">CAN-2004-1282</uri>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/linpopup.txt">Stephen Dranger Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-31T10:20:27Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-01T22:08:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-01T22:15:30Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-02.xml b/metadata/glsa/glsa-200501-02.xml
new file mode 100644
index 000000000000..098d2a4e310b
--- /dev/null
+++ b/metadata/glsa/glsa-200501-02.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-02">
+  <title>a2ps: Multiple vulnerabilities</title>
+  <synopsis>
+    The fixps and psmandup scripts in the a2ps package are vulnerable to
+    symlink attacks, potentially allowing a local user to overwrite arbitrary
+    files. A vulnerability in a2ps filename handling could also result in
+    arbitrary command execution.
+  </synopsis>
+  <product type="ebuild">a2ps</product>
+  <announced>2005-01-04</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>75784</bug>
+  <bug>61500</bug>
+  <access>local and remote</access>
+  <affected>
+    <package name="app-text/a2ps" auto="yes" arch="*">
+      <unaffected range="ge">4.13c-r2</unaffected>
+      <vulnerable range="lt">4.13c-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    a2ps is an Any to Postscript filter that can convert to Postscript from
+    many filetypes. fixps is a script that fixes errors in Postscript
+    files. psmandup produces a Postscript file for printing in manual
+    duplex mode.
+    </p>
+  </background>
+  <description>
+    <p>
+    Javier Fernandez-Sanguino Pena discovered that the a2ps package
+    contains two scripts that create insecure temporary files (fixps and
+    psmandup). Furthermore, we fixed in a previous revision a vulnerability
+    in a2ps filename handling (CAN-2004-1170).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    fixps or psmandup is executed, this would result in the file being
+    overwritten with the rights of the user running the utility. By
+    enticing a user or script to run a2ps on a malicious filename, an
+    attacker could execute arbitrary commands on the system with the rights
+    of that user or script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All a2ps users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/a2ps-4.13c-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/13641/">Secunia SA13641</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170">CAN-2004-1170</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1377">CVE-2004-1377</uri>
+    <uri link="http://lists.netsys.com/pipermail/full-disclosure/2004-August/025678.html">Full-Disclosure Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-04T09:44:14Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-04T09:44:22Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-04T11:06:21Z">
+    SeJo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-03.xml b/metadata/glsa/glsa-200501-03.xml
new file mode 100644
index 000000000000..21ab09080780
--- /dev/null
+++ b/metadata/glsa/glsa-200501-03.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-03">
+  <title>Mozilla, Firefox, Thunderbird: Various vulnerabilities</title>
+  <synopsis>
+    Various vulnerabilities were found and fixed in Mozilla-based products,
+    ranging from a potential buffer overflow and temporary files disclosure to
+    anti-spoofing issues.
+  </synopsis>
+  <product type="ebuild">Mozilla</product>
+  <announced>2005-01-05</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>76112</bug>
+  <bug>68976</bug>
+  <bug>70749</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.5</unaffected>
+      <vulnerable range="lt">1.7.5</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.5</unaffected>
+      <vulnerable range="lt">1.7.5</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0</unaffected>
+      <vulnerable range="lt">1.0</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0</unaffected>
+      <vulnerable range="lt">1.0</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">0.9</unaffected>
+      <vulnerable range="lt">0.9</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">0.9</unaffected>
+      <vulnerable range="lt">0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla is a popular web browser that includes a mail and newsreader.
+    Mozilla Firefox and Mozilla Thunderbird are respectively the
+    next-generation browser and mail client from the Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Maurycy Prodeus from isec.pl found a potentially exploitable buffer
+    overflow in the handling of NNTP URLs. Furthermore, Martin (from
+    ptraced.net) discovered that temporary files in recent versions of
+    Mozilla-based products were sometimes stored world-readable with
+    predictable names. The Mozilla Team also fixed a way of spoofing
+    filenames in Firefox's "What should Firefox do with this file" dialog
+    boxes and a potential information leak about the existence of local
+    filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a malicious NNTP link and entice a user
+    to click it, potentially resulting in the execution of arbitrary code
+    with the rights of the user running the browser. A local attacker could
+    leverage the temporary file vulnerability to read the contents of
+    another user's attachments or downloads. A remote attacker could also
+    design a malicious web page that would allow to spoof filenames if the
+    user uses the "Open with..." function in Firefox, or retrieve
+    information on the presence of specific files in the local filesystem.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-1.7.5"</code>
+    <p>
+    All Mozilla binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-bin-1.7.5"</code>
+    <p>
+    All Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0"</code>
+    <p>
+    All Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0"</code>
+    <p>
+    All Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-0.9"</code>
+    <p>
+    All Thunderbird binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-0.9"</code>
+  </resolution>
+  <references>
+    <uri link="http://isec.pl/vulnerabilities/isec-0020-mozilla.txt">isec.pl Advisory</uri>
+    <uri link="http://broadcast.ptraced.net/advisories/008-firefox.thunderbird.txt">Martin (from ptraced.net) Advisory</uri>
+    <uri link="https://secunia.com/advisories/13144/">Secunia Advisory SA13144</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2227">CVE-2004-2227</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2228">CVE-2004-2228</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-04T10:09:38Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-04T10:10:52Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-04.xml b/metadata/glsa/glsa-200501-04.xml
new file mode 100644
index 000000000000..e70624444cdb
--- /dev/null
+++ b/metadata/glsa/glsa-200501-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-04">
+  <title>Shoutcast Server: Remote code execution</title>
+  <synopsis>
+    Shoutcast Server contains a possible buffer overflow that could lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Shoutcast-server-bin</product>
+  <announced>2005-01-05</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>75482</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/shoutcast-server-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.9.5</unaffected>
+      <vulnerable range="le">1.9.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Shoutcast Server is Nullsoft's streaming audio server. It runs on a
+    variety of platforms, including Linux, and is extremely popular with
+    Internet broadcasters.
+    </p>
+  </background>
+  <description>
+    <p>
+    Part of the Shoutcast Server Linux binary has been found to improperly
+    handle sprintf() parsing.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious attacker could send a formatted URL request to the
+    Shoutcast Server. This formatted URL would cause either the server
+    process to crash, or the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Shoutcast Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/shoutcast-server-bin-1.9.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/385350">BugTraq Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1373">CVE-2004-1373</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-29T14:31:08Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-04T19:23:19Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-04T20:51:10Z">
+    chriswhite
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-05.xml b/metadata/glsa/glsa-200501-05.xml
new file mode 100644
index 000000000000..1f03b63595aa
--- /dev/null
+++ b/metadata/glsa/glsa-200501-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-05">
+  <title>mit-krb5: Heap overflow in libkadm5srv</title>
+  <synopsis>
+    The MIT Kerberos 5 administration library (libkadm5srv) contains a heap
+    overflow that could lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2005-01-05</announced>
+  <revised count="01">2005-01-05</revised>
+  <bug>75143</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.3.6</unaffected>
+      <vulnerable range="lt">1.3.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT krb5 is the free implementation of the Kerberos network
+    authentication protocol by the Massachusetts Institute of Technology.
+    </p>
+  </background>
+  <description>
+    <p>
+    The MIT Kerberos 5 administration library libkadm5srv contains a
+    heap overflow in the code handling password changing.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Under specific circumstances an attacker could execute arbitary
+    code with the permissions of the user running mit-krb5, which could be
+    the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mit-krb5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.3.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189">CAN 2004-1189</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-30T15:16:36Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-30T19:47:37Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-05T19:34:46Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-06.xml b/metadata/glsa/glsa-200501-06.xml
new file mode 100644
index 000000000000..0914fa5550bb
--- /dev/null
+++ b/metadata/glsa/glsa-200501-06.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-06">
+  <title>tiff: New overflows in image decoding</title>
+  <synopsis>
+    An integer overflow has been found in the TIFF library image decoding
+    routines and the tiffdump utility, potentially allowing arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2005-01-05</announced>
+  <revised count="01">2005-01-05</revised>
+  <bug>75213</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">3.7.1-r1</unaffected>
+      <vulnerable range="lt">3.7.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The TIFF library contains encoding and decoding routines for the
+    Tag Image File Format. It is called by numerous programs, including
+    GNOME and KDE applications, to interpret TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>
+    infamous41md found a potential integer overflow in the directory
+    entry count routines of the TIFF library (CAN-2004-1308). Dmitry V.
+    Levin found another similar issue in the tiffdump utility
+    (CAN-2004-1183).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a carefully crafted
+    TIFF image file, which would potentially lead to execution of arbitrary
+    code with the rights of the user viewing the image. This affects any
+    program that makes use of the TIFF library, including many web browsers
+    or mail readers.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TIFF library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.7.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183">CAN-2004-1183</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308">CAN-2004-1308</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=174&amp;type=vulnerabilities">iDEFENSE Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-03T10:21:55Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-04T14:07:42Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-07.xml b/metadata/glsa/glsa-200501-07.xml
new file mode 100644
index 000000000000..79849df5b7ff
--- /dev/null
+++ b/metadata/glsa/glsa-200501-07.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-07">
+  <title>xine-lib: Multiple overflows</title>
+  <synopsis>
+    xine-lib contains multiple overflows potentially allowing execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2005-01-06</announced>
+  <revised count="01">2005-01-06</revised>
+  <bug>74475</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1_rc8-r1</unaffected>
+      <unaffected range="rge">1_rc6-r1</unaffected>
+      <vulnerable range="lt">1_rc8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is a multimedia library which can be utilized to create
+    multimedia frontends.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ariel Berkman discovered that xine-lib reads specific input data
+    into an array without checking the input size in demux_aiff.c, making
+    it vulnerable to a buffer overflow (CAN-2004-1300) . iDefense
+    discovered that the PNA_TAG handling code in pnm_get_chunk() does not
+    check if the input size is larger than the buffer size (CAN-2004-1187).
+    iDefense also discovered that in this same function, a negative value
+    could be given to an unsigned variable that specifies the read length
+    of input data (CAN-2004-1188).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a malicious movie or convince a
+    targeted user to connect to a malicious PNM server, which could result
+    in the execution of arbitrary code with the rights of the user running
+    any xine-lib frontend.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose media-libs/xine-lib</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187">CAN-2004-1187</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188">CAN-2004-1188</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1300">CAN-2004-1300</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=176&amp;type=vulnerabilities">iDefense Advisory</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=177&amp;type=vulnerabilities">iDefense Advisory</uri>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt">Ariel Berkman Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-12-21T14:06:44Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-12-21T16:57:50Z">
+    SeJo
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-06T08:50:09Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-08.xml b/metadata/glsa/glsa-200501-08.xml
new file mode 100644
index 000000000000..452c5ca8e2d5
--- /dev/null
+++ b/metadata/glsa/glsa-200501-08.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-08">
+  <title>phpGroupWare: Various vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in phpGroupWare that could
+    lead to information disclosure or remote compromise.
+  </synopsis>
+  <product type="ebuild">phpgroupware</product>
+  <announced>2005-01-06</announced>
+  <revised count="04">2006-05-22</revised>
+  <bug>74487</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpgroupware" auto="yes" arch="*">
+      <unaffected range="ge">0.9.16.004</unaffected>
+      <vulnerable range="lt">0.9.16.004</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpGroupWare is a web-based suite of group applications including a
+    calendar, todo-list, addressbook, email, wiki, news headlines, and a
+    file manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several flaws were discovered in phpGroupWare making it vulnerable to
+    cross-site scripting attacks, SQL injection, and full path disclosure.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities could allow an attacker to perform cross-site
+    scripting attacks, execute SQL queries, and disclose the full path of
+    the web directory.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpGroupWare users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpgroupware-0.9.16.004"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/384492">BugTraq Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1383">CVE-2004-1383</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1384">CVE-2004-1384</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1385">CVE-2004-1385</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-06T08:52:11Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-06T08:52:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-06T13:44:43Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-09.xml b/metadata/glsa/glsa-200501-09.xml
new file mode 100644
index 000000000000..26f4ea7288e2
--- /dev/null
+++ b/metadata/glsa/glsa-200501-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-09">
+  <title>xzgv: Multiple overflows</title>
+  <synopsis>
+    xzgv contains multiple overflows that may lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">xzgv</product>
+  <announced>2005-01-06</announced>
+  <revised count="01">2005-01-06</revised>
+  <bug>74069</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xzgv" auto="yes" arch="*">
+      <unaffected range="ge">0.8-r1</unaffected>
+      <vulnerable range="le">0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xzgv is a picture viewer for X, with a thumbnail-based file
+    selector.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple overflows have been found in the image processing code of
+    xzgv, including an integer overflow in the PRF parsing code
+    (CAN-2004-0994).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open or browse a
+    specially-crafted image file, potentially resulting in the execution of
+    arbitrary code with the rights of the user running xzgv.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xzgv users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/xzgv-0.8-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0994">CAN-2004-0994</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=160&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-06T12:54:06Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-06T12:55:35Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-10.xml b/metadata/glsa/glsa-200501-10.xml
new file mode 100644
index 000000000000..b383c290850c
--- /dev/null
+++ b/metadata/glsa/glsa-200501-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-10">
+  <title>Vilistextum: Buffer overflow vulnerability</title>
+  <synopsis>
+    Vilistextum is vulnerable to a buffer overflow that allows an attacker to
+    execute arbitrary code through the use of a malicious webpage.
+  </synopsis>
+  <product type="ebuild">vilistextum</product>
+  <announced>2005-01-06</announced>
+  <revised count="01">2005-01-06</revised>
+  <bug>74694</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/vilistextum" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Vilistextum is an HTML to text converter.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ariel Berkman discovered that Vilistextum unsafely reads data into
+    an array without checking the length. This code vulnerability may lead
+    to a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft a malicious webpage which, when
+    converted, would result in the execution of arbitrary code with the
+    rights of the user running Vilistextum.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Vilistextum users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/vilistextum-2.6.7"</code>
+  </resolution>
+  <references>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/vilistextum.txt">Original Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1299">CAN-2004-1299</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-03T15:34:01Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-04T11:50:53Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-06T13:22:37Z">
+    SeJo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-11.xml b/metadata/glsa/glsa-200501-11.xml
new file mode 100644
index 000000000000..23297139f3b3
--- /dev/null
+++ b/metadata/glsa/glsa-200501-11.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-11">
+  <title>Dillo: Format string vulnerability</title>
+  <synopsis>
+    Dillo is vulnerable to a format string bug, which may result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Dillo</product>
+  <announced>2005-01-09</announced>
+  <revised count="01">2005-01-09</revised>
+  <bug>76665</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/dillo" auto="yes" arch="*">
+      <unaffected range="ge">0.8.3-r4</unaffected>
+      <vulnerable range="lt">0.8.3-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dillo is a small and fast multi-platform web browser based on
+    GTK+.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gentoo Linux developer Tavis Ormandy found a format string bug in
+    Dillo's handling of messages in a_Interface_msg().
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious web page which, when accessed
+    using Dillo, would trigger the format string vulnerability and
+    potentially execute arbitrary code with the rights of the user running
+    Dillo.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dillo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/dillo-0.8.3-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0012">CAN-2005-0012</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-07T15:41:51Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-09T17:56:03Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-09T18:39:04Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-12.xml b/metadata/glsa/glsa-200501-12.xml
new file mode 100644
index 000000000000..5da00071d287
--- /dev/null
+++ b/metadata/glsa/glsa-200501-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-12">
+  <title>TikiWiki: Arbitrary command execution</title>
+  <synopsis>
+    A bug in TikiWiki allows certain users to upload and execute malicious PHP
+    scripts.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2005-01-10</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>75568</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.8.4.1</unaffected>
+      <vulnerable range="lt">1.8.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is a web-based groupware and content management system (CMS),
+    using PHP, ADOdb and Smarty.
+    </p>
+  </background>
+  <description>
+    <p>
+    TikiWiki lacks a check on uploaded images in the Wiki edit page.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A malicious user could run arbitrary commands on the server by
+    uploading and calling a PHP script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.8.4.1"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://tikiwiki.org/tiki-read_article.php?articleId=97">TikiWiki Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1386">CVE-2004-1386</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-07T09:12:58Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-07T09:13:09Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-07T20:49:48Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-13.xml b/metadata/glsa/glsa-200501-13.xml
new file mode 100644
index 000000000000..39faa8ce8799
--- /dev/null
+++ b/metadata/glsa/glsa-200501-13.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-13">
+  <title>pdftohtml: Vulnerabilities in included Xpdf</title>
+  <synopsis>
+    pdftohtml includes vulnerable Xpdf code to handle PDF files, making it
+    vulnerable to execution of arbitrary code upon converting a malicious PDF
+    file.
+  </synopsis>
+  <product type="ebuild">pdftohtml</product>
+  <announced>2005-01-10</announced>
+  <revised count="01">2005-01-10</revised>
+  <bug>75200</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/pdftohtml" auto="yes" arch="*">
+      <unaffected range="ge">0.36-r2</unaffected>
+      <vulnerable range="lt">0.36-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pdftohtml is a utility to convert PDF files to HTML or XML
+    formats. It makes use of Xpdf code to decode PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Xpdf is vulnerable to integer overflows, as described in GLSA
+    200412-24.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to convert a specially-crafted PDF
+    file, potentially resulting in the execution of arbitrary code with the
+    rights of the user running pdftohtml.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pdftohtml users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/pdftohtml-0.36-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200410-20.xml">GLSA 200412-24</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125">CAN-2004-1125</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-09T18:15:51Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-09T18:17:10Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-14.xml b/metadata/glsa/glsa-200501-14.xml
new file mode 100644
index 000000000000..4b5df83f5df2
--- /dev/null
+++ b/metadata/glsa/glsa-200501-14.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-14">
+  <title>mpg123: Buffer overflow</title>
+  <synopsis>
+    An attacker may be able to execute arbitrary code by way of specially
+    crafted MP2 or MP3 files.
+  </synopsis>
+  <product type="ebuild">media-sound/mpg123</product>
+  <announced>2005-01-10</announced>
+  <revised count="01">2005-01-10</revised>
+  <bug>76862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mpg123" auto="yes" arch="*">
+      <unaffected range="ge">0.59s-r9</unaffected>
+      <vulnerable range="lt">0.59s-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mpg123 is a real-time MPEG audio player.
+    </p>
+  </background>
+  <description>
+    <p>
+    mpg123 improperly parses frame headers in input streams.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By inducing a user to play a malicious file, an attacker may be
+    able to exploit a buffer overflow to execute arbitrary code with the
+    permissions of the user running mpg123.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mpg123 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/mpg123-0.59s-r9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991">CAN-2004-0991</uri>
+    <uri link="http://www.securityfocus.com/archive/1/374433">Bugtraq Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-07T13:23:00Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-08T19:52:22Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-09T05:27:09Z">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-15.xml b/metadata/glsa/glsa-200501-15.xml
new file mode 100644
index 000000000000..b4aa83cb48e3
--- /dev/null
+++ b/metadata/glsa/glsa-200501-15.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-15">
+  <title>UnRTF: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow in UnRTF allows an attacker to execute arbitrary code by
+    way of a specially crafted RTF file.
+  </synopsis>
+  <product type="ebuild">app-text/unrtf</product>
+  <announced>2005-01-10</announced>
+  <revised count="01">2005-01-10</revised>
+  <bug>74480</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/unrtf" auto="yes" arch="*">
+      <unaffected range="ge">0.19.3-r1</unaffected>
+      <vulnerable range="lt">0.19.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    UnRTF is a utility to convert files in the Rich Text Format into
+    other formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    An unchecked strcat() in unrtf may overflow the bounds of a static
+    buffer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Using a specially crafted file, possibly delivered by e-mail or
+    over the web, an attacker may execute arbitrary code with the
+    permissions of the user running UnRTF.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All unrtf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/unrtf-0.19.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/unrtf.txt">Original Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-08T19:54:59Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-08T19:55:37Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-09T05:15:13Z">
+    dmargoli
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-16.xml b/metadata/glsa/glsa-200501-16.xml
new file mode 100644
index 000000000000..a6194a2dd2e9
--- /dev/null
+++ b/metadata/glsa/glsa-200501-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-16">
+  <title>Konqueror: Java sandbox vulnerabilities</title>
+  <synopsis>
+    The Java sandbox environment in Konqueror can be bypassed to access
+    arbitrary packages, allowing untrusted Java applets to perform unrestricted
+    actions on the host system.
+  </synopsis>
+  <product type="ebuild">Konqueror, kde, kdelibs</product>
+  <announced>2005-01-11</announced>
+  <revised count="02">2005-01-12</revised>
+  <bug>72750</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2</unaffected>
+      <vulnerable range="lt">3.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. Konqueror is the KDE web browser and file
+    manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    Konqueror contains two errors that allow JavaScript scripts and Java
+    applets to have access to restricted Java classes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could embed a malicious Java applet in a web page and
+    entice a victim to view it. This applet can then bypass security
+    restrictions and execute any command, or access any file with the
+    rights of the user running Konqueror.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdelibs</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kde.org/info/security/advisory-20041220-1.txt">KDE Security Advisory: Konqueror Java Vulnerability</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145">CAN 2004-1145</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-12-21T20:38:36Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-11T12:36:53Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-17.xml b/metadata/glsa/glsa-200501-17.xml
new file mode 100644
index 000000000000..e3070efaa5c3
--- /dev/null
+++ b/metadata/glsa/glsa-200501-17.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-17">
+  <title>KPdf, KOffice: More vulnerabilities in included Xpdf</title>
+  <synopsis>
+    KPdf and KOffice both include vulnerable Xpdf code to handle PDF files,
+    making them vulnerable to the execution of arbitrary code if a user is
+    enticed to view a malicious PDF file.
+  </synopsis>
+  <product type="ebuild">kpdf, koffice</product>
+  <announced>2005-01-11</announced>
+  <revised count="02">2005-01-12</revised>
+  <bug>75203</bug>
+  <bug>75204</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/koffice" auto="yes" arch="*">
+      <unaffected range="ge">1.3.5-r1</unaffected>
+      <vulnerable range="lt">1.3.5-r1</vulnerable>
+    </package>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r1</unaffected>
+      <unaffected range="rge">3.2.3-r3</unaffected>
+      <vulnerable range="lt">3.3.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KPdf is a KDE-based PDF viewer included in the kdegraphics package.
+    KOffice is an integrated office suite for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is
+    vulnerable to multiple new integer overflows, as described in GLSA
+    200412-24.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially-crafted PDF file,
+    potentially resulting in the execution of arbitrary code with the
+    rights of the user running the affected utility.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KPdf users should upgrade to the latest version of kdegraphics:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdegraphics</code>
+    <p>
+    All KOffice users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-office/koffice</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200412-24.xml">GLSA 200412-24</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125">CAN-2004-1125</uri>
+    <uri link="https://kde.org/info/security/advisory-20041223-1.txt">KDE Security Advisory: kpdf Buffer Overflow Vulnerability</uri>
+    <uri link="https://koffice.kde.org/security/2004_xpdf_integer_overflow_2.php">KOffice XPDF Integer Overflow 2</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-05T17:17:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-11T12:37:24Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-18.xml b/metadata/glsa/glsa-200501-18.xml
new file mode 100644
index 000000000000..9a446af2cb4e
--- /dev/null
+++ b/metadata/glsa/glsa-200501-18.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-18">
+  <title>KDE FTP KIOslave: Command injection</title>
+  <synopsis>
+    The FTP KIOslave contains a bug allowing users to execute arbitrary FTP
+    commands.
+  </synopsis>
+  <product type="ebuild">konqueror</product>
+  <announced>2005-01-11</announced>
+  <revised count="02">2005-01-12</revised>
+  <bug>73759</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r2</unaffected>
+      <unaffected range="rge">3.2.3-r5</unaffected>
+      <vulnerable range="lt">3.3.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. KDE provided KIOslaves for many protocols
+    in the kdelibs package, one of them being FTP. These are used by KDE
+    applications such as Konqueror.
+    </p>
+  </background>
+  <description>
+    <p>
+    The FTP KIOslave fails to properly parse URL-encoded newline
+    characters.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this to execute arbitrary FTP commands on the
+    server and due to similiarities between the FTP and the SMTP protocol,
+    this vulnerability also allows an attacker to connect to a SMTP server
+    and issue arbitrary commands, for example sending an email.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdelibs</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kde.org/info/security/advisory-20050101-1.txt">KDE Security Advisory: ftp kioslave command injection</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165">CAN-2004-1165</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-05T16:56:23Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-11T12:39:06Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-19.xml b/metadata/glsa/glsa-200501-19.xml
new file mode 100644
index 000000000000..b04f6226e0d0
--- /dev/null
+++ b/metadata/glsa/glsa-200501-19.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-19">
+  <title>imlib2: Buffer overflows in image decoding</title>
+  <synopsis>
+    Multiple overflows have been found in the imlib2 library image decoding
+    routines, potentially allowing the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">imlib2</product>
+  <announced>2005-01-11</announced>
+  <revised count="01">2005-01-11</revised>
+  <bug>77002</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/imlib2" auto="yes" arch="*">
+      <unaffected range="ge">1.2.0</unaffected>
+      <vulnerable range="lt">1.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    imlib2 is an advanced replacement for image manipulation libraries
+    such as libXpm. It is utilized by numerous programs, including gkrellm
+    and several window managers, to display images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Pavel Kankovsky discovered that several buffer overflows found in
+    the libXpm library (see GLSA 200409-34) also apply to imlib (see GLSA
+    200412-03) and imlib2. He also fixed a number of other potential
+    security vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a carefully-crafted
+    image file, which would potentially lead to the execution of arbitrary
+    code with the rights of the user viewing the image. This affects any
+    program that utilizes of the imlib2 library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All imlib2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/imlib2-1.2.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026">CAN-2004-1026</uri>
+    <uri link="https://security.gentoo.org/glsa/glsa-200412-03.xml">GLSA 200412-03</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-08T09:59:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-09T05:41:55Z">
+    dmargoli
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-10T22:14:19Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-20.xml b/metadata/glsa/glsa-200501-20.xml
new file mode 100644
index 000000000000..a23a6886a60d
--- /dev/null
+++ b/metadata/glsa/glsa-200501-20.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-20">
+  <title>o3read: Buffer overflow during file conversion</title>
+  <synopsis>
+    A buffer overflow in o3read allows an attacker to execute arbitrary code by
+    way of a specially crafted XML file.
+  </synopsis>
+  <product type="ebuild">o3read</product>
+  <announced>2005-01-11</announced>
+  <revised count="01">2005-01-11</revised>
+  <bug>74478</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/o3read" auto="yes" arch="*">
+      <unaffected range="ge">0.0.4</unaffected>
+      <vulnerable range="le">0.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    o3read is a standalone converter for OpenOffice.org files. It
+    allows a user to dump the contents tree (o3read) and convert to plain
+    text (o3totxt) or to HTML (o3tohtml) Writer and Calc files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Wiktor Kopec discovered that the parse_html function in o3read.c
+    copies any number of bytes into a 1024-byte t[] array.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Using a specially crafted file, possibly delivered by e-mail or
+    over the Web, an attacker may execute arbitrary code with the
+    permissions of the user running o3read.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All o3read users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/o3read-0.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1288">CAN-2004-1288</uri>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/o3read.txt">Wiktor Kopec advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-10T22:12:42Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-10T22:13:07Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-11T11:55:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-21.xml b/metadata/glsa/glsa-200501-21.xml
new file mode 100644
index 000000000000..83e1d67a8c19
--- /dev/null
+++ b/metadata/glsa/glsa-200501-21.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-21">
+  <title>HylaFAX: hfaxd unauthorized login vulnerability</title>
+  <synopsis>
+    HylaFAX is subject to a vulnerability in its username matching code,
+    potentially allowing remote users to bypass access control lists.
+  </synopsis>
+  <product type="ebuild">HylaFAX</product>
+  <announced>2005-01-11</announced>
+  <revised count="01">2005-01-11</revised>
+  <bug>75941</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/hylafax" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0-r2</unaffected>
+      <vulnerable range="lt">4.2.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    HylaFAX is a software package for sending and receiving facsimile
+    messages.
+    </p>
+  </background>
+  <description>
+    <p>
+    The code used by hfaxd to match a given username and hostname with
+    an entry in the hosts.hfaxd file is insufficiently protected against
+    malicious entries.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If the HylaFAX installation uses a weak hosts.hfaxd file, a remote
+    attacker could authenticate using a malicious username or hostname and
+    bypass the intended access restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    As a workaround, administrators may consider adding passwords to
+    all entries in the hosts.hfaxd file.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All HylaFAX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/hylafax-4.2.0-r2"</code>
+    <p>
+    Note: Due to heightened security, weak entries in the
+    hosts.hfaxd file may no longer work. Please see the HylaFAX
+    documentation for details of accepted syntax in the hosts.hfaxd file.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1182">CAN-2004-1182</uri>
+    <uri link="http://marc.theaimsgroup.com/?l=hylafax&amp;m=110545119911558&amp;w=2">HylaFAX Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-10T09:56:02Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-10T13:48:18Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-11T16:16:35Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-22.xml b/metadata/glsa/glsa-200501-22.xml
new file mode 100644
index 000000000000..be2daf103db8
--- /dev/null
+++ b/metadata/glsa/glsa-200501-22.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-22">
+  <title>poppassd_pam: Unauthorized password changing</title>
+  <synopsis>
+    poppassd_pam allows anyone to change any user's password without
+    authenticating the user first.
+  </synopsis>
+  <product type="ebuild">poppassd_pam</product>
+  <announced>2005-01-11</announced>
+  <revised count="01">2005-01-11</revised>
+  <bug>75820</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/poppassd_ceti" auto="yes" arch="*">
+      <unaffected range="ge">1.8.4</unaffected>
+      <vulnerable range="le">1.0</vulnerable>
+    </package>
+    <package name="net-mail/poppassd_pam" auto="yes" arch="*">
+      <vulnerable range="le">1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    poppassd_pam is a PAM-enabled server for changing system passwords
+    that can be used to change POP server passwords.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gentoo Linux developer Marcus Hanwell discovered that poppassd_pam
+    did not check that the old password was valid before changing
+    passwords. Our investigation revealed that poppassd_pam did not call
+    pam_authenticate before calling pam_chauthtok.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could change the system password of any user,
+    including root. This leads to a complete compromise of the POP
+    accounts, and may also lead to a complete root compromise of the
+    affected server, if it also provides shell access authenticated using
+    system passwords.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All poppassd_pam users should migrate to the new package called
+    poppassd_ceti:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/poppassd_ceti-1.8.4"</code>
+    <p>
+    Note: Portage will automatically replace the poppassd_pam
+    package by the poppassd_ceti package.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0002">CAN-2005-0002</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-11T08:56:45Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-11T12:12:22Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-11T19:52:14Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-23.xml b/metadata/glsa/glsa-200501-23.xml
new file mode 100644
index 000000000000..c56bf822d6f3
--- /dev/null
+++ b/metadata/glsa/glsa-200501-23.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-23">
+  <title>Exim: Two buffer overflows</title>
+  <synopsis>
+    Buffer overflow vulnerabilities, which could lead to arbitrary code
+    execution, have been found in the handling of IPv6 addresses as well as in
+    the SPA authentication mechanism in Exim.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2005-01-12</announced>
+  <revised count="01">2005-01-12</revised>
+  <bug>76893</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.43-r2</unaffected>
+      <vulnerable range="lt">4.43-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Exim is an highly configurable message transfer agent (MTA)
+    developed at the University of Cambridge.
+    </p>
+  </background>
+  <description>
+    <p>
+    Buffer overflows have been found in the host_aton() function
+    (CAN-2005-0021) as well as in the spa_base64_to_bits() function
+    (CAN-2005-0022), which is part of the SPA authentication code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could trigger the buffer overflow in host_aton()
+    by supplying an illegal IPv6 address with more than 8 components, using
+    a command line option. The second vulnerability could be remotely
+    exploited during SPA authentication, if it is enabled on the server.
+    Both buffer overflows can potentially lead to the execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Exim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.43-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.exim.org/mail-archives/exim-announce/2005/msg00000.html">Exim Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0021">CAN-2005-0021</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0022">CAN-2005-0022</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-10T09:24:16Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-10T10:01:20Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-12T21:52:22Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-24.xml b/metadata/glsa/glsa-200501-24.xml
new file mode 100644
index 000000000000..1c0da1e6b278
--- /dev/null
+++ b/metadata/glsa/glsa-200501-24.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-24">
+  <title>tnftp: Arbitrary file overwriting</title>
+  <synopsis>
+    tnftp fails to validate filenames when downloading files, making it
+    vulnerable to arbitrary file overwriting.
+  </synopsis>
+  <product type="ebuild">tnftp</product>
+  <announced>2005-01-14</announced>
+  <revised count="01">2005-01-14</revised>
+  <bug>74704</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/tnftp" auto="yes" arch="*">
+      <unaffected range="ge">20050103</unaffected>
+      <vulnerable range="lt">20050103</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    tnftp is a NetBSD FTP client with several advanced features.
+    </p>
+  </background>
+  <description>
+    <p>
+    The 'mget' function in cmds.c lacks validation of the filenames
+    that are supplied by the server.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker running an FTP server could supply clients with
+    malicious filenames, potentially allowing the overwriting of arbitrary
+    files with the permission of the connected user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All tnftp users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/tnftp-20050103"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1294">CAN-2004-1294</uri>
+    <uri link="http://tigger.uic.edu/~jlongs2/holes/tnftp.txt">Original Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-10T09:24:54Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-11T21:44:41Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-12T23:35:57Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-25.xml b/metadata/glsa/glsa-200501-25.xml
new file mode 100644
index 000000000000..03297488cc50
--- /dev/null
+++ b/metadata/glsa/glsa-200501-25.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-25">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>
+    Squid contains vulnerabilities in the the code handling NTLM (NT Lan
+    Manager), Gopher to HTML, ACLs and WCCP (Web Cache Communication Protocol)
+    which could lead to ACL bypass, denial of service and arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2005-01-16</announced>
+  <revised count="03">2005-02-07</revised>
+  <bug>77934</bug>
+  <bug>77521</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.5.7-r2</unaffected>
+      <vulnerable range="lt">2.5.7-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a full-featured Web proxy cache designed to run on Unix
+    systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+    as well as SSL support, cache hierarchies, transparent caching, access
+    control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>
+    Squid contains a vulnerability in the gopherToHTML function
+    (CAN-2005-0094) and incorrectly checks the 'number of caches' field
+    when parsing WCCP_I_SEE_YOU messages (CAN-2005-0095). Furthermore the
+    NTLM code contains two errors. One is a memory leak in the
+    fakeauth_auth helper (CAN-2005-0096) and the other is a NULL pointer
+    dereferencing error (CAN-2005-0097). Finally Squid also contains an
+    error in the ACL parsing code (CAN-2005-0194).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    With the WCCP issue an attacker could cause denial of service by
+    sending a specially crafted UDP packet. With the Gopher issue an
+    attacker might be able to execute arbitrary code by enticing a user to
+    connect to a malicious Gopher server. The NTLM issues could lead to
+    denial of service by memory consumption or by crashing Squid. The ACL
+    issue could lead to ACL bypass.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-2.5.7-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/13825/">Secunia Advisory SA13825</uri>
+    <uri link="https://secunia.com/advisories/13789/">Secunia Advisory SA13789</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0094">CAN-2005-0094</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0095">CAN-2005-0095</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0096">CAN-2005-0096</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0097">CAN-2005-0097</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0194">CAN-2005-0194</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-14T17:51:35Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-14T17:55:02Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-26.xml b/metadata/glsa/glsa-200501-26.xml
new file mode 100644
index 000000000000..062217887ac2
--- /dev/null
+++ b/metadata/glsa/glsa-200501-26.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-26">
+  <title>ImageMagick: PSD decoding heap overflow</title>
+  <synopsis>
+    ImageMagick is vulnerable to a heap overflow when decoding Photoshop
+    Document (PSD) files, which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2005-01-20</announced>
+  <revised count="01">2005-01-20</revised>
+  <bug>77932</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.1.8.8</unaffected>
+      <vulnerable range="lt">6.1.8.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a collection of tools to read, write and manipulate
+    images in many formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Andrei Nigmatulin discovered that a Photoshop Document (PSD) file
+    with more than 24 layers could trigger a heap overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could potentially design a mailicous PSD image file to
+    cause arbitrary code execution with the permissions of the user running
+    ImageMagick.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.1.8.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0005">CAN-2005-0005</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=184&amp;type=vulnerabilities">iDEFENSE Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-18T13:50:38Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-20T09:15:57Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-27.xml b/metadata/glsa/glsa-200501-27.xml
new file mode 100644
index 000000000000..650aae069867
--- /dev/null
+++ b/metadata/glsa/glsa-200501-27.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-27">
+  <title>Ethereal: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities exist in Ethereal, which may allow an attacker to
+    run arbitrary code, crash the program or perform DoS by CPU and disk
+    utilization.
+  </synopsis>
+  <product type="ebuild">ethereal</product>
+  <announced>2005-01-20</announced>
+  <revised count="01">2005-01-20</revised>
+  <bug>78559</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.9</unaffected>
+      <vulnerable range="lt">0.10.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are multiple vulnerabilities in versions of Ethereal earlier
+    than 0.10.9, including:
+    </p>
+    <ul>
+    <li>The COPS dissector could go into
+    an infinite loop (CAN-2005-0006).</li>
+    <li>The DLSw dissector could
+    cause an assertion, making Ethereal exit prematurely
+    (CAN-2005-0007).</li>
+    <li>The DNP dissector could cause memory
+    corruption (CAN-2005-0008).</li>
+    <li>The Gnutella dissector could cause
+    an assertion, making Ethereal exit prematurely (CAN-2005-0009).</li>
+    <li>The MMSE dissector could free statically-allocated memory
+    (CAN-2005-0010).</li>
+    <li>The X11 dissector is vulnerable to a string
+    buffer overflow (CAN-2005-0084).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to use these vulnerabilities to crash
+    Ethereal, perform DoS by CPU and disk space utilization or even execute
+    arbitrary code with the permissions of the user running Ethereal, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For a temporary workaround you can disable all affected protocol
+    dissectors by selecting Analyze-&gt;Enabled Protocols... and deselecting
+    them from the list. However, it is strongly recommended to upgrade to
+    the latest stable version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ethereal-0.10.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006">CAN-2005-0006</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007">CAN-2005-0007</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008">CAN-2005-0008</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009">CAN-2005-0009</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010">CAN-2005-0010</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084">CAN-2005-0084</uri>
+    <uri link="http://www.ethereal.com/news/item_20050120_01.html">Ethereal Release Notes</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-18T21:23:59Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-20T22:30:28Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-28.xml b/metadata/glsa/glsa-200501-28.xml
new file mode 100644
index 000000000000..46835523c1dd
--- /dev/null
+++ b/metadata/glsa/glsa-200501-28.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-28">
+  <title>Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2</title>
+  <synopsis>
+    A stack overflow was discovered in Xpdf, potentially resulting in the
+    execution of arbitrary code. GPdf includes Xpdf code and therefore is
+    vulnerable to the same issue.
+  </synopsis>
+  <product type="ebuild">Xpdf</product>
+  <announced>2005-01-21</announced>
+  <revised count="01">2005-01-21</revised>
+  <bug>77888</bug>
+  <bug>78128</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.00-r8</unaffected>
+      <vulnerable range="le">3.00-r7</vulnerable>
+    </package>
+    <package name="app-text/gpdf" auto="yes" arch="*">
+      <unaffected range="ge">2.8.2</unaffected>
+      <vulnerable range="lt">2.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xpdf is an open source viewer for Portable Document Format (PDF)
+    files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDEFENSE reports that the Decrypt::makeFileKey2 function in Xpdf's
+    Decrypt.cc insufficiently checks boundaries when processing /Encrypt
+    /Length tags in PDF files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice an user to open a specially-crafted PDF
+    file which would trigger a stack overflow, potentially resulting in
+    execution of arbitrary code with the rights of the user running Xpdf or
+    GPdf.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/xpdf-3.00-r8"</code>
+    <p>
+    All GPdf users should also upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/gpdf-2.8.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064">CAN-2005-0064</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=186&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-18T13:34:11Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-21T20:37:01Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-29.xml b/metadata/glsa/glsa-200501-29.xml
new file mode 100644
index 000000000000..7fc553537cd0
--- /dev/null
+++ b/metadata/glsa/glsa-200501-29.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-29">
+  <title>Mailman: Cross-site scripting vulnerability</title>
+  <synopsis>
+    Mailman is vulnerable to cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">mailman</product>
+  <announced>2005-01-22</announced>
+  <revised count="01">2005-01-22</revised>
+  <bug>77524</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/mailman" auto="yes" arch="*">
+      <unaffected range="ge">2.1.5-r3</unaffected>
+      <vulnerable range="lt">2.1.5-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mailman is a Python-based mailing list server with an extensive
+    web interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    Florian Weimer has discovered a cross-site scripting vulnerability
+    in the error messages that are produced by Mailman.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By enticing a user to visiting a specially-crafted URL, an
+    attacker can execute arbitrary script code running in the context of
+    the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mailman users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/mailman-2.1.5-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177">CAN-2004-1177</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-19T10:01:17Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-20T09:22:10Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-21T16:36:40Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-30.xml b/metadata/glsa/glsa-200501-30.xml
new file mode 100644
index 000000000000..bf869dd105a3
--- /dev/null
+++ b/metadata/glsa/glsa-200501-30.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-30">
+  <title>CUPS: Stack overflow in included Xpdf code</title>
+  <synopsis>
+    CUPS includes Xpdf code and therefore is vulnerable to the recent stack
+    overflow issue, potentially resulting in the remote execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">CUPS</product>
+  <announced>2005-01-22</announced>
+  <revised count="01">2005-01-22</revised>
+  <bug>78249</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.1.23-r1</unaffected>
+      <vulnerable range="lt">1.1.23-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Common UNIX Printing System (CUPS) is a cross-platform print
+    spooler. It makes use of Xpdf code to handle PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc
+    insufficiently checks boundaries when processing /Encrypt /Length tags
+    in PDF files (GLSA 200501-28).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    This issue could be exploited by a remote attacker to execute
+    arbitrary code by sending a malicious print job to a CUPS spooler.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.1.23-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064">CAN-2005-0064</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200501-28.xml">GLSA 200501-28</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-21T20:52:56Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-21T20:53:07Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-31.xml b/metadata/glsa/glsa-200501-31.xml
new file mode 100644
index 000000000000..3cb82298785a
--- /dev/null
+++ b/metadata/glsa/glsa-200501-31.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-31">
+  <title>teTeX, pTeX, CSTeX: Multiple vulnerabilities</title>
+  <synopsis>
+    teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the
+    remote execution of arbitrary code. Furthermore, the xdvizilla script is
+    vulnerable to temporary file handling issues.
+  </synopsis>
+  <product type="ebuild">teTeX</product>
+  <announced>2005-01-23</announced>
+  <revised count="01">2005-01-23</revised>
+  <bug>75801</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="app-text/tetex" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r5</unaffected>
+      <vulnerable range="lt">2.0.2-r5</vulnerable>
+    </package>
+    <package name="app-text/cstetex" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r1</unaffected>
+      <vulnerable range="lt">2.0.2-r1</vulnerable>
+    </package>
+    <package name="app-text/ptex" auto="yes" arch="*">
+      <unaffected range="ge">3.1.4-r2</unaffected>
+      <vulnerable range="lt">3.1.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    teTeX is a complete and open source TeX distribution. CSTeX is
+    another TeX distribution including Czech and Slovak support. pTeX is
+    another alternative that allows Japanese publishing with TeX. xdvizilla
+    is an auxiliary script used to integrate DVI file viewing in
+    Mozilla-based browsers.
+    </p>
+  </background>
+  <description>
+    <p>
+    teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore
+    be vulnerable to the various overflows that were discovered in Xpdf
+    code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064).
+    Furthermore, Javier Fernandez-Sanguino Pena discovered that the
+    xdvizilla script does not handle temporary files correctly.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could design a malicious input file which, when
+    processed using one of the TeX distributions, could lead to the
+    execution of arbitrary code. Furthermore, a local attacker could create
+    symbolic links in the temporary files directory, pointing to a valid
+    file somewhere on the filesystem. When xdvizilla is called, this would
+    result in the file being overwritten with the rights of the user
+    running the script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All teTeX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/tetex-2.0.2-r5"</code>
+    <p>
+    All CSTeX users should also upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/cstetex-2.0.2-r1"</code>
+    <p>
+    Finally, all pTeX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/ptex-3.1.4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888">CAN-2004-0888</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889">CAN-2004-0889</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125">CAN-2004-1125</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064">CAN-2005-0064</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-21T10:36:38Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-21T22:41:12Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-23T12:09:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-32.xml b/metadata/glsa/glsa-200501-32.xml
new file mode 100644
index 000000000000..bc9a8352330d
--- /dev/null
+++ b/metadata/glsa/glsa-200501-32.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-32">
+  <title>KPdf, KOffice: Stack overflow in included Xpdf code</title>
+  <synopsis>
+    KPdf and KOffice both include vulnerable Xpdf code to handle PDF files,
+    making them vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">kpdf, koffice</product>
+  <announced>2005-01-23</announced>
+  <revised count="01">2005-01-23</revised>
+  <bug>78619</bug>
+  <bug>78620</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/koffice" auto="yes" arch="*">
+      <unaffected range="ge">1.3.5-r2</unaffected>
+      <vulnerable range="lt">1.3.5-r2</vulnerable>
+    </package>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r2</unaffected>
+      <unaffected range="rge">3.2.3-r4</unaffected>
+      <vulnerable range="lt">3.3.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KPdf is a KDE-based PDF viewer included in the kdegraphics
+    package. KOffice is an integrated office suite for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf
+    is vulnerable to a new stack overflow, as described in GLSA 200501-28.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially-crafted PDF
+    file, potentially resulting in the execution of arbitrary code with the
+    rights of the user running the affected application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KPdf users should upgrade to the latest version of
+    kdegraphics:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdegraphics</code>
+    <p>
+    All KOffice users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-office/koffice</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200501-28.xml">GLSA 200501-18</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064">CAN-2005-0064</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20050119-1.txt">KDE Security Advisory: kpdf Buffer Overflow Vulnerability</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20050120-1.txt">KDE Security Advisory: KOffice PDF Import Filter Vulnerability</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-22T09:23:04Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-23T12:21:06Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-33.xml b/metadata/glsa/glsa-200501-33.xml
new file mode 100644
index 000000000000..56411e4a5a35
--- /dev/null
+++ b/metadata/glsa/glsa-200501-33.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-33">
+  <title>MySQL: Insecure temporary file creation</title>
+  <synopsis>
+    MySQL is vulnerable to symlink attacks, potentially allowing a local user
+    to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2005-01-23</announced>
+  <revised count="01">2005-01-23</revised>
+  <bug>77805</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">4.0.22-r2</unaffected>
+      <vulnerable range="lt">4.0.22-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a fast, multi-threaded, multi-user SQL database server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Javier Fernandez-Sanguino Pena from the Debian Security Audit
+    Project discovered that the 'mysqlaccess' script creates temporary
+    files in world-writeable directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When the mysqlaccess script is executed, this would result in the file
+    being overwritten with the rights of the user running the software,
+    which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-4.0.22-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004">CAN-2005-0004</uri>
+    <uri link="https://secunia.com/advisories/13867/">Secunia Advisory SA13867</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-19T10:01:33Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-21T22:17:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-22T01:00:40Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-34.xml b/metadata/glsa/glsa-200501-34.xml
new file mode 100644
index 000000000000..006261553b53
--- /dev/null
+++ b/metadata/glsa/glsa-200501-34.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-34">
+  <title>Konversation: Various vulnerabilities</title>
+  <synopsis>
+    Konversation contains multiple vulnerabilities that could lead to remote
+    command execution or information leaks.
+  </synopsis>
+  <product type="ebuild">konversation</product>
+  <announced>2005-01-24</announced>
+  <revised count="01">2005-01-24</revised>
+  <bug>78712</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/konversation" auto="yes" arch="*">
+      <unaffected range="ge">0.15.1</unaffected>
+      <vulnerable range="lt">0.15.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Konversation is a user-friendly IRC client for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Wouter Coekaerts has discovered three vulnerabilities within
+    Konversation:
+    </p>
+    <ul>
+    <li>The Server::parseWildcards function, which
+    is used by the "Quick Buttons", does not properly handle variable
+    expansion (CAN-2005-0129).</li>
+    <li>Perl scripts included with
+    Konversation do not properly escape shell metacharacters
+    (CAN-2005-0130).</li>
+    <li>The 'Nick' and 'Password' fields in the Quick
+    Connect dialog can be easily confused (CAN-2005-0131).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious server could create specially-crafted channels, which
+    would exploit certain flaws in Konversation, potentially leading to the
+    execution of shell commands. A user could also unintentionally input
+    their password into the 'Nick' field in the Quick Connect dialog,
+    exposing his password to IRC users, and log files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Konversation users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/konversation-0.15.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129">CAN-2005-0129</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0130">CAN-2005-0130</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0131">CAN-2005-0131</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20050121-1.txt">KDE Security Advisory: Multiple vulnerabilities in Konversation</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-21T19:25:33Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-21T21:24:15Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-22T00:39:45Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-35.xml b/metadata/glsa/glsa-200501-35.xml
new file mode 100644
index 000000000000..f78cbc841122
--- /dev/null
+++ b/metadata/glsa/glsa-200501-35.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-35">
+  <title>Evolution: Integer overflow in camel-lock-helper</title>
+  <synopsis>
+    An overflow in the camel-lock-helper application can be exploited by an
+    attacker to execute arbitrary code with elevated privileges.
+  </synopsis>
+  <product type="ebuild">evolution</product>
+  <announced>2005-01-24</announced>
+  <revised count="01">2005-01-24</revised>
+  <bug>79183</bug>
+  <access>local and remote</access>
+  <affected>
+    <package name="mail-client/evolution" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r1</unaffected>
+      <vulnerable range="le">2.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Evolution is a GNOME groupware application similar to Microsoft
+    Outlook.
+    </p>
+  </background>
+  <description>
+    <p>
+    Max Vozeler discovered an integer overflow in the
+    camel-lock-helper application, which is installed as setgid mail by
+    default.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could exploit this vulnerability to execute
+    malicious code with the privileges of the 'mail' group. A remote
+    attacker could also setup a malicious POP server to execute arbitrary
+    code when an Evolution user connects to it.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Evolution users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/evolution-2.0.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0102">CAN-2005-0102</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-24T14:31:03Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-24T21:37:19Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-36.xml b/metadata/glsa/glsa-200501-36.xml
new file mode 100644
index 000000000000..d07d0a5731e3
--- /dev/null
+++ b/metadata/glsa/glsa-200501-36.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-36">
+  <title>AWStats: Remote code execution</title>
+  <synopsis>
+    AWStats fails to validate certain input, which could lead to the remote
+    execution of arbitrary code or to the leak of information.
+  </synopsis>
+  <product type="ebuild">awstats</product>
+  <announced>2005-01-25</announced>
+  <revised count="04">2009-05-28</revised>
+  <bug>77963</bug>
+  <bug>81775</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-misc/awstats" auto="yes" arch="*">
+      <unaffected range="ge">6.3-r2</unaffected>
+      <vulnerable range="lt">6.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    AWStats is an advanced log file analyzer and statistics generator.
+    </p>
+  </background>
+  <description>
+    <p>
+    When 'awstats.pl' is run as a CGI script, it fails to validate specific
+    inputs which are used in a Perl open() function call. Furthermore, a
+    user could read log file content even when plugin rawlog was not
+    enabled.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could supply AWStats malicious input, potentially
+    allowing the execution of arbitrary code with the rights of the web
+    server. He could also access raw log contents.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Making sure that AWStats does not run as a CGI script will avoid the
+    issue, but we recommend that users upgrade to the latest version, which
+    fixes these bugs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AWStats users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-misc/awstats-6.3-r2"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://awstats.sourceforge.net/docs/awstats_changelog.txt">AWStats ChangeLog</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=185">iDEFENSE Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0116">CAN-2005-0116</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0362">CAN-2005-0362</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0363">CAN-2005-0363</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-18T13:51:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-22T01:15:21Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-25T18:48:59Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-37.xml b/metadata/glsa/glsa-200501-37.xml
new file mode 100644
index 000000000000..fd8ef0bdfba6
--- /dev/null
+++ b/metadata/glsa/glsa-200501-37.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-37">
+  <title>GraphicsMagick: PSD decoding heap overflow</title>
+  <synopsis>
+    GraphicsMagick is vulnerable to a heap overflow when decoding Photoshop
+    Document (PSD) files, which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">GraphicsMagick</product>
+  <announced>2005-01-26</announced>
+  <revised count="01">2005-01-26</revised>
+  <bug>79336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphicsmagick" auto="yes" arch="*">
+      <unaffected range="ge">1.1.5</unaffected>
+      <vulnerable range="lt">1.1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GraphicsMagick is a collection of tools to read, write and
+    manipulate images in many formats. GraphicsMagick is originally derived
+    from ImageMagick 5.5.2.
+    </p>
+  </background>
+  <description>
+    <p>
+    Andrei Nigmatulin discovered that handling a Photoshop Document
+    (PSD) file with more than 24 layers in ImageMagick could trigger a heap
+    overflow (GLSA 200501-26). GraphicsMagick is based on the same code and
+    therefore suffers from the same flaw.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could potentially design a malicious PSD image file to
+    cause arbitrary code execution with the permissions of the user running
+    GraphicsMagick.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GraphicsMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphicsmagick-1.1.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0005">CAN-2005-0005</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200501-26.xml">GLSA 200501-26</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-26T12:20:54Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-26T12:21:35Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-38.xml b/metadata/glsa/glsa-200501-38.xml
new file mode 100644
index 000000000000..07aa368e6075
--- /dev/null
+++ b/metadata/glsa/glsa-200501-38.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-38">
+  <title>Perl: rmtree and DBI tmpfile vulnerabilities</title>
+  <synopsis>
+    The Perl DBI library and File::Path::rmtree function are vulnerable to
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">Perl</product>
+  <announced>2005-01-26</announced>
+  <revised count="03">2005-03-15</revised>
+  <bug>75696</bug>
+  <bug>78634</bug>
+  <bug>79685</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-perl/DBI" auto="yes" arch="*">
+      <unaffected range="rge">1.37-r1</unaffected>
+      <unaffected range="ge">1.38-r1</unaffected>
+      <vulnerable range="le">1.38</vulnerable>
+    </package>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.8.6-r4</unaffected>
+      <unaffected range="rge">5.8.5-r5</unaffected>
+      <unaffected range="rge">5.8.4-r4</unaffected>
+      <unaffected range="rge">5.8.2-r4</unaffected>
+      <vulnerable range="le">5.8.6-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Perl is a cross platform programming language. The DBI is the standard
+    database interface module for Perl.
+    </p>
+  </background>
+  <description>
+    <p>
+    Javier Fernandez-Sanguino Pena discovered that the DBI library creates
+    temporary files in an insecure, predictable way (CAN-2005-0077). Paul
+    Szabo found out that "File::Path::rmtree" is vulnerable to various race
+    conditions (CAN-2004-0452, CAN-2005-0448).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory that point to a valid file somewhere on the filesystem. When
+    the DBI library or File::Path::rmtree is executed, this could be used
+    to overwrite or remove files with the rights of the user calling these
+    functions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Perl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-lang/perl</code>
+    <p>
+    All DBI library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-perl/DBI</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452">CAN-2004-0452</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0077">CAN-2005-0077</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0448">CAN-2005-0448</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-26T15:06:53Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-26T20:14:36Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-39.xml b/metadata/glsa/glsa-200501-39.xml
new file mode 100644
index 000000000000..0091fd9c1cd2
--- /dev/null
+++ b/metadata/glsa/glsa-200501-39.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-39">
+  <title>SquirrelMail: Multiple vulnerabilities</title>
+  <synopsis>
+    SquirrelMail fails to properly sanitize user input, which could lead to
+    arbitrary code execution and compromise webmail accounts.
+  </synopsis>
+  <product type="ebuild">SquirrelMail</product>
+  <announced>2005-01-28</announced>
+  <revised count="01">2005-01-28</revised>
+  <bug>78116</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4</unaffected>
+      <vulnerable range="le">1.4.3a-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SquirrelMail is a webmail package written in PHP. It supports IMAP
+    and SMTP and can optionally be installed with SQL support.
+    </p>
+  </background>
+  <description>
+    <p>
+    SquirrelMail fails to properly sanitize certain strings when
+    decoding specially-crafted strings, which can lead to PHP file
+    inclusion and XSS.
+    </p>
+    <ul>
+    <li>Insufficient checking of incoming URLs
+    in prefs.php (CAN-2005-0075) and in webmail.php (CAN-2005-0103).</li>
+    <li>Insufficient escaping of integers in webmail.php
+    (CAN-2005-0104).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a specially-crafted URL, an attacker can execute
+    arbitrary code from the local system with the permissions of the web
+    server. Furthermore by enticing a user to load a specially-crafted URL,
+    it is possible to display arbitrary remote web pages in Squirrelmail's
+    frameset and execute arbitrary scripts running in the context of the
+    victim's browser. This could lead to a compromise of the user's webmail
+    account, cookie theft, etc.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The arbitrary code execution is only possible with
+    "register_globals" set to "On". Gentoo ships PHP with
+    "register_globals" set to "Off" by default. There are no known
+    workarounds for the other issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SquirrelMail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/squirrelmail-1.4.4"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/mailarchive/message.php?msg_id=10628451">SquirrelMail Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0075">CAN-2005-0075</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0103">CAN-2005-0103</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0104">CAN-2005-0104</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-25T17:32:40Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-28T10:51:51Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-40.xml b/metadata/glsa/glsa-200501-40.xml
new file mode 100644
index 000000000000..431951aa0543
--- /dev/null
+++ b/metadata/glsa/glsa-200501-40.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-40">
+  <title>ngIRCd: Buffer overflow</title>
+  <synopsis>
+    ngIRCd is vulnerable to a buffer overflow that can be used to crash the
+    daemon and possibly execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ngIRCd</product>
+  <announced>2005-01-28</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>79705</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/ngircd" auto="yes" arch="*">
+      <unaffected range="ge">0.8.2</unaffected>
+      <vulnerable range="lt">0.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
+    </p>
+  </background>
+  <description>
+    <p>
+    Florian Westphal discovered a buffer overflow caused by an integer
+    underflow in the Lists_MakeMask() function of lists.c.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can exploit this buffer overflow to crash the ngIRCd
+    daemon and possibly execute arbitrary code with the rights of the
+    ngIRCd daemon process.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ngIRCd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/ngIRCd-0.8.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html">ngIRCd Release Annoucement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0199">CVE-2005-0199</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-27T15:18:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-27T16:04:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-27T16:45:18Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-41.xml b/metadata/glsa/glsa-200501-41.xml
new file mode 100644
index 000000000000..6891df68fb5f
--- /dev/null
+++ b/metadata/glsa/glsa-200501-41.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-41">
+  <title>TikiWiki: Arbitrary command execution</title>
+  <synopsis>
+    A bug in TikiWiki allows certain users to upload and execute malicious PHP
+    scripts.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2005-01-30</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>78944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5</unaffected>
+      <vulnerable range="lt">1.8.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is a web-based groupware and content management system (CMS),
+    using PHP, ADOdb and Smarty.
+    </p>
+  </background>
+  <description>
+    <p>
+    TikiWiki does not validate files uploaded to the "temp" directory.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A malicious user could run arbitrary commands on the server by
+    uploading and calling a PHP script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.8.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://tikiwiki.org/art102">TikiWiki Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0200">CVE-2005-0200</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-28T00:00:37Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-29T17:00:21Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-42.xml b/metadata/glsa/glsa-200501-42.xml
new file mode 100644
index 000000000000..cc2a687a9185
--- /dev/null
+++ b/metadata/glsa/glsa-200501-42.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-42">
+  <title>VDR: Arbitrary file overwriting issue</title>
+  <synopsis>
+    VDR insecurely accesses files with elevated privileges, which may result in
+    the overwriting of arbitrary files.
+  </synopsis>
+  <product type="ebuild">VDR</product>
+  <announced>2005-01-30</announced>
+  <revised count="01">2005-01-30</revised>
+  <bug>78230</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-video/vdr" auto="yes" arch="*">
+      <unaffected range="ge">1.2.6-r1</unaffected>
+      <vulnerable range="lt">1.2.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Video Disk Recorder (VDR) is a Linux-based digital video recorder.
+    The VDR program handles the On Screen Menu system that offers complete
+    control over channel settings, timers and recordings.
+    </p>
+  </background>
+  <description>
+    <p>
+    Javier Fernandez-Sanguino Pena from the Debian Security Audit Team
+    discovered that VDR accesses user-controlled files insecurely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create malicious links and invoke a VDR
+    recording that would overwrite arbitrary files on the system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VDR users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vdr-1.2.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0071">CAN-2005-0071</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-29T10:22:04Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-29T10:59:05Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-29T11:54:01Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-43.xml b/metadata/glsa/glsa-200501-43.xml
new file mode 100644
index 000000000000..373507d71916
--- /dev/null
+++ b/metadata/glsa/glsa-200501-43.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-43">
+  <title>f2c: Insecure temporary file creation</title>
+  <synopsis>
+    f2c is vulnerable to symlink attacks, potentially allowing a local user to
+    overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">f2c</product>
+  <announced>2005-01-30</announced>
+  <revised count="01">2005-01-30</revised>
+  <bug>79725</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/f2c" auto="yes" arch="*">
+      <unaffected range="ge">20030320-r1</unaffected>
+      <vulnerable range="le">20030320</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    f2c is a Fortran to C translator. Portage uses this package in
+    some ebuilds to build Fortran sources.
+    </p>
+  </background>
+  <description>
+    <p>
+    Javier Fernandez-Sanguino Pena from the Debian Security Audit Team
+    discovered that f2c creates temporary files in world-writeable
+    directories with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When f2c is executed, this would result in the file being overwritten
+    with the rights of the user running the software, which could be the
+    root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All f2c users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/f2c-20030320-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0017">CAN-2005-0017</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-29T12:00:55Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-29T16:13:04Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-44.xml b/metadata/glsa/glsa-200501-44.xml
new file mode 100644
index 000000000000..3e6d01f87b4b
--- /dev/null
+++ b/metadata/glsa/glsa-200501-44.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-44">
+  <title>ncpfs: Multiple vulnerabilities</title>
+  <synopsis>
+    The ncpfs utilities contain multiple flaws, potentially resulting in the
+    remote execution of arbitrary code or local file access with elevated
+    privileges.
+  </synopsis>
+  <product type="ebuild">ncpfs</product>
+  <announced>2005-01-30</announced>
+  <revised count="01">2005-01-30</revised>
+  <bug>77414</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="net-fs/ncpfs" auto="yes" arch="*">
+      <unaffected range="ge">2.2.6</unaffected>
+      <vulnerable range="lt">2.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ncpfs is a NCP protocol network filesystem driver that allows
+    access to NetWare services, to mount volumes of NetWare servers or
+    print to NetWare print queues.
+    </p>
+  </background>
+  <description>
+    <p>
+    Erik Sjolund discovered two vulnerabilities in the programs
+    bundled with ncpfs: there is a potentially exploitable buffer overflow
+    in ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities
+    using the NetWare client functions insecurely access files with
+    elevated privileges (CAN-2005-0013).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The buffer overflow might allow a malicious remote NetWare server
+    to execute arbitrary code on the NetWare client. Furthermore, a local
+    attacker may be able to create links and access files with elevated
+    privileges using SUID ncpfs utilities.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ncpfs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/ncpfs-2.2.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0013">CAN-2005-0013</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0014">CAN-2005-0014</uri>
+    <uri link="ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6">ncpfs ChangeLog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-29T09:02:48Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-29T11:01:37Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-29T11:18:51Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-45.xml b/metadata/glsa/glsa-200501-45.xml
new file mode 100644
index 000000000000..6fcc5780956e
--- /dev/null
+++ b/metadata/glsa/glsa-200501-45.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-45">
+  <title>Gallery: Cross-site scripting vulnerability</title>
+  <synopsis>
+    Gallery is vulnerable to cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">gallery</product>
+  <announced>2005-01-30</announced>
+  <revised count="04">2006-05-22</revised>
+  <bug>78522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4_p6</unaffected>
+      <vulnerable range="lt">1.4.4_p6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is a web application written in PHP which is used to organize
+    and publish photo albums. It allows multiple users to build and
+    maintain their own albums. It also supports the mirroring of images on
+    other servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Rafel Ivgi has discovered a cross-site scripting vulnerability where
+    the 'username' parameter is not properly sanitized in 'login.php'.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By sending a carefully crafted URL, an attacker can inject and execute
+    script code in the victim's browser window, and potentially compromise
+    the user's gallery.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gallery users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/gallery-1.4.4_p6"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://gallery.menalto.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=149">Gallery Announcement</uri>
+    <uri link="https://secunia.com/advisories/13887/">Secunia Advisory SA13887</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0220">CVE-2005-0220</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-22T13:17:09Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-30T18:58:59Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200501-46.xml b/metadata/glsa/glsa-200501-46.xml
new file mode 100644
index 000000000000..858c91006e12
--- /dev/null
+++ b/metadata/glsa/glsa-200501-46.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200501-46">
+  <title>ClamAV: Multiple issues</title>
+  <synopsis>
+    ClamAV contains two vulnerabilities that could lead to Denial of Service
+    and evasion of virus scanning.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2005-01-31</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>78656</bug>
+  <bug>79194</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.81</unaffected>
+      <vulnerable range="le">0.80</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is an antivirus toolkit. It includes a multi-threaded daemon and
+    a command line scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    ClamAV fails to properly scan ZIP files with special headers
+    (CAN-2005-0133) and base64 encoded images in URLs.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a base64 encoded image file in a URL an attacker could evade
+    virus scanning. By sending a specially-crafted ZIP file an attacker
+    could cause a Denial of Service by crashing the clamd daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.81"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0133">CAN-2005-0133</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0218">CVE-2005-0218</uri>
+    <uri link="https://sourceforge.net/forum/forum.php?forum_id=440649">ClamAV Release Announcement</uri>
+    <uri link="https://secunia.com/advisories/13900/">Secunia SA13900</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-27T15:17:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-27T21:31:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-31T09:07:27Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-01.xml b/metadata/glsa/glsa-200502-01.xml
new file mode 100644
index 000000000000..b6feab2098b7
--- /dev/null
+++ b/metadata/glsa/glsa-200502-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-01">
+  <title>FireHOL: Insecure temporary file creation</title>
+  <synopsis>
+    FireHOL is vulnerable to symlink attacks, potentially allowing a local user
+    to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">FireHOL</product>
+  <announced>2005-02-01</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>79330</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-firewall/firehol" auto="yes" arch="*">
+      <unaffected range="ge">1.224</unaffected>
+      <vulnerable range="lt">1.224</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FireHOL is an iptables rules generator.
+    </p>
+  </background>
+  <description>
+    <p>
+    FireHOL insecurely creates temporary files with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create malicious symbolic links to arbitrary
+    system files. When FireHOL is executed, this could lead to these files
+    being overwritten with the rights of the user launching FireHOL,
+    usually the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FireHOL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-firewall/firehol-1.224"</code>
+  </resolution>
+  <references>
+    <uri link="https://cvs.sourceforge.net/viewcvs.py/firehol/firehol/firehol.sh">FireHOL CVS log</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0225">CVE-2005-0225</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-28T10:32:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-29T16:54:50Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-01-31T23:48:34Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-02.xml b/metadata/glsa/glsa-200502-02.xml
new file mode 100644
index 000000000000..43ec02bf6bb7
--- /dev/null
+++ b/metadata/glsa/glsa-200502-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-02">
+  <title>UW IMAP: CRAM-MD5 authentication bypass</title>
+  <synopsis>
+    UW IMAP contains a vulnerability in the code handling CRAM-MD5
+    authentication allowing authentication bypass.
+  </synopsis>
+  <product type="ebuild">uw-imap</product>
+  <announced>2005-02-02</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>79874</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/uw-imap" auto="yes" arch="*">
+      <unaffected range="ge">2004b</unaffected>
+      <vulnerable range="le">2004a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    UW IMAP is the University of Washington IMAP toolkit which includes
+    POP3 and IMAP daemons.
+    </p>
+  </background>
+  <description>
+    <p>
+    A logic bug in the code handling CRAM-MD5 authentication incorrectly
+    specifies the condition for successful authentication.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability to authenticate as any
+    mail user on a server with CRAM-MD5 authentication enabled.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable CRAM-MD5 authentication.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All UW IMAP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/uw-imap-2004b"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kb.cert.org/vuls/id/702777">US-CERT VU#702777</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0198">CVE-2005-0198</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-31T15:19:50Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-01-31T21:25:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-01T20:33:12Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-03.xml b/metadata/glsa/glsa-200502-03.xml
new file mode 100644
index 000000000000..72ca568f6e57
--- /dev/null
+++ b/metadata/glsa/glsa-200502-03.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-03">
+  <title>enscript: Multiple vulnerabilities</title>
+  <synopsis>
+    enscript suffers from vulnerabilities and design flaws, potentially
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">enscript</product>
+  <announced>2005-02-02</announced>
+  <revised count="01">2005-02-02</revised>
+  <bug>77408</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/enscript" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r3</unaffected>
+      <vulnerable range="lt">1.6.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    enscript is a powerful ASCII to PostScript file converter.
+    </p>
+  </background>
+  <description>
+    <p>
+    Erik Sjolund discovered several issues in enscript: it suffers
+    from several buffer overflows (CAN-2004-1186), quotes and shell escape
+    characters are insufficiently sanitized in filenames (CAN-2004-1185),
+    and it supported taking input from an arbitrary command pipe, with
+    unwanted side effects (CAN-2004-1184).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could design malicious files or input data which, once
+    feeded into enscript, would trigger the execution of arbitrary code
+    with the rights of the user running enscript.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All enscript users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/enscript-1.6.3-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1184">CAN-2004-1184</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1185">CAN-2004-1185</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1186">CAN-2004-1186</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-01-28T10:31:54Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-01T17:01:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-01T21:40:35Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-04.xml b/metadata/glsa/glsa-200502-04.xml
new file mode 100644
index 000000000000..a419c418200f
--- /dev/null
+++ b/metadata/glsa/glsa-200502-04.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-04">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>
+    Squid contains vulnerabilities in the code handling WCCP, HTTP and LDAP
+    which could lead to Denial of Service, access control bypass, web cache and
+    log poisoning.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2005-02-02</announced>
+  <revised count="02">2005-02-02</revised>
+  <bug>79495</bug>
+  <bug>78776</bug>
+  <bug>80201</bug>
+  <bug>80341</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.5.7-r5</unaffected>
+      <vulnerable range="lt">2.5.7-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a full-featured Web proxy cache designed to run on Unix
+    systems. It supports proxying and caching of HTTP, FTP, and other
+    protocols, as well as SSL support, cache hierarchies, transparent
+    caching, access control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>
+    Squid contains several vulnerabilities:
+    </p>
+    <ul>
+    <li>Buffer overflow when handling WCCP recvfrom()
+    (CAN-2005-0211).</li>
+    <li>Loose checking of HTTP headers (CAN-2005-0173 and
+    CAN-2005-0174).</li>
+    <li>Incorrect handling of LDAP login names with spaces
+    (CAN-2005-0175).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit:
+    </p>
+    <ul>
+    <li>the WCCP buffer overflow to cause Denial of Service.</li>
+    <li>the HTTP header parsing vulnerabilities to inject arbitrary
+    response data, potentially leading to content spoofing, web cache
+    poisoning and other cross-site scripting or HTTP response splitting
+    attacks.</li>
+    <li>the LDAP issue to login with several variations of the same login
+    name, leading to log poisoning.</li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-2.5.7-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0173">CAN-2005-0173</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0174">CAN-2005-0174</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0175">CAN-2005-0175</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0211">CAN-2005-0211</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-01-30T20:28:30Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-02T12:30:09Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-05.xml b/metadata/glsa/glsa-200502-05.xml
new file mode 100644
index 000000000000..87e63da0de74
--- /dev/null
+++ b/metadata/glsa/glsa-200502-05.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-05">
+  <title>Newspost: Buffer overflow vulnerability</title>
+  <synopsis>
+    A buffer overflow can be exploited to crash Newspost remotely and
+    potentially execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">newspost</product>
+  <announced>2005-02-03</announced>
+  <revised count="02">2005-02-21</revised>
+  <bug>78530</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nntp/newspost" auto="yes" arch="*">
+      <unaffected range="rge">2.0-r1</unaffected>
+      <unaffected range="ge">2.1.1-r1</unaffected>
+      <vulnerable range="lt">2.1.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Newspost is a Usenet News binary autoposter.
+    </p>
+  </background>
+  <description>
+    <p>
+    Niels Heinen has discovered a buffer overflow in the socket_getline()
+    function of Newspost, which can be triggered by providing long strings
+    that do not end with a newline character.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could setup a malicious NNTP server and entice a
+    Newspost user to post to it, leading to the crash of the Newspost
+    process and potentially the execution of arbitrary code with the rights
+    of the Newspost user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Newspost users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-nntp/newspost-2.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0101">CAN-2005-0101</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-02-02T15:47:51Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-02T17:29:13Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-06.xml b/metadata/glsa/glsa-200502-06.xml
new file mode 100644
index 000000000000..ce771accbe97
--- /dev/null
+++ b/metadata/glsa/glsa-200502-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-06">
+  <title>LessTif: Multiple vulnerabilities in libXpm</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in libXpm, which is included
+    in LessTif, that can potentially lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">lesstif</product>
+  <announced>2005-02-06</announced>
+  <revised count="01">2005-02-06</revised>
+  <bug>78483</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/lesstif" auto="yes" arch="*">
+      <unaffected range="ge">0.94.0</unaffected>
+      <vulnerable range="lt">0.94.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LessTif is a clone of OSF/Motif, which is a standard user
+    interface toolkit available on Unix and Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities, including buffer overflows, out of
+    bounds memory access and directory traversals, have been discovered in
+    libXpm, which is shipped as a part of the X Window System. LessTif, an
+    application that includes libXpm, suffers from the same issues.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A carefully-crafted XPM file could crash applications making use
+    of the LessTif toolkit, potentially allowing the execution of arbitrary
+    code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LessTif users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/lesstif-0.94.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914">CAN-2004-0914</uri>
+    <uri link="http://www.lesstif.org/ReleaseNotes.html">LessTif Release Notes</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-02-02T16:13:30Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-06T17:18:21Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-07.xml b/metadata/glsa/glsa-200502-07.xml
new file mode 100644
index 000000000000..403d270528d3
--- /dev/null
+++ b/metadata/glsa/glsa-200502-07.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-07">
+  <title>OpenMotif: Multiple vulnerabilities in libXpm</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in libXpm, which is included
+    in OpenMotif, that can potentially lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">openmotif</product>
+  <announced>2005-02-07</announced>
+  <revised count="03">2005-02-25</revised>
+  <bug>78111</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/openmotif" auto="yes" arch="*">
+      <unaffected range="ge">2.2.3-r1</unaffected>
+      <unaffected range="rge">2.1.30-r7</unaffected>
+      <vulnerable range="lt">2.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenMotif provides a free version of the Motif toolkit for open source
+    applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities, such as buffer overflows, out of bounds
+    memory access or directory traversals, have been discovered in libXpm
+    that is shipped as a part of the X Window System (see GLSA 200409-34
+    and 200411-28). OpenMotif, an application that includes this library,
+    suffers from the same issues.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A carefully-crafted XPM file could crash applications making use of the
+    OpenMotif toolkit, potentially allowing the execution of arbitrary code
+    with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenMotif users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose x11-libs/openmotif</code>
+    <p>
+    Note: You should run 'revdep-rebuild' to ensure that all applications
+    linked to OpenMotif are properly rebuilt.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687">CAN-2004-0687</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688">CAN-2004-0688</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914">CAN-2004-0914</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200409-34.xml">GLSA 200409-34</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200411-28.xml">GLSA 200411-28</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-02T18:02:43Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-02T19:11:27Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-06T17:15:42Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-08.xml b/metadata/glsa/glsa-200502-08.xml
new file mode 100644
index 000000000000..d3fb70c597d3
--- /dev/null
+++ b/metadata/glsa/glsa-200502-08.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-08">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>
+    PostgreSQL contains several vulnerabilities which could lead to execution
+    of arbitrary code, Denial of Service and security bypass.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2005-02-07</announced>
+  <revised count="06">2007-06-26</revised>
+  <bug>80342</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="eq">7.3*</unaffected>
+      <unaffected range="eq">7.4*</unaffected>
+      <unaffected range="ge">8.0.1</unaffected>
+      <vulnerable range="lt">7.3.10</vulnerable>
+      <vulnerable range="lt">7.4.7</vulnerable>
+      <vulnerable range="lt">8.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PostgreSQL is a SQL compliant, open source object-relational database
+    management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    PostgreSQL's contains several vulnerabilities:
+    </p>
+    <ul>
+    <li>John Heasman discovered that the LOAD extension is vulnerable to
+    local privilege escalation (CAN-2005-0227).</li>
+    <li>It is possible to bypass the EXECUTE permission check for functions
+    (CAN-2005-0244).</li>
+    <li>The PL/PgSQL parser is vulnerable to heap-based buffer overflow
+    (CAN-2005-0244).</li>
+    <li>The intagg contrib module is vulnerable to a Denial of Service
+    (CAN-2005-0246).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this to execute arbitrary code with the
+    privileges of the PostgreSQL server, bypass security restrictions and
+    crash the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no know workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PostgreSQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-db/postgresql</code>
+  </resolution>
+  <references>
+    <uri link="https://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php">PostgreSQL Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227">CAN-2005-0227</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0244">CAN-2005-0244</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245">CAN-2005-0245</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246">CAN-2005-0246</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-02T18:15:02Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-02T18:50:22Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-06T17:27:47Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-09.xml b/metadata/glsa/glsa-200502-09.xml
new file mode 100644
index 000000000000..d9aa72277ce5
--- /dev/null
+++ b/metadata/glsa/glsa-200502-09.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-09">
+  <title>Python: Arbitrary code execution through SimpleXMLRPCServer</title>
+  <synopsis>
+    Python-based XML-RPC servers may be vulnerable to remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">Python</product>
+  <announced>2005-02-08</announced>
+  <revised count="01">2005-02-08</revised>
+  <bug>80592</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">2.3.4-r1</unaffected>
+      <unaffected range="rge">2.3.3-r2</unaffected>
+      <unaffected range="rge">2.2.3-r6</unaffected>
+      <vulnerable range="le">2.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented,
+    cross-platform programming language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Graham Dumpleton discovered that XML-RPC servers making use of the
+    SimpleXMLRPCServer library that use the register_instance() method to
+    register an object without a _dispatch() method are vulnerable to a
+    flaw allowing to read or modify globals of the associated module.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker may be able to exploit the flaw in such XML-RPC
+    servers to execute arbitrary code on the server host with the rights of
+    the XML-RPC server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Python users that don't make use of any SimpleXMLRPCServer-based
+    XML-RPC servers, or making use of servers using only the
+    register_function() method are not affected.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Python users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-lang/python</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089">CAN-2005-0089</uri>
+    <uri link="https://www.python.org/security/PSF-2005-001/">Python PSF-2005-001</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-04T14:45:11Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-07T08:31:41Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-08T19:35:29Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-10.xml b/metadata/glsa/glsa-200502-10.xml
new file mode 100644
index 000000000000..8f71017913f1
--- /dev/null
+++ b/metadata/glsa/glsa-200502-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-10">
+  <title>pdftohtml: Vulnerabilities in included Xpdf</title>
+  <synopsis>
+    pdftohtml includes vulnerable Xpdf code to handle PDF files, making it
+    vulnerable to execution of arbitrary code upon converting a malicious PDF
+    file.
+  </synopsis>
+  <product type="ebuild">pdftohtml</product>
+  <announced>2005-02-09</announced>
+  <revised count="01">2005-02-09</revised>
+  <bug>78629</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/pdftohtml" auto="yes" arch="*">
+      <unaffected range="ge">0.36-r3</unaffected>
+      <vulnerable range="lt">0.36-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pdftohtml is a utility to convert PDF files to HTML or XML
+    formats. It makes use of Xpdf code to decode PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Xpdf is vulnerable to a buffer overflow, as described in GLSA
+    200501-28.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to convert a specially-crafted PDF
+    file, potentially resulting in the execution of arbitrary code with the
+    rights of the user running pdftohtml.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pdftohtml users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/pdftohtml-0.36-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200501-28.xml">GLSA 200501-28</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064">CAN-2005-0064</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-02-05T20:35:14Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-09T15:54:21Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-11.xml b/metadata/glsa/glsa-200502-11.xml
new file mode 100644
index 000000000000..23f9115697e6
--- /dev/null
+++ b/metadata/glsa/glsa-200502-11.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-11">
+  <title>Mailman: Directory traversal vulnerability</title>
+  <synopsis>
+    Mailman fails to properly sanitize input, leading to information
+    disclosure.
+  </synopsis>
+  <product type="ebuild">mailman</product>
+  <announced>2005-02-10</announced>
+  <revised count="01">2005-02-10</revised>
+  <bug>81109</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/mailman" auto="yes" arch="*">
+      <unaffected range="ge">2.1.5-r4</unaffected>
+      <vulnerable range="lt">2.1.5-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mailman is a Python-based mailing list server with an extensive
+    web interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mailman contains an error in private.py which fails to properly
+    sanitize input paths.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this flaw to obtain arbitrary files on
+    the web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mailman users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/mailman-2.1.5-r4"</code>
+  </resolution>
+  <references>
+    <uri link="http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html">Full Disclosure Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202">CAN-2005-0202</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-09T21:12:44Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-09T21:59:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-10T16:41:33Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-12.xml b/metadata/glsa/glsa-200502-12.xml
new file mode 100644
index 000000000000..ba1fe404497d
--- /dev/null
+++ b/metadata/glsa/glsa-200502-12.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-12">
+  <title>Webmin: Information leak in Gentoo binary package</title>
+  <synopsis>
+    Portage-built Webmin binary packages accidentally include a file containing
+    the local encrypted root password.
+  </synopsis>
+  <product type="ebuild">Webmin</product>
+  <announced>2005-02-11</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>77731</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/webmin" auto="yes" arch="*">
+      <unaffected range="ge">1.170-r3</unaffected>
+      <vulnerable range="lt">1.170-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Webmin is a web-based system administration console allowing an
+    administrator to easily configure servers and other features. Using the
+    'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build
+    reusable binary packages for any of the packages available through the
+    Portage tree.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that
+    the Webmin ebuild contains a design flaw. It imports the encrypted
+    local root password into the miniserv.users file before building binary
+    packages that include this file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could retrieve Portage-built Webmin binary packages
+    and recover the encrypted root password from the build host.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Users who never built or shared a Webmin binary package are unaffected
+    by this.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Webmin users should delete any old shared Webmin binary package as soon
+    as possible. They should also consider their buildhost root password
+    potentially exposed and follow proper audit procedures.
+    </p>
+    <p>
+    If you plan to build binary packages, you should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/webmin-1.170-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0427">CVE-2005-0427</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-02-10T15:50:39Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-10T15:50:49Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-13.xml b/metadata/glsa/glsa-200502-13.xml
new file mode 100644
index 000000000000..bdd5cd9eb580
--- /dev/null
+++ b/metadata/glsa/glsa-200502-13.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-13">
+  <title>Perl: Vulnerabilities in perl-suid wrapper</title>
+  <synopsis>
+    Vulnerabilities leading to file overwriting and code execution with
+    elevated privileges have been discovered in the perl-suid wrapper.
+  </synopsis>
+  <product type="ebuild">Perl</product>
+  <announced>2005-02-11</announced>
+  <revised count="01">2005-02-11</revised>
+  <bug>80460</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.8.6-r3</unaffected>
+      <unaffected range="rge">5.8.5-r4</unaffected>
+      <unaffected range="rge">5.8.4-r3</unaffected>
+      <unaffected range="rge">5.8.2-r3</unaffected>
+      <vulnerable range="lt">5.8.6-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Perl is a stable, cross-platform programming language created by
+    Larry Wall. The perl-suid wrapper allows the use of setuid perl
+    scripts, i.e. user-callable Perl scripts which have elevated
+    privileges. This function is enabled only if you have the perlsuid USE
+    flag set.
+    </p>
+  </background>
+  <description>
+    <p>
+    perl-suid scripts honor the PERLIO_DEBUG environment variable and
+    write to that file with elevated privileges (CAN-2005-0155).
+    Furthermore, calling a perl-suid script with a very long path while
+    PERLIO_DEBUG is set could trigger a buffer overflow (CAN-2005-0156).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could set the PERLIO_DEBUG environment variable
+    and call existing perl-suid scripts, resulting in file overwriting and
+    potentially the execution of arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You are not vulnerable if you do not have the perlsuid USE flag
+    set or do not use perl-suid scripts.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Perl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-lang/perl</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155">CAN-2005-0155</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156">CAN-2005-0156</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-04T14:45:58Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-11T15:34:36Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-11T16:11:49Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-14.xml b/metadata/glsa/glsa-200502-14.xml
new file mode 100644
index 000000000000..d20ac93b1fd4
--- /dev/null
+++ b/metadata/glsa/glsa-200502-14.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-14">
+  <title>mod_python: Publisher Handler vulnerability</title>
+  <synopsis>
+    mod_python contains a vulnerability in the Publisher Handler potentially
+    leading to information disclosure.
+  </synopsis>
+  <product type="ebuild">mod_python</product>
+  <announced>2005-02-13</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>80109</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_python" auto="yes" arch="*">
+      <unaffected range="ge">3.1.3-r1</unaffected>
+      <unaffected range="rge">2.7.11</unaffected>
+      <vulnerable range="lt">3.1.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mod_python is an Apache module that embeds the Python interpreter
+    within the server allowing Python-based web-applications to be created.
+    </p>
+  </background>
+  <description>
+    <p>
+    Graham Dumpleton discovered a vulnerability in mod_python's Publisher
+    Handler.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By requesting a specially crafted URL for a published module page, an
+    attacker could obtain information about restricted variables.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mod_python users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose www-apache/mod_python</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0088">CAN-2005-0088</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-11T20:01:25Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-11T20:10:55Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-11T20:41:24Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-15.xml b/metadata/glsa/glsa-200502-15.xml
new file mode 100644
index 000000000000..45080d52f800
--- /dev/null
+++ b/metadata/glsa/glsa-200502-15.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-15">
+  <title>PowerDNS: Denial of Service vulnerability</title>
+  <synopsis>
+    A vulnerability in PowerDNS could lead to a temporary Denial of Service.
+  </synopsis>
+  <product type="ebuild">PowerDNS</product>
+  <announced>2005-02-13</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>80713</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdns" auto="yes" arch="*">
+      <unaffected range="ge">2.9.17</unaffected>
+      <vulnerable range="lt">2.9.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The PowerDNS Nameserver is an authoritative-only nameserver which uses
+    a flexible backend architecture.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been reported in the DNSPacket::expand method of
+    dnspacket.cc.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could cause a temporary Denial of Service by sending a
+    random stream of bytes to the PowerDNS Daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PowerDNS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-2.9.17"</code>
+  </resolution>
+  <references>
+    <uri link="https://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17">PowerDNS Release Notes</uri>
+    <uri link="http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21">PowerDNS Ticket #21</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0428">CVE-2005-0428</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-02-13T17:12:23Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-13T17:14:58Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-16.xml b/metadata/glsa/glsa-200502-16.xml
new file mode 100644
index 000000000000..2b952d994374
--- /dev/null
+++ b/metadata/glsa/glsa-200502-16.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-16">
+  <title>ht://Dig: Cross-site scripting vulnerability</title>
+  <synopsis>
+    ht://Dig is vulnerable to cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">htdig</product>
+  <announced>2005-02-13</announced>
+  <revised count="01">2005-02-13</revised>
+  <bug>80602</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-misc/htdig" auto="yes" arch="*">
+      <unaffected range="ge">3.1.6-r7</unaffected>
+      <vulnerable range="lt">3.1.6-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ht://Dig is an HTTP/HTML indexing and searching system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michael Krax discovered that ht://Dig fails to validate the
+    'config' parameter before displaying an error message containing the
+    parameter. This flaw could allow an attacker to conduct cross-site
+    scripting attacks.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By sending a carefully crafted message, an attacker can inject and
+    execute script code in the victim's browser window. This allows to
+    modify the behaviour of ht://Dig, and/or leak session information such
+    as cookies to the attacker.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ht://Dig users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-misc/htdig-3.1.6-r7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0085">CAN-2005-0085</uri>
+    <uri link="http://securitytracker.com/alerts/2005/Feb/1013078.html">SecurityTracker #1013078</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-13T17:17:57Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-13T17:19:04Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-13T20:15:40Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-17.xml b/metadata/glsa/glsa-200502-17.xml
new file mode 100644
index 000000000000..c96bdc667c34
--- /dev/null
+++ b/metadata/glsa/glsa-200502-17.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-17">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>
+    Opera is vulnerable to several vulnerabilities which could result in
+    information disclosure and facilitate execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Opera</product>
+  <announced>2005-02-14</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>73871</bug>
+  <bug>74076</bug>
+  <bug>74321</bug>
+  <bug>81747</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">7.54-r3</unaffected>
+      <vulnerable range="lt">7.54-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Opera contains several vulnerabilities:
+    </p>
+    <ul>
+    <li>fails to properly validate Content-Type and filename.</li>
+    <li>fails to properly validate date: URIs.</li>
+    <li>uses kfmclient exec as the Default Application to handle downloaded
+    files when integrated with KDE.</li>
+    <li>fails to properly control frames.</li>
+    <li>uses Sun Java packages insecurely.</li>
+    <li>searches an insecure path for plugins.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to:
+    </p>
+    <ul>
+    <li>execute arbitrary code.</li>
+    <li>load a malicious frame in the context of another browser
+    session.</li>
+    <li>leak information.</li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-7.54-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.opera.com/linux/changelogs/754u1/">Opera Changelog for 7.54u1</uri>
+    <uri link="https://www.opera.com/linux/changelogs/754u2/">Opera Changelog for 7.54u2</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1157">CVE-2004-1157</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1489">CVE-2004-1489</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1490">CVE-2004-1490</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1491">CVE-2004-1491</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0456">CVE-2005-0456</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0457">CVE-2005-0457</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-02-10T15:51:32Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-11T11:21:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-18.xml b/metadata/glsa/glsa-200502-18.xml
new file mode 100644
index 000000000000..ef50d9ea184d
--- /dev/null
+++ b/metadata/glsa/glsa-200502-18.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-18">
+  <title>VMware Workstation: Untrusted library search path</title>
+  <synopsis>
+    VMware may load shared libraries from an untrusted, world-writable
+    directory, resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">VMware</product>
+  <announced>2005-02-14</announced>
+  <revised count="03">2006-05-25</revised>
+  <bug>81344</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/vmware-workstation" auto="yes" arch="*">
+      <unaffected range="ge">4.5.2.8848-r5</unaffected>
+      <unaffected range="rge">3.2.1.2242-r4</unaffected>
+      <vulnerable range="lt">4.5.2.8848-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VMware Workstation is a powerful virtual machine for developers and
+    system administrators.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered
+    that VMware Workstation searches for gdk-pixbuf loadable modules in an
+    untrusted, world-writable directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create a malicious shared object that would be
+    loaded by VMware, resulting in the execution of arbitrary code with the
+    privileges of the user running VMware.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The system administrator may create the file /tmp/rrdharan to prevent
+    malicious users from creating a directory at that location:
+    </p>
+    <code>
+    # touch /tmp/rrdharan</code>
+  </workaround>
+  <resolution>
+    <p>
+    All VMware Workstation users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/vmware-workstation-3.2.1.2242-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0444">CVE-2005-0444</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-12T12:53:09Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-12T12:53:31Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-13T19:36:17Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-19.xml b/metadata/glsa/glsa-200502-19.xml
new file mode 100644
index 000000000000..4bd7537f5167
--- /dev/null
+++ b/metadata/glsa/glsa-200502-19.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-19">
+  <title>PostgreSQL: Buffer overflows in PL/PgSQL parser</title>
+  <synopsis>
+    PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser
+    leading to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2005-02-14</announced>
+  <revised count="04">2007-06-26</revised>
+  <bug>81350</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="eq">7.3*</unaffected>
+      <unaffected range="eq">7.4*</unaffected>
+      <unaffected range="ge">8.0.1-r1</unaffected>
+      <vulnerable range="lt">7.3.9-r1</vulnerable>
+      <vulnerable range="lt">7.4.13</vulnerable>
+      <vulnerable range="lt">8.0.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PostgreSQL is a SQL compliant, open source object-relational database
+    management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL
+    parser.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a malicious query resulting in the
+    execution of arbitrary code with the permissions of the user running
+    PostgreSQL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PostgreSQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-db/postgresql</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247">CAN-2005-0247</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-11T15:37:29Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-11T20:39:12Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-14T20:03:42Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-20.xml b/metadata/glsa/glsa-200502-20.xml
new file mode 100644
index 000000000000..7d088a69e2a4
--- /dev/null
+++ b/metadata/glsa/glsa-200502-20.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-20">
+  <title>Emacs, XEmacs: Format string vulnerabilities in movemail</title>
+  <synopsis>
+    The movemail utility shipped with Emacs and XEmacs contains several format
+    string vulnerabilities, potentially leading to the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">Emacs</product>
+  <announced>2005-02-15</announced>
+  <revised count="02">2006-07-23</revised>
+  <bug>79686</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/emacs" auto="yes" arch="*">
+      <unaffected range="ge">21.4</unaffected>
+      <unaffected range="lt">19</unaffected>
+      <vulnerable range="lt">21.4</vulnerable>
+    </package>
+    <package name="app-editors/xemacs" auto="yes" arch="*">
+      <unaffected range="ge">21.4.15-r3</unaffected>
+      <vulnerable range="lt">21.4.15-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Emacs and XEmacs are highly extensible and customizable text
+    editors. movemail is an Emacs utility that can fetch mail on remote
+    mail servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Max Vozeler discovered that the movemail utility contains several
+    format string errors.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could set up a malicious POP server and entice a user to
+    connect to it using movemail, resulting in the execution of arbitrary
+    code with the rights of the victim user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Emacs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/emacs-21.4"</code>
+    <p>
+    All XEmacs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/xemacs-21.4.15-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100">CAN-2005-0100</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-11T15:36:27Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-15T16:06:08Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-15T16:06:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-21.xml b/metadata/glsa/glsa-200502-21.xml
new file mode 100644
index 000000000000..c9a6effd3989
--- /dev/null
+++ b/metadata/glsa/glsa-200502-21.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-21">
+  <title>lighttpd: Script source disclosure</title>
+  <synopsis>
+    An attacker can trick lighttpd into revealing the source of scripts that
+    should be executed as CGI or FastCGI applications.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2005-02-15</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>81776</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.10-r1</unaffected>
+      <vulnerable range="lt">1.3.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    lighttpd is a small-footprint, fast, compliant and very flexible
+    web-server which is optimized for high-performance environments.
+    </p>
+  </background>
+  <description>
+    <p>
+    lighttpd uses file extensions to determine which elements are programs
+    that should be executed and which are static pages that should be sent
+    as-is. By appending %00 to the filename, you can evade the extension
+    detection mechanism while still accessing the file.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could send specific queries and access the source of
+    scripts that should have been executed as CGI or FastCGI applications.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All lighttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.3.10-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://article.gmane.org/gmane.comp.web.lighttpd/1171">lighttpd-announce Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0453">CVE-2005-0453</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-14T12:34:31Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-14T20:13:10Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-14T20:53:12Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-22.xml b/metadata/glsa/glsa-200502-22.xml
new file mode 100644
index 000000000000..843ee10181b1
--- /dev/null
+++ b/metadata/glsa/glsa-200502-22.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-22">
+  <title>wpa_supplicant: Buffer overflow vulnerability</title>
+  <synopsis>
+    wpa_supplicant contains a buffer overflow that could lead to a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">wpa_supplicant</product>
+  <announced>2005-02-16</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>81993</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/wpa_supplicant" auto="yes" arch="*">
+      <unaffected range="ge">0.2.7</unaffected>
+      <vulnerable range="lt">0.2.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
+    802.11i / RSN).
+    </p>
+  </background>
+  <description>
+    <p>
+    wpa_supplicant contains a possible buffer overflow due to the lacking
+    validation of received EAPOL-Key frames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could cause the crash of wpa_supplicant using a specially
+    crafted packet.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All wpa_supplicant users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/wpa_supplicant-0.2.7"</code>
+  </resolution>
+  <references>
+    <uri link="http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html">wpa_supplicant Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0470">CVE-2005-0470</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-14T18:34:56Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-14T20:11:49Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-14T21:06:18Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-23.xml b/metadata/glsa/glsa-200502-23.xml
new file mode 100644
index 000000000000..a614f07471ba
--- /dev/null
+++ b/metadata/glsa/glsa-200502-23.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-23">
+  <title>KStars: Buffer overflow in fliccd</title>
+  <synopsis>
+    KStars is vulnerable to a buffer overflow that could lead to arbitrary code
+    execution with elevated privileges.
+  </synopsis>
+  <product type="ebuild">kstars</product>
+  <announced>2005-02-16</announced>
+  <revised count="01">2005-02-16</revised>
+  <bug>79585</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="kde-base/kdeedu" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r1</unaffected>
+      <vulnerable range="lt">3.3.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. KStars is a desktop planetarium for KDE.
+    It includes support for the Instrument Neutral Distributed Interface
+    (INDI).
+    </p>
+  </background>
+  <description>
+    <p>
+    Erik Sjolund discovered a buffer overflow in fliccd which is part
+    of the INDI support in KStars.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this vulnerability to execute code with
+    elevated privileges. If fliccd does not run as daemon remote
+    exploitation of this vulnerability is not possible. KDE as shipped by
+    Gentoo does not start the daemon in the default installation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KStars users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdeedu-3.3.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011">CAN-2005-0011</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-02-15T06:01:05Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-16T20:27:57Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-24.xml b/metadata/glsa/glsa-200502-24.xml
new file mode 100644
index 000000000000..b7515530b554
--- /dev/null
+++ b/metadata/glsa/glsa-200502-24.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-24">
+  <title>Midnight Commander: Multiple vulnerabilities</title>
+  <synopsis>
+    Midnight Commander contains several format string errors, buffer overflows
+    and one buffer underflow leading to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mc</product>
+  <announced>2005-02-17</announced>
+  <revised count="01">2005-02-17</revised>
+  <bug>77992</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/mc" auto="yes" arch="*">
+      <unaffected range="ge">4.6.0-r13</unaffected>
+      <vulnerable range="lt">4.6.0-r13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Midnight Commander is a visual console file manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    Midnight Commander contains several format string vulnerabilities
+    (CAN-2004-1004), buffer overflows (CAN-2004-1005), a memory
+    deallocation error (CAN-2004-1092) and a buffer underflow
+    (CAN-2004-1176).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to execute
+    arbitrary code with the permissions of the user running Midnight
+    Commander or cause Denial of Service by freeing unallocated memory.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Midnight Commander users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-misc/mc-4.6.0-r13"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1004">CAN-2004-1004</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1005">CAN-2004-1005</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1092">CAN-2004-1092</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1176">CAN-2004-1176</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-14T20:35:43Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-15T16:08:08Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-15T20:09:31Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-25.xml b/metadata/glsa/glsa-200502-25.xml
new file mode 100644
index 000000000000..df0cd435e590
--- /dev/null
+++ b/metadata/glsa/glsa-200502-25.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-25">
+  <title>Squid: Denial of Service through DNS responses</title>
+  <synopsis>
+    Squid contains a bug in the handling of certain DNS responses resulting in
+    a Denial of Service.
+  </synopsis>
+  <product type="ebuild">Squid</product>
+  <announced>2005-02-18</announced>
+  <revised count="01">2005-02-18</revised>
+  <bug>81997</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.5.8</unaffected>
+      <vulnerable range="lt">2.5.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a full-featured Web proxy cache designed to run on
+    Unix-like systems. It supports proxying and caching of HTTP, FTP, and
+    other protocols, as well as SSL support, cache hierarchies, transparent
+    caching, access control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>
+    Handling of certain DNS responses trigger assertion failures.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By returning a specially crafted DNS response an attacker could
+    cause Squid to crash by triggering an assertion failure.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-2.5.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0446">CAN-2005-0446</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-17T20:33:19Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-17T21:28:52Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-18T09:26:51Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-26.xml b/metadata/glsa/glsa-200502-26.xml
new file mode 100644
index 000000000000..18abe5725f61
--- /dev/null
+++ b/metadata/glsa/glsa-200502-26.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-26">
+  <title>GProFTPD: gprostats format string vulnerability</title>
+  <synopsis>
+    gprostats, distributed with GProFTPD, is vulnerable to a format string
+    vulnerability, potentially leading to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">GProFTPD</product>
+  <announced>2005-02-18</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>81894</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/gproftpd" auto="yes" arch="*">
+      <unaffected range="ge">8.1.9</unaffected>
+      <vulnerable range="lt">8.1.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD
+    is distributed with gprostats, a utility to parse ProFTPD transfer
+    logs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a
+    format string vulnerability in the gprostats utility.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit the vulnerability by performing a specially
+    crafted FTP transfer, the resulting ProFTPD transfer log could
+    potentially trigger the execution of arbitrary code when parsed by
+    GProFTPD.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GProFTPD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/gproftpd-8.1.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0484">CVE-2005-0484</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-16T19:27:51Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-17T00:01:48Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-18T09:37:53Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-27.xml b/metadata/glsa/glsa-200502-27.xml
new file mode 100644
index 000000000000..d47208735f27
--- /dev/null
+++ b/metadata/glsa/glsa-200502-27.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-27">
+  <title>gFTP: Directory traversal vulnerability</title>
+  <synopsis>
+    gFTP is vulnerable to directory traversal attacks, possibly leading to the
+    creation or overwriting of arbitrary files.
+  </synopsis>
+  <product type="ebuild">gFTP</product>
+  <announced>2005-02-19</announced>
+  <revised count="01">2005-02-19</revised>
+  <bug>81994</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/gftp" auto="yes" arch="*">
+      <unaffected range="ge">2.0.18-r1</unaffected>
+      <vulnerable range="lt">2.0.18-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gFTP is a GNOME based, multi-threaded file transfer client.
+    </p>
+  </background>
+  <description>
+    <p>
+    gFTP lacks input validation of filenames received by remote
+    servers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to connect to a malicious FTP
+    server and conduct a directory traversal attack by making use of
+    specially crafted filenames. This could lead to arbitrary files being
+    created or overwritten.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gFTP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/gftp-2.0.18-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://archives.seul.org/gftp/announce/Feb-2005/msg00000.html">gFTP Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372">CAN-2005-0372</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-16T19:28:38Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-17T20:30:31Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-19T10:43:51Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-28.xml b/metadata/glsa/glsa-200502-28.xml
new file mode 100644
index 000000000000..1a7e7e9e5347
--- /dev/null
+++ b/metadata/glsa/glsa-200502-28.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-28">
+  <title>PuTTY: Remote code execution</title>
+  <synopsis>
+    PuTTY was found to contain vulnerabilities that can allow a malicious SFTP
+    server to execute arbitrary code on unsuspecting PSCP and PSFTP clients.
+  </synopsis>
+  <product type="ebuild">Putty</product>
+  <announced>2005-02-21</announced>
+  <revised count="01">2005-02-21</revised>
+  <bug>82753</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/putty" auto="yes" arch="*">
+      <unaffected range="ge">0.57</unaffected>
+      <vulnerable range="lt">0.57</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PuTTY is a popular SSH client, PSCP is a secure copy
+    implementation, and PSFTP is a SSH File Transfer Protocol client.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two vulnerabilities have been discovered in the PSCP and PSFTP
+    clients, which can be triggered by the SFTP server itself. These issues
+    are caused by the improper handling of the FXP_READDIR response, along
+    with other string fields.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can setup a malicious SFTP server that would send
+    these malformed responses to a client, potentially allowing the
+    execution of arbitrary code on their system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PuTTY users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/putty-0.57"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html">PuTTY vulnerability vuln-sftp-readdir</uri>
+    <uri link="https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html">PuTTY vulnerability vuln-sftp-string</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0467">CAN-2005-0467</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=201&amp;type=vulnerabilities">iDEFENSE Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-21T09:51:17Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-21T09:52:44Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-21T13:42:55Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-29.xml b/metadata/glsa/glsa-200502-29.xml
new file mode 100644
index 000000000000..5f725ad5352f
--- /dev/null
+++ b/metadata/glsa/glsa-200502-29.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-29">
+  <title>Cyrus IMAP Server: Multiple overflow vulnerabilities</title>
+  <synopsis>
+    The Cyrus IMAP Server is affected by several overflow vulnerabilities which
+    could potentially lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cyrus-imapd</product>
+  <announced>2005-02-23</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>82404</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/cyrus-imapd" auto="yes" arch="*">
+      <unaffected range="ge">2.2.12</unaffected>
+      <vulnerable range="lt">2.2.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Possible single byte overflows have been found in the imapd annotate
+    extension and mailbox handling code. Furthermore stack buffer overflows
+    have been found in fetchnews, the backend and imapd.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker, who could be an authenticated user or an admin of a
+    peering news server, could exploit these vulnerabilities to execute
+    arbitrary code with the rights of the user running the Cyrus IMAP
+    Server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cyrus IMAP Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/cyrus-imapd-2.2.12"</code>
+  </resolution>
+  <references>
+    <uri link="http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&amp;msg=33723">Cyrus IMAP Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0546">CVE-2005-0546</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-18T10:42:26Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-19T20:45:06Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-23T12:49:07Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-30.xml b/metadata/glsa/glsa-200502-30.xml
new file mode 100644
index 000000000000..51d68b9c8fc4
--- /dev/null
+++ b/metadata/glsa/glsa-200502-30.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-30">
+  <title>cmd5checkpw: Local password leak vulnerability</title>
+  <synopsis>
+    cmd5checkpw contains a flaw allowing local users to access other users
+    cmd5checkpw passwords.
+  </synopsis>
+  <product type="ebuild">cmd5checkpw</product>
+  <announced>2005-02-25</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>78256</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-mail/cmd5checkpw" auto="yes" arch="*">
+      <unaffected range="ge">0.22-r2</unaffected>
+      <vulnerable range="le">0.22-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cmd5checkpw is a checkpassword compatible authentication program that
+    uses CRAM-MD5 authentication mode.
+    </p>
+  </background>
+  <description>
+    <p>
+    Florian Westphal discovered that cmd5checkpw is installed setuid
+    cmd5checkpw but does not drop privileges before calling execvp(), so
+    the invoked program retains the cmd5checkpw euid.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Local users that know at least one valid /etc/poppasswd user/password
+    combination can read the /etc/poppasswd file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All cmd5checkpw users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync 
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/cmd5checkpw-0.22-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0580">CVE-2005-0580</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-24T11:26:13Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-25T09:22:33Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-25T09:25:07Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-31.xml b/metadata/glsa/glsa-200502-31.xml
new file mode 100644
index 000000000000..7be376d2e280
--- /dev/null
+++ b/metadata/glsa/glsa-200502-31.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-31">
+  <title>uim: Privilege escalation vulnerability</title>
+  <synopsis>
+    Under certain conditions, applications linked against uim suffer from a
+    privilege escalation vulnerability.
+  </synopsis>
+  <product type="ebuild">uim</product>
+  <announced>2005-02-28</announced>
+  <revised count="01">2005-02-28</revised>
+  <bug>82678</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-i18n/uim" auto="yes" arch="*">
+      <unaffected range="ge">0.4.5.1</unaffected>
+      <vulnerable range="lt">0.4.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    uim is a simple, secure and flexible input method library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Takumi Asaki discovered that uim insufficiently checks environment
+    variables. setuid/setgid applications linked against libuim could end
+    up executing arbitrary code. This vulnerability only affects
+    immodule-enabled Qt (if you build Qt 3.3.2 or later versions with
+    USE="immqt" or USE="immqt-bc").
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious local user could exploit this vulnerability to execute
+    arbitrary code with escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All uim users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-i18n/uim-0.4.5.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0503">CAN-2005-0503</uri>
+    <uri link="https://lists.freedesktop.org/archives/uim/2005-February/000996.html">uim announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-25T09:53:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-27T12:40:49Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-28T08:59:25Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-32.xml b/metadata/glsa/glsa-200502-32.xml
new file mode 100644
index 000000000000..0fc201ea4952
--- /dev/null
+++ b/metadata/glsa/glsa-200502-32.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-32">
+  <title>UnAce: Buffer overflow and directory traversal vulnerabilities</title>
+  <synopsis>UnAce is vulnerable to several buffer overflow and directory
+    traversal attacks.
+  </synopsis>
+  <product type="ebuild">unace</product>
+  <announced>2005-02-28</announced>
+  <revised count="2">2014-05-19</revised>
+  <bug>81958</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/unace" auto="yes" arch="*">
+      <unaffected range="ge">2.5-r3</unaffected>
+      <vulnerable range="le">2.5-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>UnAce is an utility to extract, view and test the contents of an ACE
+      archive.
+    </p>
+  </background>
+  <description>
+    <p>Ulf Harnhammar discovered that UnAce suffers from buffer overflows when
+      testing, unpacking or listing specially crafted ACE archives
+      (CAN-2005-0160). He also found out that UnAce is vulnerable to directory
+      traversal attacks, if an archive contains “./..” sequences or
+      absolute filenames (CAN-2005-0161).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could exploit the buffer overflows to execute malicious code
+      or the directory traversals to overwrite arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All UnAce users should upgrade to the latest available version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/unace-2.5-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0160">
+      CAN-2005-0160
+    </uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0161">
+      CAN-2005-0161
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T22:18:40Z">system</metadata>
+  <metadata tag="submitter" timestamp="2014-05-19T00:38:42Z">system</metadata>
+  <metadata tag="bugReady" timestamp="2014-05-19T00:38:44Z">system</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200502-33.xml b/metadata/glsa/glsa-200502-33.xml
new file mode 100644
index 000000000000..4686b8076e85
--- /dev/null
+++ b/metadata/glsa/glsa-200502-33.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200502-33">
+  <title>MediaWiki: Multiple vulnerabilities</title>
+  <synopsis>
+    MediaWiki is vulnerable to cross-site scripting, data manipulation and
+    security bypass attacks.
+  </synopsis>
+  <product type="ebuild">mediawiki</product>
+  <announced>2005-02-28</announced>
+  <revised count="01">2005-02-28</revised>
+  <bug>80729</bug>
+  <bug>82954</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.3.11</unaffected>
+      <vulnerable range="lt">1.3.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MediaWiki is a collaborative editing software, used by big
+    projects like Wikipedia.
+    </p>
+  </background>
+  <description>
+    <p>
+    A security audit of the MediaWiki project discovered that
+    MediaWiki is vulnerable to several cross-site scripting and cross-site
+    request forgery attacks, and that the image deletion code does not
+    sufficiently sanitize input parameters.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By tricking a user to load a carefully crafted URL, a remote
+    attacker could hijack sessions and authentication cookies to inject
+    malicious script code that will be executed in a user's browser session
+    in context of the vulnerable site, or use JavaScript submitted forms to
+    perform restricted actions. Using the image deletion flaw, it is also
+    possible for authenticated administrators to delete arbitrary files via
+    directory traversal.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MediaWiki users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync 
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.3.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/14125/">Secunia Advisory SA14125</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0534">CAN-2005-0534</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0535">CAN-2005-0535</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0536">CAN-2005-0536</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-24T11:32:05Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-02-25T09:25:41Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-27T16:48:17Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-01.xml b/metadata/glsa/glsa-200503-01.xml
new file mode 100644
index 000000000000..db898fe78e07
--- /dev/null
+++ b/metadata/glsa/glsa-200503-01.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-01">
+  <title>Qt: Untrusted library search path</title>
+  <synopsis>
+    Qt may load shared libraries from an untrusted, world-writable directory,
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">qt</product>
+  <announced>2005-03-01</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>75181</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/qt" auto="yes" arch="*">
+      <unaffected range="ge">3.3.4-r2</unaffected>
+      <vulnerable range="lt">3.3.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qt is a cross-platform GUI toolkit used by KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered
+    that Qt searches for shared libraries in an untrusted, world-writable
+    directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create a malicious shared object that would be
+    loaded by Qt, resulting in the execution of arbitrary code with the
+    privileges of the Qt application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Qt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/qt-3.3.4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0627">CVE-2005-0627</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-02-15T06:13:07Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-01T12:59:58Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-02.xml b/metadata/glsa/glsa-200503-02.xml
new file mode 100644
index 000000000000..61e13a3b8da8
--- /dev/null
+++ b/metadata/glsa/glsa-200503-02.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-02">
+  <title>phpBB: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities allow remote attackers to gain phpBB administrator
+    rights or expose and manipulate sensitive data.
+  </synopsis>
+  <product type="ebuild">phpbb</product>
+  <announced>2005-03-01</announced>
+  <revised count="01">2005-03-01</revised>
+  <bug>82955</bug>
+  <access>local and remote</access>
+  <affected>
+    <package name="www-apps/phpBB" auto="yes" arch="*">
+      <unaffected range="ge">2.0.13</unaffected>
+      <vulnerable range="lt">2.0.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpBB is an Open Source bulletin board package.
+    </p>
+  </background>
+  <description>
+    <p>
+    It was discovered that phpBB contains a flaw in the session
+    handling code and a path disclosure bug. AnthraX101 discovered that
+    phpBB allows local users to read arbitrary files, if the "Enable remote
+    avatars" and "Enable avatar uploading" options are set (CAN-2005-0259).
+    He also found out that incorrect input validation in
+    "usercp_avatar.php" and "usercp_register.php" makes phpBB vulnerable to
+    directory traversal attacks, if the "Gallery avatars" setting is
+    enabled (CAN-2005-0258).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers can exploit the session handling flaw to gain
+    phpBB administrator rights. By providing a local and a remote location
+    for an avatar and setting the "Upload Avatar from a URL:" field to
+    point to the target file, a malicious local user can read arbitrary
+    local files. By inserting "/../" sequences into the "avatarselect"
+    parameter, a remote attacker can exploit the directory traversal
+    vulnerability to delete arbitrary files. A flaw in the "viewtopic.php"
+    script can be exploited to expose the full path of PHP scripts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpBB users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpBB-2.0.13"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0258">CAN-2005-0258</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0259">CAN-2005-0259</uri>
+    <uri link="https://www.phpbb.com/phpBB/viewtopic.php?f=14&amp;t=267563">phpBB announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-28T14:35:23Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-28T15:10:08Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-01T18:22:22Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-03.xml b/metadata/glsa/glsa-200503-03.xml
new file mode 100644
index 000000000000..20029bc28a8f
--- /dev/null
+++ b/metadata/glsa/glsa-200503-03.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-03">
+  <title>Gaim: Multiple Denial of Service issues</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in Gaim which could allow a remote
+    attacker to crash the application.
+  </synopsis>
+  <product type="ebuild">gaim</product>
+  <announced>2005-03-01</announced>
+  <revised count="01">2005-03-01</revised>
+  <bug>83253</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4</unaffected>
+      <vulnerable range="lt">1.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a full featured instant messaging client which handles a
+    variety of instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Specially crafted SNAC packets sent by other instant-messaging
+    users can cause Gaim to loop endlessly (CAN-2005-0472). Malformed HTML
+    code could lead to invalid memory accesses (CAN-2005-0208 and
+    CAN-2005-0473).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could exploit these issues, resulting in a Denial
+    of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gaim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/gaim-1.1.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0208">CAN-2005-0208</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472">CAN-2005-0472</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0473">CAN-2005-0473</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-25T09:54:05Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-25T10:52:36Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-01T08:51:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-04.xml b/metadata/glsa/glsa-200503-04.xml
new file mode 100644
index 000000000000..006067429d25
--- /dev/null
+++ b/metadata/glsa/glsa-200503-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-04">
+  <title>phpWebSite: Arbitrary PHP execution and path disclosure</title>
+  <synopsis>
+    Remote attackers can upload and execute arbitrary PHP scripts, another flaw
+    reveals the full path of scripts.
+  </synopsis>
+  <product type="ebuild">phpwebsite</product>
+  <announced>2005-03-01</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>83297</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpwebsite" auto="yes" arch="*">
+      <unaffected range="ge">0.10.0-r2</unaffected>
+      <vulnerable range="lt">0.10.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpWebSite provides a complete web site content management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    NST discovered that, when submitting an announcement, uploaded files
+    aren't correctly checked for malicious code. They also found out that
+    phpWebSite is vulnerable to a path disclosure.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can exploit this issue to upload files to a directory
+    within the web root. By calling the uploaded script the attacker could
+    then execute arbitrary PHP code with the rights of the web server. By
+    passing specially crafted requests to the search module, remote
+    attackers can also find out the full path of PHP scripts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpWebSite users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync 
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpwebsite-0.10.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/14399/">Secunia Advisory SA14399</uri>
+    <uri link="http://phpwebsite.appstate.edu/index.php?module=announce&amp;ANN_id=922&amp;ANN_user_op=view">phpWebSite announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0565">CVE-2005-0565</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0572">CVE-2005-0572</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-25T21:23:09Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-27T12:09:41Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-05.xml b/metadata/glsa/glsa-200503-05.xml
new file mode 100644
index 000000000000..c55f2b9f0118
--- /dev/null
+++ b/metadata/glsa/glsa-200503-05.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-05">
+  <title>xli, xloadimage: Multiple vulnerabilities</title>
+  <synopsis>
+    xli and xloadimage are vulnerable to multiple issues, potentially leading
+    to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xli</product>
+  <announced>2005-03-02</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>79762</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xloadimage" auto="yes" arch="*">
+      <unaffected range="ge">4.1-r2</unaffected>
+      <vulnerable range="lt">4.1-r2</vulnerable>
+    </package>
+    <package name="media-gfx/xli" auto="yes" arch="*">
+      <unaffected range="ge">1.17.0-r1</unaffected>
+      <vulnerable range="lt">1.17.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xli and xloadimage are X11 utilities for displaying and manipulating a
+    wide range of image formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that
+    xli and xloadimage contain a flaw in the handling of compressed images,
+    where shell meta-characters are not adequately escaped. Rob Holland of
+    the Gentoo Linux Security Audit Team has reported that an xloadimage
+    vulnerability in the handling of Faces Project images discovered by
+    zen-parse in 2001 remained unpatched in xli. Additionally, it has been
+    reported that insufficient validation of image properties in xli could
+    potentially result in buffer management errors.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would permit a remote attacker to execute
+    arbitrary shell commands, or arbitrary code with the privileges of the
+    xloadimage or xli user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xli users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/xli-1.17.0-r1"</code>
+    <p>
+    All xloadimage users should also upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/xloadimage-4.1-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0775">CAN-2001-0775</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0638">CVE-2005-0638</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0639">CVE-2005-0639</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-02-28T21:34:13Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-02-28T22:05:32Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-02T16:53:18Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-06.xml b/metadata/glsa/glsa-200503-06.xml
new file mode 100644
index 000000000000..797dfc80d174
--- /dev/null
+++ b/metadata/glsa/glsa-200503-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-06">
+  <title>BidWatcher: Format string vulnerability</title>
+  <synopsis>
+    BidWatcher is vulnerable to a format string vulnerability, potentially
+    allowing arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">bidwatcher</product>
+  <announced>2005-03-03</announced>
+  <revised count="01">2005-03-03</revised>
+  <bug>82460</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/bidwatcher" auto="yes" arch="*">
+      <unaffected range="ge">1.3.17</unaffected>
+      <vulnerable range="lt">1.3.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BidWatcher is a free auction tool for eBay users to keep track of
+    their auctions.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar discovered a format string vulnerability in
+    "netstuff.cpp".
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers can potentially exploit this vulnerability by
+    sending specially crafted responses via an eBay HTTP server or a
+    man-in-the-middle attack to execute arbitrary malicious code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BidWatcher users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/bidwatcher-1.13.17"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0158">CAN-2005-0158</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-01T08:44:34Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-01T15:30:43Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-02T20:11:39Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-07.xml b/metadata/glsa/glsa-200503-07.xml
new file mode 100644
index 000000000000..bb535e2ea62a
--- /dev/null
+++ b/metadata/glsa/glsa-200503-07.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-07">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>
+    phpMyAdmin contains multiple vulnerabilities that could lead to command
+    execution, XSS issues and bypass of security restrictions.
+  </synopsis>
+  <product type="ebuild">phpMyAdmin</product>
+  <announced>2005-03-03</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>83190</bug>
+  <bug>83792</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1_p2-r1</unaffected>
+      <vulnerable range="lt">2.6.1_p2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL databases from a web-browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    phpMyAdmin contains several security issues:
+    </p>
+    <ul>
+    <li>Maksymilian Arciemowicz has discovered multiple variable injection
+    vulnerabilities that can be exploited through "$cfg" and "GLOBALS"
+    variables and localized strings</li>
+    <li>It is possible to force phpMyAdmin to disclose information in error
+    messages</li>
+    <li>Failure to correctly escape special characters</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially-crafted request, an attacker can include and
+    execute arbitrary PHP code or cause path information disclosure.
+    Furthermore the XSS issue allows an attacker to inject malicious script
+    code, potentially compromising the victim's browser. Lastly the
+    improper escaping of special characters results in unintended privilege
+    settings for MySQL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.6.1_p2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1">PMASA-2005-1</uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-2">PMASA-2005-2</uri>
+    <uri link="https://sourceforge.net/tracker/index.php?func=detail&amp;aid=1113788&amp;group_id=23067&amp;atid=377408">phpMyAdmin bug 1113788</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0543">CVE-2005-0543</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0544">CVE-2005-0544</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0653">CVE-2005-0653</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-02T21:38:30Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-02T22:39:01Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-03T15:44:32Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-08.xml b/metadata/glsa/glsa-200503-08.xml
new file mode 100644
index 000000000000..47b6d2f358ad
--- /dev/null
+++ b/metadata/glsa/glsa-200503-08.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-08">
+  <title>OpenMotif, LessTif: New libXpm buffer overflows</title>
+  <synopsis>
+    A new vulnerability has been discovered in libXpm, which is included in
+    OpenMotif and LessTif, that can potentially lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">openmotif</product>
+  <announced>2005-03-04</announced>
+  <revised count="01">2005-03-04</revised>
+  <bug>83655</bug>
+  <bug>83656</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/openmotif" auto="yes" arch="*">
+      <unaffected range="ge">2.2.3-r3</unaffected>
+      <unaffected range="rge">2.1.30-r9</unaffected>
+      <vulnerable range="lt">2.2.3-r3</vulnerable>
+    </package>
+    <package name="x11-libs/lesstif" auto="yes" arch="*">
+      <unaffected range="ge">0.94.0-r2</unaffected>
+      <vulnerable range="lt">0.94.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LessTif is a clone of OSF/Motif, which is a standard user
+    interface toolkit available on Unix and Linux. OpenMotif also provides
+    a free version of the Motif toolkit for open source applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Gilbert discovered potentially exploitable buffer overflow
+    cases in libXpm that weren't fixed in previous libXpm security
+    advisories.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A carefully-crafted XPM file could crash applications making use
+    of the OpenMotif or LessTif toolkits, potentially allowing the
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenMotif users should upgrade to an unaffected version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose x11-libs/openmotif</code>
+    <p>
+    All LessTif users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/lesstif-0.94.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605">CAN-2005-0605</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-02T21:43:36Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-03T09:21:40Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-03T21:47:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-09.xml b/metadata/glsa/glsa-200503-09.xml
new file mode 100644
index 000000000000..5bc07241fbc4
--- /dev/null
+++ b/metadata/glsa/glsa-200503-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-09">
+  <title>xv: Filename handling vulnerability</title>
+  <synopsis>
+    xv contains a format string vulnerability, potentially resulting in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xv</product>
+  <announced>2005-03-04</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>83686</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xv" auto="yes" arch="*">
+      <unaffected range="ge">3.10a-r10</unaffected>
+      <vulnerable range="lt">3.10a-r10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xv is an interactive image manipulation package for X11.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw
+    in the handling of image filenames by xv.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require a victim to process a specially
+    crafted image with a malformed filename, potentially resulting in the
+    execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xv users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/xv-3.10a-r10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0665">CVE-2005-0665</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-02T21:42:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-02T22:55:00Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-03T21:51:14Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-10.xml b/metadata/glsa/glsa-200503-10.xml
new file mode 100644
index 000000000000..4df8a7ef192b
--- /dev/null
+++ b/metadata/glsa/glsa-200503-10.xml
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-10">
+  <title>Mozilla Firefox: Various vulnerabilities</title>
+  <synopsis>
+    Mozilla Firefox is vulnerable to a local file deletion issue and to various
+    issues allowing to trick the user into trusting fake web sites or
+    interacting with privileged content.
+  </synopsis>
+  <product type="ebuild">Firefox</product>
+  <announced>2005-03-04</announced>
+  <revised count="01">2005-03-04</revised>
+  <bug>83267</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is the popular next-generation browser from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in Mozilla
+    Firefox:
+    </p>
+    <ul>
+    <li>Michael Krax reported that plugins can be used
+    to load privileged content and trick the user to interact with it
+    (CAN-2005-0232, CAN-2005-0527)</li>
+    <li>Michael Krax also reported
+    potential spoofing or cross-site-scripting issues through overlapping
+    windows, image drag-and-drop, and by dropping javascript: links on tabs
+    (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591)</li>
+    <li>Daniel de Wildt
+    and Gael Delalleau discovered a memory overwrite in a string library
+    (CAN-2005-0255)</li>
+    <li>Wind Li discovered a possible heap overflow in
+    UTF8 to Unicode conversion (CAN-2005-0592)</li>
+    <li>Eric Johanson
+    reported that Internationalized Domain Name (IDN) features allow
+    homograph attacks (CAN-2005-0233)</li>
+    <li>Mook, Doug Turner, Kohei
+    Yoshino and M. Deaudelin reported various ways of spoofing the SSL
+    "secure site" indicator (CAN-2005-0593)</li>
+    <li>Matt Brubeck reported
+    a possible Autocomplete data leak (CAN-2005-0589)</li>
+    <li>Georgi
+    Guninski discovered that XSLT can include stylesheets from arbitrary
+    hosts (CAN-2005-0588)</li>
+    <li>Secunia discovered a way of injecting
+    content into a popup opened by another website (CAN-2004-1156)</li>
+    <li>Phil Ringnalda reported a possible way to spoof Install source with
+    user:pass@host (CAN-2005-0590)</li>
+    <li>Jakob Balle from Secunia
+    discovered a possible way of spoofing the Download dialog source
+    (CAN-2005-0585)</li>
+    <li>Christian Schmidt reported a potential
+    spoofing issue in HTTP auth prompt tab (CAN-2005-0584)</li>
+    <li>Andreas
+    Sanblad from Secunia discovered a possible way of spoofing the Download
+    dialog using the Content-Disposition header (CAN-2005-0586)</li>
+    <li>Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team
+    discovered that Firefox insecurely creates temporary filenames in
+    /tmp/plugtmp (CAN-2005-0578)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <ul>
+    <li>By setting up malicious websites and convincing users to
+    follow untrusted links or obey very specific drag-and-drop or download
+    instructions, attackers may leverage the various spoofing issues to
+    fake other websites to get access to confidential information, push
+    users to download malicious files or make them interact with their
+    browser preferences.</li>
+    <li>The temporary directory issue allows
+    local attackers to overwrite arbitrary files with the rights of another
+    local user.</li>
+    <li>The overflow issues, while not thought to be
+    exploitable, may allow a malicious downloaded page to execute arbitrary
+    code with the rights of the user viewing the page.</li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0.1"</code>
+    <p>
+    All Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156">CAN-2004-1156</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231">CAN-2005-0231</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232">CAN-2005-0232</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233">CAN-2005-0233</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527">CAN-2005-0527</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578">CAN-2005-0578</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584">CAN-2005-0584</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585">CAN-2005-0585</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586">CAN-2005-0586</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588">CAN-2005-0588</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589">CAN-2005-0589</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590">CAN-2005-0590</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591">CAN-2005-0591</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592">CAN-2005-0592</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593">CAN-2005-0593</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-04T10:53:24Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-04T12:44:33Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-11.xml b/metadata/glsa/glsa-200503-11.xml
new file mode 100644
index 000000000000..b7a06c2a156e
--- /dev/null
+++ b/metadata/glsa/glsa-200503-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-11">
+  <title>ImageMagick: Filename handling vulnerability</title>
+  <synopsis>
+    A format string vulnerability exists in ImageMagick that may allow an
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ImageMagick</product>
+  <announced>2005-03-06</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>83542</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.2.0.4</unaffected>
+      <vulnerable range="lt">6.2.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a collection of tools and libraries for manipulating a
+    wide variety of image formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a
+    flaw in the handling of filenames by the ImageMagick utilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation may disrupt web applications that depend on
+    ImageMagick for image processing, potentially executing arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.2.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0397">CVE-2005-0397</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-02T21:44:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-02T22:24:40Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-06T13:03:12Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-12.xml b/metadata/glsa/glsa-200503-12.xml
new file mode 100644
index 000000000000..d04f9944c67d
--- /dev/null
+++ b/metadata/glsa/glsa-200503-12.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-12">
+  <title>Hashcash: Format string vulnerability</title>
+  <synopsis>
+    A format string vulnerability in the Hashcash utility could allow an
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">Hashcash</product>
+  <announced>2005-03-06</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>83541</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/hashcash" auto="yes" arch="*">
+      <unaffected range="ge">1.16-r1</unaffected>
+      <vulnerable range="lt">1.16-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Hashcash is a utility for generating Hashcash tokens, a proof-of-work
+    system to reduce the impact of spam.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw
+    in the Hashcash utility that an attacker could expose by specifying a
+    malformed reply address.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would permit an attacker to disrupt Hashcash
+    users, and potentially execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Hashcash users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/hashcash-1.16-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0687">CVE-2005-0687</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-02T21:44:06Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-02T22:42:04Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-06T10:00:09Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-13.xml b/metadata/glsa/glsa-200503-13.xml
new file mode 100644
index 000000000000..2dd8b611d16d
--- /dev/null
+++ b/metadata/glsa/glsa-200503-13.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-13">
+  <title>mlterm: Integer overflow vulnerability</title>
+  <synopsis>
+    mlterm is vulnerable to an integer overflow, which could potentially allow
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mlterm</product>
+  <announced>2005-03-07</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>84174</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-terms/mlterm" auto="yes" arch="*">
+      <unaffected range="ge">2.9.2</unaffected>
+      <vulnerable range="lt">2.9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mlterm is a multi-lingual terminal emulator.
+    </p>
+  </background>
+  <description>
+    <p>
+    mlterm is vulnerable to an integer overflow that can be triggered by
+    specifying a large image file as a background. This only effects users
+    that have compiled mlterm with the 'gtk' USE flag, which enables
+    gdk-pixbuf support.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can create a specially-crafted image file which, when used
+    as a background by the victim, can lead to the execution of arbitrary
+    code with the privileges of the user running mlterm.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Re-compile mlterm without the 'gtk' USE flag.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mlterm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/mlterm-2.9.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=310416">mlterm ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0686">CVE-2005-0686</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-05T16:23:09Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-06T10:05:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-07T01:52:03Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-14.xml b/metadata/glsa/glsa-200503-14.xml
new file mode 100644
index 000000000000..a0461e0acc26
--- /dev/null
+++ b/metadata/glsa/glsa-200503-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-14">
+  <title>KDE dcopidlng: Insecure temporary file creation</title>
+  <synopsis>
+    The dcopidlng script is vulnerable to symlink attacks, potentially allowing
+    a local user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">dcopidlng</product>
+  <announced>2005-03-07</announced>
+  <revised count="01">2005-03-07</revised>
+  <bug>81652</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r5</unaffected>
+      <unaffected range="rge">3.2.3-r7</unaffected>
+      <vulnerable range="lt">3.3.2-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism.
+    dcopidlng is a DCOP helper script.
+    </p>
+  </background>
+  <description>
+    <p>
+    Davide Madrisan has discovered that the dcopidlng script creates
+    temporary files in a world-writable directory with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When dcopidlng is executed, this would result in the file being
+    overwritten with the rights of the user running the utility, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdelibs</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365">CAN-2005-0365</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-03T21:01:57Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-06T09:59:12Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-15.xml b/metadata/glsa/glsa-200503-15.xml
new file mode 100644
index 000000000000..c9315afe279b
--- /dev/null
+++ b/metadata/glsa/glsa-200503-15.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-15">
+  <title>X.org: libXpm vulnerability</title>
+  <synopsis>
+    A new vulnerability has been discovered in libXpm, which is included in
+    X.org, that can potentially lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">X.org</product>
+  <announced>2005-03-12</announced>
+  <revised count="02">2005-03-12</revised>
+  <bug>83598</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-base/xorg-x11" auto="yes" arch="*">
+      <unaffected range="rge">6.8.0-r5</unaffected>
+      <unaffected range="ge">6.8.2-r1</unaffected>
+      <vulnerable range="lt">6.8.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libXpm is a pixmap manipulation library for the X Window System,
+    included in X.org.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Gilbert has discovered potentially exploitable buffer overflow
+    cases in libXpm that weren't fixed in previous libXpm versions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A carefully-crafted XPM file could crash X.org, potentially allowing
+    the execution of arbitrary code with the privileges of the user running
+    the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose x11-base/xorg-x11</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605">CAN-2005-0605</uri>
+    <uri link="https://bugs.freedesktop.org/show_bug.cgi?id=1920">Freedesktop bug</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-06T13:19:18Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-07T11:11:00Z">
+    SeJo
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-11T13:22:24Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-16.xml b/metadata/glsa/glsa-200503-16.xml
new file mode 100644
index 000000000000..eff3416df86e
--- /dev/null
+++ b/metadata/glsa/glsa-200503-16.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-16">
+  <title>Ethereal: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities exist in Ethereal, which may allow an attacker to
+    run arbitrary code or crash the program.
+  </synopsis>
+  <product type="ebuild">ethereal</product>
+  <announced>2005-03-12</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>84547</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.10</unaffected>
+      <vulnerable range="lt">0.10.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are multiple vulnerabilities in versions of Ethereal earlier than
+    0.10.10, including:
+    </p>
+    <ul>
+    <li>The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer
+    overflows (CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739).</li>
+    <li>The GPRS-LLC could crash when the "ignore cipher bit" option is
+    enabled (CAN-2005-0705).</li>
+    <li>Various vulnerabilities in JXTA and sFlow dissectors.</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to use these vulnerabilities to crash
+    Ethereal and execute arbitrary code with the permissions of the user
+    running Ethereal, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For a temporary workaround you can disable all affected protocol
+    dissectors. However, it is strongly recommended that you upgrade to the
+    latest stable version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ethereal-0.10.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0699">CAN-2005-0699</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0704">CAN-2005-0704</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0705">CAN-2005-0705</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0739">CAN-2005-0739</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0765">CVE-2005-0765</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0766">CVE-2005-0766</uri>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00018.html">Ethereal enpa-sa-00018</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-09T13:39:26Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-12T15:50:23Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-17.xml b/metadata/glsa/glsa-200503-17.xml
new file mode 100644
index 000000000000..734ed5fac22d
--- /dev/null
+++ b/metadata/glsa/glsa-200503-17.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-17">
+  <title>libexif: Buffer overflow vulnerability</title>
+  <synopsis>
+    libexif fails to validate certain inputs, making it vulnerable to buffer
+    overflows.
+  </synopsis>
+  <product type="ebuild">libexif</product>
+  <announced>2005-03-12</announced>
+  <revised count="01">2005-03-12</revised>
+  <bug>84076</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libexif" auto="yes" arch="*">
+      <unaffected range="ge">0.5.12-r1</unaffected>
+      <vulnerable range="lt">0.5.12-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libexif is a library for parsing, editing and saving EXIF data.
+    </p>
+  </background>
+  <description>
+    <p>
+    libexif contains a buffer overflow vulnerability in the EXIF tag
+    validation code. When opening an image with a specially crafted EXIF
+    tag, the lack of validation can cause applications linked to libexif to
+    crash.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A specially crafted EXIF file could crash applications making use
+    of libexif, potentially allowing the execution of arbitrary code with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libexif users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libexif-0.5.12-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664">CAN-2005-0664</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-12T16:28:06Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-12T17:56:45Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-12T18:48:27Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-18.xml b/metadata/glsa/glsa-200503-18.xml
new file mode 100644
index 000000000000..3db4912a836b
--- /dev/null
+++ b/metadata/glsa/glsa-200503-18.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-18">
+  <title>Ringtone Tools: Buffer overflow vulnerability</title>
+  <synopsis>
+    The Ringtone Tools utilities contain a buffer overflow vulnerability,
+    potentially leading to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ringtonetools</product>
+  <announced>2005-03-15</announced>
+  <revised count="01">2005-03-15</revised>
+  <bug>74700</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-mobilephone/ringtonetools" auto="yes" arch="*">
+      <unaffected range="ge">2.23</unaffected>
+      <vulnerable range="lt">2.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ringtone Tools is a program for creating ringtones and logos for
+    mobile phones.
+    </p>
+  </background>
+  <description>
+    <p>
+    Qiao Zhang has discovered a buffer overflow vulnerability in the
+    'parse_emelody' function in 'parse_emelody.c'.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a Ringtone Tools user to open a
+    specially crafted eMelody file, which would potentially lead to the
+    execution of arbitrary code with the rights of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ringtone Tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-mobilephone/ringtonetools-2.23"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1292">CAN-2004-1292</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-15T02:28:50Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-15T09:56:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-15T14:11:25Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-19.xml b/metadata/glsa/glsa-200503-19.xml
new file mode 100644
index 000000000000..9fb2061779db
--- /dev/null
+++ b/metadata/glsa/glsa-200503-19.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-19">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>
+    MySQL contains several vulnerabilities potentially leading to the
+    overwriting of local files or to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2005-03-16</announced>
+  <revised count="02">2005-03-16</revised>
+  <bug>84819</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">4.0.24</unaffected>
+      <vulnerable range="lt">4.0.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a fast, multi-threaded, multi-user SQL database server.
+    </p>
+  </background>
+  <description>
+    <p>
+    MySQL fails to properly validate input for authenticated users with
+    INSERT and DELETE privileges (CAN-2005-0709 and CAN-2005-0710).
+    Furthermore MySQL uses predictable filenames when creating temporary
+    files with CREATE TEMPORARY TABLE (CAN-2005-0711).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker with INSERT and DELETE privileges could exploit this to
+    manipulate the mysql table or accessing libc calls, potentially leading
+    to the execution of arbitrary code with the permissions of the user
+    running MySQL. An attacker with CREATE TEMPORARY TABLE privileges could
+    exploit this to overwrite arbitrary files via a symlink attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-4.0.24"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709">CAN-2005-0709</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710">CAN-2005-0710</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711">CAN-2005-0711</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-14T05:33:03Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-15T06:04:30Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-15T15:41:11Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-20.xml b/metadata/glsa/glsa-200503-20.xml
new file mode 100644
index 000000000000..b72e9b1a276e
--- /dev/null
+++ b/metadata/glsa/glsa-200503-20.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-20">
+  <title>curl: NTLM response buffer overflow</title>
+  <synopsis>
+    curl is vulnerable to a buffer overflow which could lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2005-03-16</announced>
+  <revised count="01">2005-03-16</revised>
+  <bug>82534</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.13.1</unaffected>
+      <vulnerable range="lt">7.13.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    curl is a command line tool for transferring files via many
+    different protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    curl fails to properly check boundaries when handling NTLM
+    authentication.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    With a malicious server an attacker could send a carefully crafted
+    NTLM response to a connecting client leading to the execution of
+    arbitrary code with the permissions of the user running curl.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable NTLM authentication by not using the --anyauth or --ntlm
+    options.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All curl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.13.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490">CAN-2005-0490</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-12T16:36:42Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-12T17:56:09Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-14T05:48:14Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-21.xml b/metadata/glsa/glsa-200503-21.xml
new file mode 100644
index 000000000000..0708fbc0aa83
--- /dev/null
+++ b/metadata/glsa/glsa-200503-21.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-21">
+  <title>Grip: CDDB response overflow</title>
+  <synopsis>
+    Grip contains a buffer overflow that can be triggered by a large CDDB
+    response, potentially allowing the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">grip</product>
+  <announced>2005-03-17</announced>
+  <revised count="01">2005-03-17</revised>
+  <bug>84704</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/grip" auto="yes" arch="*">
+      <unaffected range="ge">3.3.0</unaffected>
+      <vulnerable range="lt">3.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Grip is a GTK+ based audio CD player/ripper.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joseph VanAndel has discovered a buffer overflow in Grip when
+    processing large CDDB results.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious CDDB server could cause Grip to crash by returning
+    more then 16 matches, potentially allowing the execution of arbitrary
+    code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable automatic CDDB queries, but we highly encourage users to
+    upgrade to 3.3.0.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Grip users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/grip-3.3.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706">CAN-2005-0706</uri>
+    <uri link="https://sourceforge.net/tracker/?group_id=3714&amp;atid=103714&amp;func=detail&amp;aid=834724">Original Bug Report</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-14T20:06:50Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-15T23:47:13Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-17T10:03:26Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-22.xml b/metadata/glsa/glsa-200503-22.xml
new file mode 100644
index 000000000000..5bedbe96fb3d
--- /dev/null
+++ b/metadata/glsa/glsa-200503-22.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-22">
+  <title>KDE: Local Denial of service</title>
+  <synopsis>
+    KDE is vulnerable to a local Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">kde, dcopserver</product>
+  <announced>2005-03-19</announced>
+  <revised count="01">2005-03-19</revised>
+  <bug>83814</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r7</unaffected>
+      <unaffected range="rge">3.2.3-r8</unaffected>
+      <vulnerable range="lt">3.3.2-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer discovered that it is possible to stall the
+    dcopserver of other users.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this to cause a local Denial of Service
+    by stalling the dcopserver in the authentication process. As a result
+    all desktop functionality relying on DCOP will cease to function.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdelibs</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396">CAN-2005-0396</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-14T06:00:10Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-19T07:23:43Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-23.xml b/metadata/glsa/glsa-200503-23.xml
new file mode 100644
index 000000000000..773dd6ede882
--- /dev/null
+++ b/metadata/glsa/glsa-200503-23.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-23">
+  <title>rxvt-unicode: Buffer overflow</title>
+  <synopsis>
+    rxvt-unicode is vulnerable to a buffer overflow that could lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">rxvt-unicode</product>
+  <announced>2005-03-20</announced>
+  <revised count="01">2005-03-20</revised>
+  <bug>84680</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-terms/rxvt-unicode" auto="yes" arch="*">
+      <unaffected range="ge">5.3</unaffected>
+      <unaffected range="lt">4.8</unaffected>
+      <vulnerable range="lt">5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rxvt-unicode is a clone of the well known terminal emulator rxvt.
+    </p>
+  </background>
+  <description>
+    <p>
+    Rob Holland of the Gentoo Linux Security Audit Team discovered
+    that rxvt-unicode fails to properly check input length.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would allow an attacker to execute
+    arbitrary code with the permissions of the user running rxvt-unicode.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All rxvt-unicode users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/rxvt-unicode-5.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0764">CAN-2005-0764</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-15T14:52:07Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-15T23:51:13Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-20T16:52:52Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-24.xml b/metadata/glsa/glsa-200503-24.xml
new file mode 100644
index 000000000000..6abcd3f81c1e
--- /dev/null
+++ b/metadata/glsa/glsa-200503-24.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-24">
+  <title>LTris: Buffer overflow</title>
+  <synopsis>
+    LTris is vulnerable to a buffer overflow which could lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">LTris</product>
+  <announced>2005-03-20</announced>
+  <revised count="01">2005-03-20</revised>
+  <bug>85770</bug>
+  <access>local</access>
+  <affected>
+    <package name="games-puzzle/ltris" auto="yes" arch="*">
+      <unaffected range="ge">1.0.10</unaffected>
+      <vulnerable range="lt">1.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LTris is a Tetris clone.
+    </p>
+  </background>
+  <description>
+    <p>
+    LTris is vulnerable to a buffer overflow when reading the global
+    highscores file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By modifying the global highscores file a malicious user could
+    trick another user to execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LTris users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-puzzle/ltris-1.0.10"</code>
+  </resolution>
+  <references/>
+  <metadata tag="requester" timestamp="2005-03-18T18:14:03Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-20T14:43:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-20T17:00:38Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-25.xml b/metadata/glsa/glsa-200503-25.xml
new file mode 100644
index 000000000000..0ac747498ce1
--- /dev/null
+++ b/metadata/glsa/glsa-200503-25.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-25">
+  <title>OpenSLP: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple buffer overflows have been found in OpenSLP, which could lead to
+    the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">OpenSLP</product>
+  <announced>2005-03-20</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>85347</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/openslp" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSLP is an open-source implementation of Service Location Protocol
+    (SLP).
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple buffer overflows have been found in OpenSLP, when handling
+    malformed SLP packets.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending specially crafted SLP packets, a remote attacker could
+    potentially execute arbitrary code with the rights of the OpenSLP
+    daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSLP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/openslp-1.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.novell.com/linux/security/advisories/2005_15_openslp.html">SUSE Security Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0769">CVE-2005-0769</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-16T22:37:07Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-17T14:53:57Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-20T20:02:39Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-26.xml b/metadata/glsa/glsa-200503-26.xml
new file mode 100644
index 000000000000..b5c7402ecc70
--- /dev/null
+++ b/metadata/glsa/glsa-200503-26.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-26">
+  <title>Sylpheed, Sylpheed-claws: Message reply overflow</title>
+  <synopsis>
+    Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered
+    when replying to specially crafted messages.
+  </synopsis>
+  <product type="ebuild">sylpheed sylpheed-claws</product>
+  <announced>2005-03-20</announced>
+  <revised count="01">2005-03-20</revised>
+  <bug>84056</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/sylpheed" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+    <package name="mail-client/sylpheed-claws" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sylpheed is a lightweight email client and newsreader.
+    Sylpheed-claws is a 'bleeding edge' version of Sylpheed.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sylpheed and Sylpheed-claws fail to properly handle non-ASCII
+    characters in email headers when composing reply messages.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can send an email containing a malicious non-ASCII
+    header which, when replied to, would cause the program to crash,
+    potentially allowing the execution of arbitrary code with the
+    privileges of the user running the software.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sylpheed users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/sylpheed-1.0.3"</code>
+    <p>
+    All Sylpheed-claws users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/sylpheed-claws-1.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://sylpheed.good-day.net/#changes">Sylpheed ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0667">CAN-2005-0667</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-14T20:05:52Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-15T14:35:33Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-20T22:41:22Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-27.xml b/metadata/glsa/glsa-200503-27.xml
new file mode 100644
index 000000000000..6350c6f8f3a5
--- /dev/null
+++ b/metadata/glsa/glsa-200503-27.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-27">
+  <title>Xzabite dyndnsupdate: Multiple vulnerabilities</title>
+  <synopsis>
+    Xzabite's dyndnsupdate software suffers from multiple vulnerabilities,
+    potentially resulting in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">dyndnsupdate</product>
+  <announced>2005-03-21</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>84659</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dyndnsupdate" auto="yes" arch="*">
+      <vulnerable range="le">0.6.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    dyndnsupdate is a dyndns.org data updater written by Fredrik "xzabite"
+    Haglund.
+    </p>
+  </background>
+  <description>
+    <p>
+    Toby Dickenson discovered that dyndnsupdate suffers from multiple
+    overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker, posing as a dyndns.org server, could execute
+    arbitrary code with the rights of the user running dyndnsupdate.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Currently, there is no released version of dyndnsupdate that contains a
+    fix for these issues. The original xzabite.org distribution site is
+    dead, the code contains several other problems and more secure
+    alternatives exist, such as the net-dns/ddclient package. Therefore,
+    the dyndnsupdate package has been hard-masked prior to complete removal
+    from Portage, and current users are advised to unmerge the package:
+    </p>
+    <code>
+    # emerge --unmerge net-misc/dyndnsupdate</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0830">CVE-2005-0830</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-21T09:32:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-21T14:30:08Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-28.xml b/metadata/glsa/glsa-200503-28.xml
new file mode 100644
index 000000000000..bc45fe4c81c0
--- /dev/null
+++ b/metadata/glsa/glsa-200503-28.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-28">
+  <title>Sun Java: Web Start argument injection vulnerability</title>
+  <synopsis>
+    Java Web Start JNLP files can be abused to evade sandbox restriction and
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">Java</product>
+  <announced>2005-03-24</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>85804</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.07</unaffected>
+      <unaffected range="lt">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2.07</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.07</unaffected>
+      <unaffected range="lt">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2.07</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sun provides implementations of Java Development Kits (JDK) and Java
+    Runtime Environments (JRE). These implementations provide the Java Web
+    Start technology that can be used for easy client-side deployment of
+    Java applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jouko Pynnonen discovered that Java Web Start contains a vulnerability
+    in the way it handles property tags in JNLP files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a malicious JNLP file, a remote attacker
+    could pass command line arguments to the Java Virtual machine, which
+    can be used to bypass the Java "sandbox" and to execute arbitrary code
+    with the permissions of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun JDK users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.4.2.07"</code>
+    <p>
+    All Sun JRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.4.2.07"</code>
+  </resolution>
+  <references>
+    <uri link="http://jouko.iki.fi/adv/ws.html">Jouko Pynnonen advisory</uri>
+    <uri link="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1">Sun Microsystems Alert Notification</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0836">CVE-2005-0836</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-20T21:40:30Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-20T21:41:41Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-23T15:33:09Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-29.xml b/metadata/glsa/glsa-200503-29.xml
new file mode 100644
index 000000000000..97fa2ea2ad9a
--- /dev/null
+++ b/metadata/glsa/glsa-200503-29.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-29">
+  <title>GnuPG: OpenPGP protocol attack</title>
+  <synopsis>
+    Automated systems using GnuPG may leak plaintext portions of an encrypted
+    message.
+  </synopsis>
+  <product type="ebuild">GnuPG</product>
+  <announced>2005-03-24</announced>
+  <revised count="01">2005-03-24</revised>
+  <bug>85547</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1</unaffected>
+      <vulnerable range="lt">1.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnuPG is complete and free replacement for PGP, a tool for secure
+    communication and data storage.
+    </p>
+  </background>
+  <description>
+    <p>
+    A flaw has been identified in an integrity checking mechanism of
+    the OpenPGP protocol.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An automated system using GnuPG that allows an attacker to
+    repeatedly discover the outcome of an integrity check (perhaps by
+    observing the time required to return a response, or via overly verbose
+    error messages) could theoretically reveal a small portion of
+    plaintext.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuPG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kb.cert.org/vuls/id/303094">CERT VU#303094</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0366">CAN-2005-0366</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-23T17:12:46Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-24T12:34:11Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-24T21:44:14Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-30.xml b/metadata/glsa/glsa-200503-30.xml
new file mode 100644
index 000000000000..71de2256b418
--- /dev/null
+++ b/metadata/glsa/glsa-200503-30.xml
@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-30">
+  <title>Mozilla Suite: Multiple vulnerabilities</title>
+  <synopsis>
+    The Mozilla Suite is vulnerable to multiple issues ranging from the remote
+    execution of arbitrary code to various issues allowing to trick the user
+    into trusting fake web sites or interacting with privileged content.
+  </synopsis>
+  <product type="ebuild">Mozilla</product>
+  <announced>2005-03-25</announced>
+  <revised count="01">2005-03-25</revised>
+  <bug>84074</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.6</unaffected>
+      <vulnerable range="lt">1.7.6</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.6</unaffected>
+      <vulnerable range="lt">1.7.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Suite is a popular all-in-one web browser that
+    includes a mail and news reader.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in the Mozilla
+    Suite:
+    </p>
+    <ul>
+    <li>Mark Dowd from ISS X-Force reported an exploitable
+    heap overrun in the GIF processing of obsolete Netscape extension 2
+    (CAN-2005-0399)</li>
+    <li>Michael Krax reported that plugins can be used
+    to load privileged content and trick the user to interact with it
+    (CAN-2005-0232, CAN-2005-0527)</li>
+    <li>Michael Krax also reported
+    potential spoofing or cross-site-scripting issues through overlapping
+    windows, image or scrollbar drag-and-drop, and by dropping javascript:
+    links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0401,
+    CAN-2005-0591)</li>
+    <li>Daniel de Wildt and Gael Delalleau discovered a
+    memory overwrite in a string library (CAN-2005-0255)</li>
+    <li>Wind Li
+    discovered a possible heap overflow in UTF8 to Unicode conversion
+    (CAN-2005-0592)</li>
+    <li>Eric Johanson reported that Internationalized
+    Domain Name (IDN) features allow homograph attacks (CAN-2005-0233)</li>
+    <li>Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various
+    ways of spoofing the SSL "secure site" indicator (CAN-2005-0593)</li>
+    <li>Georgi Guninski discovered that XSLT can include stylesheets from
+    arbitrary hosts (CAN-2005-0588)</li>
+    <li>Secunia discovered a way of
+    injecting content into a popup opened by another website
+    (CAN-2004-1156)</li>
+    <li>Phil Ringnalda reported a possible way to
+    spoof Install source with user:pass@host (CAN-2005-0590)</li>
+    <li>Jakob
+    Balle from Secunia discovered a possible way of spoofing the Download
+    dialog source (CAN-2005-0585)</li>
+    <li>Christian Schmidt reported a
+    potential spoofing issue in HTTP auth prompt tab (CAN-2005-0584)</li>
+    <li>Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team
+    discovered that Mozilla insecurely creates temporary filenames in
+    /tmp/plugtmp (CAN-2005-0578)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <ul>
+    <li>The GIF heap overflow could be triggered by a malicious GIF
+    image that would end up executing arbitrary code with the rights of the
+    user running Mozilla. The other overflow issues, while not thought to
+    be exploitable, would have the same impact</li>
+    <li>By setting up
+    malicious websites and convincing users to follow untrusted links or
+    obey very specific drag-and-drop or download instructions, attackers
+    may leverage the various spoofing issues to fake other websites to get
+    access to confidential information, push users to download malicious
+    files or make them interact with their browser preferences</li>
+    <li>The
+    temporary directory issue allows local attackers to overwrite arbitrary
+    files with the rights of another local user</li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Suite users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-1.7.6"</code>
+    <p>
+    All Mozilla Suite binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-bin-1.7.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156">CAN-2004-1156</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231">CAN-2005-0231</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232">CAN-2005-0232</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233">CAN-2005-0233</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399">CAN-2005-0399</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401">CAN-2005-0401</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527">CAN-2005-0527</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578">CAN-2005-0578</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584">CAN-2005-0584</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585">CAN-2005-0585</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588">CAN-2005-0588</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590">CAN-2005-0590</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591">CAN-2005-0591</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592">CAN-2005-0592</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593">CAN-2005-0593</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-22T09:19:22Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-25T12:49:52Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-31.xml b/metadata/glsa/glsa-200503-31.xml
new file mode 100644
index 000000000000..1196f79fad79
--- /dev/null
+++ b/metadata/glsa/glsa-200503-31.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-31">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Mozilla Firefox 1.0.2 fixes new security vulnerabilities, including the
+    remote execution of arbitrary code through malicious GIF images or
+    sidebars.
+  </synopsis>
+  <product type="ebuild">Firefox</product>
+  <announced>2005-03-25</announced>
+  <revised count="01">2005-03-25</revised>
+  <bug>86148</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is the popular next-generation browser from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in Mozilla
+    Firefox:
+    </p>
+    <ul>
+    <li>Mark Dowd from ISS X-Force reported an
+    exploitable heap overrun in the GIF processing of obsolete Netscape
+    extension 2 (CAN-2005-0399)</li>
+    <li>Kohei Yoshino discovered that a
+    page bookmarked as a sidebar could bypass privileges control
+    (CAN-2005-0402)</li>
+    <li>Michael Krax reported a new way to bypass XUL
+    security restrictions through drag-and-drop of items like scrollbars
+    (CAN-2005-0401)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <ul>
+    <li>The GIF heap overflow could be triggered by a malicious GIF
+    image that would end up executing arbitrary code with the rights of the
+    user running Firefox</li>
+    <li>By tricking the user into bookmarking a
+    malicious page as a Sidebar, a remote attacker could potentially
+    execute arbitrary code with the rights of the user running the
+    browser</li>
+    <li>By setting up a malicious website and convincing users
+    to obey very specific drag-and-drop instructions, attackers may
+    leverage drag-and-drop features to bypass XUL security restrictions,
+    which could be used as a stepping stone to exploit other
+    vulnerabilities</li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0.2"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399">CAN-2005-0399</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401">CAN-2005-0401</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0402">CAN-2005-0402</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-22T09:29:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-25T12:27:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-32.xml b/metadata/glsa/glsa-200503-32.xml
new file mode 100644
index 000000000000..7c17958fac80
--- /dev/null
+++ b/metadata/glsa/glsa-200503-32.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-32">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    Mozilla Thunderbird is vulnerable to multiple issues, including the remote
+    execution of arbitrary code through malicious GIF images.
+  </synopsis>
+  <product type="ebuild">Thunderbird</product>
+  <announced>2005-03-25</announced>
+  <revised count="01">2005-03-25</revised>
+  <bug>84075</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Thunderbird is the next-generation mail client from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in Mozilla
+    Thunderbird:
+    </p>
+    <ul>
+    <li>Mark Dowd from ISS X-Force reported an
+    exploitable heap overrun in the GIF processing of obsolete Netscape
+    extension 2 (CAN-2005-0399)</li>
+    <li>Daniel de Wildt and Gael Delalleau
+    discovered a memory overwrite in a string library (CAN-2005-0255)</li>
+    <li>Wind Li discovered a possible heap overflow in UTF8 to Unicode
+    conversion (CAN-2005-0592)</li>
+    <li>Phil Ringnalda reported a possible
+    way to spoof Install source with user:pass@host (CAN-2005-0590)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    The GIF heap overflow could be triggered by a malicious GIF image
+    that would end up executing arbitrary code with the rights of the user
+    running Thunderbird. The other overflow issues, while not thought to be
+    exploitable, would have the same impact. Furthermore, by setting up
+    malicious websites and convincing users to follow untrusted links,
+    attackers may leverage the spoofing issue to trick user into installing
+    malicious extensions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.0.2"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399">CAN-2005-0399</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590">CAN-2005-0590</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592">CAN-2005-0592</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-22T10:54:32Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-25T08:41:58Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-33.xml b/metadata/glsa/glsa-200503-33.xml
new file mode 100644
index 000000000000..1ef517127346
--- /dev/null
+++ b/metadata/glsa/glsa-200503-33.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-33">
+  <title>IPsec-Tools: racoon Denial of service</title>
+  <synopsis>
+    IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability.
+  </synopsis>
+  <product type="ebuild">IPsec-Tools</product>
+  <announced>2005-03-25</announced>
+  <revised count="01">2005-03-25</revised>
+  <bug>84479</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-firewall/ipsec-tools" auto="yes" arch="*">
+      <unaffected range="rge">0.4-r1</unaffected>
+      <unaffected range="ge">0.5-r1</unaffected>
+      <vulnerable range="lt">0.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    IPsec-Tools is a port of KAME's implementation of the IPsec
+    utilities. It contains a collection of network monitoring tools,
+    including racoon, ping, and ping6.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer has reported a potential remote Denial of
+    Service vulnerability in the ISAKMP header parsing code of racoon.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could possibly cause a Denial of Service of racoon
+    using a specially crafted ISAKMP packet.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IPsec-Tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-firewall/ipsec-tools-0.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0398">CAN-2005-0398</uri>
+    <uri link="https://sourceforge.net/mailarchive/forum.php?thread_id=6787713&amp;forum_id=32000">ipsec-tools-devel posting</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-23T16:03:41Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-24T09:50:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-24T21:24:17Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-34.xml b/metadata/glsa/glsa-200503-34.xml
new file mode 100644
index 000000000000..6a9b406756bd
--- /dev/null
+++ b/metadata/glsa/glsa-200503-34.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-34">
+  <title>mpg321: Format string vulnerability</title>
+  <synopsis>
+    A flaw in the processing of ID3 tags in mpg321 could potentially lead to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mpg321</product>
+  <announced>2005-03-28</announced>
+  <revised count="01">2005-03-28</revised>
+  <bug>86033</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mpg321" auto="yes" arch="*">
+      <unaffected range="ge">0.2.10-r2</unaffected>
+      <vulnerable range="lt">0.2.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mpg321 is a GPL replacement for mpg123, a command line audio
+    player with support for ID3. ID3 is a tagging system that allows
+    metadata to be embedded within media files.
+    </p>
+  </background>
+  <description>
+    <p>
+    A routine security audit of the mpg321 package revealed a known
+    security issue remained unpatched. The vulnerability is a result of
+    mpg321 printing embedded ID3 data to the console in an unsafe manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require a victim to play a specially
+    crafted audio file using mpg321, potentially resulting in the execution
+    of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mpg321 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/mpg321-0.2.10-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0969">CVE-2003-0969</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-23T14:50:18Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-24T12:50:11Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-27T10:18:10Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-35.xml b/metadata/glsa/glsa-200503-35.xml
new file mode 100644
index 000000000000..cc643fbe195a
--- /dev/null
+++ b/metadata/glsa/glsa-200503-35.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-35">
+  <title>Smarty: Template vulnerability</title>
+  <synopsis>
+    Smarty's "Template security" feature can be bypassed, potentially allowing
+    a remote attacker to execute arbitrary PHP code.
+  </synopsis>
+  <product type="ebuild">smarty</product>
+  <announced>2005-03-30</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>86488</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/smarty" auto="yes" arch="*">
+      <unaffected range="ge">2.6.9</unaffected>
+      <vulnerable range="lt">2.6.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Smarty is a template engine for PHP. The "template security" feature of
+    Smarty is designed to help reduce the risk of a system compromise when
+    you have untrusted parties editing templates.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been discovered within the regex_replace modifier
+    of the Smarty templates when allowing access to untrusted users.
+    Furthermore, it was possible to call functions from {if} statements and
+    {math} functions.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    These issues may allow a remote attacker to bypass the "template
+    security" feature of Smarty, and execute arbitrary PHP code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not grant template access to untrusted users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Smarty users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/smarty-2.6.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://smarty.php.net/misc/NEWS">Smarty ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0913">CVE-2005-0913</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-24T17:18:18Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-28T13:11:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-28T13:23:33Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-36.xml b/metadata/glsa/glsa-200503-36.xml
new file mode 100644
index 000000000000..34e0b201690c
--- /dev/null
+++ b/metadata/glsa/glsa-200503-36.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-36">
+  <title>netkit-telnetd: Buffer overflow</title>
+  <synopsis>
+    The netkit-telnetd telnet client is vulnerable to a buffer overflow, which
+    could allow a malicious telnet server operator to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">netkit-telnetd</product>
+  <announced>2005-03-31</announced>
+  <revised count="01">2005-03-31</revised>
+  <bug>87211</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/netkit-telnetd" auto="yes" arch="*">
+      <unaffected range="ge">0.17-r6</unaffected>
+      <vulnerable range="lt">0.17-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    netkit-telnetd provides standard Linux telnet client and server.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow has been identified in the slc_add_reply()
+    function of netkit-telnetd client, where a large number of SLC commands
+    can overflow a fixed size buffer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful explotation would require a vulnerable user to connect
+    to an attacker-controlled host using telnet, potentially executing
+    arbitrary code with the permissions of the telnet user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All netkit-telnetd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/netkit-telnetd-0.17-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469">CAN-2005-0469</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=220&amp;type=vulnerabilities">iDEFENSE Advisory 03-28-05</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-30T08:13:45Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-30T13:44:36Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-30T19:43:01Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200503-37.xml b/metadata/glsa/glsa-200503-37.xml
new file mode 100644
index 000000000000..2ef3b33caa91
--- /dev/null
+++ b/metadata/glsa/glsa-200503-37.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-37">
+  <title>LimeWire: Disclosure of sensitive information</title>
+  <synopsis>
+    Two vulnerabilities in LimeWire can be exploited to disclose sensitive
+    information.
+  </synopsis>
+  <product type="ebuild">LimeWire</product>
+  <announced>2005-03-31</announced>
+  <revised count="01">2005-03-31</revised>
+  <bug>85380</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/limewire" auto="yes" arch="*">
+      <unaffected range="ge">4.8.1</unaffected>
+      <vulnerable range="lt">4.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LimeWire is a Java peer-to-peer client compatible with the
+    Gnutella file-sharing protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two input validation errors were found in the handling of Gnutella
+    GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789).
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker can craft a specific Gnutella GET request or use
+    directory traversal on magnet requests to read arbitrary files on the
+    system with the rights of the user running LimeWire.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LimeWire users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-p2p/limewire-4.8.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0788">CAN-2005-0788</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0789">CAN-2005-0789</uri>
+    <uri link="https://secunia.com/advisories/14555/">Secunia Advisory SA14555</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-30T14:57:35Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-30T14:58:13Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-30T16:12:57Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-01.xml b/metadata/glsa/glsa-200504-01.xml
new file mode 100644
index 000000000000..48d7156505e1
--- /dev/null
+++ b/metadata/glsa/glsa-200504-01.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-01">
+  <title>telnet-bsd: Multiple buffer overflows</title>
+  <synopsis>
+    The telnet-bsd telnet client is vulnerable to two buffer overflows, which
+    could allow a malicious telnet server operator to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">telnet</product>
+  <announced>2005-04-01</announced>
+  <revised count="01">2005-04-01</revised>
+  <bug>87019</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/telnet-bsd" auto="yes" arch="*">
+      <unaffected range="ge">1.0-r1</unaffected>
+      <vulnerable range="lt">1.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    telnet-bsd provides a command line telnet client which is used for
+    remote login using the telnet protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow has been identified in the env_opt_add()
+    function of telnet-bsd, where a response requiring excessive escaping
+    can cause a heap-based buffer overflow. Another issue has been
+    identified in the slc_add_reply() function, where a large number of SLC
+    commands can overflow a fixed size buffer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require a vulnerable user to connect
+    to an attacker-controlled host using telnet, potentially executing
+    arbitrary code with the permissions of the telnet user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All telnet-bsd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/telnet-bsd-1.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468">CAN-2005-0468</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=221&amp;type=vulnerabilities">IDEF0867</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469">CAN-2005-0469</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=220&amp;type=vulnerabilities">IDEF0866</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-29T16:15:13Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-29T17:09:56Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-31T06:01:07Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-02.xml b/metadata/glsa/glsa-200504-02.xml
new file mode 100644
index 000000000000..84dee796173d
--- /dev/null
+++ b/metadata/glsa/glsa-200504-02.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-02">
+  <title>Sylpheed, Sylpheed-claws: Buffer overflow on message display</title>
+  <synopsis>
+    Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered
+    when displaying messages with specially crafted attachments.
+  </synopsis>
+  <product type="ebuild">sylpheed</product>
+  <announced>2005-04-02</announced>
+  <revised count="01">2005-04-02</revised>
+  <bug>86541</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/sylpheed" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4</unaffected>
+      <vulnerable range="lt">1.0.4</vulnerable>
+    </package>
+    <package name="mail-client/sylpheed-claws" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4</unaffected>
+      <vulnerable range="lt">1.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sylpheed is a lightweight email client and newsreader.
+    Sylpheed-claws is a 'bleeding edge' version of Sylpheed.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sylpheed and Sylpheed-claws fail to properly handle messages
+    containing attachments with MIME-encoded filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can send a malicious email message which, when
+    displayed, would cause the program to crash, potentially allowing the
+    execution of arbitrary code with the privileges of the user running the
+    software.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sylpheed users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/sylpheed-1.0.4"</code>
+    <p>
+    All Sylpheed-claws users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/sylpheed-claws-1.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="http://sylpheed.good-day.net/#changes">Sylpheed ChangeLog</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-31T08:06:56Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-31T08:07:15Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-03.xml b/metadata/glsa/glsa-200504-03.xml
new file mode 100644
index 000000000000..b34ccf0f47dc
--- /dev/null
+++ b/metadata/glsa/glsa-200504-03.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-03">
+  <title>Dnsmasq: Poisoning and Denial of Service vulnerabilities</title>
+  <synopsis>
+    Dnsmasq is vulnerable to DNS cache poisoning attacks and a potential Denial
+    of Service from the local network.
+  </synopsis>
+  <product type="ebuild">Dnsmasq</product>
+  <announced>2005-04-04</announced>
+  <revised count="01">2005-04-04</revised>
+  <bug>86718</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.22</unaffected>
+      <vulnerable range="lt">2.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dnsmasq is a lightweight and easily-configurable DNS forwarder and
+    DHCP server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dnsmasq does not properly detect that DNS replies received do not
+    correspond to any DNS query that was sent. Rob Holland of the Gentoo
+    Linux Security Audit team also discovered two off-by-one buffer
+    overflows that could crash DHCP lease files parsing.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could send malicious answers to insert arbitrary
+    DNS data into the Dnsmasq cache. These attacks would in turn help an
+    attacker to perform man-in-the-middle and site impersonation attacks.
+    The buffer overflows might allow an attacker on the local network to
+    crash Dnsmasq upon restart.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dnsmasq users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.22"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.thekelleys.org.uk/dnsmasq/CHANGELOG">Dnsmasq Changelog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-28T07:00:46Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-28T13:54:22Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-04T11:10:45Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-04.xml b/metadata/glsa/glsa-200504-04.xml
new file mode 100644
index 000000000000..0a57f1680fac
--- /dev/null
+++ b/metadata/glsa/glsa-200504-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-04">
+  <title>mit-krb5: Multiple buffer overflows in telnet client</title>
+  <synopsis>
+    The mit-krb5 telnet client is vulnerable to two buffer overflows, which
+    could allow a malicious telnet server operator to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">telnet</product>
+  <announced>2005-04-06</announced>
+  <revised count="01">2005-04-06</revised>
+  <bug>87145</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.3.6-r2</unaffected>
+      <vulnerable range="lt">1.3.6-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The MIT Kerberos 5 implementation provides a command line telnet
+    client which is used for remote login via the telnet protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow has been identified in the env_opt_add()
+    function, where a response requiring excessive escaping can cause a
+    heap-based buffer overflow. Another issue has been identified in the
+    slc_add_reply() function, where a large number of SLC commands can
+    overflow a fixed size buffer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require a vulnerable user to connect
+    to an attacker-controlled telnet host, potentially executing arbitrary
+    code with the permissions of the telnet user on the client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mit-krb5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.3.6-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468">CAN-2005-0468</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469">CAN-2005-0469</uri>
+    <uri link="http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt">MITKRB5-SA-2005-001</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-01T09:42:26Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-06T09:05:02Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-05.xml b/metadata/glsa/glsa-200504-05.xml
new file mode 100644
index 000000000000..4998813b64d9
--- /dev/null
+++ b/metadata/glsa/glsa-200504-05.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-05">
+  <title>Gaim: Denial of Service issues</title>
+  <synopsis>
+    Gaim contains multiple vulnerabilities that can lead to a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">Gaim</product>
+  <announced>2005-04-06</announced>
+  <revised count="03">2005-04-06</revised>
+  <bug>87903</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a full featured instant messaging client which handles a
+    variety of instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been addressed in the latest release of
+    Gaim:
+    </p>
+    <ul><li>A buffer overread in the gaim_markup_strip_html() function,
+    which is used when logging conversations (CAN-2005-0965).</li>
+    <li>Markup tags are improperly escaped using Gaim's IRC plugin
+    (CAN-2005-0966).</li>
+    <li>Sending a specially crafted file transfer request to a Gaim Jabber
+    user can trigger a crash (CAN-2005-0967).</li>
+    </ul>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could possibly cause a Denial of Service by exploiting any
+    of these vulnerabilities.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gaim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/gaim-1.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967">CAN-2005-0967</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966">CAN-2005-0966</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965">CAN-2005-0965</uri>
+    <uri link="https://gaim.sourceforge.net/security/">Gaim Vulnerability Index</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-04T16:07:52Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-04T16:59:15Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-06T11:01:53Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-06.xml b/metadata/glsa/glsa-200504-06.xml
new file mode 100644
index 000000000000..e71b0cbf1210
--- /dev/null
+++ b/metadata/glsa/glsa-200504-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-06">
+  <title>sharutils: Insecure temporary file creation</title>
+  <synopsis>
+    The unshar utility is vulnerable to symlink attacks, potentially allowing a
+    local user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">sharutils</product>
+  <announced>2005-04-06</announced>
+  <revised count="01">2005-04-06</revised>
+  <bug>87939</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-arch/sharutils" auto="yes" arch="*">
+      <unaffected range="ge">4.2.1-r11</unaffected>
+      <vulnerable range="lt">4.2.1-r11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sharutils is a collection of tools to deal with shar archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joey Hess has discovered that the program unshar, which is a part
+    of sharutils, creates temporary files in a world-writable directory
+    with predictable names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When unshar is executed, this would result in the file being
+    overwritten with the rights of the user running the utility, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sharutils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/sharutils-4.2.1-r11"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.ubuntulinux.org/support/documentation/usn/usn-104-1">Ubuntu Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-05T07:42:03Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-05T13:07:06Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-06T20:15:09Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-07.xml b/metadata/glsa/glsa-200504-07.xml
new file mode 100644
index 000000000000..64928735f95e
--- /dev/null
+++ b/metadata/glsa/glsa-200504-07.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-07">
+  <title>GnomeVFS, libcdaudio: CDDB response overflow</title>
+  <synopsis>
+    The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be
+    triggered by a large CDDB response, potentially allowing the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">GnomeVFS</product>
+  <announced>2005-04-08</announced>
+  <revised count="02">2005-04-13</revised>
+  <bug>84936</bug>
+  <access>remote</access>
+  <affected>
+    <package name="gnome-base/gnome-vfs" auto="yes" arch="*">
+      <unaffected range="ge">2.8.4-r1</unaffected>
+      <unaffected range="rge">1.0.5-r4</unaffected>
+      <vulnerable range="lt">2.8.4-r1</vulnerable>
+    </package>
+    <package name="media-libs/libcdaudio" auto="yes" arch="*">
+      <unaffected range="ge">0.99.10-r1</unaffected>
+      <vulnerable range="lt">0.99.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnomeVFS is a filesystem abstraction library for the GNOME desktop
+    environment. libcdaudio is a multi-platform CD player development
+    library. They both include code to query CDDB servers to get Audio CD
+    track titles.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joseph VanAndel has discovered a buffer overflow in Grip when
+    processing large CDDB results (see GLSA 200503-21). The same overflow
+    is present in GnomeVFS and libcdaudio code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious CDDB server could cause applications making use of GnomeVFS
+    or libcdaudio libraries to crash, potentially allowing the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnomeVFS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose gnome-base/gnome-vfs</code>
+    <p>
+    All libcdaudio users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libcdaudio-0.99.10-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706">CAN-2005-0706</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200503-21.xml">GLSA 200503-21</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-05T09:35:13Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-08T11:17:13Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-08.xml b/metadata/glsa/glsa-200504-08.xml
new file mode 100644
index 000000000000..a0aaf8fd01f8
--- /dev/null
+++ b/metadata/glsa/glsa-200504-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-08">
+  <title>phpMyAdmin: Cross-site scripting vulnerability</title>
+  <synopsis>
+    phpMyAdmin is vulnerable to a cross-site scripting attack.
+  </synopsis>
+  <product type="ebuild">phpMyAdmin</product>
+  <announced>2005-04-11</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>87952</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.6.2_rc1</unaffected>
+      <vulnerable range="lt">2.6.2_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL databases from a web-browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate
+    input to the "convcharset" variable, rendering it vulnerable to
+    cross-site scripting attacks.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By sending a specially-crafted request, an attacker can inject and
+    execute malicious script code, potentially compromising the victim's
+    browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.6.2_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3">PMASA-2005-3</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0992">CVE-2005-0992</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-10T23:16:29Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-11T00:34:48Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-11T00:35:39Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-09.xml b/metadata/glsa/glsa-200504-09.xml
new file mode 100644
index 000000000000..9134eca94ffa
--- /dev/null
+++ b/metadata/glsa/glsa-200504-09.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-09">
+  <title>Axel: Vulnerability in HTTP redirection handling</title>
+  <synopsis>
+    A buffer overflow vulnerability has been found in Axel which could lead to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Axel</product>
+  <announced>2005-04-12</announced>
+  <revised count="01">2005-04-12</revised>
+  <bug>88264</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/axel" auto="yes" arch="*">
+      <unaffected range="ge">1.0b</unaffected>
+      <vulnerable range="lt">1.0b</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Axel is a console-based FTP/HTTP download accelerator.
+    </p>
+  </background>
+  <description>
+    <p>
+    A possible buffer overflow has been reported in the HTTP
+    redirection handling code in conn.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability by setting up a
+    malicious site and enticing a user to connect to it. This could
+    possibly lead to the execution of arbitrary code with the permissions
+    of the user running Axel.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Axel users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/axel-1.0b"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0390">CAN-2005-0390</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-11T18:36:13Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-11T19:29:05Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-12T11:48:11Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-10.xml b/metadata/glsa/glsa-200504-10.xml
new file mode 100644
index 000000000000..6e1491a563b8
--- /dev/null
+++ b/metadata/glsa/glsa-200504-10.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-10">
+  <title>Gld: Remote execution of arbitrary code</title>
+  <synopsis>
+    Gld contains several serious vulnerabilities, potentially resulting in the
+    execution of arbitrary code as the root user.
+  </synopsis>
+  <product type="ebuild">Gld</product>
+  <announced>2005-04-13</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>88904</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/gld" auto="yes" arch="*">
+      <unaffected range="ge">1.5</unaffected>
+      <vulnerable range="le">1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gld is a standalone greylisting server for Postfix.
+    </p>
+  </background>
+  <description>
+    <p>
+    dong-hun discovered several buffer overflows in server.c, as well as
+    several format string vulnerabilities in cnf.c.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this vulnerability to execute arbitrary code
+    with the permissions of the user running Gld, the default user being
+    root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gld users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-filter/gld-1.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://securitytracker.com/alerts/2005/Apr/1013678.html">SecurityTracker ID 1013678</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1099">CVE-2005-1099</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1100">CVE-2005-1100</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-13T10:26:52Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-13T12:04:44Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-11.xml b/metadata/glsa/glsa-200504-11.xml
new file mode 100644
index 000000000000..091991335e07
--- /dev/null
+++ b/metadata/glsa/glsa-200504-11.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-11">
+  <title>JunkBuster: Multiple vulnerabilities</title>
+  <synopsis>
+    JunkBuster is vulnerable to a heap corruption vulnerability, and under
+    certain configurations may allow an attacker to modify settings.
+  </synopsis>
+  <product type="ebuild">junkbuster</product>
+  <announced>2005-04-13</announced>
+  <revised count="02">2005-04-21</revised>
+  <bug>88537</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/junkbuster" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r3</unaffected>
+      <vulnerable range="lt">2.0.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    JunkBuster is a filtering HTTP proxy, designed to enhance privacy and
+    remove unwanted content.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Ranson reported a vulnerability when JunkBuster is configured to
+    run in single-threaded mode, an attacker can modify the referrer
+    setting by getting a victim to request a specially crafted URL
+    (CAN-2005-1108). Tavis Ormandy of the Gentoo Linux Security Audit Team
+    identified a heap corruption issue in the filtering of URLs
+    (CAN-2005-1109).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    If JunkBuster has been configured to run in single-threaded mode, an
+    attacker can disable or modify the filtering of Referrer: HTTP headers,
+    potentially compromising the privacy of users. The heap corruption
+    vulnerability could crash or disrupt the operation of the proxy,
+    potentially executing arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All JunkBuster users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/junkbuster-2.0.2-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1108">CAN-2005-1108</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1109">CAN-2005-1109</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-12T20:24:12Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-12T21:28:36Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-13T08:43:25Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-12.xml b/metadata/glsa/glsa-200504-12.xml
new file mode 100644
index 000000000000..74299b05a7a7
--- /dev/null
+++ b/metadata/glsa/glsa-200504-12.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-12">
+  <title>rsnapshot: Local privilege escalation</title>
+  <synopsis>
+    rsnapshot allows a local user to take ownership of local files, resulting
+    in privilege escalation.
+  </synopsis>
+  <product type="ebuild">rsnapshot</product>
+  <announced>2005-04-13</announced>
+  <revised count="05">2007-12-30</revised>
+  <bug>88681</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-backup/rsnapshot" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <unaffected range="rge">1.1.7</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rsnapshot is a filesystem snapshot utility based on rsync, allowing
+    local and remote systems backups.
+    </p>
+  </background>
+  <description>
+    <p>
+    The copy_symlink() subroutine in rsnapshot follows symlinks when
+    changing file ownership, instead of changing the ownership of the
+    symlink itself.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Under certain circumstances, local attackers can exploit this
+    vulnerability to take ownership of arbitrary files, resulting in local
+    privilege escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The copy_symlink() subroutine is not called if the cmd_cp parameter has
+    been enabled.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All rsnapshot users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-backup/rsnapshot</code>
+  </resolution>
+  <references>
+    <uri link="http://www.rsnapshot.org/security/2005/001.html">rsnapshot Security Advisory 001</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1064">CVE-2005-1064</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-11T07:57:07Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-11T21:22:40Z">
+    lewk
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-13T08:59:16Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-13.xml b/metadata/glsa/glsa-200504-13.xml
new file mode 100644
index 000000000000..758d70320df1
--- /dev/null
+++ b/metadata/glsa/glsa-200504-13.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-13">
+  <title>OpenOffice.Org: DOC document Heap Overflow</title>
+  <synopsis>
+    OpenOffice.Org is vulnerable to a heap overflow when processing DOC
+    documents, which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">OpenOffice</product>
+  <announced>2005-04-15</announced>
+  <revised count="02">2005-05-08</revised>
+  <bug>88863</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4-r1</unaffected>
+      <vulnerable range="lt">1.1.4-r1</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4-r1</unaffected>
+      <vulnerable range="lt">1.1.4-r1</vulnerable>
+    </package>
+    <package name="app-office/openoffice-ximian" auto="yes" arch="*">
+      <unaffected range="ge">1.3.9-r1</unaffected>
+      <unaffected range="rge">1.3.6-r1</unaffected>
+      <unaffected range="rge">1.3.7-r1</unaffected>
+      <vulnerable range="lt">1.3.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an office productivity suite, including word
+    processing, spreadsheets, presentations, drawings, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load()"
+    function when processing DOC documents.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could design a malicious DOC document containing a
+    specially crafted header which, when processed by OpenOffice.Org, would
+    result in the execution of arbitrary code with the rights of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.Org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-1.1.4-r1"</code>
+    <p>
+    All OpenOffice.Org binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-1.1.4-r1"</code>
+    <p>
+    All OpenOffice.Org Ximian users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-office/openoffice-ximian</code>
+    <p>
+    Note to PPC users: There is no stable OpenOffice.Org fixed version for
+    the PPC architecture. Affected users should switch to the latest
+    OpenOffice.Org Ximian version.
+    </p>
+    <p>
+    Note to SPARC users: There is no stable OpenOffice.Org fixed version
+    for the SPARC architecture. Affected users should switch to the latest
+    OpenOffice.Org Ximian version.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.openoffice.org/issues/show_bug.cgi?id=46388">OpenOffice.Org Issue 46388</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941">CAN-2005-0941</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-13T09:08:22Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-14T15:46:07Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-15T07:51:32Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-14.xml b/metadata/glsa/glsa-200504-14.xml
new file mode 100644
index 000000000000..0130922ceca5
--- /dev/null
+++ b/metadata/glsa/glsa-200504-14.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-14">
+  <title>monkeyd: Multiple vulnerabilities</title>
+  <synopsis>
+    Format string and Denial of Service vulnerabilities have been discovered in
+    the monkeyd HTTP server, potentially resulting in the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">monkeyd</product>
+  <announced>2005-04-15</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>87916</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/monkeyd" auto="yes" arch="*">
+      <unaffected range="ge">0.9.1</unaffected>
+      <vulnerable range="lt">0.9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    monkeyd is a fast, efficient, small and easy to configure web server
+    for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
+    double expansion error in monkeyd, resulting in a format string
+    vulnerability. Ciaran McCreesh of Gentoo Linux discovered a Denial of
+    Service vulnerability, a syntax error caused monkeyd to zero out
+    unallocated memory should a zero byte file be requested.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The format string vulnerability could allow an attacker to send a
+    specially crafted request to the monkeyd server, resulting in the
+    execution of arbitrary code with the permissions of the user running
+    monkeyd. The DoS vulnerability could allow an attacker to disrupt the
+    operation of the web server, should a zero byte file be accessible.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All monkeyd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/monkeyd-0.9.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1122">CVE-2005-1122</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1123">CVE-2005-1123</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-14T15:11:45Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-14T20:09:53Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-15T16:10:15Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-15.xml b/metadata/glsa/glsa-200504-15.xml
new file mode 100644
index 000000000000..2b53f64b15d2
--- /dev/null
+++ b/metadata/glsa/glsa-200504-15.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-15">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities were found and fixed in PHP image handling
+    functions, potentially resulting in Denial of Service conditions or the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2005-04-18</announced>
+  <revised count="01">2005-04-18</revised>
+  <bug>87517</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.11</unaffected>
+      <vulnerable range="lt">4.3.11</vulnerable>
+    </package>
+    <package name="dev-php/mod_php" auto="yes" arch="*">
+      <unaffected range="ge">4.3.11</unaffected>
+      <vulnerable range="lt">4.3.11</vulnerable>
+    </package>
+    <package name="dev-php/php-cgi" auto="yes" arch="*">
+      <unaffected range="ge">4.3.11</unaffected>
+      <vulnerable range="lt">4.3.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a general-purpose scripting language widely used to develop
+    web-based applications. It can run inside a web server using the
+    mod_php module or the CGI version of PHP, or can run stand-alone in a
+    CLI.
+    </p>
+  </background>
+  <description>
+    <p>
+    An integer overflow and an unbound recursion were discovered in
+    the processing of Image File Directory tags in PHP's EXIF module
+    (CAN-2005-1042, CAN-2005-1043). Furthermore, two infinite loops have
+    been discovered in the getimagesize() function when processing IFF or
+    JPEG images (CAN-2005-0524, CAN-2005-0525).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could craft an image file with a malicious EXIF
+    IFD tag, a large IFD nesting level or invalid size parameters and send
+    it to a web application that would process this user-provided image
+    using one of the affected functions. This could result in denying
+    service on the attacked server and potentially executing arbitrary code
+    with the rights of the web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/php-4.3.11"</code>
+    <p>
+    All mod_php users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/mod_php-4.3.11"</code>
+    <p>
+    All php-cgi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/php-cgi-4.3.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.php.net/release_4_3_11.php">PHP 4.3.11 Release Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524">CAN-2005-0524</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525">CAN-2005-0525</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042">CAN-2005-1042</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043">CAN-2005-1043</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-17T16:51:49Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-17T16:51:59Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-16.xml b/metadata/glsa/glsa-200504-16.xml
new file mode 100644
index 000000000000..1ad1e59429b7
--- /dev/null
+++ b/metadata/glsa/glsa-200504-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-16">
+  <title>CVS: Multiple vulnerabilities</title>
+  <synopsis>
+    Several serious vulnerabilities have been found in CVS, which may allow an
+    attacker to remotely compromise a CVS server or cause a DoS.
+  </synopsis>
+  <product type="ebuild">CVS</product>
+  <announced>2005-04-18</announced>
+  <revised count="03">2005-04-22</revised>
+  <bug>86476</bug>
+  <bug>89579</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/cvs" auto="yes" arch="*">
+      <unaffected range="ge">1.11.20</unaffected>
+      <vulnerable range="lt">1.11.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CVS (Concurrent Versions System) is an open-source network-transparent
+    version control system. It contains both a client utility and a server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alen Zukich has discovered several serious security issues in CVS,
+    including at least one buffer overflow (CAN-2005-0753), memory leaks
+    and a NULL pointer dereferencing error. Furthermore when launching
+    trigger scripts CVS includes a user controlled directory.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit these vulnerabilities to cause a Denial of
+    Service or execute arbitrary code with the permissions of the CVS
+    pserver or the authenticated user (depending on the connection method
+    used).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CVS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/cvs-1.11.20"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-12T18:45:36Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-18T20:37:28Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-17.xml b/metadata/glsa/glsa-200504-17.xml
new file mode 100644
index 000000000000..95f8cf2ea629
--- /dev/null
+++ b/metadata/glsa/glsa-200504-17.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-17">
+  <title>XV: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in XV, potentially resulting
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xv</product>
+  <announced>2005-04-19</announced>
+  <revised count="01">2005-04-19</revised>
+  <bug>88742</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xv" auto="yes" arch="*">
+      <unaffected range="ge">3.10a-r11</unaffected>
+      <vulnerable range="lt">3.10a-r11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XV is an interactive image manipulation program for the X Window
+    System.
+    </p>
+  </background>
+  <description>
+    <p>
+    Greg Roelofs has reported multiple input validation errors in XV
+    image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team
+    has reported insufficient validation in the PDS (Planetary Data System)
+    image decoder, format string vulnerabilities in the TIFF and PDS
+    decoders, and insufficient protection from shell meta-characters in
+    malformed filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require a victim to view a specially
+    created image file using XV, potentially resulting in the execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All XV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/xv-3.10a-r11"</code>
+  </resolution>
+  <references/>
+  <metadata tag="requester" timestamp="2005-04-15T12:13:29Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-15T13:15:45Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-19T04:58:52Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-18.xml b/metadata/glsa/glsa-200504-18.xml
new file mode 100644
index 000000000000..4f6c4b11a339
--- /dev/null
+++ b/metadata/glsa/glsa-200504-18.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-18">
+  <title>Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities</title>
+  <synopsis>
+    New Mozilla Firefox and Mozilla Suite releases fix new security
+    vulnerabilities, including memory disclosure and various ways of executing
+    JavaScript code with elevated privileges.
+  </synopsis>
+  <product type="ebuild">Mozilla</product>
+  <announced>2005-04-19</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>89303</bug>
+  <bug>89305</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.7</unaffected>
+      <vulnerable range="lt">1.7.7</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.7</unaffected>
+      <vulnerable range="lt">1.7.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Suite is a popular all-in-one web browser that includes a
+    mail and news reader. Mozilla Firefox is the next-generation browser
+    from the Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in the Mozilla Suite
+    and Mozilla Firefox:
+    </p>
+    <ul>
+    <li>Vladimir V. Perepelitsa reported a memory disclosure bug in
+    JavaScript's regular expression string replacement when using an
+    anonymous function as the replacement argument (CAN-2005-0989).</li>
+    <li>moz_bug_r_a4 discovered that Chrome UI code was overly trusting DOM
+    nodes from the content window, allowing privilege escalation via DOM
+    property overrides.</li>
+    <li>Michael Krax reported a possibility to run JavaScript code with
+    elevated privileges through the use of javascript: favicons.</li>
+    <li>Michael Krax also discovered that malicious Search plugins could
+    run JavaScript in the context of the displayed page or stealthily
+    replace existing search plugins.</li>
+    <li>shutdown discovered a technique to pollute the global scope of a
+    window in a way that persists from page to page.</li>
+    <li>Doron Rosenberg discovered a possibility to run JavaScript with
+    elevated privileges when the user asks to "Show" a blocked popup that
+    contains a JavaScript URL.</li>
+    <li>Finally, Georgi Guninski reported missing Install object instance
+    checks in the native implementations of XPInstall-related JavaScript
+    objects.</li>
+    </ul>
+    <p>
+    The following Firefox-specific vulnerabilities have also been
+    discovered:
+    </p>
+    <ul>
+    <li>Kohei Yoshino discovered a new way to abuse the sidebar panel to
+    execute JavaScript with elevated privileges.</li>
+    <li>Omar Khan reported that the Plugin Finder Service can be tricked to
+    open javascript: URLs with elevated privileges.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    The various JavaScript execution with elevated privileges issues can be
+    exploited by a remote attacker to install malicious code or steal data.
+    The memory disclosure issue can be used to reveal potentially sensitive
+    information. Finally, the cache pollution issue and search plugin abuse
+    can be leveraged in cross-site-scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0.3"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0.3"</code>
+    <p>
+    All Mozilla Suite users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-1.7.7"</code>
+    <p>
+    All Mozilla Suite binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-bin-1.7.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989">CAN-2005-0989</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1153">CVE-2005-1153</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1154">CVE-2005-1154</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1155">CVE-2005-1155</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1156">CVE-2005-1156</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1159">CVE-2005-1159</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1160">CVE-2005-1160</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-18T08:55:50Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-19T05:17:09Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-19.xml b/metadata/glsa/glsa-200504-19.xml
new file mode 100644
index 000000000000..f9cddb9daedc
--- /dev/null
+++ b/metadata/glsa/glsa-200504-19.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-19">
+  <title>MPlayer: Two heap overflow vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities have been found in MPlayer which could lead to the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">MPlayer</product>
+  <announced>2005-04-20</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>89277</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_pre6-r4</unaffected>
+      <vulnerable range="lt">1.0_pre6-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player capable of handling multiple multimedia file
+    formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Heap overflows have been found in the code handling RealMedia RTSP and
+    Microsoft Media Services streams over TCP (MMST).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By setting up a malicious server and enticing a user to use its
+    streaming data, a remote attacker could possibly execute arbitrary code
+    on the client computer with the permissions of the user running
+    MPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0_pre6-r4"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.mplayerhq.hu/homepage/design7/news.html#vuln10">MPlayer News: Real RTSP heap overflow</uri>
+    <uri link="http://www.mplayerhq.hu/homepage/design7/news.html#vuln11">MPlayer News: MMST heap overflow</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1195">CVE-2005-1195</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-16T16:59:51Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-18T09:17:55Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-19T07:28:03Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-20.xml b/metadata/glsa/glsa-200504-20.xml
new file mode 100644
index 000000000000..90f7171d12cd
--- /dev/null
+++ b/metadata/glsa/glsa-200504-20.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-20">
+  <title>openMosixview: Insecure temporary file creation</title>
+  <synopsis>
+    openMosixview and the openMosixcollector daemon are vulnerable to symlink
+    attacks, potentially allowing a local user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">openMosixview</product>
+  <announced>2005-04-21</announced>
+  <revised count="01">2005-04-21</revised>
+  <bug>86686</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-cluster/openmosixview" auto="yes" arch="*">
+      <unaffected range="ge">1.5-r1</unaffected>
+      <vulnerable range="lt">1.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The openMosixview package contains several tools used to manage
+    openMosix clusters, including openMosixview (the main monitoring and
+    administration application) and openMosixcollector (a daemon collecting
+    cluster and node information).
+    </p>
+  </background>
+  <description>
+    <p>
+    Gangstuck and Psirac from Rexotec discovered that openMosixview
+    insecurely creates several temporary files with predictable filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When openMosixView or the openMosixcollector daemon runs, this would
+    result in the file being overwritten with the rights of the user
+    running the utility, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All openMosixview users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-cluster/openmosixview-1.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0894">CAN-2005-0894</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-20T11:45:51Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-20T11:46:46Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-21.xml b/metadata/glsa/glsa-200504-21.xml
new file mode 100644
index 000000000000..bd758ba248f2
--- /dev/null
+++ b/metadata/glsa/glsa-200504-21.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-21">
+  <title>RealPlayer, Helix Player: Buffer overflow vulnerability</title>
+  <synopsis>
+    RealPlayer and Helix Player are vulnerable to a buffer overflow that could
+    lead to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">RealPlayer</product>
+  <announced>2005-04-22</announced>
+  <revised count="01">2005-04-22</revised>
+  <bug>89862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/realplayer" auto="yes" arch="*">
+      <unaffected range="ge">10.0.4</unaffected>
+      <vulnerable range="lt">10.0.4</vulnerable>
+    </package>
+    <package name="media-video/helixplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4</unaffected>
+      <vulnerable range="lt">1.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    RealPlayer is a multimedia player capable of handling multiple
+    multimedia file formats. Helix Player is the Open Source version of
+    RealPlayer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Piotr Bania has discovered a buffer overflow vulnerability in
+    RealPlayer and Helix Player when processing malicious RAM files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to play a specially crafted RAM file an
+    attacker could execute arbitrary code with the permissions of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All RealPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/realplayer-10.0.4"</code>
+    <p>
+    All Helix Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/helixplayer-1.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0755">CAN-2005-0755</uri>
+    <uri link="http://service.real.com/help/faq/security/050419_player/EN/">RealNetworks Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-21T08:25:50Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-21T21:28:38Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-22T07:59:29Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-22.xml b/metadata/glsa/glsa-200504-22.xml
new file mode 100644
index 000000000000..16d71c14373b
--- /dev/null
+++ b/metadata/glsa/glsa-200504-22.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-22">
+  <title>KDE kimgio: PCX handling buffer overflow</title>
+  <synopsis>
+    KDE fails to properly validate input when handling PCX images, potentially
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">KDE</product>
+  <announced>2005-04-22</announced>
+  <revised count="01">2005-04-22</revised>
+  <bug>88862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="rge">3.2.3-r9</unaffected>
+      <unaffected range="ge">3.3.2-r8</unaffected>
+      <vulnerable range="lt">3.3.2-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. kimgio is the KDE image handler provided
+    by kdelibs.
+    </p>
+  </background>
+  <description>
+    <p>
+    kimgio fails to properly validate input when handling PCX files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to load a specially-crafted PCX image in a KDE
+    application, an attacker could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdelibs</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046">CAN-2005-1046</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20050421-1.txt">KDE Security Advisory: kimgio input validation errors</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-22T06:44:43Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-22T11:51:44Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-23.xml b/metadata/glsa/glsa-200504-23.xml
new file mode 100644
index 000000000000..2474fb163b0f
--- /dev/null
+++ b/metadata/glsa/glsa-200504-23.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-23">
+  <title>Kommander: Insecure remote script execution</title>
+  <synopsis>
+    Kommander executes remote scripts without confirmation, potentially
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Kommander</product>
+  <announced>2005-04-22</announced>
+  <revised count="02">2005-05-20</revised>
+  <bug>89092</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdewebdev" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r2</unaffected>
+      <vulnerable range="lt">3.3.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. Kommander is a visual dialog editor and
+    interpreter for KDE applications, part of the kdewebdev package.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kommander executes data files from possibly untrusted locations without
+    user confirmation.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this to execute arbitrary code with the
+    permissions of the user running Kommander.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdewebdev users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdewebdev-3.3.2-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0754">CAN-2005-0754</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20050420-1.txt">KDE Security Advisory: Kommander untrusted code execution</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-22T06:18:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-22T06:48:56Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-24.xml b/metadata/glsa/glsa-200504-24.xml
new file mode 100644
index 000000000000..94a7d200c6fd
--- /dev/null
+++ b/metadata/glsa/glsa-200504-24.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-24">
+  <title>eGroupWare: XSS and SQL injection vulnerabilities</title>
+  <synopsis>
+    eGroupWare is affected by several SQL injection and cross-site scripting
+    (XSS) vulnerabilities.
+  </synopsis>
+  <product type="ebuild">eGroupWare</product>
+  <announced>2005-04-25</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>89517</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/egroupware" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0.007</unaffected>
+      <vulnerable range="lt">1.0.0.007</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    eGroupWare is a suite of web-based group applications including
+    calendar, address book, messenger and email.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple SQL injection and cross-site scripting vulnerabilities have
+    been found in several eGroupWare modules.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could possibly use the SQL injection vulnerabilities to gain
+    information from the database. Furthermore the cross-site scripting
+    issues give an attacker the ability to inject and execute malicious
+    script code or to steal cookie based authentication credentials,
+    potentially compromising the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All eGroupWare users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/egroupware-1.0.0.007"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.gulftech.org/?node=research&amp;article_id=00069-04202005">GulfTech Security Research Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1202">CVE-2005-1202</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1203">CVE-2005-1203</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-23T09:15:46Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-24T18:41:06Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-25T09:36:49Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-25.xml b/metadata/glsa/glsa-200504-25.xml
new file mode 100644
index 000000000000..ba4434a7a433
--- /dev/null
+++ b/metadata/glsa/glsa-200504-25.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-25">
+  <title>Rootkit Hunter: Insecure temporary file creation</title>
+  <synopsis>
+    Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a
+    local user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">rkhunter</product>
+  <announced>2005-04-26</announced>
+  <revised count="01">2005-04-26</revised>
+  <bug>90007</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-forensics/rkhunter" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3-r1</unaffected>
+      <vulnerable range="lt">1.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Rootkit Hunter is a scanning tool to detect rootkits, backdoors
+    and local exploits on a local machine. Rootkit Hunter uses downloaded
+    data files to check file integrity. These files are updated via the
+    check_update.sh script.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux
+    Security Team have reported that the check_update.sh script and the
+    main rkhunter script insecurely creates several temporary files with
+    predictable filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When rkhunter or the check_update.sh script runs, this would result in
+    the file being overwritten with the rights of the user running the
+    utility, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Rootkit Hunter users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-forensics/rkhunter-1.2.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1270">CAN-2005-1270</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-26T06:10:01Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-26T18:37:38Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-26.xml b/metadata/glsa/glsa-200504-26.xml
new file mode 100644
index 000000000000..d2184a903019
--- /dev/null
+++ b/metadata/glsa/glsa-200504-26.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-26">
+  <title>Convert-UUlib: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow has been reported in Convert-UUlib, potentially resulting
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Convert-UUlib</product>
+  <announced>2005-04-26</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>89501</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/Convert-UUlib" auto="yes" arch="*">
+      <unaffected range="ge">1.051</unaffected>
+      <vulnerable range="lt">1.051</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Convert-UUlib provides a Perl interface to the uulib library, allowing
+    Perl applications to access data encoded in a variety of formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been reported in Convert-UUlib where a malformed
+    parameter can be provided by an attacker allowing a read operation to
+    overflow a buffer. The vendor credits Mark Martinec and Robert Lewis
+    with the discovery.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would permit an attacker to run arbitrary code
+    with the privileges of the user running the Perl application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Convert-UUlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-perl/Convert-UUlib-1.051"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1349">CVE-2005-1349</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-19T16:17:03Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-21T08:24:58Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-25T20:37:01Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-27.xml b/metadata/glsa/glsa-200504-27.xml
new file mode 100644
index 000000000000..a242ed5e0b3e
--- /dev/null
+++ b/metadata/glsa/glsa-200504-27.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-27">
+  <title>xine-lib: Two heap overflow vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities have been found in xine-lib which could lead to the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2005-04-26</announced>
+  <revised count="01">2005-04-26</revised>
+  <bug>89976</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.0-r2</unaffected>
+      <unaffected range="rge">1_rc6-r2</unaffected>
+      <vulnerable range="lt">1.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is a multimedia library which can be utilized to create
+    multimedia frontends.
+    </p>
+  </background>
+  <description>
+    <p>
+    Heap overflows have been found in the code handling RealMedia RTSP
+    and Microsoft Media Services streams over TCP (MMST).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By setting up a malicious server and enticing a user to use its
+    streaming data, a remote attacker could possibly execute arbitrary code
+    on the client computer with the permissions of the user running any
+    multimedia frontend making use of the xine-lib library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose media-libs/xine-lib</code>
+  </resolution>
+  <references>
+    <uri link="http://xinehq.de/index.php/security/XSA-2004-8">Xine Advisory XSA-2004-8</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-22T08:22:32Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-26T20:44:06Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-28.xml b/metadata/glsa/glsa-200504-28.xml
new file mode 100644
index 000000000000..43ca32d1b16d
--- /dev/null
+++ b/metadata/glsa/glsa-200504-28.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-28">
+  <title>Heimdal: Buffer overflow vulnerabilities</title>
+  <synopsis>
+    Buffer overflow vulnerabilities have been found in the telnet client in
+    Heimdal which could lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Heimdal</product>
+  <announced>2005-04-28</announced>
+  <revised count="01">2005-04-28</revised>
+  <bug>89861</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/heimdal" auto="yes" arch="*">
+      <unaffected range="ge">0.6.4</unaffected>
+      <vulnerable range="lt">0.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heimdal is a free implementation of Kerberos 5 that includes a
+    telnet client program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Buffer overflow vulnerabilities in the slc_add_reply() and
+    env_opt_add() functions have been discovered by Gael Delalleau in the
+    telnet client in Heimdal.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require a vulnerable user to connect
+    to an attacker-controlled host using the telnet client, potentially
+    executing arbitrary code with the permissions of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Heimdal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/heimdal-0.6.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468">CAN-2005-0468</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469">CAN-2005-0469</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-26T20:42:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-27T00:18:43Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-28T08:35:57Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-29.xml b/metadata/glsa/glsa-200504-29.xml
new file mode 100644
index 000000000000..b4c1d2646c51
--- /dev/null
+++ b/metadata/glsa/glsa-200504-29.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-29">
+  <title>Pound: Buffer overflow vulnerability</title>
+  <synopsis>
+    Pound is vulnerable to a buffer overflow that could lead to the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Pound</product>
+  <announced>2005-04-30</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>90851</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/pound" auto="yes" arch="*">
+      <unaffected range="ge">1.8.3</unaffected>
+      <vulnerable range="lt">1.8.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pound is a reverse proxy, load balancer and HTTPS front-end.
+    </p>
+  </background>
+  <description>
+    <p>
+    Steven Van Acker has discovered a buffer overflow vulnerability in the
+    "add_port()" function in Pound.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a request for an overly long hostname
+    parameter, which could lead to the remote execution of arbitrary code
+    with the rights of the Pound daemon process (by default, Gentoo uses
+    the "nobody" user to run the Pound daemon).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pound users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/pound-1.8.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000">Original announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1391">CVE-2005-1391</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-29T17:01:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-29T20:39:56Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-30T08:11:33Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200504-30.xml b/metadata/glsa/glsa-200504-30.xml
new file mode 100644
index 000000000000..0deb5fc6f63a
--- /dev/null
+++ b/metadata/glsa/glsa-200504-30.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200504-30">
+  <title>phpMyAdmin: Insecure SQL script installation</title>
+  <synopsis>
+    phpMyAdmin leaves the SQL install script with insecure permissions,
+    potentially leading to a database compromise.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2005-04-30</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>88831</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.6.2-r1</unaffected>
+      <vulnerable range="lt">2.6.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL databases from a web-browser. phpMyAdmin uses a
+    pma MySQL user to control the linked-tables infrastructure. The SQL
+    install script sets the initial password for the pma user.
+    </p>
+  </background>
+  <description>
+    <p>
+    The phpMyAdmin installation process leaves the SQL install script with
+    insecure permissions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to obtain the initial
+    phpMyAdmin password and from there obtain information about databases
+    accessible by phpMyAdmin.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Change the password for the phpMyAdmin MySQL user (pma):
+    </p>
+    <code>
+    mysql -u root -p
+    SET PASSWORD FOR 'pma'@'localhost' = PASSWORD('MyNewPassword');</code>
+    <p>
+    Update your phpMyAdmin config.inc.php:
+    </p>
+    <code>
+    $cfg['Servers'][$i]['controlpass']   = 'MyNewPassword';</code>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should change password for the pma user as
+    described above and upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.6.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1392">CVE-2005-1392</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-04-29T08:17:12Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-29T18:24:53Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-01.xml b/metadata/glsa/glsa-200505-01.xml
new file mode 100644
index 000000000000..947ee1d48ee1
--- /dev/null
+++ b/metadata/glsa/glsa-200505-01.xml
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-01">
+  <title>Horde Framework: Multiple XSS vulnerabilities</title>
+  <synopsis>
+    Various modules of the Horde Framework are vulnerable to multiple
+    cross-site scripting (XSS) vulnerabilities.
+  </synopsis>
+  <product type="ebuild">Horde</product>
+  <announced>2005-05-01</announced>
+  <revised count="01">2005-05-01</revised>
+  <bug>90365</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde-vacation" auto="yes" arch="*">
+      <unaffected range="ge">2.2.2</unaffected>
+      <vulnerable range="lt">2.2.2</vulnerable>
+    </package>
+    <package name="www-apps/horde-turba" auto="yes" arch="*">
+      <unaffected range="ge">1.2.5</unaffected>
+      <vulnerable range="lt">1.2.5</vulnerable>
+    </package>
+    <package name="www-apps/horde-passwd" auto="yes" arch="*">
+      <unaffected range="ge">2.2.2</unaffected>
+      <vulnerable range="lt">2.2.2</vulnerable>
+    </package>
+    <package name="www-apps/horde-nag" auto="yes" arch="*">
+      <unaffected range="ge">1.1.3</unaffected>
+      <vulnerable range="lt">1.1.3</vulnerable>
+    </package>
+    <package name="www-apps/horde-mnemo" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4</unaffected>
+      <vulnerable range="lt">1.1.4</vulnerable>
+    </package>
+    <package name="www-apps/horde-kronolith" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4</unaffected>
+      <vulnerable range="lt">1.1.4</vulnerable>
+    </package>
+    <package name="www-apps/horde-imp" auto="yes" arch="*">
+      <unaffected range="ge">3.2.8</unaffected>
+      <vulnerable range="lt">3.2.8</vulnerable>
+    </package>
+    <package name="www-apps/horde-accounts" auto="yes" arch="*">
+      <unaffected range="ge">2.1.2</unaffected>
+      <vulnerable range="lt">2.1.2</vulnerable>
+    </package>
+    <package name="www-apps/horde-forwards" auto="yes" arch="*">
+      <unaffected range="ge">2.2.2</unaffected>
+      <vulnerable range="lt">2.2.2</vulnerable>
+    </package>
+    <package name="www-apps/horde-chora" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <vulnerable range="lt">1.2.3</vulnerable>
+    </package>
+    <package name="www-apps/horde" auto="yes" arch="*">
+      <unaffected range="ge">2.2.8</unaffected>
+      <vulnerable range="lt">2.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Horde Framework is a PHP based framework for building web
+    applications. It provides many modules including calendar, address
+    book, CVS viewer and Internet Messaging Program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cross-site scripting vulnerabilities have been discovered in
+    various modules of the Horde Framework.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    These vulnerabilities could be exploited by an attacker to execute
+    arbitrary HTML and script code in context of the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-2.2.8"</code>
+    <p>
+    All Horde Vacation users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-vacation-2.2.2"</code>
+    <p>
+    All Horde Turba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-turba-1.2.5"</code>
+    <p>
+    All Horde Passwd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-passwd-2.2.2"</code>
+    <p>
+    All Horde Nag users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-nag-1.1.3"</code>
+    <p>
+    All Horde Mnemo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-mnemo-1.1.4"</code>
+    <p>
+    All Horde Kronolith users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-kronolith-1.1.4"</code>
+    <p>
+    All Horde IMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-imp-3.2.8"</code>
+    <p>
+    All Horde Accounts users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-accounts-2.1.2"</code>
+    <p>
+    All Horde Forwards users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-forwards-2.2.2"</code>
+    <p>
+    All Horde Chora users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-chora-1.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://marc.theaimsgroup.com/?l=horde-announce&amp;r=1&amp;b=200504&amp;w=2">Horde Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-29T18:22:59Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-29T18:24:07Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-30T20:44:12Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-02.xml b/metadata/glsa/glsa-200505-02.xml
new file mode 100644
index 000000000000..299108d2d6ef
--- /dev/null
+++ b/metadata/glsa/glsa-200505-02.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-02">
+  <title>Oops!: Remote code execution</title>
+  <synopsis>
+    The Oops! proxy server contains a remotely exploitable format string
+    vulnerability, which could potentially lead to the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">oops</product>
+  <announced>2005-05-05</announced>
+  <revised count="02">2005-05-05</revised>
+  <bug>91303</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/oops" auto="yes" arch="*">
+      <unaffected range="ge">1.5.24_pre20050503</unaffected>
+      <vulnerable range="lt">1.5.24_pre20050503</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Oops! is an advanced, multithreaded caching web proxy.
+    </p>
+  </background>
+  <description>
+    <p>
+    A format string flaw has been detected in the my_xlog() function of the
+    Oops! proxy, which is called by the passwd_mysql and passwd_pgsql
+    module's auth() functions.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted HTTP request to the
+    Oops! proxy, potentially triggering this vulnerability and leading to
+    the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Oops! users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/oops-1.5.24_pre20050503"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1121">CAN-2005-1121</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-04T15:38:53Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-04T15:39:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-05T13:38:44Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-03.xml b/metadata/glsa/glsa-200505-03.xml
new file mode 100644
index 000000000000..e1d9671a1fbe
--- /dev/null
+++ b/metadata/glsa/glsa-200505-03.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-03">
+  <title>Ethereal: Numerous vulnerabilities</title>
+  <synopsis>
+    Ethereal is vulnerable to numerous vulnerabilities potentially resulting in
+    the execution of arbitrary code or abnormal termination.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2005-05-06</announced>
+  <revised count="01">2005-05-06</revised>
+  <bug>90539</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.11</unaffected>
+      <vulnerable range="lt">0.10.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are numerous vulnerabilities in versions of Ethereal prior
+    to 0.10.11, including:
+    </p>
+    <ul>
+    <li>The ANSI A and DHCP dissectors are
+    vulnerable to format string vulnerabilities.</li>
+    <li>The DISTCC,
+    FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX
+    Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP and Presentation
+    dissectors are vulnerable to buffer overflows.</li>
+    <li>The KINK, WSP,
+    SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB NETLOGON dissectors
+    are vulnerable to pointer handling errors.</li>
+    <li>The LMP, KINK,
+    MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and L2TP dissectors are
+    vulnerable to looping problems.</li>
+    <li>The Telnet and DHCP dissectors
+    could abort.</li>
+    <li>The TZSP, Bittorrent, SMB, MGCP and ISUP
+    dissectors could cause a segmentation fault.</li>
+    <li>The WSP, 802.3
+    Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2, RADIUS, SMB PIPE,
+    MRDISC and TCAP dissectors could throw assertions.</li>
+    <li>The DICOM,
+    NDPS and ICEP dissectors are vulnerable to memory handling errors.</li>
+    <li>The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
+    dissectors could terminate abnormallly.</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to use these vulnerabilities to crash
+    Ethereal and execute arbitrary code with the permissions of the user
+    running Ethereal, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ethereal-0.10.11"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00019.html">Ethereal enpa-sa-00019</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456">CAN-2005-1456</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457">CAN-2005-1457</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458">CAN-2005-1458</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459">CAN-2005-1459</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460">CAN-2005-1460</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461">CAN-2005-1461</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462">CAN-2005-1462</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463">CAN-2005-1463</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464">CAN-2005-1464</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465">CAN-2005-1465</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466">CAN-2005-1466</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467">CAN-2005-1467</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468">CAN-2005-1468</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469">CAN-2005-1469</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470">CAN-2005-1470</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-05T19:56:33Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-06T17:24:39Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-04.xml b/metadata/glsa/glsa-200505-04.xml
new file mode 100644
index 000000000000..d4d5b9165b90
--- /dev/null
+++ b/metadata/glsa/glsa-200505-04.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-04">
+  <title>GnuTLS: Denial of Service vulnerability</title>
+  <synopsis>
+    The GnuTLS library is vulnerable to Denial of Service attacks.
+  </synopsis>
+  <product type="ebuild">GnuTLS</product>
+  <announced>2005-05-09</announced>
+  <revised count="01">2005-05-09</revised>
+  <bug>90726</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <unaffected range="rge">1.0.25</unaffected>
+      <vulnerable range="lt">1.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU
+    project.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been discovered in the record packet parsing
+    in the GnuTLS library. Additionally, a flaw was also found in the RSA
+    key export functionality.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability and cause a
+    Denial of Service to any application that utilizes the GnuTLS library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuTLS users should remove the existing installation and
+    upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --unmerge gnutls
+    # emerge --ask --oneshot --verbose net-libs/gnutls</code>
+    <p>
+    Due to small API changes with the previous version, please do
+    the following to ensure your applications are using the latest GnuTLS
+    that you just emerged.
+    </p>
+    <code>
+    # revdep-rebuild --soname-regexp libgnutls.so.1[0-1]</code>
+    <p>
+    Previously exported RSA keys can be fixed by executing the
+    following command on the key files:
+    </p>
+    <code>
+    # certtool -k infile outfile</code>
+  </resolution>
+  <references>
+    <uri link="http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html">GnuTLS Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1431">CAN-2005-1431</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-04-29T18:20:03Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-04-30T14:44:07Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-04-30T16:35:11Z">
+    lewk
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-05.xml b/metadata/glsa/glsa-200505-05.xml
new file mode 100644
index 000000000000..550b78fb9410
--- /dev/null
+++ b/metadata/glsa/glsa-200505-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-05">
+  <title>gzip: Multiple vulnerabilities</title>
+  <synopsis>
+    gzip contains multiple vulnerabilities potentially allowing an attacker to
+    execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">gzip</product>
+  <announced>2005-05-09</announced>
+  <revised count="01">2005-05-09</revised>
+  <bug>89946</bug>
+  <bug>90626</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-arch/gzip" auto="yes" arch="*">
+      <unaffected range="ge">1.3.5-r6</unaffected>
+      <vulnerable range="lt">1.3.5-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gzip (GNU zip) is a popular compression program. The included
+    zgrep utility allows you to grep gzipped files in place.
+    </p>
+  </background>
+  <description>
+    <p>
+    The gzip and gunzip programs are vulnerable to a race condition
+    when setting file permissions (CAN-2005-0988), as well as improper
+    handling of filename restoration (CAN-2005-1228). The zgrep utility
+    improperly sanitizes arguments, which may come from an untrusted source
+    (CAN-2005-0758).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities could allow arbitrary command execution,
+    changing the permissions of arbitrary files, and installation of files
+    to an aribitrary location in the filesystem.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gzip users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/gzip-1.3.5-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758">CAN-2005-0758</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988">CAN-2005-0988</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228">CAN-2005-1228</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-06T19:23:26Z">
+    r2d2
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-09T05:30:13Z">
+    r2d2
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-06.xml b/metadata/glsa/glsa-200505-06.xml
new file mode 100644
index 000000000000..3a1f6a6d8565
--- /dev/null
+++ b/metadata/glsa/glsa-200505-06.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-06">
+  <title>TCPDump: Decoding routines Denial of Service vulnerability</title>
+  <synopsis>
+    A flaw in the decoding of network packets renders TCPDump vulnerable to a
+    remote Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">tcpdump</product>
+  <announced>2005-05-09</announced>
+  <revised count="02">2005-06-12</revised>
+  <bug>90541</bug>
+  <bug>95349</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/tcpdump" auto="yes" arch="*">
+      <unaffected range="ge">3.8.3-r3</unaffected>
+      <vulnerable range="lt">3.8.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TCPDump is a tool for network monitoring and data acquisition.
+    </p>
+  </background>
+  <description>
+    <p>
+    TCPDump improperly handles and decodes ISIS (CAN-2005-1278), BGP
+    (CAN-2005-1267, CAN-2005-1279), LDP (CAN-2005-1279) and RSVP
+    (CAN-2005-1280) packets. TCPDump might loop endlessly after receiving
+    malformed packets.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious remote attacker can exploit the decoding issues for a
+    Denial of Service attack by sending specially crafted packets, possibly
+    causing TCPDump to loop endlessly.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TCPDump users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tcpdump-3.8.3-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1267">CAN-2005-1267</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1278">CAN-2005-1278</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279">CAN-2005-1279</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280">CAN-2005-1280</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-08T15:18:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-08T15:56:20Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-09T19:22:22Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-07.xml b/metadata/glsa/glsa-200505-07.xml
new file mode 100644
index 000000000000..ec4f3f2ebf53
--- /dev/null
+++ b/metadata/glsa/glsa-200505-07.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-07">
+  <title>libTIFF: Buffer overflow</title>
+  <synopsis>
+    The libTIFF library is vulnerable to a buffer overflow, potentially
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2005-05-10</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>91584</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">3.7.2</unaffected>
+      <vulnerable range="lt">3.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libTIFF provides support for reading and manipulating TIFF (Tag Image
+    File Format) images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
+    stack based buffer overflow in the libTIFF library when reading a TIFF
+    image with a malformed BitsPerSample tag.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require the victim to open a specially
+    crafted TIFF image, resulting in the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libTIFF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.7.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://bugzilla.remotesensing.org/show_bug.cgi?id=843">LIBTIFF BUG#863</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544">CVE-2005-1544</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-09T18:55:28Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-10T20:03:29Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-08.xml b/metadata/glsa/glsa-200505-08.xml
new file mode 100644
index 000000000000..28bf53fa1a72
--- /dev/null
+++ b/metadata/glsa/glsa-200505-08.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-08">
+  <title>HT Editor: Multiple buffer overflows</title>
+  <synopsis>
+    Two vulnerabilities have been discovered in HT Editor, potentially leading
+    to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">hteditor</product>
+  <announced>2005-05-10</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>91569</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/hteditor" auto="yes" arch="*">
+      <unaffected range="ge">0.8.0-r2</unaffected>
+      <vulnerable range="lt">0.8.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    HT is a hex editor, designed to help analyse and modify executable
+    files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Team discovered an integer
+    overflow in the ELF parser, leading to a heap-based buffer overflow.
+    The vendor has reported that an unrelated buffer overflow has been
+    discovered in the PE parser.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require the victim to open a specially
+    crafted file using HT, potentially permitting an attacker to execute
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All hteditor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/hteditor-0.8.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1545">CVE-2005-1545</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1546">CVE-2005-1546</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-05T15:16:28Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-05T17:28:17Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-10T20:04:14Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-09.xml b/metadata/glsa/glsa-200505-09.xml
new file mode 100644
index 000000000000..fc9b0e78fc7b
--- /dev/null
+++ b/metadata/glsa/glsa-200505-09.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-09">
+  <title>Gaim: Denial of Service and buffer overflow vulnerabilties</title>
+  <synopsis>
+    Gaim contains two vulnerabilities, potentially resulting in the execution
+    of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">gaim</product>
+  <announced>2005-05-12</announced>
+  <revised count="01">2005-05-12</revised>
+  <bug>91862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0</unaffected>
+      <vulnerable range="lt">1.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a full featured instant messaging client which handles a
+    variety of instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stu Tomlinson discovered that Gaim is vulnerable to a remote stack
+    based buffer overflow when receiving messages in certain protocols,
+    like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe
+    Tolsma discovered that Gaim is also vulnerable to a remote Denial of
+    Service attack when receiving a specially crafted MSN message
+    (CAN-2005-1262).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could cause a buffer overflow by sending an
+    instant message with a very long URL, potentially leading to the
+    execution of malicious code. By sending a SLP message with an empty
+    body, a remote attacker could cause a Denial of Service or crash of the
+    Gaim client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gaim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/gaim-1.3.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261">CAN-2005-1261</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262">CAN-2005-1262</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-11T11:51:15Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-12T04:18:52Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-10.xml b/metadata/glsa/glsa-200505-10.xml
new file mode 100644
index 000000000000..c8600157d9d1
--- /dev/null
+++ b/metadata/glsa/glsa-200505-10.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-10">
+  <title>phpBB: Cross-Site Scripting Vulnerability</title>
+  <synopsis>
+    phpBB is vulnerable to a cross-site scripting attack that could allow
+    arbitrary scripting code execution.
+  </synopsis>
+  <product type="ebuild">phpBB</product>
+  <announced>2005-05-14</announced>
+  <revised count="01">2005-05-14</revised>
+  <bug>90213</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpBB" auto="yes" arch="*">
+      <unaffected range="ge">2.0.15</unaffected>
+      <vulnerable range="lt">2.0.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpBB is an Open Source bulletin board package.
+    </p>
+  </background>
+  <description>
+    <p>
+    phpBB is vulnerable to a cross-site scripting vulnerability due to
+    improper sanitization of user supplied input. Coupled with poor
+    validation of BBCode URLs which may be included in a forum post, an
+    unsuspecting user may follow a posted link triggering the
+    vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation of the vulnerability could cause arbitrary
+    scripting code to be executed in the browser of a user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpBB users should upgrade to the latest version:
+    </p>
+    <code>
+    emerge --sync
+    emerge --ask --oneshot --verbose "&gt;=www-apps/phpBB-2.0.15"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/13344/info/">BugTraq ID 13344</uri>
+    <uri link="http://securitytracker.com/id?1013918">SecurityTracker ID 1013918</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-13T08:29:22Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-13T08:29:44Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-13T19:13:15Z">
+    r2d2
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-11.xml b/metadata/glsa/glsa-200505-11.xml
new file mode 100644
index 000000000000..fd8e48d54be6
--- /dev/null
+++ b/metadata/glsa/glsa-200505-11.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-11">
+  <title>Mozilla Suite, Mozilla Firefox: Remote compromise</title>
+  <synopsis>
+    Several vulnerabilities in the Mozilla Suite and Firefox allow an attacker
+    to conduct cross-site scripting attacks or to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla</product>
+  <announced>2005-05-15</announced>
+  <revised count="01">2005-05-15</revised>
+  <bug>91859</bug>
+  <bug>92393</bug>
+  <bug>92394</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4</unaffected>
+      <vulnerable range="lt">1.0.4</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4</unaffected>
+      <vulnerable range="lt">1.0.4</vulnerable>
+    </package>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.8</unaffected>
+      <vulnerable range="lt">1.7.8</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.8</unaffected>
+      <vulnerable range="lt">1.7.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Suite is a popular all-in-one web browser that
+    includes a mail and news reader. Mozilla Firefox is the next-generation
+    browser from the Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Mozilla Suite and Firefox do not properly protect "IFRAME"
+    JavaScript URLs from being executed in context of another URL in the
+    history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail
+    to verify the "IconURL" parameter of the "InstallTrigger.install()"
+    function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered
+    that it is possible to bypass JavaScript-injection security checks by
+    wrapping the javascript: URL within the view-source: or jar:
+    pseudo-protocols (MFSA2005-43).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious remote attacker could use the "IFRAME" issue to
+    execute arbitrary JavaScript code within the context of another
+    website, allowing to steal cookies or other sensitive data. By
+    supplying a javascript: URL as the "IconURL" parameter of the
+    "InstallTrigger.Install()" function, a remote attacker could also
+    execute arbitrary JavaScript code. Combining both vulnerabilities with
+    a website which is allowed to install software or wrapping javascript:
+    URLs within the view-source: or jar: pseudo-protocols could possibly
+    lead to the execution of arbitrary code with user privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Affected systems can be protected by disabling JavaScript.
+    However, we encourage Mozilla Suite or Mozilla Firefox users to upgrade
+    to the latest available version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0.4"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0.4"</code>
+    <p>
+    All Mozilla Suite users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-1.7.8"</code>
+    <p>
+    All Mozilla Suite binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-bin-1.7.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1476">CAN-2005-1476</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1477">CAN-2005-1477</uri>
+    <uri link="https://www.mozilla.org/security/announce/mfsa2005-43.html">Mozilla Foundation Security Advisory 2005-43</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-12T04:49:53Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-12T08:27:49Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-15T08:10:06Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-12.xml b/metadata/glsa/glsa-200505-12.xml
new file mode 100644
index 000000000000..455cf21cbd64
--- /dev/null
+++ b/metadata/glsa/glsa-200505-12.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-12">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>
+    PostgreSQL is vulnerable to Denial of Service attacks and possibly allows
+    unprivileged users to gain administrator rights.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2005-05-15</announced>
+  <revised count="04">2007-06-26</revised>
+  <bug>91231</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="eq">7.3*</unaffected>
+      <unaffected range="eq">7.4*</unaffected>
+      <unaffected range="rge">8.0.1-r3</unaffected>
+      <unaffected range="ge">8.0.2-r1</unaffected>
+      <vulnerable range="lt">7.3.10</vulnerable>
+      <vulnerable range="lt">7.4.7-r2</vulnerable>
+      <vulnerable range="lt">8.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PostgreSQL is a SQL compliant, open source object-relational database
+    management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    PostgreSQL gives public EXECUTE access to a number of character
+    conversion routines, but doesn't validate the given arguments
+    (CAN-2005-1409). It has also been reported that the contrib/tsearch2
+    module of PostgreSQL misdeclares the return value of some functions as
+    "internal" (CAN-2005-1410).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could call the character conversion routines with specially
+    setup arguments to crash the backend process of PostgreSQL or to
+    potentially gain administrator rights. A malicious user could also call
+    the misdeclared functions of the contrib/tsearch2 module, resulting in
+    a Denial of Service or other, yet uninvestigated, impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PostgreSQL users should update to the latest available version and
+    follow the guide at <uri link="http://www.postgresql.org/about/news.315">http://www.postgresql.o
+    rg/about/news.315</uri>
+    </p>
+    
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-db/postgresql</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1409">CAN-2005-1409</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1410">CAN-2005-1410</uri>
+    <uri link="https://www.postgresql.org/about/news.315">PostgreSQL Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-11T15:07:25Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-15T09:19:16Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-13.xml b/metadata/glsa/glsa-200505-13.xml
new file mode 100644
index 000000000000..8685df95feff
--- /dev/null
+++ b/metadata/glsa/glsa-200505-13.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-13">
+  <title>FreeRADIUS: SQL injection and Denial of Service vulnerability</title>
+  <synopsis>
+    The FreeRADIUS server is vulnerable to an SQL injection attack and a buffer
+    overflow, possibly resulting in disclosure and modification of data and
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">freeradius</product>
+  <announced>2005-05-17</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>91736</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2-r4</unaffected>
+      <vulnerable range="lt">1.0.2-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeRADIUS is an open source RADIUS authentication server
+    implementation.
+    </p>
+  </background>
+  <description>
+    <p>
+    Primoz Bratanic discovered that the sql_escape_func function of
+    FreeRADIUS may be vulnerable to a buffer overflow (BID 13541). He also
+    discovered that FreeRADIUS fails to sanitize user-input before using it
+    in a SQL query, possibly allowing SQL command injection (BID 13540).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By supplying carefully crafted input, a malicious user could cause an
+    SQL injection or a buffer overflow, possibly leading to the disclosure
+    and the modification of sensitive data or Denial of Service by crashing
+    the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeRADIUS users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dialup/freeradius-1.0.2-r4"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/13540/">BugTraq ID 13540</uri>
+    <uri link="http://www.securityfocus.com/bid/13541/">BugTraq ID 13541</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1454">CVE-2005-1454</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1455">CVE-2005-1455</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-12T12:54:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-12T13:46:19Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-17T13:01:45Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-14.xml b/metadata/glsa/glsa-200505-14.xml
new file mode 100644
index 000000000000..7e4b6b7574b5
--- /dev/null
+++ b/metadata/glsa/glsa-200505-14.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-14">
+  <title>Cheetah: Untrusted module search path</title>
+  <synopsis>
+    Cheetah contains a vulnerability in the module importing code that can
+    allow a local user to gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">Cheetah</product>
+  <announced>2005-05-19</announced>
+  <revised count="02">2006-05-17</revised>
+  <bug>92926</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-python/cheetah" auto="yes" arch="*">
+      <unaffected range="ge">0.9.17_rc1</unaffected>
+      <vulnerable range="lt">0.9.17_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cheetah is a Python powered template engine and code generator.
+    </p>
+  </background>
+  <description>
+    <p>
+    Brian Bird discovered that Cheetah searches for modules in the
+    world-writable /tmp directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious local user could place a module containing arbitrary code
+    in /tmp, which when imported would run with escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cheetah users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-python/cheetah-0.9.17_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/15386/">Secunia Advisory SA15386</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-17T21:18:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-17T21:38:15Z">
+    r2d2
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-18T11:47:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-15.xml b/metadata/glsa/glsa-200505-15.xml
new file mode 100644
index 000000000000..1f850c0ae636
--- /dev/null
+++ b/metadata/glsa/glsa-200505-15.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-15">
+  <title>gdb: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in the GNU debugger,
+    potentially allowing the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gdb</product>
+  <announced>2005-05-20</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>88398</bug>
+  <bug>91398</bug>
+  <bug>91654</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/gdb" auto="yes" arch="*">
+      <unaffected range="ge">6.3-r3</unaffected>
+      <vulnerable range="lt">6.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gdb is the GNU project's debugger, facilitating the analysis and
+    debugging of applications. The BFD library provides a uniform method of
+    accessing a variety of object file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an
+    integer overflow in the BFD library, resulting in a heap overflow. A
+    review also showed that by default, gdb insecurely sources
+    initialisation files from the working directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would result in the execution of arbitrary code
+    on loading a specially crafted object file or the execution of
+    arbitrary commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gdb users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-devel/gdb-6.3-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704">CVE-2005-1704</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1705">CVE-2005-1705</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-06T21:52:10Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-07T04:11:43Z">
+    r2d2
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-20T12:36:18Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-16.xml b/metadata/glsa/glsa-200505-16.xml
new file mode 100644
index 000000000000..d33862347600
--- /dev/null
+++ b/metadata/glsa/glsa-200505-16.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-16">
+  <title>ImageMagick, GraphicsMagick: Denial of Service vulnerability</title>
+  <synopsis>
+    ImageMagick and GraphicsMagick utilities can be abused to perform a Denial
+    of Service attack.
+  </synopsis>
+  <product type="ebuild">ImageMagick</product>
+  <announced>2005-05-21</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>90423</bug>
+  <bug>90595</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.2.2.3</unaffected>
+      <vulnerable range="lt">6.2.2.3</vulnerable>
+    </package>
+    <package name="media-gfx/graphicsmagick" auto="yes" arch="*">
+      <unaffected range="ge">1.1.6-r1</unaffected>
+      <vulnerable range="lt">1.1.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Both ImageMagick and GraphicsMagick are collection of tools to read,
+    write and manipulate images in many formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
+    Denial of Service vulnerability in the XWD decoder of ImageMagick and
+    GraphicsMagick when setting a color mask to zero.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could submit a specially crafted image to a user or
+    an automated system making use of an affected utility, resulting in a
+    Denial of Service by consumption of CPU time.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.2.2.3"</code>
+    <p>
+    All GraphicsMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphicsmagick-1.1.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1739">CVE-2005-1739</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-04T05:18:30Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-05T19:34:27Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-21T14:59:55Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-17.xml b/metadata/glsa/glsa-200505-17.xml
new file mode 100644
index 000000000000..535eefe03917
--- /dev/null
+++ b/metadata/glsa/glsa-200505-17.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-17">
+  <title>Qpopper: Multiple Vulnerabilities</title>
+  <synopsis>
+    Qpopper contains two vulnerabilities allowing an attacker to overwrite
+    arbitrary files and create files with insecure permissions.
+  </synopsis>
+  <product type="ebuild">qpopper</product>
+  <announced>2005-05-23</announced>
+  <revised count="01">2005-05-23</revised>
+  <bug>90622</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-mail/qpopper" auto="yes" arch="*">
+      <unaffected range="ge">4.0.5-r3</unaffected>
+      <vulnerable range="lt">4.0.5-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qpopper is a widely used server for the POP3 protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jens Steube discovered that Qpopper doesn't drop privileges to
+    process local files from normal users (CAN-2005-1151). The upstream
+    developers discovered that Qpopper can be forced to create group or
+    world writeable files (CAN-2005-1152).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious local attacker could exploit Qpopper to overwrite
+    arbitrary files as root or create new files which are group or world
+    writeable.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Qpopper users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/qpopper-4.0.5-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1151">CAN-2005-1151</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1152">CAN-2005-1152</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-10T16:31:30Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-23T19:25:37Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-18.xml b/metadata/glsa/glsa-200505-18.xml
new file mode 100644
index 000000000000..24f533800354
--- /dev/null
+++ b/metadata/glsa/glsa-200505-18.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-18">
+  <title>Net-SNMP: fixproc insecure temporary file creation</title>
+  <synopsis>
+    Net-SNMP creates temporary files in an insecure manner, possibly allowing
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">net-snmp</product>
+  <announced>2005-05-23</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>91792</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.2.1-r1</unaffected>
+      <vulnerable range="lt">5.2.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Net-SNMP is a suite of applications used to implement the Simple
+    Network Management Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    The fixproc application of Net-SNMP creates temporary files with
+    predictable filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious local attacker could exploit a race condition to change the
+    content of the temporary files before they are executed by fixproc,
+    possibly leading to the execution of arbitrary code. A local attacker
+    could also create symbolic links in the temporary files directory,
+    pointing to a valid file somewhere on the filesystem. When fixproc is
+    executed, this would result in the file being overwritten.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Net-SNMP users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/net-snmp-5.2.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1740">CVE-2005-1740</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-22T14:27:59Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-22T15:33:11Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-22T23:22:24Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-19.xml b/metadata/glsa/glsa-200505-19.xml
new file mode 100644
index 000000000000..ae282bf25139
--- /dev/null
+++ b/metadata/glsa/glsa-200505-19.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-19">
+  <title>gxine: Format string vulnerability</title>
+  <synopsis>
+    A format string vulnerability in gxine could allow a remote attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gxine</product>
+  <announced>2005-05-26</announced>
+  <revised count="01">2005-05-26</revised>
+  <bug>93532</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/gxine" auto="yes" arch="*">
+      <unaffected range="rge">0.3.3-r2</unaffected>
+      <unaffected range="rge">0.4.1-r1</unaffected>
+      <unaffected range="ge">0.4.4</unaffected>
+      <vulnerable range="lt">0.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gxine is a GTK+ and xine-lib based media player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Exworm discovered that gxine insecurely implements formatted
+    printing in the hostname decoding function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a carefully crafted
+    file with gxine, possibly leading to the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gxine users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose media-video/gxine</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692">CAN-2005-1692</uri>
+    <uri link="http://www.securityfocus.com/bid/13707">Bugtraq ID 13707</uri>
+    <uri link="http://www.0xbadexworm.org/adv/gxinefmt.txt">Original Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-24T14:37:48Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-26T11:13:38Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200505-20.xml b/metadata/glsa/glsa-200505-20.xml
new file mode 100644
index 000000000000..38a69063e0c1
--- /dev/null
+++ b/metadata/glsa/glsa-200505-20.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200505-20">
+  <title>Mailutils: Multiple vulnerabilities in imap4d and mail</title>
+  <synopsis>
+    The imap4d server and the mail utility from GNU Mailutils contain multiple
+    vulnerabilities, potentially allowing a remote attacker to execute
+    arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">mailutils</product>
+  <announced>2005-05-27</announced>
+  <revised count="01">2005-05-27</revised>
+  <bug>94053</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/mailutils" auto="yes" arch="*">
+      <unaffected range="ge">0.6-r1</unaffected>
+      <vulnerable range="lt">0.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Mailutils is a collection of mail-related utilities, including
+    an IMAP4 server (imap4d) and a Mail User Agent (mail).
+    </p>
+  </background>
+  <description>
+    <p>
+    infamous41d discovered several vulnerabilities in GNU Mailutils.
+    imap4d does not correctly implement formatted printing of command tags
+    (CAN-2005-1523), fails to validate the range sequence of the "FETCH"
+    command (CAN-2005-1522), and contains an integer overflow in the
+    "fetch_io" routine (CAN-2005-1521). mail contains a buffer overflow in
+    "header_get_field_name()" (CAN-2005-1520).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can exploit the format string and integer
+    overflow in imap4d to execute arbitrary code as the imap4d user, which
+    is usually root. By sending a specially crafted email message, a remote
+    attacker could exploit the buffer overflow in the "mail" utility to
+    execute arbitrary code with the rights of the user running mail.
+    Finally, a remote attacker can also trigger a Denial of Service by
+    sending a malicious FETCH command to an affected imap4d, causing
+    excessive resource consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Mailutils users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/mailutils-0.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1520">CAN-2005-1520</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1521">CAN-2005-1521</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1522">CAN-2005-1522</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1523">CAN-2005-1523</uri>
+    <uri link="http://www.idefense.com/application/poi/display?type=vulnerabilities&amp;showYear=2005">iDEFENSE 05.25.05 advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-26T13:21:14Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-27T07:50:06Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-01.xml b/metadata/glsa/glsa-200506-01.xml
new file mode 100644
index 000000000000..37c88d8b6e1b
--- /dev/null
+++ b/metadata/glsa/glsa-200506-01.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-01">
+  <title>Binutils, elfutils: Buffer overflow</title>
+  <synopsis>
+    Various utilities from the GNU Binutils and elfutils packages are
+    vulnerable to a heap based buffer overflow, potentially resulting in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2005-06-01</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>91398</bug>
+  <bug>91817</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/elfutils" auto="yes" arch="*">
+      <unaffected range="ge">0.108</unaffected>
+      <vulnerable range="lt">0.108</vulnerable>
+    </package>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="rge">2.14.90.0.8-r3</unaffected>
+      <unaffected range="rge">2.15.90.0.1.1-r5</unaffected>
+      <unaffected range="rge">2.15.90.0.3-r5</unaffected>
+      <unaffected range="rge">2.15.91.0.2-r2</unaffected>
+      <unaffected range="rge">2.15.92.0.2-r10</unaffected>
+      <unaffected range="ge">2.16-r1</unaffected>
+      <vulnerable range="lt">2.16-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU Binutils are a collection of tools to create, modify and
+    analyse binary files. Many of the files use BFD, the Binary File
+    Descriptor library, to do low-level manipulation. Elfutils provides a
+    library and utilities to access, modify and analyse ELF objects.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team
+    discovered an integer overflow in the BFD library and elfutils,
+    resulting in a heap based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would require a user to access a specially
+    crafted binary file, resulting in the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Binutils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose sys-devel/binutils</code>
+    <p>
+    All elfutils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/elfutils-0.108"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704">CVE-2005-1704</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-05-12T20:12:23Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-01T15:04:54Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-02.xml b/metadata/glsa/glsa-200506-02.xml
new file mode 100644
index 000000000000..ba680e92ba5e
--- /dev/null
+++ b/metadata/glsa/glsa-200506-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-02">
+  <title>Mailutils: SQL Injection</title>
+  <synopsis>
+    GNU Mailutils is vulnerable to SQL command injection attacks.
+  </synopsis>
+  <product type="ebuild">mailutils</product>
+  <announced>2005-06-06</announced>
+  <revised count="01">2005-06-06</revised>
+  <bug>94824</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/mailutils" auto="yes" arch="*">
+      <unaffected range="ge">0.6-r1</unaffected>
+      <vulnerable range="lt">0.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Mailutils is a collection of mail-related utilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    When GNU Mailutils is built with the "mysql" or "postgres" USE
+    flag, the sql_escape_string function of the authentication module fails
+    to properly escape the "\" character, rendering it vulnerable to a SQL
+    command injection.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious remote user could exploit this vulnerability to inject
+    SQL commands to the underlying database.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Mailutils users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/mailutils-0.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1824">CAN-2005-1824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-05T13:35:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-05T17:42:35Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-06T11:45:10Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-03.xml b/metadata/glsa/glsa-200506-03.xml
new file mode 100644
index 000000000000..0e20dfea885f
--- /dev/null
+++ b/metadata/glsa/glsa-200506-03.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-03">
+  <title>Dzip: Directory traversal vulnerability</title>
+  <synopsis>
+    Dzip is vulnerable to a directory traversal attack.
+  </synopsis>
+  <product type="ebuild">dzip</product>
+  <announced>2005-06-06</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>93079</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-util/dzip" auto="yes" arch="*">
+      <unaffected range="ge">2.9-r1</unaffected>
+      <vulnerable range="lt">2.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dzip is a compressor and uncompressor especially made for demo
+    recordings of id's Quake.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dzip is vulnerable to a directory traversal attack when extracting
+    archives.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability by creating a specially
+    crafted archive to extract files to arbitrary locations.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dzip users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-utils/dzip-2.9-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1874">CVE-2005-1874</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-30T13:58:23Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-05-30T13:59:50Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-05T17:58:43Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-04.xml b/metadata/glsa/glsa-200506-04.xml
new file mode 100644
index 000000000000..c1530d6d4c75
--- /dev/null
+++ b/metadata/glsa/glsa-200506-04.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-04">
+  <title>Wordpress: Multiple vulnerabilities</title>
+  <synopsis>
+    Wordpress contains SQL injection and XSS vulnerabilities.
+  </synopsis>
+  <product type="ebuild">Wordpress</product>
+  <announced>2005-06-06</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>88926</bug>
+  <bug>94512</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <unaffected range="ge">1.5.1.2</unaffected>
+      <vulnerable range="lt">1.5.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a PHP and MySQL based content management and publishing
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to a lack of input validation, WordPress is vulnerable to SQL
+    injection and XSS attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could use the SQL injection vulnerabilities to gain
+    information from the database. Furthermore the cross-site scripting
+    issues give an attacker the ability to inject and execute malicious
+    script code or to steal cookie-based authentication credentials,
+    potentially compromising the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wordpress users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-1.5.1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1102">CVE-2005-1102</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1687">CVE-2005-1687</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1810">CVE-2005-1810</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-01T07:49:47Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-01T07:49:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-06T05:09:09Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-05.xml b/metadata/glsa/glsa-200506-05.xml
new file mode 100644
index 000000000000..1d2c44747385
--- /dev/null
+++ b/metadata/glsa/glsa-200506-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-05">
+  <title>SilverCity: Insecure file permissions</title>
+  <synopsis>
+    Executable files with insecure permissions can be modified causing an
+    unsuspecting user to run arbitrary code.
+  </synopsis>
+  <product type="ebuild">silvercity</product>
+  <announced>2005-06-08</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>93558</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/silvercity" auto="yes" arch="*">
+      <unaffected range="ge">0.9.5-r1</unaffected>
+      <vulnerable range="lt">0.9.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SilverCity provides lexical analysis for over 20 programming and markup
+    languages.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SilverCity package installs three executable files with insecure
+    permissions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could modify the executable files, causing arbitrary
+    code to be executed with the permissions of an unsuspecting SilverCity
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SilverCity users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/silvercity-0.9.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1941">CVE-2005-1941</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-06T18:24:23Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-06T18:24:47Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-07T01:08:04Z">
+    r2d2
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-06.xml b/metadata/glsa/glsa-200506-06.xml
new file mode 100644
index 000000000000..868a06af752c
--- /dev/null
+++ b/metadata/glsa/glsa-200506-06.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-06">
+  <title>libextractor: Multiple overflow vulnerabilities</title>
+  <synopsis>
+    libextractor is affected by several overflow vulnerabilities in the PDF,
+    Real and PNG extractors, making it vulnerable to execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">libextractor</product>
+  <announced>2005-06-09</announced>
+  <revised count="01">2005-06-09</revised>
+  <bug>79704</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libextractor" auto="yes" arch="*">
+      <unaffected range="ge">0.5.0</unaffected>
+      <vulnerable range="lt">0.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libextractor is a library used to extract meta-data from files. It
+    makes use of Xpdf code to extract information from PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Xpdf is vulnerable to multiple overflows, as described in GLSA
+    200501-28. Also, integer overflows were discovered in Real and PNG
+    extractors.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could design malicious PDF, PNG or Real files which,
+    when processed by an application making use of libextractor, would
+    result in the execution of arbitrary code with the rights of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libextractor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libextractor-0.5.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064">CAN-2005-0064</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200501-28.xml">GLSA 200501-28</uri>
+    <uri link="https://gnunet.org/libextractor/">libextractor security announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-03-01T11:13:31Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-03-03T15:44:04Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-08T11:34:48Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-07.xml b/metadata/glsa/glsa-200506-07.xml
new file mode 100644
index 000000000000..6b6501e75c70
--- /dev/null
+++ b/metadata/glsa/glsa-200506-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-07">
+  <title>Ettercap: Format string vulnerability</title>
+  <synopsis>
+    A format string vulnerability in Ettercap could allow a remote attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ettercap</product>
+  <announced>2005-06-11</announced>
+  <revised count="01">2005-06-11</revised>
+  <bug>94474</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ettercap" auto="yes" arch="*">
+      <unaffected range="ge">0.7.3</unaffected>
+      <vulnerable range="lt">0.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ettercap is a suite of tools for content filtering, sniffing and
+    man in the middle attacks on a LAN.
+    </p>
+  </background>
+  <description>
+    <p>
+    The curses_msg function of Ettercap's Ncurses-based user interface
+    insecurely implements formatted printing.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could craft a malicious network flow that would
+    result in executing arbitrary code with the rights of the user running
+    the Ettercap tool, which is often root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ettercap users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ettercap-0.7.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1796">CAN-2005-1796</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-08T08:05:23Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-08T16:01:35Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-11T08:22:41Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-08.xml b/metadata/glsa/glsa-200506-08.xml
new file mode 100644
index 000000000000..2a48f2de7166
--- /dev/null
+++ b/metadata/glsa/glsa-200506-08.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-08">
+  <title>GNU shtool, ocaml-mysql: Insecure temporary file creation</title>
+  <synopsis>
+    GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially
+    allowing a local user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">GNU shtool</product>
+  <announced>2005-06-11</announced>
+  <revised count="01">2005-06-11</revised>
+  <bug>93782</bug>
+  <bug>93784</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-util/shtool" auto="yes" arch="*">
+      <unaffected range="ge">2.0.1-r2</unaffected>
+      <vulnerable range="lt">2.0.1-r2</vulnerable>
+    </package>
+    <package name="dev-ml/ocaml-mysql" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3-r1</unaffected>
+      <vulnerable range="lt">1.0.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU shtool is a compilation of small shell scripts into a single
+    shell tool. The ocaml-mysql package includes the GNU shtool code.
+    </p>
+  </background>
+  <description>
+    <p>
+    Eric Romang has discovered that GNU shtool insecurely creates
+    temporary files with predictable filenames (CAN-2005-1751). On closer
+    inspection, Gentoo Security discovered that the shtool temporary file,
+    once created, was being reused insecurely (CAN-2005-1759).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When a GNU shtool script is executed, this would result in the file
+    being overwritten with the rights of the user running the script, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU shtool users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/shtool-2.0.1-r2"</code>
+    <p>
+    All ocaml-mysql users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-ml/ocaml-mysql-1.0.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1751">CAN-2005-1751</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1759">CAN-2005-1759</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-27T16:05:53Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-28T21:16:10Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-10T15:51:35Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-09.xml b/metadata/glsa/glsa-200506-09.xml
new file mode 100644
index 000000000000..578f0db61657
--- /dev/null
+++ b/metadata/glsa/glsa-200506-09.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-09">
+  <title>gedit: Format string vulnerability</title>
+  <synopsis>
+    gedit suffers from a format string vulnerability that could allow arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">gedit</product>
+  <announced>2005-06-11</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>93352</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/gedit" auto="yes" arch="*">
+      <unaffected range="ge">2.10.3</unaffected>
+      <vulnerable range="lt">2.10.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gedit is the official text editor of the GNOME desktop environement.
+    </p>
+  </background>
+  <description>
+    <p>
+    A format string vulnerability exists when opening files with names
+    containing format specifiers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A specially crafted file with format specifiers in the filename can
+    cause arbitrary code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gedit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/gedit-2.10.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/13699">BugTraq ID 13699</uri>
+    <uri link="https://mail.gnome.org/archives/gnome-announce-list/2005-June/msg00006.html">gedit 10.3 Release Notes</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1686">CVE-2005-1686</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-10T14:36:10Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-10T17:36:40Z">
+    r2d2
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-11T11:59:18Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-10.xml b/metadata/glsa/glsa-200506-10.xml
new file mode 100644
index 000000000000..7b38316d5007
--- /dev/null
+++ b/metadata/glsa/glsa-200506-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-10">
+  <title>LutelWall: Insecure temporary file creation</title>
+  <synopsis>
+    LutelWall is vulnerable to symlink attacks, potentially allowing a local
+    user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">LutelWall</product>
+  <announced>2005-06-11</announced>
+  <revised count="01">2005-06-11</revised>
+  <bug>95378</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-firewall/lutelwall" auto="yes" arch="*">
+      <unaffected range="ge">0.98</unaffected>
+      <vulnerable range="lt">0.98</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LutelWall is a high-level Linux firewall configuration tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Eric Romang has discovered that the new_version_check() function
+    in LutelWall insecurely creates a temporary file when updating to a new
+    version.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary file
+    directory, pointing to a valid file somewhere on the filesystem. When
+    the update script is executed (usually by the root user), this would
+    result in the file being overwritten with the rights of this user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LutelWall users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-firewall/lutelwall-0.98"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1879">CAN-2005-1879</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-10T12:14:36Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-10T13:37:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-10T15:27:13Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-11.xml b/metadata/glsa/glsa-200506-11.xml
new file mode 100644
index 000000000000..f4396733276b
--- /dev/null
+++ b/metadata/glsa/glsa-200506-11.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-11">
+  <title>Gaim: Denial of Service vulnerabilities</title>
+  <synopsis>
+    Gaim contains two remote Denial of Service vulnerabilities.
+  </synopsis>
+  <product type="ebuild">gaim</product>
+  <announced>2005-06-12</announced>
+  <revised count="01">2005-06-12</revised>
+  <bug>95347</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1</unaffected>
+      <vulnerable range="lt">1.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a full featured instant messaging client which handles a
+    variety of instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jacopo Ottaviani discovered a vulnerability in the Yahoo! file
+    transfer code when being offered files with names containing non-ASCII
+    characters (CAN-2005-1269).
+    </p>
+    <p>
+    Hugo de Bokkenrijder discovered a
+    vulnerability when receiving malformed MSN messages (CAN-2005-1934).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Both vulnerabilities cause Gaim to crash, resulting in a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gaim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/gaim-1.3.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://gaim.sourceforge.net/security/?id=18">Gaim Vulnerability: Remote Yahoo! crash</uri>
+    <uri link="https://gaim.sourceforge.net/security/?id=19">Gaim Vulnerability: MSN Remote DoS</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1269">CAN-2005-1269</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1934">CAN-2005-1934</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-10T08:03:05Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-10T08:44:05Z">
+    r2d2
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-12T13:55:53Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-12.xml b/metadata/glsa/glsa-200506-12.xml
new file mode 100644
index 000000000000..5a52991e4e08
--- /dev/null
+++ b/metadata/glsa/glsa-200506-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-12">
+  <title>MediaWiki: Cross-site scripting vulnerability</title>
+  <synopsis>
+    MediaWiki is vulnerable to a cross-site scripting attack that could allow
+    arbitrary scripting code execution.
+  </synopsis>
+  <product type="ebuild">mediawiki</product>
+  <announced>2005-06-13</announced>
+  <revised count="01">2005-06-13</revised>
+  <bug>95255</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.4.5</unaffected>
+      <unaffected range="rge">1.3.13</unaffected>
+      <vulnerable range="lt">1.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MediaWiki is a collaborative editing software, used by big
+    projects like Wikipedia.
+    </p>
+  </background>
+  <description>
+    <p>
+    MediaWiki incorrectly handles page template inclusions, rendering
+    it vulnerable to cross-site scripting attacks.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could exploit this vulnerability to inject
+    malicious script code that will be executed in a user's browser session
+    in the context of the vulnerable site.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MediaWiki users should upgrade to the latest available
+    versions:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose www-apps/mediawiki</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=332231">MediaWiki 1.4.5 Release Notes</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-10T11:34:01Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-10T11:34:36Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-11T12:24:08Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-13.xml b/metadata/glsa/glsa-200506-13.xml
new file mode 100644
index 000000000000..7fc5f21dd647
--- /dev/null
+++ b/metadata/glsa/glsa-200506-13.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-13">
+  <title>webapp-config: Insecure temporary file handling</title>
+  <synopsis>
+    The webapp-config utility insecurely creates temporary files in a world
+    writable directory, potentially allowing the execution of arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">webapp-config</product>
+  <announced>2005-06-17</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>91785</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/webapp-config" auto="yes" arch="*">
+      <unaffected range="ge">1.11</unaffected>
+      <vulnerable range="lt">1.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    webapp-config is a Gentoo Linux utility to help manage the installation
+    of web-based applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Eric Romang discovered webapp-config uses a predictable temporary
+    filename while processing certain options, resulting in a race
+    condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation of the race condition would allow an attacker
+    to disrupt the operation of webapp-config, or execute arbitrary shell
+    commands with the privileges of the user running webapp-config. A local
+    attacker could use a symlink attack to create or overwrite files with
+    the permissions of the user running webapp-config.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All webapp-config users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/webapp-config-1.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1707">CVE-2005-1707</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-10T15:08:15Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-10T15:49:46Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-17T08:32:12Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-14.xml b/metadata/glsa/glsa-200506-14.xml
new file mode 100644
index 000000000000..b6c50f21fc92
--- /dev/null
+++ b/metadata/glsa/glsa-200506-14.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-14">
+  <title>Sun and Blackdown Java: Applet privilege escalation</title>
+  <synopsis>
+    Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate
+    their privileges.
+  </synopsis>
+  <product type="ebuild">sun-jdk sun-jre-bin blackdown-jre blackdown-jdk</product>
+  <announced>2005-06-19</announced>
+  <revised count="01">2005-06-19</revised>
+  <bug>96092</bug>
+  <bug>96229</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.08</unaffected>
+      <vulnerable range="lt">1.4.2.08</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.08</unaffected>
+      <vulnerable range="lt">1.4.2.08</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.02</unaffected>
+      <vulnerable range="lt">1.4.2.02</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jre" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.02</unaffected>
+      <vulnerable range="lt">1.4.2.02</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sun and Blackdown both provide implementations of the Java
+    Development Kit (JDK) and Java Runtime Environment (JRE).
+    </p>
+  </background>
+  <description>
+    <p>
+    Both Sun's and Blackdown's JDK and JRE may allow untrusted applets
+    to elevate privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could embed a malicious Java applet in a web
+    page and entice a victim to view it. This applet can then bypass
+    security restrictions and execute any command or access any file with
+    the rights of the user running the web browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun JDK users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.4.2.08"</code>
+    <p>
+    All Sun JRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.4.2.08"</code>
+    <p>
+    All Blackdown JDK users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/blackdown-jdk-1.4.2.02"</code>
+    <p>
+    All Blackdown JRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/blackdown-jre-1.4.2.02"</code>
+    <p>
+    Note to SPARC users: There is no stable secure Blackdown Java
+    for the SPARC architecture. Affected users should remove the package
+    until a SPARC package is released.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1">Sun Security Alert ID 101749</uri>
+    <uri link="http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2005-02.txt">Blackdown Java Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-16T16:05:50Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-16T17:03:44Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-17T10:34:14Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-15.xml b/metadata/glsa/glsa-200506-15.xml
new file mode 100644
index 000000000000..433b322a7ad2
--- /dev/null
+++ b/metadata/glsa/glsa-200506-15.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-15">
+  <title>PeerCast: Format string vulnerability</title>
+  <synopsis>
+    PeerCast suffers from a format string vulnerability that could allow
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">peercast</product>
+  <announced>2005-06-19</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>96199</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/peercast" auto="yes" arch="*">
+      <unaffected range="ge">0.1212</unaffected>
+      <vulnerable range="lt">0.1212</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PeerCast is a media streaming system based on P2P technology.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Bercegay of the GulfTech Security Research Team discovered that
+    PeerCast insecurely implements formatted printing when receiving a
+    request with a malformed URL.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability by sending a request
+    with a specially crafted URL to a PeerCast server to execute arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PeerCast users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/peercast-0.1212"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.gulftech.org/?node=research&amp;article_id=00077-05282005">GulfTech Advisory</uri>
+    <uri link="http://www.peercast.org/forum/viewtopic.php?p=11596">PeerCast Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1806">CVE-2005-1806</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-15T19:02:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-15T19:42:18Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-19T19:09:07Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-16.xml b/metadata/glsa/glsa-200506-16.xml
new file mode 100644
index 000000000000..03e17a7727d2
--- /dev/null
+++ b/metadata/glsa/glsa-200506-16.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-16">
+  <title>cpio: Directory traversal vulnerability</title>
+  <synopsis>
+    cpio contains a flaw which may allow a specially crafted cpio archive to
+    extract files to an arbitrary directory.
+  </synopsis>
+  <product type="ebuild">cpio</product>
+  <announced>2005-06-20</announced>
+  <revised count="01">2005-06-20</revised>
+  <bug>90619</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-arch/cpio" auto="yes" arch="*">
+      <unaffected range="ge">2.6-r3</unaffected>
+      <vulnerable range="lt">2.6-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cpio is a file archival tool which can also read and write tar
+    files.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been found in cpio that can potentially allow
+    a cpio archive to extract its files to an arbitrary directory of the
+    creator's choice.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could create a malicious cpio archive which would
+    create files in arbitrary locations on the victim's system. This issue
+    could also be used in conjunction with a previous race condition
+    vulnerability (CAN-2005-1111) to change permissions on files owned by
+    the victim.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All cpio users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/cpio-2.6-r3"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/396429">Original Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1111">CAN-2005-1111</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-05-03T21:22:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-05-05T15:24:08Z">
+    lewk
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-19T20:39:43Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-17.xml b/metadata/glsa/glsa-200506-17.xml
new file mode 100644
index 000000000000..ed54002184d5
--- /dev/null
+++ b/metadata/glsa/glsa-200506-17.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-17">
+  <title>SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability</title>
+  <synopsis>
+    SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service attack
+    when handling certain malformed messages.
+  </synopsis>
+  <product type="ebuild">SpamAssassin, Vipul's Razor</product>
+  <announced>2005-06-21</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>94722</bug>
+  <bug>95492</bug>
+  <bug>96776</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/spamassassin" auto="yes" arch="*">
+      <unaffected range="ge">3.0.4</unaffected>
+      <unaffected range="lt">3.0.1</unaffected>
+      <vulnerable range="lt">3.0.4</vulnerable>
+    </package>
+    <package name="mail-filter/razor" auto="yes" arch="*">
+      <unaffected range="ge">2.74</unaffected>
+      <vulnerable range="lt">2.74</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SpamAssassin is an extensible email filter which is used to identify
+    junk email. Vipul's Razor is a client for a distributed, collaborative
+    spam detection and filtering network.
+    </p>
+  </background>
+  <description>
+    <p>
+    SpamAssassin and Vipul's Razor contain a Denial of Service
+    vulnerability when handling special misformatted long message headers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted message an attacker could cause a Denial
+    of Service attack against the SpamAssassin/Vipul's Razor server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SpamAssassin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-filter/spamassassin-3.0.4"</code>
+    <p>
+    All Vipul's Razor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-filter/razor-2.74"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266">CAN-2005-1266</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2024">CVE-2005-2024</uri>
+    <uri link="https://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288@proton.pathname.com%3e">SpamAssassin Announcement</uri>
+    <uri link="https://sourceforge.net/mailarchive/forum.php?thread_id=7520323&amp;forum_id=4259">Vipul's Razor Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-06-08T05:05:05Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-20T04:49:42Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-18.xml b/metadata/glsa/glsa-200506-18.xml
new file mode 100644
index 000000000000..3d82ca5ba702
--- /dev/null
+++ b/metadata/glsa/glsa-200506-18.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-18">
+  <title>Tor: Information disclosure</title>
+  <synopsis>
+    A flaw in Tor may allow the disclosure of arbitrary memory portions.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2005-06-21</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>96320</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.0.9.10</unaffected>
+      <vulnerable range="lt">0.0.9.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tor is an implementation of second generation Onion Routing, a
+    connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in Tor allows attackers to view arbitrary memory contents from an
+    exit server's process space.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could exploit the memory disclosure to gain sensitive
+    information and possibly even private keys.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tor users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.0.9.10"</code>
+  </resolution>
+  <references>
+    <uri link="http://archives.seul.org/or/announce/Jun-2005/msg00001.html">Tor Security Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2050">CVE-2005-2050</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-20T07:51:28Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-20T13:31:02Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-21T08:50:44Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-19.xml b/metadata/glsa/glsa-200506-19.xml
new file mode 100644
index 000000000000..3f7298a67ac4
--- /dev/null
+++ b/metadata/glsa/glsa-200506-19.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-19">
+  <title>SquirrelMail: Several XSS vulnerabilities</title>
+  <synopsis>
+    Squirrelmail is vulnerable to several cross-site scripting vulnerabilities
+    which could lead to a compromise of webmail accounts.
+  </synopsis>
+  <product type="ebuild">SquirrelMail</product>
+  <announced>2005-06-21</announced>
+  <revised count="01">2005-06-21</revised>
+  <bug>95937</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4</unaffected>
+      <unaffected range="lt">1.4.0</unaffected>
+      <vulnerable range="lt">1.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SquirrelMail is a webmail package written in PHP. It supports IMAP
+    and SMTP protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    SquirrelMail is vulnerable to several cross-site scripting issues,
+    most reported by Martijn Brinkers.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By enticing a user to read a specially-crafted e-mail or using a
+    manipulated URL, an attacker can execute arbitrary scripts running in
+    the context of the victim's browser. This could lead to a compromise of
+    the user's webmail account, cookie theft, etc.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SquirrelMail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/squirrelmail-1.4.4"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.squirrelmail.org/security/issue/2005-06-15">SquirrelMail Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1769">CAN-2005-1769</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-06-19T19:26:13Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-20T17:48:27Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-20.xml b/metadata/glsa/glsa-200506-20.xml
new file mode 100644
index 000000000000..baf81a4bcc17
--- /dev/null
+++ b/metadata/glsa/glsa-200506-20.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-20">
+  <title>Cacti: Several vulnerabilities</title>
+  <synopsis>
+    Cacti is vulnerable to several SQL injection, authentication bypass and
+    file inclusion vulnerabilities.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2005-06-22</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>96243</bug>
+  <bug>97475</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6f</unaffected>
+      <vulnerable range="lt">0.8.6f</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cacti is a complete web-based frontend to rrdtool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cacti fails to properly sanitize input which can lead to SQL injection,
+    authentication bypass as well as PHP file inclusion.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could potentially exploit the file inclusion to execute
+    arbitrary code with the permissions of the web server. An attacker
+    could exploit these vulnerabilities to bypass authentication or inject
+    SQL queries to gain information from the database. Only systems with
+    register_globals set to "On" are affected by the file inclusion and
+    authentication bypass vulnerabilities. Gentoo Linux ships with
+    register_globals set to "Off" by default.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cacti users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-0.8.6f"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.cacti.net/release_notes_0_8_6e.php">Cacti Release Notes - 0.8.6e</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=267&amp;type=vulnerabilities&amp;flashstatus=false">iDEFENSE SQL injection advisory</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=266&amp;type=vulnerabilities&amp;flashstatus=false">iDEFENSE config_settings advisory</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=265&amp;type=vulnerabilities&amp;flashstatus=false">iDEFENSE remote file inclusion advisory</uri>
+    <uri link="https://www.cacti.net/release_notes_0_8_6f.php">Cacti  Release Notes - 0.8.6f</uri>
+    <uri link="https://www.hardened-php.net/advisory-032005.php">Hardened - PHP Project Cacti Multiple SQL Injection Vulnerabilities</uri>
+    <uri link="https://www.hardened-php.net/advisory-042005.php">Hardened - PHP Project Cacti Remote Command Execution Vulnerability</uri>
+    <uri link="https://www.hardened-php.net/advisory-052005.php">Hardened - PHP Project Cacti Authentification/Addslashes Bypass Vulnerability</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1524">CVE-2005-1524</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1525">CVE-2005-1525</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1526">CVE-2005-1526</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-06-21T20:41:03Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-22T08:16:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-21.xml b/metadata/glsa/glsa-200506-21.xml
new file mode 100644
index 000000000000..79f198fbdcca
--- /dev/null
+++ b/metadata/glsa/glsa-200506-21.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-21">
+  <title>Trac: File upload vulnerability</title>
+  <synopsis>
+    Trac may allow remote attackers to upload files, possibly leading to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">trac</product>
+  <announced>2005-06-22</announced>
+  <revised count="01">2005-06-22</revised>
+  <bug>96572</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/trac" auto="yes" arch="*">
+      <unaffected range="ge">0.8.4</unaffected>
+      <vulnerable range="lt">0.8.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Trac is a minimalistic web-based project management, wiki and bug
+    tracking system including a Subversion interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser of the Hardened-PHP project discovered that Trac
+    fails to validate the "id" parameter when uploading attachments to the
+    wiki or the bug tracking system.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit the vulnerability to upload
+    arbitrary files to a directory where the webserver has write access to,
+    possibly leading to the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Trac users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/trac-0.8.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.hardened-php.net/advisory-012005.php">Hardened PHP Advisory 012005</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-21T20:04:48Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-22T01:36:58Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-22T08:15:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-22.xml b/metadata/glsa/glsa-200506-22.xml
new file mode 100644
index 000000000000..691c3d2183e5
--- /dev/null
+++ b/metadata/glsa/glsa-200506-22.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-22">
+  <title>sudo: Arbitrary command execution</title>
+  <synopsis>
+    A vulnerability in sudo may allow local users to elevate privileges.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2005-06-23</announced>
+  <revised count="01">2005-06-23</revised>
+  <bug>96618</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.6.8_p9</unaffected>
+      <vulnerable range="lt">1.6.8_p9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sudo allows a system administrator to give users the ability to
+    run commands as other users.
+    </p>
+  </background>
+  <description>
+    <p>
+    The sudoers file is used to define the actions sudo users are
+    permitted to perform. Charles Morris discovered that a specific layout
+    of the sudoers file could cause the results of an internal check to be
+    clobbered, leaving sudo vulnerable to a race condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Successful exploitation would permit a local sudo user to execute
+    arbitrary commands as another user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Reorder the sudoers file using the visudo utility to ensure the
+    'ALL' pseudo-command precedes other command definitions.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sudo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.6.8_p9"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.sudo.ws/sudo/alerts/path_race.html">Sudo Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-21T20:05:11Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-22T15:18:20Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-23T06:48:01Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-23.xml b/metadata/glsa/glsa-200506-23.xml
new file mode 100644
index 000000000000..15fd2f2f2261
--- /dev/null
+++ b/metadata/glsa/glsa-200506-23.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-23">
+  <title>Clam AntiVirus: Denial of Service vulnerability</title>
+  <synopsis>
+    Clam AntiVirus is vulnerable to a Denial of Service attack when processing
+    certain Quantum archives.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2005-06-27</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>96960</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.86.1</unaffected>
+      <vulnerable range="lt">0.86.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a GPL anti-virus toolkit, designed for integration
+    with mail servers to perform attachment scanning. Clam AntiVirus also
+    provides a command line scanner and a tool for fetching updates of the
+    virus database.
+    </p>
+  </background>
+  <description>
+    <p>
+    Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's
+    Quantum archive decompressor renders Clam AntiVirus vulnerable to a
+    Denial of Service attack.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability to cause a Denial of
+    Service by sending a specially crafted Quantum archive to the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Clam AntiVirus users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.86.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=337279">Clam AntiVirus Release Notes</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2056">CVE-2005-2056</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-24T22:27:44Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-24T23:09:26Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-26T16:53:15Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200506-24.xml b/metadata/glsa/glsa-200506-24.xml
new file mode 100644
index 000000000000..07b6592f6166
--- /dev/null
+++ b/metadata/glsa/glsa-200506-24.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200506-24">
+  <title>Heimdal: Buffer overflow vulnerabilities</title>
+  <synopsis>
+    Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could
+    allow the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">heimdal</product>
+  <announced>2005-06-29</announced>
+  <revised count="01">2005-06-29</revised>
+  <bug>96727</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/heimdal" auto="yes" arch="*">
+      <unaffected range="ge">0.6.5</unaffected>
+      <vulnerable range="lt">0.6.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heimdal is a free implementation of Kerberos 5 that includes a
+    telnetd server.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that the "getterminaltype" function of
+    Heimdal's telnetd server is vulnerable to buffer overflows.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this vulnerability to execute arbitrary
+    code with the permission of the telnetd server program.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/heimdal-0.6.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2040">CAN-2005-2040</uri>
+    <uri link="https://www.pdc.kth.se/heimdal/advisory/2005-06-20/">Heimdal Advisory 2005-06-20</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-23T11:06:31Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-23T12:58:46Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-06-29T07:29:29Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-01.xml b/metadata/glsa/glsa-200507-01.xml
new file mode 100644
index 000000000000..794deeb0a8b0
--- /dev/null
+++ b/metadata/glsa/glsa-200507-01.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-01">
+  <title>PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability</title>
+  <synopsis>
+    The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute
+    arbitrary PHP script commands.
+  </synopsis>
+  <product type="ebuild">pear-xml_rpc phpxmlrpc</product>
+  <announced>2005-07-03</announced>
+  <revised count="01">2005-07-03</revised>
+  <bug>97399</bug>
+  <bug>97629</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/PEAR-XML_RPC" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1</unaffected>
+      <vulnerable range="lt">1.3.1</vulnerable>
+    </package>
+    <package name="dev-php/phpxmlrpc" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1</unaffected>
+      <vulnerable range="lt">1.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The PEAR XML-RPC and phpxmlrpc libraries are both PHP
+    implementations of the XML-RPC protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Bercegay of GulfTech Security Research discovered that the
+    PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using
+    the "POST" method.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to execute
+    arbitrary PHP script code by sending a specially crafted XML document
+    to web applications making use of these libraries.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PEAR-XML_RPC users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-XML_RPC-1.3.1"</code>
+    <p>
+    All phpxmlrpc users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/phpxmlrpc-1.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921">CAN-2005-1921</uri>
+    <uri link="http://www.gulftech.org/?node=research&amp;article_id=00088-07022005">GulfTech Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-01T16:53:39Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-02T09:41:01Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-02T09:55:08Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-02.xml b/metadata/glsa/glsa-200507-02.xml
new file mode 100644
index 000000000000..d851376ec485
--- /dev/null
+++ b/metadata/glsa/glsa-200507-02.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-02">
+  <title>WordPress: Multiple vulnerabilities</title>
+  <synopsis>
+    WordPress contains PHP script injection, cross-site scripting and path
+    disclosure vulnerabilities.
+  </synopsis>
+  <product type="ebuild">wordpress</product>
+  <announced>2005-07-04</announced>
+  <revised count="01">2005-07-04</revised>
+  <bug>97374</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <unaffected range="ge">1.5.1.3</unaffected>
+      <vulnerable range="lt">1.5.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a PHP and MySQL based content management and
+    publishing system.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Bercegay of the GulfTech Security Research Team discovered
+    that WordPress insufficiently checks data passed to the XML-RPC server.
+    He also discovered that WordPress has several cross-site scripting and
+    full path disclosure vulnerabilities.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could use the PHP script injection vulnerabilities to
+    execute arbitrary PHP script commands. Furthermore the cross-site
+    scripting vulnerabilities could be exploited to execute arbitrary
+    script code in a user's browser session in context of a vulnerable
+    site.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WordPress users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-1.5.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921">CAN-2005-1921</uri>
+    <uri link="http://www.gulftech.org/?node=research&amp;article_id=00085-06282005">GulfTech Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-30T16:03:34Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-30T17:49:02Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-04T09:45:20Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-03.xml b/metadata/glsa/glsa-200507-03.xml
new file mode 100644
index 000000000000..dcf192c013b3
--- /dev/null
+++ b/metadata/glsa/glsa-200507-03.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-03">
+  <title>phpBB: Arbitrary command execution</title>
+  <synopsis>
+    A vulnerability in phpBB allows a remote attacker to execute arbitrary
+    commands with the rights of the web server.
+  </synopsis>
+  <product type="ebuild">phpBB</product>
+  <announced>2005-07-04</announced>
+  <revised count="03">2005-09-03</revised>
+  <bug>97278</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpBB" auto="yes" arch="*">
+      <unaffected range="ge">2.0.16</unaffected>
+      <vulnerable range="lt">2.0.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpBB is an Open Source bulletin board package.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ron van Daal discovered that phpBB contains a vulnerability in the
+    highlighting code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Successful exploitation would grant an attacker unrestricted access to
+    the PHP exec() or system() functions, allowing the execution of
+    arbitrary commands with the rights of the web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Please follow the instructions given in the phpBB announcement.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    The phpBB package is no longer supported by Gentoo Linux and has been
+    masked in the Portage repository, no further announcements will be
+    issued regarding phpBB updates. Users who wish to continue using phpBB
+    are advised to monitor and refer to www.phpbb.com for more information.
+    </p>
+    <p>
+    To continue using the Gentoo-provided phpBB package, please refer to
+    the Portage documentation on unmasking packages and upgrade to 2.0.16.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2086">CAN-2005-2086</uri>
+    <uri link="https://www.phpbb.com/phpBB/viewtopic.php?f=14&amp;t=302011">phpBB Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-29T13:31:49Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-29T14:18:11Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-02T09:31:28Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-04.xml b/metadata/glsa/glsa-200507-04.xml
new file mode 100644
index 000000000000..e90a783c2bd9
--- /dev/null
+++ b/metadata/glsa/glsa-200507-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-04">
+  <title>RealPlayer: Heap overflow vulnerability</title>
+  <synopsis>
+    RealPlayer is vulnerable to a heap overflow that could lead to remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">realplayer</product>
+  <announced>2005-07-06</announced>
+  <revised count="01">2005-07-06</revised>
+  <bug>96923</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/realplayer" auto="yes" arch="*">
+      <unaffected range="ge">10.0.5</unaffected>
+      <vulnerable range="lt">10.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    RealPlayer is a multimedia player capable of handling multiple
+    multimedia file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    RealPlayer is vulnerable to a heap overflow when opening RealMedia
+    files which make use of RealText.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to play a specially crafted RealMedia file an
+    attacker could execute arbitrary code with the permissions of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All RealPlayer users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/realplayer-10.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="http://service.real.com/help/faq/security/050623_player/EN/">RealNetworks Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1766">CAN-2005-1766</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-06-26T18:08:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-06-26T18:38:32Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-06T12:36:44Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-05.xml b/metadata/glsa/glsa-200507-05.xml
new file mode 100644
index 000000000000..cdcee2db105b
--- /dev/null
+++ b/metadata/glsa/glsa-200507-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-05">
+  <title>zlib: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow has been discovered in zlib, potentially resulting in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">zlib</product>
+  <announced>2005-07-06</announced>
+  <revised count="01">2005-07-06</revised>
+  <bug>98121</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/zlib" auto="yes" arch="*">
+      <unaffected range="ge">1.2.2-r1</unaffected>
+      <vulnerable range="lt">1.2.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    zlib is a widely used free and patent unencumbered data
+    compression library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
+    buffer overflow in zlib. A bounds checking operation failed to take
+    invalid data into account, allowing a specifically malformed deflate
+    data stream to overrun a buffer.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could construct a malformed data stream, embedding it
+    within network communication or an application file format, potentially
+    resulting in the execution of arbitrary code when decoded by the
+    application using the zlib library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All zlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-libs/zlib-1.2.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096">CAN-2005-2096</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-07-04T06:51:26Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-06T14:21:00Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-06.xml b/metadata/glsa/glsa-200507-06.xml
new file mode 100644
index 000000000000..7e0741ff685e
--- /dev/null
+++ b/metadata/glsa/glsa-200507-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-06">
+  <title>TikiWiki: Arbitrary command execution through XML-RPC</title>
+  <synopsis>
+    TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary
+    command execution.
+  </synopsis>
+  <product type="ebuild">Tikiwiki</product>
+  <announced>2005-07-06</announced>
+  <revised count="01">2005-07-06</revised>
+  <bug>97648</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5-r1</unaffected>
+      <vulnerable range="lt">1.8.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is a web-based groupware and content management system
+    (CMS), using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP
+    XML-RPC code.
+    </p>
+  </background>
+  <description>
+    <p>
+    TikiWiki is vulnerable to arbitrary command execution as described
+    in GLSA 200507-01.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to execute
+    arbitrary PHP code by sending specially crafted XML data.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.8.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://security.gentoo.org/glsa/glsa-200507-01.xml">GLSA 200507-01</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921">CAN-2005-1921</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-06T08:27:19Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-06T08:27:44Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-06T11:56:52Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-07.xml b/metadata/glsa/glsa-200507-07.xml
new file mode 100644
index 000000000000..e07d5c2eed03
--- /dev/null
+++ b/metadata/glsa/glsa-200507-07.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-07">
+  <title>phpWebSite: Multiple vulnerabilities</title>
+  <synopsis>
+    phpWebSite is vulnerable to the remote execution of arbitrary PHP script
+    code and to other, yet undisclosed, vulnerabilities.
+  </synopsis>
+  <product type="ebuild">phpwebsite</product>
+  <announced>2005-07-10</announced>
+  <revised count="01">2005-07-10</revised>
+  <bug>97461</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpwebsite" auto="yes" arch="*">
+      <unaffected range="ge">0.10.1-r1</unaffected>
+      <vulnerable range="lt">0.10.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpWebSite is a content management system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    phpWebSite fails to sanitize input sent to the XML-RPC server
+    using the "POST" method. Other unspecified vulnerabilities have been
+    discovered by Diabolic Crab of Hackers Center.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit the XML-RPC vulnerability to
+    execute arbitrary PHP script code by sending specially crafted XML data
+    to phpWebSite. The undisclosed vulnerabilities do have an unknown
+    impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpWebSite users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-app/phpwebsite-0.10.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921">CAN-2005-1921</uri>
+    <uri link="http://phpwebsite.appstate.edu/index.php?module=announce&amp;ANN_user_op=view&amp;ANN_id=989">phpWebSite announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-06T12:51:16Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-06T14:39:13Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-09T22:50:54Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-08.xml b/metadata/glsa/glsa-200507-08.xml
new file mode 100644
index 000000000000..897f1b3bdddb
--- /dev/null
+++ b/metadata/glsa/glsa-200507-08.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-08">
+  <title>phpGroupWare, eGroupWare: PHP script injection vulnerability</title>
+  <synopsis>
+    phpGroupWare and eGroupWare include an XML-RPC implementation which allows
+    remote attackers to execute arbitrary PHP script commands.
+  </synopsis>
+  <product type="ebuild">phpgroupware egroupware</product>
+  <announced>2005-07-10</announced>
+  <revised count="01">2005-07-10</revised>
+  <bug>97460</bug>
+  <bug>97651</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpgroupware" auto="yes" arch="*">
+      <unaffected range="ge">0.9.16.006</unaffected>
+      <vulnerable range="lt">0.9.16.006</vulnerable>
+    </package>
+    <package name="www-apps/egroupware" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0.008</unaffected>
+      <vulnerable range="lt">1.0.0.008</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpGroupWare and eGroupWare are web based collaboration software
+    suites.
+    </p>
+  </background>
+  <description>
+    <p>
+    The XML-RPC implementations of phpGroupWare and eGroupWare fail to
+    sanitize input sent to the XML-RPC server using the "POST" method.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit the XML-RPC vulnerability to
+    execute arbitrary PHP script code by sending specially crafted XML data
+    to the XML-RPC servers of phpGroupWare or eGroupWare.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpGroupWare users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-app/phpgroupware-0.9.16.006"</code>
+    <p>
+    All eGroupWare users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-app/egroupware-1.0.0.008"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921">CAN-2005-1921</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-06T12:50:50Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-06T15:06:09Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-10T19:07:48Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-09.xml b/metadata/glsa/glsa-200507-09.xml
new file mode 100644
index 000000000000..1937a781be2e
--- /dev/null
+++ b/metadata/glsa/glsa-200507-09.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-09">
+  <title>Adobe Acrobat Reader: Buffer overflow vulnerability</title>
+  <synopsis>
+    Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2005-07-11</announced>
+  <revised count="01">2005-07-11</revised>
+  <bug>98101</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">7.0</unaffected>
+      <vulnerable range="le">5.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Acrobat Reader is a utility used to view PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow has been discovered in the
+    UnixAppOpenFilePerform() function, which is called when Adobe Acrobat
+    Reader tries to open a file with the "\Filespec" tag.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted PDF document, a
+    remote attacker could exploit this vulnerability to execute arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Since Adobe will most likely not update the 5.0 series of Adobe
+    Acrobat Reader for Linux, all users should upgrade to the latest
+    available version of the 7.0 series:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-7.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1625">CAN-2005-1625</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=279&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Security Advisory</uri>
+    <uri link="https://www.adobe.com/support/techdocs/329083.html">Adobe Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-08T08:39:08Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-08T15:11:50Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-09T18:37:26Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-10.xml b/metadata/glsa/glsa-200507-10.xml
new file mode 100644
index 000000000000..bf58b6ef9753
--- /dev/null
+++ b/metadata/glsa/glsa-200507-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-10">
+  <title>Ruby: Arbitrary command execution through XML-RPC</title>
+  <synopsis>
+    A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute
+    arbitrary commands.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2005-07-11</announced>
+  <revised count="01">2005-07-11</revised>
+  <bug>96784</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">1.8.2-r2</unaffected>
+      <vulnerable range="lt">1.8.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is an interpreted scripting language for quick and easy
+    object-oriented programming. XML-RPC is a remote procedure call
+    protocol encoded in XML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nobuhiro IMAI reported that an invalid default value in "utils.rb"
+    causes the security protections of the XML-RPC server to fail.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to execute
+    arbitrary commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.2-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992">CAN-2005-1992</uri>
+    <uri link="https://www.ruby-lang.org/en/20050701.html">Ruby Security Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-09T18:51:00Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-09T19:20:33Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-11T12:47:35Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-11.xml b/metadata/glsa/glsa-200507-11.xml
new file mode 100644
index 000000000000..c60fe3558f01
--- /dev/null
+++ b/metadata/glsa/glsa-200507-11.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-11">
+  <title>MIT Kerberos 5: Multiple vulnerabilities</title>
+  <synopsis>
+    MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote
+    execution of arbitrary code, possibly leading to the compromise of the
+    entire Kerberos realm.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2005-07-12</announced>
+  <revised count="01">2005-07-12</revised>
+  <bug>98799</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1-r1</unaffected>
+      <vulnerable range="lt">1.4.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT Kerberos 5 is the free implementation of the Kerberos network
+    authentication protocol by the Massachusetts Institute of Technology.
+    </p>
+  </background>
+  <description>
+    <p>
+    Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the
+    heap by freeing unallocated memory when receiving a special TCP request
+    (CAN-2005-1174). He also discovered that the same request could lead to
+    a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered
+    that krb5_recvauth() function of MIT Kerberos 5 might try to
+    double-free memory (CAN-2005-1689).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Although exploitation is considered difficult, a remote attacker
+    could exploit the single-byte heap overflow and the double-free
+    vulnerability to execute arbitrary code, which could lead to the
+    compromise of the whole Kerberos realm. A remote attacker could also
+    use the heap corruption to cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT Kerberos 5 users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.4.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174">CAN-2005-1174</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175">CAN-2005-1175</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689">CAN-2005-1689</uri>
+    <uri link="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt">MITKRB5-SA-2005-002</uri>
+    <uri link="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt">MITKRB5-SA-2005-003</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-08T08:49:39Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-08T14:57:37Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-12T19:05:46Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-12.xml b/metadata/glsa/glsa-200507-12.xml
new file mode 100644
index 000000000000..c7886bba68b3
--- /dev/null
+++ b/metadata/glsa/glsa-200507-12.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-12">
+  <title>Bugzilla: Unauthorized access and information disclosure</title>
+  <synopsis>
+    Multiple vulnerabilities in Bugzilla could allow remote users to modify bug
+    flags or gain sensitive information.
+  </synopsis>
+  <product type="ebuild">bugzilla</product>
+  <announced>2005-07-13</announced>
+  <revised count="01">2005-07-13</revised>
+  <bug>98348</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/bugzilla" auto="yes" arch="*">
+      <unaffected range="ge">2.18.3</unaffected>
+      <vulnerable range="lt">2.18.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Bugzilla is a web-based bug-tracking system used by many projects.
+    </p>
+  </background>
+  <description>
+    <p>
+    Bugzilla allows any user to modify the flags of any bug
+    (CAN-2005-2173). Bugzilla inserts bugs into the database before marking
+    them as private, in connection with MySQL replication this could lead
+    to a race condition (CAN-2005-2174).
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By manually changing the URL to process_bug.cgi, a remote attacker
+    could modify the flags of any given bug, which could trigger an email
+    including the bug summary to be sent to the attacker. The race
+    condition when using Bugzilla with MySQL replication could lead to a
+    short timespan (usually less than a second) where the summary of
+    private bugs is exposed to all users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Bugzilla users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/bugzilla-2.18.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2173">CAN-2005-2173</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2174">CAN-2005-2174</uri>
+    <uri link="https://www.bugzilla.org/security/2.18.1/">Bugzilla Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-12T07:49:18Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-12T08:01:09Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-12T08:53:54Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-13.xml b/metadata/glsa/glsa-200507-13.xml
new file mode 100644
index 000000000000..8fc01d1bd59d
--- /dev/null
+++ b/metadata/glsa/glsa-200507-13.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-13">
+  <title>pam_ldap and nss_ldap: Plain text authentication leak</title>
+  <synopsis>
+    pam_ldap and nss_ldap fail to restart TLS when following a referral,
+    possibly leading to credentials being sent in plain text.
+  </synopsis>
+  <product type="ebuild">pam_ldap nss_ldap</product>
+  <announced>2005-07-14</announced>
+  <revised count="01">2005-07-14</revised>
+  <bug>96767</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-auth/nss_ldap" auto="yes" arch="*">
+      <unaffected range="ge">239-r1</unaffected>
+      <unaffected range="rge">226-r1</unaffected>
+      <vulnerable range="lt">239-r1</vulnerable>
+    </package>
+    <package name="sys-auth/pam_ldap" auto="yes" arch="*">
+      <unaffected range="ge">178-r1</unaffected>
+      <vulnerable range="lt">178-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pam_ldap is a Pluggable Authentication Module which allows
+    authentication against an LDAP directory. nss_ldap is a Name Service
+    Switch module which allows 'passwd', 'group' and 'host' database
+    information to be pulled from LDAP. TLS is Transport Layer Security, a
+    protocol that allows encryption of network communications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Rob Holland of the Gentoo Security Audit Team discovered that
+    pam_ldap and nss_ldap fail to use TLS for referred connections if they
+    are referred to a master after connecting to a slave, regardless of the
+    "ssl start_tls" ldap.conf setting.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could sniff passwords or other sensitive information
+    as the communication is not encrypted.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    pam_ldap and nss_ldap can be set to force the use of SSL instead
+    of TLS.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pam_ldap users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-auth/pam_ldap-178-r1"</code>
+    <p>
+    All nss_ldap users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose sys-auth/nss_ldap</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069">CAN-2005-2069</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-04T08:55:26Z">
+    tigger
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-04T14:18:57Z">
+    tigger
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-14T09:08:58Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-14.xml b/metadata/glsa/glsa-200507-14.xml
new file mode 100644
index 000000000000..5bd7686b8e3f
--- /dev/null
+++ b/metadata/glsa/glsa-200507-14.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-14">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities in Mozilla Firefox allow attacks ranging from
+    execution of script code with elevated privileges to information leak.
+  </synopsis>
+  <product type="ebuild">mozilla</product>
+  <announced>2005-07-15</announced>
+  <revised count="01">2005-07-15</revised>
+  <bug>95199</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is the next-generation web browser from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in Mozilla
+    Firefox:
+    </p>
+    <ul>
+    <li>"moz_bug_r_a4" and "shutdown" discovered that
+    Firefox was improperly cloning base objects (MFSA 2005-56).</li>
+    <li>Michael Krax reported that Firefox was not correctly handling
+    JavaScript URLs from external applications (MFSA 2005-53), and that the
+    "Set as wallpaper" function in versions 1.0.3 and 1.0.4 could be abused
+    to load JavaScript (MFSA 2005-47).</li>
+    <li>Several researchers
+    reported ways to trick Firefox into accepting events generated by web
+    content (MFSA 2005-45).</li>
+    <li>Kohei Yoshino discovered a new way to
+    inject script from the sidebar panel using data: (MFSA 2005-49).</li>
+    <li>"moz_bug_r_a4" reported that Firefox failed to validate XHTML DOM
+    nodes properly (MFSA 2005-55), and that XBL scripts ran even when
+    Javascript is disabled (MFSA 2005-46).</li>
+    <li>"shutdown" discovered a
+    possibly exploitable crash in InstallVersion.compareTo (MFSA
+    2005-50).</li>
+    <li>Finally, Secunia discovered that a child frame can
+    call top.focus() even if the framing page comes from a different origin
+    and has overridden the focus() routine (MFSA 2005-52), and that the
+    frame injection spoofing bug fixed in 1.0.2 was mistakenly reintroduced
+    in 1.0.3 and 1.0.4 (MFSA 2005-51).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft malicious web pages that would
+    leverage these issues to inject and execute arbitrary script code with
+    elevated privileges, steal cookies or other information from web pages,
+    or spoof content.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0.5"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox">Mozilla Foundation Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-07-13T20:26:29Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-15T05:32:06Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-15.xml b/metadata/glsa/glsa-200507-15.xml
new file mode 100644
index 000000000000..82e76a29c4f5
--- /dev/null
+++ b/metadata/glsa/glsa-200507-15.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-15">
+  <title>PHP: Script injection through XML-RPC</title>
+  <synopsis>
+    PHP includes an XML-RPC implementation which allows remote attackers to
+    execute arbitrary PHP script commands.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2005-07-15</announced>
+  <revised count="01">2005-07-15</revised>
+  <bug>97655</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/php" auto="yes" arch="*">
+      <unaffected range="ge">4.4.0</unaffected>
+      <vulnerable range="lt">4.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a general-purpose scripting language widely used to develop
+    web-based applications. It can run inside a web server using the
+    mod_php module or the CGI version of PHP, or can run stand-alone in a
+    CLI.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Bercegay has discovered that the XML-RPC implementation in
+    PHP fails to sanitize input passed in an XML document, which is used in
+    an "eval()" statement.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit the XML-RPC vulnerability to
+    execute arbitrary PHP script code by sending specially crafted XML data
+    to applications making use of this XML-RPC implementation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/php-4.4.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921">CAN-2005-1921</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-12T20:30:47Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-12T22:51:12Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-15T13:35:35Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-16.xml b/metadata/glsa/glsa-200507-16.xml
new file mode 100644
index 000000000000..411cddb69f61
--- /dev/null
+++ b/metadata/glsa/glsa-200507-16.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-16">
+  <title>dhcpcd: Denial of Service vulnerability</title>
+  <synopsis>
+    A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.
+  </synopsis>
+  <product type="ebuild">dhcpcd</product>
+  <announced>2005-07-15</announced>
+  <revised count="01">2005-07-15</revised>
+  <bug>98394</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcpcd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.22_p4-r11</unaffected>
+      <vulnerable range="lt">1.3.22_p4-r11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    dhcpcd is a standards compliant DHCP client daemon. It requests an
+    IP address and other information from the DHCP server, automatically
+    configures the network interface, and tries to renew the lease time.
+    </p>
+  </background>
+  <description>
+    <p>
+    infamous42md discovered that dhcpcd can be tricked to read past
+    the end of the supplied DHCP buffer. As a result, this might lead to a
+    crash of the daemon.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    With a malicious DHCP server an attacker could cause a Denial of
+    Service by crashing the DHCP client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All dhcpcd users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcpcd-1.3.22_p4-r11"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848">CAN-2005-1848</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-11T14:38:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-11T17:42:40Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-12T08:00:32Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-17.xml b/metadata/glsa/glsa-200507-17.xml
new file mode 100644
index 000000000000..b62bd7ed6733
--- /dev/null
+++ b/metadata/glsa/glsa-200507-17.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-17">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from
+    execution of script code with elevated privileges to information leak.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2005-07-18</announced>
+  <revised count="01">2005-07-18</revised>
+  <bug>98855</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Thunderbird is the next-generation mail client from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in Mozilla
+    Thunderbird:
+    </p>
+    <ul>
+    <li>"moz_bug_r_a4" and "shutdown" discovered
+    that Thunderbird was improperly cloning base objects (MFSA
+    2005-56).</li>
+    <li>"moz_bug_r_a4" also reported that Thunderbird was
+    overly trusting contents, allowing privilege escalation via property
+    overrides (MFSA 2005-41, 2005-44), that it failed to validate XHTML DOM
+    nodes properly (MFSA 2005-55), and that XBL scripts ran even when
+    Javascript is disabled (MFSA 2005-46).</li>
+    <li>"shutdown" discovered a
+    possibly exploitable crash in InstallVersion.compareTo (MFSA
+    2005-50).</li>
+    <li>Andreas Sandblad from Secunia reported that a child
+    frame can call top.focus() even if the framing page comes from a
+    different origin and has overridden the focus() routine (MFSA
+    2005-52).</li>
+    <li>Georgi Guninski reported missing Install object
+    instance checks in the native implementations of XPInstall-related
+    JavaScript objects (MFSA 2005-40).</li>
+    <li>Finally, Vladimir V.
+    Perepelitsa discovered a memory disclosure bug in JavaScript's regular
+    expression string replacement when using an anonymous function as the
+    replacement argument (CAN-2005-0989 and MFSA 2005-33).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft malicious email messages that would
+    leverage these issues to inject and execute arbitrary script code with
+    elevated privileges or help in stealing information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.0.5"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird">Mozilla Foundation Security Advisories</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989">CAN-2005-0989</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-07-14T11:30:45Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-17T20:53:06Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-18.xml b/metadata/glsa/glsa-200507-18.xml
new file mode 100644
index 000000000000..c312e1fd45a8
--- /dev/null
+++ b/metadata/glsa/glsa-200507-18.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-18">
+  <title>MediaWiki: Cross-site scripting vulnerability</title>
+  <synopsis>
+    MediaWiki is vulnerable to a cross-site scripting attack that could allow
+    arbitrary JavaScript code execution.
+  </synopsis>
+  <product type="ebuild">mediawiki</product>
+  <announced>2005-07-20</announced>
+  <revised count="03">2005-08-11</revised>
+  <bug>99132</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.4.6</unaffected>
+      <vulnerable range="lt">1.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MediaWiki is a collaborative editing software, used by big projects
+    like Wikipedia.
+    </p>
+  </background>
+  <description>
+    <p>
+    MediaWiki fails to escape a parameter in the page move template
+    correctly.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By enticing a user to visit a specially crafted URL, a remote attacker
+    could exploit this vulnerability to inject malicious JavaScript code
+    that will be executed in a user's browser session in the context of the
+    vulnerable site.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MediaWiki users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.4.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2396">CAN-2005-2396</uri>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=342530">MediaWiki Release Notes</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-18T07:34:17Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-18T07:34:40Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-18T07:59:14Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-19.xml b/metadata/glsa/glsa-200507-19.xml
new file mode 100644
index 000000000000..bc3d589b1361
--- /dev/null
+++ b/metadata/glsa/glsa-200507-19.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-19">
+  <title>zlib: Buffer overflow</title>
+  <synopsis>
+    zlib is vulnerable to a buffer overflow which could potentially lead to
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">zlib</product>
+  <announced>2005-07-22</announced>
+  <revised count="01">2005-07-22</revised>
+  <bug>99751</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/zlib" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <vulnerable range="lt">1.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    zlib is a widely used free and patent unencumbered data
+    compression library.
+    </p>
+  </background>
+  <description>
+    <p>
+    zlib improperly handles invalid data streams which could lead to a
+    buffer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By creating a specially crafted compressed data stream, attackers
+    can overwrite data structures for applications that use zlib, resulting
+    in arbitrary code execution or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All zlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-libs/zlib-1.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0489.html">Full Disclosure Announcement</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849">CAN-2005-1849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-21T05:28:09Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-21T07:38:10Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-21T18:38:18Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-20.xml b/metadata/glsa/glsa-200507-20.xml
new file mode 100644
index 000000000000..b6b9a92aa2cf
--- /dev/null
+++ b/metadata/glsa/glsa-200507-20.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-20">
+  <title>Shorewall: Security policy bypass</title>
+  <synopsis>
+    A vulnerability in Shorewall allows clients authenticated by MAC address
+    filtering to bypass all other security rules.
+  </synopsis>
+  <product type="ebuild">shorewall</product>
+  <announced>2005-07-22</announced>
+  <revised count="02">2005-09-14</revised>
+  <bug>99398</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-firewall/shorewall" auto="yes" arch="*">
+      <unaffected range="ge">2.4.2</unaffected>
+      <vulnerable range="le">2.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Shorewall is a high level tool for configuring Netfilter, the firewall
+    facility included in the Linux Kernel.
+    </p>
+  </background>
+  <description>
+    <p>
+    Shorewall fails to enforce security policies if configured with
+    "MACLIST_DISPOSITION" set to "ACCEPT" or "MACLIST_TTL" set to a value
+    greater or equal to 0.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A client authenticated by MAC address filtering could bypass all
+    security policies, possibly allowing him to gain access to restricted
+    services. The default installation has MACLIST_DISPOSITION=REJECT and
+    MACLIST_TTL=(blank) (equivalent to 0). This can be checked by looking
+    at the settings in /etc/shorewall/shorewall.conf
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Set "MACLIST_TTL" to "0" and "MACLIST_DISPOSITION" to "REJECT" in the
+    Shorewall configuration file (usually /etc/shorewall/shorewall.conf).
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Shorewall users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-firewall/shorewall</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2317">CAN-2005-2317</uri>
+    <uri link="http://www.shorewall.net/News.htm#20050717">Shorewall Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-20T08:32:24Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-20T09:04:23Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-21T21:07:14Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-21.xml b/metadata/glsa/glsa-200507-21.xml
new file mode 100644
index 000000000000..5ef8eb0800c5
--- /dev/null
+++ b/metadata/glsa/glsa-200507-21.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-21">
+  <title>fetchmail: Buffer Overflow</title>
+  <synopsis>
+    fetchmail is susceptible to a buffer overflow resulting in a Denial of
+    Service or arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">fetchmail</product>
+  <announced>2005-07-25</announced>
+  <revised count="01">2005-07-25</revised>
+  <bug>99865</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/fetchmail" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5.2</unaffected>
+      <vulnerable range="lt">6.2.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    fetchmail is a utility that retrieves and forwards mail from
+    remote systems using IMAP, POP, and other protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    fetchmail does not properly validate UIDs coming from a POP3 mail
+    server. The UID is placed in a fixed length buffer on the stack, which
+    can be overflown.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Very long UIDs returned from a malicious or compromised POP3
+    server can cause fetchmail to crash, resulting in a Denial of Service,
+    or allow arbitrary code to be placed on the stack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All fetchmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/fetchmail-6.2.5.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt">Fetchmail Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335">CAN-2005-2335</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-07-22T05:37:13Z">
+    r2d2
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-24T07:43:36Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-22.xml b/metadata/glsa/glsa-200507-22.xml
new file mode 100644
index 000000000000..d305075cff4a
--- /dev/null
+++ b/metadata/glsa/glsa-200507-22.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-22">
+  <title>sandbox: Insecure temporary file handling</title>
+  <synopsis>
+    The sandbox utility may create temporary files in an insecure manner.
+  </synopsis>
+  <product type="ebuild">sandbox</product>
+  <announced>2005-07-25</announced>
+  <revised count="02">2005-08-11</revised>
+  <bug>96782</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/sandbox" auto="yes" arch="*">
+      <unaffected range="ge">1.2.11</unaffected>
+      <vulnerable range="lt">1.2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sandbox is a Gentoo Linux utility used by the Portage package
+    management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Gentoo Linux Security Audit Team discovered that the sandbox
+    utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use)
+    file creation race conditions.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Local users may be able to create or overwrite arbitrary files with the
+    permissions of the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sandbox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/sandbox-1.2.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2449">CAN-2005-2449</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-23T11:46:49Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-23T12:17:37Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-24T07:49:01Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-23.xml b/metadata/glsa/glsa-200507-23.xml
new file mode 100644
index 000000000000..1fd6d4ea5f81
--- /dev/null
+++ b/metadata/glsa/glsa-200507-23.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-23">
+  <title>Kopete: Vulnerability in included Gadu library</title>
+  <synopsis>
+    Kopete is vulnerable to several input validation vulnerabilities which may
+    lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">kopete</product>
+  <announced>2005-07-25</announced>
+  <revised count="01">2005-07-25</revised>
+  <bug>99754</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdenetwork" auto="yes" arch="*">
+      <unaffected range="ge">3.4.1-r1</unaffected>
+      <unaffected range="rge">3.3.2-r2</unaffected>
+      <vulnerable range="lt">3.4.1-r1</vulnerable>
+    </package>
+    <package name="kde-base/kopete" auto="yes" arch="*">
+      <unaffected range="ge">3.4.1-r1</unaffected>
+      <vulnerable range="lt">3.4.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. Kopete (also part of kdenetwork) is the
+    KDE Instant Messenger.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kopete contains an internal copy of libgadu and is therefore
+    subject to several input validation vulnerabilities in libgadu.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to execute
+    arbitrary code or crash Kopete.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Delete all Gadu Gadu contacts.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Kopete users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdenetwork</code>
+    <p>
+    All KDE Split Ebuild Kopete users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kopete-3.4.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kde.org/info/security/advisory-20050721-1.txt">KDE Security Advisory: libgadu vulnerabilities</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1852">CAN-2005-1852</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-07-21T09:34:55Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-25T17:39:48Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-24.xml b/metadata/glsa/glsa-200507-24.xml
new file mode 100644
index 000000000000..2927dda27764
--- /dev/null
+++ b/metadata/glsa/glsa-200507-24.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-24">
+  <title>Mozilla Suite: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities in the Mozilla Suite allow attacks ranging from the
+    execution of javascript code with elevated privileges to information
+    leakage.
+  </synopsis>
+  <product type="ebuild">mozilla</product>
+  <announced>2005-07-26</announced>
+  <revised count="01">2005-07-26</revised>
+  <bug>98846</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.10</unaffected>
+      <vulnerable range="lt">1.7.10</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.10</unaffected>
+      <vulnerable range="lt">1.7.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Suite is an all-in-one Internet application suite
+    including a web browser, an advanced e-mail and newsgroup client, IRC
+    client and HTML editor.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in the Mozilla
+    Suite:
+    </p>
+    <ul>
+    <li>"moz_bug_r_a4" and "shutdown" discovered that the
+    Mozilla Suite was improperly cloning base objects (MFSA 2005-56).</li>
+    <li>"moz_bug_r_a4" reported that the suite failed to validate XHTML DOM
+    nodes properly (MFSA 2005-55).</li>
+    <li>Secunia reported that alerts
+    and prompts scripts are presented with the generic title [JavaScript
+    Application] which could lead to tricking a user (MFSA 2005-54).</li>
+    <li>Andreas Sandblad of Secunia reported that top.focus() can be called
+    in the context of a child frame even if the framing page comes from a
+    different origin and has overridden the focus() routine (MFSA
+    2005-52).</li>
+    <li>Secunia reported that a frame-injection spoofing bug
+    which was fixed in earlier versions, was accidently bypassed in Mozilla
+    Suite 1.7.7 (MFSA 2005-51).</li>
+    <li>"shutdown" reported that
+    InstallVersion.compareTo() might be exploitable. When it gets an object
+    rather than a string, the browser would generally crash with an access
+    violation (MFSA 2005-50).</li>
+    <li>Matthew Mastracci reported that by
+    forcing a page navigation immediately after calling the install method
+    can end up running in the context of the new page selected by the
+    attacker (MFSA 2005-48).</li>
+    <li>"moz_bug_r_a4" reported that XBL
+    scripts run even when Javascript is disabled (MFSA 2005-46).</li>
+    <li>
+    Omar Khan, Jochen, "shutdown" and Matthew Mastracci reported that the
+    Mozilla Suite incorrectly distinguished between true events like mouse
+    clicks or keystrokes and synthetic events generated by a web content
+    (MFSA 2005-45).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft malicious web pages that would
+    leverage these issues to inject and execute arbitrary javascript code
+    with elevated privileges, steal cookies or other information from web
+    pages, or spoof content.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Suite users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-1.7.10"</code>
+    <p>
+    All Mozilla Suite binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-bin-1.7.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla">Mozilla Foundation Security Advisories</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-23T18:08:05Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-23T18:09:18Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-24T07:24:03Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-25.xml b/metadata/glsa/glsa-200507-25.xml
new file mode 100644
index 000000000000..a50cebb9ea4e
--- /dev/null
+++ b/metadata/glsa/glsa-200507-25.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-25">
+  <title>Clam AntiVirus: Integer overflows</title>
+  <synopsis>
+    Clam AntiVirus is vulnerable to integer overflows when handling several
+    file formats, potentially resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2005-07-26</announced>
+  <revised count="02">2005-08-11</revised>
+  <bug>100178</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.86.2</unaffected>
+      <vulnerable range="lt">0.86.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a GPL anti-virus toolkit, designed for integration
+    with mail servers to perform attachment scanning. Clam AntiVirus also
+    provides a command line scanner and a tool for fetching updates of the
+    virus database.
+    </p>
+  </background>
+  <description>
+    <p>
+    Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is
+    vulnerable to integer overflows when handling the TNEF, CHM and FSG
+    file formats.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a specially-crafted file an attacker could execute arbitrary
+    code with the permissions of the user running Clam AntiVirus.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Clam AntiVirus users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.86.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2450">CAN-2005-2450</uri>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=344514">Clam AntiVirus: Release Notes</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-25T17:48:24Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-25T19:44:22Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-26T20:33:43Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-26.xml b/metadata/glsa/glsa-200507-26.xml
new file mode 100644
index 000000000000..3b5149f5265b
--- /dev/null
+++ b/metadata/glsa/glsa-200507-26.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-26">
+  <title>GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library</title>
+  <synopsis>
+    GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer
+    overflow which could potentially lead to the execution of arbitrary code or
+    a Denial of Service.
+  </synopsis>
+  <product type="ebuild">gnugadu centericq kadu ekg libgadu</product>
+  <announced>2005-07-27</announced>
+  <revised count="02">2007-02-26</revised>
+  <bug>99816</bug>
+  <bug>99890</bug>
+  <bug>99583</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gnugadu" auto="yes" arch="*">
+      <unaffected range="ge">2.2.6-r1</unaffected>
+      <vulnerable range="lt">2.2.6-r1</vulnerable>
+    </package>
+    <package name="net-im/centericq" auto="yes" arch="*">
+      <unaffected range="ge">4.20.0-r3</unaffected>
+      <vulnerable range="lt">4.20.0-r3</vulnerable>
+    </package>
+    <package name="net-im/kadu" auto="yes" arch="*">
+      <unaffected range="ge">0.4.1</unaffected>
+      <vulnerable range="lt">0.4.1</vulnerable>
+    </package>
+    <package name="net-im/ekg" auto="yes" arch="*">
+      <unaffected range="ge">1.6_rc3</unaffected>
+      <vulnerable range="lt">1.6_rc3</vulnerable>
+    </package>
+    <package name="net-libs/libgadu" auto="yes" arch="*">
+      <unaffected range="ge">1.7.0_pre20050719</unaffected>
+      <vulnerable range="lt">1.7.0_pre20050719</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications
+    created to support Gadu Gadu instant messaging protocol. libgadu is a
+    library that implements the client side of the Gadu-Gadu protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer
+    overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit the integer overflow to execute
+    arbitrary code or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Gadu users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/gnugadu-2.2.6-r1"</code>
+    <p>
+    All Kadu users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/kadu-0.4.1"</code>
+    <p>
+    All EKG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/ekg-1.6_rc3"</code>
+    <p>
+    All libgadu users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/libgadu-20050719"</code>
+    <p>
+    All CenterICQ users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/centericq-4.20.0-r3"</code>
+    <p>
+    CenterICQ is no longer distributed with Gadu Gadu support, affected
+    users are encouraged to migrate to an alternative package.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1852">CAN-2005-1852</uri>
+    <uri link="http://www.securityfocus.com/archive/1/406026/30/">BugTraq Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-23T12:05:13Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-23T12:53:13Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-26T19:58:40Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-27.xml b/metadata/glsa/glsa-200507-27.xml
new file mode 100644
index 000000000000..2fd5480707f5
--- /dev/null
+++ b/metadata/glsa/glsa-200507-27.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-27">
+  <title>Ethereal: Multiple vulnerabilities</title>
+  <synopsis>
+    Ethereal is vulnerable to numerous vulnerabilities potentially resulting in
+    the execution of arbitrary code or abnormal termination.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2005-07-28</announced>
+  <revised count="01">2005-07-28</revised>
+  <bug>100316</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.12</unaffected>
+      <vulnerable range="lt">0.10.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature-rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are numerous vulnerabilities in versions of Ethereal prior
+    to 0.10.12, including:
+    </p>
+    <ul>
+    <li>The SMB dissector could overflow a
+    buffer or exhaust memory (CAN-2005-2365).</li>
+    <li>iDEFENSE discovered
+    that several dissectors are vulnerable to format string overflows
+    (CAN-2005-2367).</li>
+    <li>Additionally multiple potential crashes in
+    many dissectors have been fixed, see References for further
+    details.</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to use these vulnerabilities to crash
+    Ethereal or execute arbitrary code with the permissions of the user
+    running Ethereal, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ethereal-0.10.12"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00020.html">Ethereal enpa-sa-00020</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2360">CAN-2005-2360</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2361">CAN-2005-2361</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2362">CAN-2005-2362</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2363">CAN-2005-2363</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2364">CAN-2005-2364</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2365">CAN-2005-2365</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2366">CAN-2005-2366</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2367">CAN-2005-2367</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-07-26T19:41:31Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-28T05:33:45Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-28.xml b/metadata/glsa/glsa-200507-28.xml
new file mode 100644
index 000000000000..fe1515499e55
--- /dev/null
+++ b/metadata/glsa/glsa-200507-28.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-28">
+  <title>AMD64 x86 emulation base libraries: Buffer overflow</title>
+  <synopsis>
+    The x86 emulation base libraries for AMD64 contain a vulnerable version of
+    zlib which could potentially lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">emul-linux-x86-baselibs</product>
+  <announced>2005-07-30</announced>
+  <revised count="02">2005-08-02</revised>
+  <bug>100686</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="amd64">
+      <unaffected range="ge">2.1.2</unaffected>
+      <vulnerable range="lt">2.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The x86 emulation base libraries for AMD64 emulate the x86 (32-bit)
+    architecture on the AMD64 (64-bit) architecture.
+    </p>
+  </background>
+  <description>
+    <p>
+    Earlier versions of emul-linux-x86-baselibs contain a vulnerable
+    version of zlib, which may lead to a buffer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By creating a specially crafted compressed data stream, attackers can
+    overwrite data structures for applications that use the x86 emulation
+    base libraries for AMD64, resulting in a Denial of Service and
+    potentially arbitrary code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AMD64 x86 emulation base libraries users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-emulation/emul-linux-x86-baselibs</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200507-05.xml">GLSA 200507-05</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200507-19.xml">GLSA 200507-19</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849">CAN-2005-1849</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096">CAN-2005-2096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-30T08:48:26Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-30T08:50:21Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-30T09:53:12Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200507-29.xml b/metadata/glsa/glsa-200507-29.xml
new file mode 100644
index 000000000000..c1441b239738
--- /dev/null
+++ b/metadata/glsa/glsa-200507-29.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200507-29">
+  <title>pstotext: Remote execution of arbitrary code</title>
+  <synopsis>
+    pstotext contains a vulnerability which can potentially result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pstotext</product>
+  <announced>2005-07-31</announced>
+  <revised count="02">2005-08-11</revised>
+  <bug>100245</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/pstotext" auto="yes" arch="*">
+      <unaffected range="ge">1.8g-r1</unaffected>
+      <vulnerable range="lt">1.8g-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pstotext is a program that works with GhostScript to extract plain text
+    from PostScript and PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Max Vozeler reported that pstotext calls the GhostScript interpreter on
+    untrusted PostScript files without specifying the -dSAFER option.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious PostScript file and entice a user
+    to run pstotext on it, resulting in the execution of arbitrary commands
+    with the permissions of the user running pstotext.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pstotext users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/pstotext-1.8g-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2536">CAN-2005-2536</uri>
+    <uri link="https://secunia.com/advisories/16183/">Secunia Advisory SA16183</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-30T18:50:03Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-30T18:53:14Z">
+    adir
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-30T19:15:41Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-01.xml b/metadata/glsa/glsa-200508-01.xml
new file mode 100644
index 000000000000..bb991ee0df5f
--- /dev/null
+++ b/metadata/glsa/glsa-200508-01.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-01">
+  <title>Compress::Zlib: Buffer overflow</title>
+  <synopsis>
+    Compress::Zlib is vulnerable to a buffer overflow which could potentially
+    lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Compress-Zlib</product>
+  <announced>2005-08-01</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>100540</bug>
+  <access>remote</access>
+  <affected>
+    <package name="perl-core/Compress-Zlib" auto="yes" arch="*">
+      <unaffected range="ge">1.35</unaffected>
+      <vulnerable range="lt">1.35</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Compress::Zlib is a Perl module which provides an interface to
+    the zlib compression library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Compress::Zlib 1.34 contains a local vulnerable version of zlib,
+    which may lead to a buffer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By creating a specially crafted compressed data stream, attackers
+    can overwrite data structures for applications that use Compress::Zlib,
+    resulting in a Denial of Service and potentially arbitrary code
+    execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Compress::Zlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=perl-core/Compress-Zlib-1.35"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200507-19.xml">GLSA 200507-19</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200507-05.xml">GLSA 200507-05</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849">CAN-2005-1849</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096">CAN-2005-2096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-28T11:43:56Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-29T23:24:17Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-01T05:55:33Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-02.xml b/metadata/glsa/glsa-200508-02.xml
new file mode 100644
index 000000000000..6ef9ea8da17f
--- /dev/null
+++ b/metadata/glsa/glsa-200508-02.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-02">
+  <title>ProFTPD: Format string vulnerabilities</title>
+  <synopsis>
+    Under specific circumstances, ProFTPD is vulnerable to format string
+    vulnerabilities, potentially resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2005-08-01</announced>
+  <revised count="01">2005-08-01</revised>
+  <bug>100364</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.2.10-r7</unaffected>
+      <vulnerable range="lt">1.2.10-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ProFTPD is a configurable GPL-licensed FTP server software.
+    </p>
+  </background>
+  <description>
+    <p> "infamous42md" reported that ProFTPD is vulnerable to format
+    string vulnerabilities when displaying a shutdown message containing
+    the name of the current directory, and when displaying response
+    messages to the client using information retrieved from a database
+    using mod_sql.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could create a directory with a malicious name
+    that would trigger the format string issue if specific variables are
+    used in the shutdown message, potentially resulting in a Denial of
+    Service or the execution of arbitrary code with the rights of the user
+    running the ProFTPD server. An attacker with control over the database
+    contents could achieve the same result by introducing malicious
+    messages that would trigger the other format string issue when used in
+    server responses.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not use the "%C", "%R", or "%U" in shutdown messages, and do
+    not set the "SQLShowInfo" directive.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ProFTPD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.2.10-r7"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2390">CAN-2005-2390</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-27T14:13:46Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-30T00:11:05Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-07-31T14:18:50Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-03.xml b/metadata/glsa/glsa-200508-03.xml
new file mode 100644
index 000000000000..1bd082aa4a8f
--- /dev/null
+++ b/metadata/glsa/glsa-200508-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-03">
+  <title>nbSMTP: Format string vulnerability</title>
+  <synopsis>
+    nbSMTP is vulnerable to a format string vulnerability which may result in
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nbsmtp</product>
+  <announced>2005-08-02</announced>
+  <revised count="02">2005-08-11</revised>
+  <bug>100274</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/nbsmtp" auto="yes" arch="*">
+      <unaffected range="ge">1.00</unaffected>
+      <vulnerable range="lt">1.00</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    nbSMTP is an SMTP client suitable to run in chroot jails, in embedded
+    systems, laptops and workstations.
+    </p>
+  </background>
+  <description>
+    <p>
+    Niels Heinen discovered a format string vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can setup a malicious SMTP server and exploit this
+    vulnerability to execute arbitrary code with the permissions of the
+    user running nbSMTP.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All nbSMTP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/nbsmtp-1.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2409">CAN-2005-2409</uri>
+    <uri link="https://nbsmtp.ferdyx.org/">nbSMTP official site</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-07-29T15:56:07Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-07-29T23:01:19Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-02T12:46:50Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-04.xml b/metadata/glsa/glsa-200508-04.xml
new file mode 100644
index 000000000000..a93ab9fe9828
--- /dev/null
+++ b/metadata/glsa/glsa-200508-04.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-04">
+  <title>Netpbm: Arbitrary code execution in pstopnm</title>
+  <synopsis>
+    The pstopnm utility, part of the Netpbm tools, contains a vulnerability
+    which can potentially result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Netpbm</product>
+  <announced>2005-08-05</announced>
+  <revised count="06">2009-05-28</revised>
+  <bug>100398</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/netpbm" auto="yes" arch="*">
+      <unaffected range="ge">10.28</unaffected>
+      <unaffected range="rge">10.26.32</unaffected>
+      <unaffected range="rge">10.26.33</unaffected>
+      <unaffected range="rge">10.26.42</unaffected>
+      <unaffected range="rge">10.26.43</unaffected>
+      <unaffected range="rge">10.26.44</unaffected>
+      <unaffected range="rge">10.26.48</unaffected>
+      <unaffected range="rge">10.26.49</unaffected>
+      <unaffected range="rge">10.26.59</unaffected>
+      <unaffected range="rge">10.26.61</unaffected>
+      <vulnerable range="lt">10.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Netpbm is a package of 220 graphics programs and a programming
+    libraries, including pstopnm. pstopnm is a tool which converts
+    PostScript files to PNM image files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Max Vozeler reported that pstopnm calls the GhostScript interpreter on
+    untrusted PostScript files without specifying the -dSAFER option, to
+    convert a PostScript file into a PBM, PGM, or PNM file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious PostScript file and entice a user
+    to run pstopnm on it, resulting in the execution of arbitrary commands
+    with the permissions of the user running pstopnm.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Netpbm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose media-libs/netpbm</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2471">CAN-2005-2471</uri>
+    <uri link="https://secunia.com/advisories/16184/">Secunia Advisory SA16184</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-02T10:10:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-02T11:24:11Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-05T10:42:23Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-05.xml b/metadata/glsa/glsa-200508-05.xml
new file mode 100644
index 000000000000..b20175694980
--- /dev/null
+++ b/metadata/glsa/glsa-200508-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-05">
+  <title>Heartbeat: Insecure temporary file creation</title>
+  <synopsis>
+    Heartbeat is vulnerable to symlink attacks, potentially allowing a local
+    user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">Heartbeat</product>
+  <announced>2005-08-07</announced>
+  <revised count="01">2005-08-07</revised>
+  <bug>97175</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-cluster/heartbeat" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3-r1</unaffected>
+      <vulnerable range="lt">1.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heartbeat is a component of the High-Availability Linux project.
+    It it used to perform death-of-node detection, communications and
+    cluster management.
+    </p>
+  </background>
+  <description>
+    <p>
+    Eric Romang has discovered that Heartbeat insecurely creates
+    temporary files with predictable filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary file
+    directory, pointing to a valid file somewhere on the filesystem. When a
+    vulnerable script is executed, this could lead to the file being
+    overwritten with the rights of the user running the affected
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Heartbeat users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-cluster/heartbeat-1.2.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2231">CAN-2005-2231</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-05T07:37:14Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-05T14:33:59Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-05T14:54:26Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-06.xml b/metadata/glsa/glsa-200508-06.xml
new file mode 100644
index 000000000000..ba56d7813db8
--- /dev/null
+++ b/metadata/glsa/glsa-200508-06.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-06">
+  <title>Gaim: Remote execution of arbitrary code</title>
+  <synopsis>
+    Gaim is vulnerable to a buffer overflow which could lead to the execution
+    of arbitrary code or to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">Gaim</product>
+  <announced>2005-08-15</announced>
+  <revised count="01">2005-08-15</revised>
+  <bug>102000</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gaim" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0</unaffected>
+      <vulnerable range="lt">1.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gaim is a full featured instant messaging client which handles a
+    variety of instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Brandon Perry discovered that Gaim is vulnerable to a heap-based
+    buffer overflow when handling away messages (CAN-2005-2103).
+    Furthermore, Daniel Atallah discovered a vulnerability in the handling
+    of file transfers (CAN-2005-2102).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could create a specially crafted away message
+    which, when viewed by the target user, could lead to the execution of
+    arbitrary code. Also, an attacker could send a file with a non-UTF8
+    filename to a user, which would result in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gaim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/gaim-1.5.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102">CAN-2005-2102</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103">CAN-2005-2103</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-12T08:01:27Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-12T19:16:18Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-13T08:53:41Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-07.xml b/metadata/glsa/glsa-200508-07.xml
new file mode 100644
index 000000000000..bf2510583d55
--- /dev/null
+++ b/metadata/glsa/glsa-200508-07.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-07">
+  <title>AWStats: Arbitrary code execution using malicious Referrer information</title>
+  <synopsis>
+    AWStats fails to validate certain log input, which could lead to the
+    execution of arbitrary Perl code during the generation of the statistics.
+  </synopsis>
+  <product type="ebuild">awstats</product>
+  <announced>2005-08-16</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>102145</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-misc/awstats" auto="yes" arch="*">
+      <unaffected range="ge">6.5</unaffected>
+      <vulnerable range="lt">6.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    AWStats is an advanced log file analyzer and statistics generator.
+    In HTTP reports it parses Referrer information in order to display the
+    most common Referrer values that caused users to visit the website.
+    </p>
+  </background>
+  <description>
+    <p>
+    When using a URLPlugin, AWStats fails to sanitize Referrer URL
+    data before using them in a Perl eval() routine.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can include arbitrary Referrer information in a
+    HTTP request to a web server, therefore injecting tainted data in the
+    log files. When AWStats is run on this log file, this can result in the
+    execution of arbitrary Perl code with the rights of the user running
+    AWStats.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable all URLPlugins in the AWStats configuration.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AWStats users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-misc/awstats-6.5"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1527">CAN-2005-1527</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=290&amp;type=vulnerabilities">iDEFENSE Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-08-12T17:33:30Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-13T08:56:51Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-08.xml b/metadata/glsa/glsa-200508-08.xml
new file mode 100644
index 000000000000..291765b07757
--- /dev/null
+++ b/metadata/glsa/glsa-200508-08.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-08">
+  <title>Xpdf, Kpdf, GPdf: Denial of Service vulnerability</title>
+  <synopsis>
+    Xpdf, Kpdf and GPdf may crash as a result of a Denial of Service
+    vulnerability.
+  </synopsis>
+  <product type="ebuild">xpdf kpdf gpdf</product>
+  <announced>2005-08-16</announced>
+  <revised count="01">2005-08-16</revised>
+  <bug>99769</bug>
+  <bug>100263</bug>
+  <bug>100265</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.00-r10</unaffected>
+      <vulnerable range="lt">3.00-r10</vulnerable>
+    </package>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r3</unaffected>
+      <vulnerable range="lt">3.3.2-r3</vulnerable>
+    </package>
+    <package name="kde-base/kpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.4.1-r1</unaffected>
+      <vulnerable range="lt">3.4.1-r1</vulnerable>
+    </package>
+    <package name="app-text/gpdf" auto="yes" arch="*">
+      <unaffected range="ge">2.10.0-r1</unaffected>
+      <vulnerable range="lt">2.10.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xpdf, Kpdf and GPdf are PDF file viewers that run under the X
+    Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part
+    of kdegraphics.
+    </p>
+  </background>
+  <description>
+    <p>
+    Xpdf, Kpdf and GPdf do not handle a broken table of embedded
+    TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and
+    GPdf attempt to reconstruct the information in it by decoding the PDF
+    file, which causes the generation of a huge temporary file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may cause a Denial of Service by creating a
+    specially crafted PDF file, sending it to a CUPS printing system (which
+    uses Xpdf), or by enticing a user to open it in Xpdf, Kpdf, or GPdf.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/xpdf-3.00-r10"</code>
+    <p>
+    All GPdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/gpdf-2.10.0-r1"</code>
+    <p>
+    All Kpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdegraphics-3.3.2-r3"</code>
+    <p>
+    All KDE Split Ebuild Kpdf users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kpdf-3.4.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097">CAN-2005-2097</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-12T15:22:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-12T20:47:38Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-13T08:53:33Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-09.xml b/metadata/glsa/glsa-200508-09.xml
new file mode 100644
index 000000000000..6eeb956e2d90
--- /dev/null
+++ b/metadata/glsa/glsa-200508-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-09">
+  <title>bluez-utils: Bluetooth device name validation vulnerability</title>
+  <synopsis>
+    Improper validation of Bluetooth device names can lead to arbitrary command
+    execution.
+  </synopsis>
+  <product type="ebuild">bluez-utils</product>
+  <announced>2005-08-17</announced>
+  <revised count="01">2005-08-17</revised>
+  <bug>101557</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/bluez-utils" auto="yes" arch="*">
+      <unaffected range="ge">2.19</unaffected>
+      <vulnerable range="lt">2.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    bluez-utils are the utilities for use with the BlueZ
+    implementation of the Bluetooth wireless standards for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    The name of a Bluetooth device is improperly validated by the hcid
+    utility when a remote device attempts to pair itself with a computer.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could create a malicious device name on a Bluetooth
+    device resulting in arbitrary commands being executed as root upon
+    attempting to pair the device with the computer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All bluez-utils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/bluez-utils-2.19"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547">CAN-2005-2547</uri>
+    <uri link="https://cvs.sourceforge.net/viewcvs.py/bluez/utils/ChangeLog?rev=1.28&amp;view=markup">bluez-utils ChangeLog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-09T20:35:32Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-10T02:45:23Z">
+    r2d2
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-17T13:18:39Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-10.xml b/metadata/glsa/glsa-200508-10.xml
new file mode 100644
index 000000000000..1b4391662545
--- /dev/null
+++ b/metadata/glsa/glsa-200508-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-10">
+  <title>Kismet: Multiple vulnerabilities</title>
+  <synopsis>
+    Kismet is vulnerable to multiple issues potentially resulting in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Kismet</product>
+  <announced>2005-08-19</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>102702</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/kismet" auto="yes" arch="*">
+      <unaffected range="ge">2005.08.1</unaffected>
+      <vulnerable range="lt">2005.08.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and
+    intrusion detection system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kismet is vulnerable to a heap overflow when handling pcap captures and
+    to an integer underflow in the CDP protocol dissector.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    With a specially crafted packet an attacker could cause Kismet to
+    execute arbitrary code with the rights of the user running the program.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Kismet users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/kismet-2005.08.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kismetwireless.net/blog/?entry=/kismet/entry-1124158146.txt">Kismet Release Notes</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2626">CVE-2005-2626</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2627">CVE-2005-2627</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-17T05:08:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-18T05:16:35Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-18T07:53:07Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-11.xml b/metadata/glsa/glsa-200508-11.xml
new file mode 100644
index 000000000000..b2b96ed83686
--- /dev/null
+++ b/metadata/glsa/glsa-200508-11.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-11">
+  <title>Adobe Reader: Buffer Overflow</title>
+  <synopsis>
+    Adobe Reader is vulnerable to a buffer overflow which could potentially
+    lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2005-08-19</announced>
+  <revised count="01">2005-08-19</revised>
+  <bug>102730</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">7.0.1.1</unaffected>
+      <vulnerable range="lt">7.0.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Reader is a utility used to view PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow has been reported within a core application
+    plug-in, which is part of Adobe Reader.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may create a specially-crafted PDF file, enticing a
+    user to open it. This could trigger a buffer overflow as the file is
+    being loaded, resulting in the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-7.0.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2470">CAN-2005-2470</uri>
+    <uri link="https://www.adobe.com/support/techdocs/321644.html">Adobe Document 321644</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-16T23:13:16Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-17T16:19:50Z">
+    adir
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-17T16:52:49Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-12.xml b/metadata/glsa/glsa-200508-12.xml
new file mode 100644
index 000000000000..c29f810dee23
--- /dev/null
+++ b/metadata/glsa/glsa-200508-12.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-12">
+  <title>Evolution: Format string vulnerabilities</title>
+  <synopsis>
+    Evolution is vulnerable to format string vulnerabilities which may result
+    in remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">evolution</product>
+  <announced>2005-08-23</announced>
+  <revised count="01">2005-08-23</revised>
+  <bug>102051</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/evolution" auto="yes" arch="*">
+      <unaffected range="ge">2.2.3-r3</unaffected>
+      <vulnerable range="lt">2.2.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Evolution is a GNOME groupware application.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar discovered that Evolution is vulnerable to format
+    string bugs when viewing attached vCards and when displaying contact
+    information from remote LDAP servers or task list data from remote
+    servers (CAN-2005-2549). He also discovered that Evolution fails to
+    handle special calendar entries if the user switches to the Calendars
+    tab (CAN-2005-2550).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could attach specially crafted vCards to emails or
+    setup malicious LDAP servers or calendar entries which would trigger
+    the format string vulnerabilities when viewed or accessed from
+    Evolution. This could potentially result in the execution of arbitrary
+    code with the rights of the user running Evolution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Evolution users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/evolution-2.2.3-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549">CAN-2005-2549</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550">CAN-2005-2550</uri>
+    <uri link="http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html">SITIC Vulnerability Advisory SA05-001</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-21T20:42:02Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-22T11:14:56Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-23T07:46:15Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-13.xml b/metadata/glsa/glsa-200508-13.xml
new file mode 100644
index 000000000000..74787d637b1c
--- /dev/null
+++ b/metadata/glsa/glsa-200508-13.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-13">
+  <title>PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability</title>
+  <synopsis>
+    The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute
+    arbitrary PHP script commands.
+  </synopsis>
+  <product type="ebuild">pear-xml_rpc phpxmlrpc</product>
+  <announced>2005-08-24</announced>
+  <revised count="01">2005-08-24</revised>
+  <bug>102378</bug>
+  <bug>102576</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/PEAR-XML_RPC" auto="yes" arch="*">
+      <unaffected range="ge">1.4.0</unaffected>
+      <vulnerable range="lt">1.4.0</vulnerable>
+    </package>
+    <package name="dev-php/phpxmlrpc" auto="yes" arch="*">
+      <unaffected range="ge">1.2-r1</unaffected>
+      <vulnerable range="lt">1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The PEAR XML-RPC and phpxmlrpc libraries are both PHP
+    implementations of the XML-RPC protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser of the Hardened-PHP Project discovered that the PEAR
+    XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC
+    requests and responses with malformed nested tags.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to inject
+    arbitrary PHP script code into eval() statements by sending a specially
+    crafted XML document to web applications making use of these libraries.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PEAR-XML_RPC users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-XML_RPC-1.4.0"</code>
+    <p>
+    All phpxmlrpc users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/phpxmlrpc-1.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498">CAN-2005-2498</uri>
+    <uri link="https://www.hardened-php.net/advisory_142005.66.html">Hardened-PHP 14/2005 Advisory</uri>
+    <uri link="https://www.hardened-php.net/advisory_152005.67.html">Hardened-PHP 15/2005 Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-08-23T08:36:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-23T20:48:36Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-14.xml b/metadata/glsa/glsa-200508-14.xml
new file mode 100644
index 000000000000..6597d691f0ee
--- /dev/null
+++ b/metadata/glsa/glsa-200508-14.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-14">
+  <title>TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC</title>
+  <synopsis>
+    TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to
+    arbitrary command execution.
+  </synopsis>
+  <product type="ebuild">tikiwiki egroupware</product>
+  <announced>2005-08-24</announced>
+  <revised count="01">2005-08-24</revised>
+  <bug>102374</bug>
+  <bug>102377</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5-r2</unaffected>
+      <vulnerable range="lt">1.8.5-r2</vulnerable>
+    </package>
+    <package name="www-apps/egroupware" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0.009</unaffected>
+      <vulnerable range="lt">1.0.0.009</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is a full featured Free Software Wiki, CMS and Groupware
+    written in PHP. eGroupWare is a web-based collaboration software suite.
+    Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC
+    requests.
+    </p>
+  </background>
+  <description>
+    <p>
+    The XML-RPC library shipped in TikiWiki and eGroupWare improperly
+    handles XML-RPC requests and responses with malformed nested tags.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to inject
+    arbitrary PHP script code into eval() statements by sending a specially
+    crafted XML document to TikiWiki or eGroupWare.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.8.5-r2"</code>
+    <p>
+    All eGroupWare users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/egroupware-1.0.0.009"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498">CAN-2005-2498</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-22T20:59:23Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-23T23:39:36Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-24T19:23:08Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-15.xml b/metadata/glsa/glsa-200508-15.xml
new file mode 100644
index 000000000000..8f7fe6fd769c
--- /dev/null
+++ b/metadata/glsa/glsa-200508-15.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-15">
+  <title>Apache 2.0: Denial of Service vulnerability</title>
+  <synopsis>
+    A bug in Apache may allow a remote attacker to perform a Denial of Service
+    attack.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2005-08-25</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>102991</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.54-r9</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.0.54-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP Server Project is a featureful, freely-available HTTP
+    (Web) server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Filip Sneppe discovered that Apache improperly handles byterange
+    requests to CGI scripts.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may access vulnerable scripts in a malicious way,
+    exhausting all RAM and swap space on the server, resulting in a Denial
+    of Service of the Apache server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All apache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.0.54-r9"</code>
+  </resolution>
+  <references>
+    <uri link="https://issues.apache.org/bugzilla/show_bug.cgi?id=29962">ASF Bugzilla Bug 29962</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">CVE-2005-2728</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-22T07:26:08Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-22T07:47:26Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-24T00:58:46Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-16.xml b/metadata/glsa/glsa-200508-16.xml
new file mode 100644
index 000000000000..c7162804b4bf
--- /dev/null
+++ b/metadata/glsa/glsa-200508-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-16">
+  <title>Tor: Information disclosure</title>
+  <synopsis>
+    A flaw in Tor leads to the disclosure of information and the loss of
+    anonymity, integrity and confidentiality.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2005-08-25</announced>
+  <revised count="01">2005-08-25</revised>
+  <bug>102245</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.1.0.14</unaffected>
+      <vulnerable range="lt">0.1.0.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tor is an implementation of second generation Onion Routing, a
+    connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Diffie-Hellman implementation of Tor fails to verify the
+    cryptographic strength of keys which are used during handshakes.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By setting up a malicious Tor server and enticing users to use
+    this server as first hop, a remote attacker could read and modify all
+    traffic of the user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.1.0.14"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2643">CAN-2005-2643</uri>
+    <uri link="http://archives.seul.org/or/announce/Aug-2005/msg00002.html">Tor Security Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-23T08:23:08Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-23T09:42:34Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-23T16:08:44Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-17.xml b/metadata/glsa/glsa-200508-17.xml
new file mode 100644
index 000000000000..94e90b42016b
--- /dev/null
+++ b/metadata/glsa/glsa-200508-17.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-17">
+  <title>libpcre: Heap integer overflow</title>
+  <synopsis>
+    libpcre is vulnerable to a heap integer overflow, possibly leading to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libpcre</product>
+  <announced>2005-08-25</announced>
+  <revised count="01">2005-08-25</revised>
+  <bug>103337</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre" auto="yes" arch="*">
+      <unaffected range="ge">6.3</unaffected>
+      <vulnerable range="lt">6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpcre is a library providing functions for Perl-compatible
+    regular expressions.
+    </p>
+  </background>
+  <description>
+    <p>
+    libpcre fails to check certain quantifier values in regular
+    expressions for sane values.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could possibly exploit this vulnerability to execute
+    arbitrary code by sending specially crafted regular expressions to
+    applications making use of the libpcre library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpcre users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-6.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491">CAN-2005-2491</uri>
+    <uri link="http://www.securitytracker.com/alerts/2005/Aug/1014744.html">SecurityTracker Alert ID 1014744</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-23T08:06:54Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-23T16:35:02Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-23T19:48:38Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-18.xml b/metadata/glsa/glsa-200508-18.xml
new file mode 100644
index 000000000000..020f7a4e5eff
--- /dev/null
+++ b/metadata/glsa/glsa-200508-18.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-18">
+  <title>PhpWiki: Arbitrary command execution through XML-RPC</title>
+  <synopsis>
+    PhpWiki includes PHP XML-RPC code which is vulnerable to arbitrary command
+    execution.
+  </synopsis>
+  <product type="ebuild">phpwiki</product>
+  <announced>2005-08-26</announced>
+  <revised count="01">2005-08-26</revised>
+  <bug>102380</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.3.10-r2</unaffected>
+      <vulnerable range="lt">1.3.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PhpWiki is an application that creates a web site where anyone can
+    edit the pages through HTML forms.
+    </p>
+  </background>
+  <description>
+    <p>
+    Earlier versions of PhpWiki contain an XML-RPC library that
+    improperly handles XML-RPC requests and responses with malformed nested
+    tags.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to inject
+    arbitrary PHP script code into eval() statements by sending a specially
+    crafted XML document to PhpWiki.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PhpWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpwiki-1.3.10-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498">CAN-2005-2498</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-25T08:45:11Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-25T11:46:47Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-25T20:44:22Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-19.xml b/metadata/glsa/glsa-200508-19.xml
new file mode 100644
index 000000000000..394591c6e5ba
--- /dev/null
+++ b/metadata/glsa/glsa-200508-19.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-19">
+  <title>lm_sensors: Insecure temporary file creation</title>
+  <synopsis>
+    lm_sensors is vulnerable to linking attacks, potentially allowing a local
+    user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">lm_sensors</product>
+  <announced>2005-08-30</announced>
+  <revised count="01">2005-08-30</revised>
+  <bug>103568</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/lm_sensors" auto="yes" arch="*">
+      <unaffected range="ge">2.9.1-r1</unaffected>
+      <vulnerable range="lt">2.9.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    lm_sensors is a software package that provides drivers for
+    monitoring the temperatures, voltages, and fans of Linux systems with
+    hardware monitoring devices.
+    </p>
+  </background>
+  <description>
+    <p>
+    Javier Fernandez-Sanguino Pena has discovered that lm_sensors
+    insecurely creates temporary files with predictable filenames when
+    saving configurations.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary file
+    directory, pointing to a valid file somewhere on the filesystem. When
+    the pwmconfig script of lm_sensors is executed, this would result in
+    the file being overwritten with the rights of the user running the
+    script, which typically is the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All lm_sensors users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/lm_sensors-2.9.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672">CAN-2005-2672</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-27T09:37:19Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-27T09:38:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-27T22:28:16Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-20.xml b/metadata/glsa/glsa-200508-20.xml
new file mode 100644
index 000000000000..7dcab81383d0
--- /dev/null
+++ b/metadata/glsa/glsa-200508-20.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-20">
+  <title>phpGroupWare: Multiple vulnerabilities</title>
+  <synopsis>
+    phpGroupWare is vulnerable to multiple issues ranging from information
+    disclosure to a potential execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">phpgroupware</product>
+  <announced>2005-08-30</announced>
+  <revised count="01">2005-08-30</revised>
+  <bug>102379</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpgroupware" auto="yes" arch="*">
+      <unaffected range="ge">0.9.16.008</unaffected>
+      <vulnerable range="lt">0.9.16.008</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpGroupWare is a multi-user groupware suite written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    phpGroupWare improperly validates the "mid" parameter retrieved
+    via a forum post. The current version of phpGroupWare also adds several
+    safeguards to prevent XSS issues, and disables the use of a potentially
+    vulnerable XML-RPC library.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker may leverage the XML-RPC vulnerability to
+    execute arbitrary PHP script code. He could also create a specially
+    crafted request that will reveal private posts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpGroupWare users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpgroupware-0.9.16.008"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2498">CAN-2005-2498</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2600">CAN-2005-2600</uri>
+    <uri link="https://secunia.com/advisories/16414">Secunia Advisory SA16414</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-28T18:52:38Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-29T09:01:02Z">
+    adir
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-29T10:35:27Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-21.xml b/metadata/glsa/glsa-200508-21.xml
new file mode 100644
index 000000000000..5d33b8b72b66
--- /dev/null
+++ b/metadata/glsa/glsa-200508-21.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-21">
+  <title>phpWebSite: Arbitrary command execution through XML-RPC and SQL injection</title>
+  <synopsis>
+    phpWebSite is vulnerable to multiple issues which result in the execution
+    of arbitrary code and SQL injection.
+  </synopsis>
+  <product type="ebuild">phpwebsite</product>
+  <announced>2005-08-31</announced>
+  <revised count="01">2005-08-31</revised>
+  <bug>102785</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpwebsite" auto="yes" arch="*">
+      <unaffected range="ge">0.10.2_rc2</unaffected>
+      <vulnerable range="lt">0.10.2_rc2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpWebSite is a web site content management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    phpWebSite uses an XML-RPC library that improperly handles XML-RPC
+    requests and responses with malformed nested tags. Furthermore,
+    "matrix_killer" reported that phpWebSite is vulnerable to an SQL
+    injection attack.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A malicious remote user could exploit this vulnerability to inject
+    arbitrary PHP script code into eval() statements by sending a specially
+    crafted XML document, and also inject SQL commands to access the
+    underlying database directly.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpWebSite users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpwebsite-0.10.2_rc2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498">CAN-2005-2498</uri>
+    <uri link="http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0497.html">Original Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-25T18:35:22Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-29T11:14:08Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-31T02:40:59Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200508-22.xml b/metadata/glsa/glsa-200508-22.xml
new file mode 100644
index 000000000000..6374d5deb121
--- /dev/null
+++ b/metadata/glsa/glsa-200508-22.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200508-22">
+  <title>pam_ldap: Authentication bypass vulnerability</title>
+  <synopsis>
+    pam_ldap contains a vulnerability that may allow a remote attacker to gain
+    system access.
+  </synopsis>
+  <product type="ebuild">pam_ldap</product>
+  <announced>2005-08-31</announced>
+  <revised count="01">2005-08-31</revised>
+  <bug>103659</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-auth/pam_ldap" auto="yes" arch="*">
+      <unaffected range="ge">180</unaffected>
+      <vulnerable range="lt">180</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pam_ldap is a Pluggable Authentication Module which allows
+    authentication against LDAP directories.
+    </p>
+  </background>
+  <description>
+    <p>
+    When a pam_ldap client attempts to authenticate against an LDAP
+    server that omits the optional error value from the
+    PasswordPolicyResponseValue, the authentication attempt will always
+    succeed.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may exploit this vulnerability to bypass the
+    LDAP authentication mechanism, gaining access to the system possibly
+    with elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pam_ldap users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-auth/pam_ldap-180"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2641">CAN-2005-2641</uri>
+    <uri link="https://www.kb.cert.org/vuls/id/778916">US-CERT VU#778916</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-29T14:50:51Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-29T14:51:34Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-08-29T20:08:30Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-01.xml b/metadata/glsa/glsa-200509-01.xml
new file mode 100644
index 000000000000..cb5fae42a29d
--- /dev/null
+++ b/metadata/glsa/glsa-200509-01.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-01">
+  <title>MPlayer: Heap overflow in ad_pcm.c</title>
+  <synopsis>
+    A heap overflow in MPlayer might lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">MPlayer</product>
+  <announced>2005-09-01</announced>
+  <revised count="01">2005-09-01</revised>
+  <bug>103555</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_pre7-r1</unaffected>
+      <vulnerable range="lt">1.0_pre7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player capable of handling multiple multimedia
+    file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sven Tantau discovered a heap overflow in the code handling the
+    strf chunk of PCM audio streams.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious video or audio file which,
+    when opened using MPlayer, would end up executing arbitrary code on the
+    victim's computer with the permissions of the user running MPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You can mitigate the issue by adding "ac=-pcm," to your MPlayer
+    configuration file (note that this will prevent you from playing
+    uncompressed audio).
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0_pre7-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718">CAN-2005-2718</uri>
+    <uri link="http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt">Original Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-08-28T16:55:40Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-01T08:08:19Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-02.xml b/metadata/glsa/glsa-200509-02.xml
new file mode 100644
index 000000000000..ca89466fca32
--- /dev/null
+++ b/metadata/glsa/glsa-200509-02.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-02">
+  <title>Gnumeric: Heap overflow in the included PCRE library</title>
+  <synopsis>
+    Gnumeric is vulnerable to a heap overflow, possibly leading to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Gnumeric</product>
+  <announced>2005-09-03</announced>
+  <revised count="01">2005-09-03</revised>
+  <bug>104010</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/gnumeric" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3-r2</unaffected>
+      <vulnerable range="lt">1.4.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Gnumeric spreadsheet is a versatile application developed as
+    part of the GNOME Office project. libpcre is a library providing
+    functions for Perl-compatible regular expressions.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gnumeric contains a private copy of libpcre which is subject to an
+    integer overflow leading to a heap overflow (see GLSA 200508-17).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could potentially exploit this vulnerability by
+    tricking a user into opening a specially crafted spreadsheet, which
+    could lead to the execution of arbitrary code with the privileges of
+    the user running Gnumeric.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gnumeric users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/gnumeric-1.4.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491">CAN-2005-2491</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200508-17.xml">GLSA 200508-17</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-02T07:34:06Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-02T08:27:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-02T15:23:09Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-03.xml b/metadata/glsa/glsa-200509-03.xml
new file mode 100644
index 000000000000..db37c50b77e0
--- /dev/null
+++ b/metadata/glsa/glsa-200509-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-03">
+  <title>OpenTTD: Format string vulnerabilities</title>
+  <synopsis>
+    OpenTTD is vulnerable to format string vulnerabilities which may result in
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openttd</product>
+  <announced>2005-09-05</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>102631</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-simulation/openttd" auto="yes" arch="*">
+      <unaffected range="ge">0.4.0.1-r1</unaffected>
+      <vulnerable range="lt">0.4.0.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenTTD is an open source clone of the simulation game "Transport
+    Tycoon Deluxe" by Microprose.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alexey Dobriyan discovered several format string vulnerabilities in
+    OpenTTD.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to crash the
+    OpenTTD server or client and possibly execute arbitrary code with the
+    rights of the user running OpenTTD.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenTTD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-simulation/openttd-0.4.0.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2763">CAN-2005-2763</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2764">CVE-2005-2764</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-01T05:03:56Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-01T08:12:01Z">
+    adir
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-04T15:43:14Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-04.xml b/metadata/glsa/glsa-200509-04.xml
new file mode 100644
index 000000000000..d8b4d4ef760a
--- /dev/null
+++ b/metadata/glsa/glsa-200509-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-04">
+  <title>phpLDAPadmin: Authentication bypass</title>
+  <synopsis>
+    A flaw in phpLDAPadmin may allow attackers to bypass security restrictions
+    and connect anonymously.
+  </synopsis>
+  <product type="ebuild">phpLDAPadmin</product>
+  <announced>2005-09-06</announced>
+  <revised count="01">2005-09-06</revised>
+  <bug>104293</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nds/phpldapadmin" auto="yes" arch="*">
+      <unaffected range="ge">0.9.7_alpha6</unaffected>
+      <vulnerable range="lt">0.9.7_alpha6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpLDAPadmin is a web-based LDAP client allowing to easily manage
+    LDAP servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alexander Gerasiov discovered a flaw in login.php preventing the
+    application from validating whether anonymous bind has been disabled in
+    the target LDAP server configuration.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Anonymous users can access the LDAP server, even if the
+    "disable_anon_bind" parameter was explicitly set to avoid this.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpLDAPadmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-nds/phpldapadmin-0.9.7_alpha6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2654">CAN-2005-2654</uri>
+    <uri link="https://secunia.com/advisories/16611/">Secunia Advisory SA16611</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-08-31T17:15:50Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-08-31T17:15:59Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-02T18:39:01Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-05.xml b/metadata/glsa/glsa-200509-05.xml
new file mode 100644
index 000000000000..21fbed08c2b6
--- /dev/null
+++ b/metadata/glsa/glsa-200509-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-05">
+  <title>Net-SNMP: Insecure RPATH</title>
+  <synopsis>
+    The Gentoo Net-SNMP package may provide Perl modules containing an insecure
+    DT_RPATH, potentially allowing privilege escalation.
+  </synopsis>
+  <product type="ebuild">net-snmp</product>
+  <announced>2005-09-06</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>103776</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.2.1.2-r1</unaffected>
+      <vulnerable range="lt">5.2.1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Net-SNMP is a suite of applications used to implement the Simple
+    Network Management Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Cloos reported that Perl modules from the Net-SNMP package look
+    for libraries in an untrusted location. This is due to a flaw in the
+    Gentoo package, and not the Net-SNMP suite.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker (member of the portage group) may be able to create a
+    shared object that would be loaded by the Net-SNMP Perl modules,
+    executing arbitrary code with the privileges of the user invoking the
+    Perl script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Limit group portage access to trusted users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Net-SNMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/net-snmp-5.2.1.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2811">CVE-2005-2811</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-04T14:57:52Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-04T15:49:44Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-04T23:48:38Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-06.xml b/metadata/glsa/glsa-200509-06.xml
new file mode 100644
index 000000000000..d5619535bdac
--- /dev/null
+++ b/metadata/glsa/glsa-200509-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-06">
+  <title>Squid: Denial of Service vulnerabilities</title>
+  <synopsis>
+    Squid contains several bugs when handling certain malformed requests
+    resulting in a Denial of Service.
+  </synopsis>
+  <product type="ebuild">Squid</product>
+  <announced>2005-09-07</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>104603</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.5.10-r2</unaffected>
+      <vulnerable range="lt">2.5.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a full-featured Web proxy cache designed to run on Unix-like
+    systems. It supports proxying and caching of HTTP, FTP, and other
+    protocols, as well as SSL support, cache hierarchies, transparent
+    caching, access control lists and many more features.
+    </p>
+  </background>
+  <description>
+    <p>
+    Certain malformed requests result in a segmentation fault in the
+    sslConnectTimeout function, handling of other certain requests trigger
+    assertion failures.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By performing malformed requests an attacker could cause Squid to crash
+    by triggering an assertion failure or invalid memory reference.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-2.5.10-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.squid-cache.org/Versions/v2/2.5/bugs/">Squid Patches</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794">CVE-2005-2794</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796">CVE-2005-2796</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-05T08:24:13Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-05T08:39:15Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-07.xml b/metadata/glsa/glsa-200509-07.xml
new file mode 100644
index 000000000000..1a04fbac0ea3
--- /dev/null
+++ b/metadata/glsa/glsa-200509-07.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-07">
+  <title>X.Org: Heap overflow in pixmap allocation</title>
+  <synopsis>
+    An integer overflow in pixmap memory allocation potentially allows any
+    X.Org user to execute arbitrary code with elevated privileges.
+  </synopsis>
+  <product type="ebuild">X.Org</product>
+  <announced>2005-09-12</announced>
+  <revised count="01">2005-09-12</revised>
+  <bug>105688</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-x11" auto="yes" arch="*">
+      <unaffected range="ge">6.8.2-r3</unaffected>
+      <vulnerable range="lt">6.8.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    X.Org is X.Org Foundation's Public Implementation of the X Window
+    System.
+    </p>
+  </background>
+  <description>
+    <p>
+    X.Org is missing an integer overflow check during pixmap memory
+    allocation.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An X.Org user could exploit this issue to make the X server
+    execute arbitrary code with elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-x11-6.8.2-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495">CAN-2005-2495</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-06T08:58:25Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-12T15:28:20Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-08.xml b/metadata/glsa/glsa-200509-08.xml
new file mode 100644
index 000000000000..53e1efd477a7
--- /dev/null
+++ b/metadata/glsa/glsa-200509-08.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-08">
+  <title>Python: Heap overflow in the included PCRE library</title>
+  <synopsis>
+    The "re" Python module is vulnerable to a heap overflow, possibly leading
+    to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Python</product>
+  <announced>2005-09-12</announced>
+  <revised count="01">2005-09-12</revised>
+  <bug>104009</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">2.3.5-r2</unaffected>
+      <vulnerable range="lt">2.3.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented,
+    cross-platform programming language. The "re" Python module provides
+    regular expression functions.
+    </p>
+  </background>
+  <description>
+    <p>
+    The "re" Python module makes use of a private copy of libpcre
+    which is subject to an integer overflow leading to a heap overflow (see
+    GLSA 200508-17).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could target a Python-based web application (or SUID
+    application) that would use untrusted data as regular expressions,
+    potentially resulting in the execution of arbitrary code (or privilege
+    escalation).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Python users that don't run any Python web application or SUID
+    application (or that run one that wouldn't use untrusted inputs as
+    regular expressions) are not affected by this issue.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Python users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.3.5-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491">CAN-2005-2491</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200508-17.xml">GLSA 200508-17</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-10T18:18:03Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-11T15:37:16Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-11T18:47:02Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-09.xml b/metadata/glsa/glsa-200509-09.xml
new file mode 100644
index 000000000000..b401f158be0a
--- /dev/null
+++ b/metadata/glsa/glsa-200509-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-09">
+  <title>Py2Play: Remote execution of arbitrary Python code</title>
+  <synopsis>
+    A design error in Py2Play allows attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">py2play</product>
+  <announced>2005-09-17</announced>
+  <revised count="02">2006-09-05</revised>
+  <bug>103524</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/py2play" auto="yes" arch="*">
+      <unaffected range="ge">0.1.8</unaffected>
+      <vulnerable range="le">0.1.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Py2Play is a peer-to-peer network game engine written in Python.
+    Pickling is a Python feature allowing to serialize Python objects into
+    string representations (called pickles) that can be sent over the
+    network.
+    </p>
+  </background>
+  <description>
+    <p>
+    Arc Riley discovered that Py2Play uses Python pickles to send objects
+    over a peer-to-peer game network, and that clients accept without
+    restriction the objects and code sent by peers.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker participating in a Py2Play-powered game can send
+    malicious Python pickles, resulting in the execution of arbitrary
+    Python code on the targeted game client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All py2play users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-python/py2play-0.1.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2875">CAN-2005-2875</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-13T14:02:17Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-14T11:59:59Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-14T20:47:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-10.xml b/metadata/glsa/glsa-200509-10.xml
new file mode 100644
index 000000000000..af00e2ff2271
--- /dev/null
+++ b/metadata/glsa/glsa-200509-10.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-10">
+  <title>Mailutils: Format string vulnerability in imap4d</title>
+  <synopsis>
+    The imap4d server contains a vulnerability allowing an authenticated user
+    to execute arbitrary code with the privileges of the imap4d process.
+  </synopsis>
+  <product type="ebuild">mailutils</product>
+  <announced>2005-09-17</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>105458</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/mailutils" auto="yes" arch="*">
+      <unaffected range="ge">0.6-r2</unaffected>
+      <vulnerable range="lt">0.6-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU Mailutils are a collection of mail-related utilities, including
+    an IMAP4 server (imap4d).
+    </p>
+  </background>
+  <description>
+    <p>
+    The imap4d server contains a format string bug in the handling of IMAP
+    SEARCH requests.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An authenticated IMAP user could exploit the format string error in
+    imap4d to execute arbitrary code as the imap4d user, which is usually
+    root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Mailutils users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/mailutils-0.6-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.idefense.com/application/poi/display?id=303&amp;type=vulnerabilities">iDEFENSE 09.09.05 advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2878">CVE-2005-2878</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-15T13:42:03Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-15T13:42:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-11.xml b/metadata/glsa/glsa-200509-11.xml
new file mode 100644
index 000000000000..5d98285aa5f6
--- /dev/null
+++ b/metadata/glsa/glsa-200509-11.xml
@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-11">
+  <title>Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Mozilla Suite and Firefox are vulnerable to multiple issues, including some
+    that might be exploited to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla</product>
+  <announced>2005-09-18</announced>
+  <revised count="02">2005-09-29</revised>
+  <bug>105396</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.7-r2</unaffected>
+      <vulnerable range="lt">1.0.7-r2</vulnerable>
+    </package>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.12-r2</unaffected>
+      <vulnerable range="lt">1.7.12-r2</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.7</unaffected>
+      <vulnerable range="lt">1.0.7</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.12</unaffected>
+      <vulnerable range="lt">1.7.12</vulnerable>
+    </package>
+    <package name="net-libs/gecko-sdk" auto="yes" arch="*">
+      <unaffected range="ge">1.7.12</unaffected>
+      <vulnerable range="lt">1.7.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Suite is a popular all-in-one web browser that includes a
+    mail and news reader. Mozilla Firefox is the next-generation browser
+    from the Mozilla project. Gecko is the layout engine used in both
+    products.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Mozilla Suite and Firefox are both vulnerable to the following
+    issues:
+    </p>
+    <ul>
+    <li>Tom Ferris reported a heap overflow in IDN-enabled browsers with
+    malicious Host: headers (CAN-2005-2871).</li>
+    <li>"jackerror" discovered a heap overrun in XBM image processing
+    (CAN-2005-2701).</li>
+    <li>Mats Palmgren reported a potentially exploitable stack corruption
+    using specific Unicode sequences (CAN-2005-2702).</li>
+    <li>Georgi Guninski discovered an integer overflow in the JavaScript
+    engine (CAN-2005-2705)</li>
+    <li>Other issues ranging from DOM object spoofing to request header
+    spoofing were also found and fixed in the latest versions
+    (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707).</li>
+    </ul>
+    <p>
+    The Gecko engine in itself is also affected by some of these issues and
+    has been updated as well.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could setup a malicious site and entice a victim to
+    visit it, potentially resulting in arbitrary code execution with the
+    victim's privileges or facilitated spoofing of known websites.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround for all the issues.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0.7-r2"</code>
+    <p>
+    All Mozilla Suite users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-1.7.12-r2"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0.7"</code>
+    <p>
+    All Mozilla Suite binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-bin-1.7.12"</code>
+    <p>
+    All Gecko library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/gecko-sdk-1.7.12"</code>
+    <p>
+    
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701">CAN-2005-2701</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702">CAN-2005-2702</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703">CAN-2005-2703</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704">CAN-2005-2704</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705">CAN-2005-2705</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706">CAN-2005-2706</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707">CAN-2005-2707</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871">CAN-2005-2871</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Foundation Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-15T12:38:09Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-18T09:17:15Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-12.xml b/metadata/glsa/glsa-200509-12.xml
new file mode 100644
index 000000000000..a821df2a8b99
--- /dev/null
+++ b/metadata/glsa/glsa-200509-12.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-12">
+  <title>Apache, mod_ssl: Multiple vulnerabilities</title>
+  <synopsis>
+    mod_ssl and Apache are vulnerable to a restriction bypass and a potential
+    local privilege escalation.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2005-09-19</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>103554</bug>
+  <bug>104807</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="net-www/mod_ssl" auto="yes" arch="*">
+      <unaffected range="ge">2.8.24</unaffected>
+      <vulnerable range="lt">2.8.24</vulnerable>
+    </package>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.54-r15</unaffected>
+      <unaffected range="lt">2</unaffected>
+      <vulnerable range="lt">2.0.54-r15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    Internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3
+    and is also included in Apache 2.
+    </p>
+  </background>
+  <description>
+    <p>
+    mod_ssl contains a security issue when "SSLVerifyClient optional" is
+    configured in the global virtual host configuration (CAN-2005-2700).
+    Also, Apache's httpd includes a PCRE library, which makes it vulnerable
+    to an integer overflow (CAN-2005-2491).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Under a specific configuration, mod_ssl does not properly enforce the
+    client-based certificate authentication directive, "SSLVerifyClient
+    require", in a per-location context, which could be potentially used by
+    a remote attacker to bypass some restrictions. By creating a specially
+    crafted ".htaccess" file, a local attacker could possibly exploit
+    Apache's vulnerability, which would result in a local privilege
+    escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mod_ssl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-www/mod_ssl-2.8.24"</code>
+    <p>
+    All Apache 2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.0.54-r15"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491">CAN-2005-2491</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700">CAN-2005-2700</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-11T10:15:26Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-16T16:41:43Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-17T14:36:28Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-13.xml b/metadata/glsa/glsa-200509-13.xml
new file mode 100644
index 000000000000..6d0205565d98
--- /dev/null
+++ b/metadata/glsa/glsa-200509-13.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-13">
+  <title>Clam AntiVirus: Multiple vulnerabilities</title>
+  <synopsis>
+    Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service
+    to execution of arbitrary code when handling compressed executables.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2005-09-19</announced>
+  <revised count="01">2005-09-19</revised>
+  <bug>106279</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.87</unaffected>
+      <vulnerable range="lt">0.87</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a GPL anti-virus toolkit, designed for
+    integration with mail servers to perform attachment scanning. Clam
+    AntiVirus also provides a command line scanner and a tool for fetching
+    updates of the virus database.
+    </p>
+  </background>
+  <description>
+    <p>
+    Clam AntiVirus is vulnerable to a buffer overflow in
+    "libclamav/upx.c" when processing malformed UPX-packed executables. It
+    can also be sent into an infinite loop in "libclamav/fsg.c" when
+    processing specially-crafted FSG-packed executables.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a specially-crafted file an attacker could execute
+    arbitrary code with the permissions of the user running Clam AntiVirus,
+    or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Clam AntiVirus users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.87"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919">CAN-2005-2919</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920">CAN-2005-2920</uri>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=356974">Clam AntiVirus: Release Notes</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-18T16:20:33Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-18T16:20:41Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-14.xml b/metadata/glsa/glsa-200509-14.xml
new file mode 100644
index 000000000000..95c17a02d25d
--- /dev/null
+++ b/metadata/glsa/glsa-200509-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-14">
+  <title>Zebedee: Denial of Service vulnerability</title>
+  <synopsis>
+    A bug in Zebedee allows a remote attacker to perform a Denial of Service
+    attack.
+  </synopsis>
+  <product type="ebuild">zebedee</product>
+  <announced>2005-09-20</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>105115</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/zebedee" auto="yes" arch="*">
+      <unaffected range="rge">2.4.1-r1</unaffected>
+      <unaffected range="ge">2.5.3</unaffected>
+      <vulnerable range="lt">2.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Zebedee is an application that establishes an encrypted, compressed
+    tunnel for TCP/IP or UDP data transfer between two systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    "Shiraishi.M" reported that Zebedee crashes when "0" is received as the
+    port number in the protocol option header.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By performing malformed requests a remote attacker could cause Zebedee
+    to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Zebedee users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-misc/zebedee</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/bid/14796">BugTraq ID 14796</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2904">CVE-2005-2904</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-14T10:16:59Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-16T08:11:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-17T12:52:52Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-15.xml b/metadata/glsa/glsa-200509-15.xml
new file mode 100644
index 000000000000..c1b06ae3a37c
--- /dev/null
+++ b/metadata/glsa/glsa-200509-15.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-15">
+  <title>util-linux: umount command validation error</title>
+  <synopsis>
+    A command validation error in umount can lead to an escalation of
+    privileges.
+  </synopsis>
+  <product type="ebuild">util-linux</product>
+  <announced>2005-09-20</announced>
+  <revised count="01">2005-09-20</revised>
+  <bug>105805</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/util-linux" auto="yes" arch="*">
+      <unaffected range="ge">2.12q-r3</unaffected>
+      <vulnerable range="lt">2.12q-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    util-linux is a suite of useful Linux programs including umount, a
+    program used to unmount filesystems.
+    </p>
+  </background>
+  <description>
+    <p>
+    When a regular user mounts a filesystem, they are subject to
+    restrictions in the /etc/fstab configuration file. David Watson
+    discovered that when unmounting a filesystem with the '-r' option, the
+    read-only bit is set, while other bits, such as nosuid or nodev, are
+    not set, even if they were previously.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An unprivileged user facing nosuid or nodev restrictions can
+    umount -r a filesystem clearing those bits, allowing applications to be
+    executed suid, or have device nodes interpreted. In the case where the
+    user can freely modify the contents of the filesystem, privilege
+    escalation may occur as a custom program may execute with suid
+    permissions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Two workarounds exist, first, the suid bit can be removed from the
+    umount utility, or users can be restricted from mounting and unmounting
+    filesystems in /etc/fstab.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All util-linux users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/util-linux-2.12q-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2876">CAN-2005-2876</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-17T16:18:46Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-19T16:52:19Z">
+    r2d2
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-20T14:09:16Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-16.xml b/metadata/glsa/glsa-200509-16.xml
new file mode 100644
index 000000000000..f8884c8284f8
--- /dev/null
+++ b/metadata/glsa/glsa-200509-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-16">
+  <title>Mantis: XSS and SQL injection vulnerabilities</title>
+  <synopsis>
+    Mantis is affected by an SQL injection and several cross-site scripting
+    (XSS) vulnerabilities.
+  </synopsis>
+  <product type="ebuild">Mantis</product>
+  <announced>2005-09-24</announced>
+  <revised count="01">2005-09-24</revised>
+  <bug>103308</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mantisbt" auto="yes" arch="*">
+      <unaffected range="ge">0.19.2</unaffected>
+      <vulnerable range="lt">0.19.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mantis is a web-based bugtracking system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mantis fails to properly sanitize untrusted input before using it.
+    This leads to an SQL injection and several cross-site scripting
+    vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could possibly use the SQL injection vulnerability to
+    access or modify information from the Mantis database. Furthermore the
+    cross-site scripting issues give an attacker the ability to inject and
+    execute malicious script code or to steal cookie-based authentication
+    credentials, potentially compromising the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mantis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mantisbt-0.19.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2556">CAN-2005-2556</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2557">CAN-2005-2557</uri>
+    <uri link="https://secunia.com/advisories/16506/">Secunia Advisory SA16506</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-23T12:20:33Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-23T12:21:10Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-17.xml b/metadata/glsa/glsa-200509-17.xml
new file mode 100644
index 000000000000..e7794f7f3c54
--- /dev/null
+++ b/metadata/glsa/glsa-200509-17.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-17">
+  <title>Webmin, Usermin: Remote code execution through PAM authentication</title>
+  <synopsis>
+    If Webmin or Usermin is configured to use full PAM conversations, it is
+    vulnerable to the remote execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">Webmin Usermin</product>
+  <announced>2005-09-24</announced>
+  <revised count="01">2005-09-24</revised>
+  <bug>106705</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/webmin" auto="yes" arch="*">
+      <unaffected range="ge">1.230</unaffected>
+      <vulnerable range="lt">1.230</vulnerable>
+    </package>
+    <package name="app-admin/usermin" auto="yes" arch="*">
+      <unaffected range="ge">1.160</unaffected>
+      <vulnerable range="lt">1.160</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Webmin and Usermin are web-based system administration consoles.
+    Webmin allows an administrator to easily configure servers and other
+    features. Usermin allows users to configure their own accounts, execute
+    commands, and read e-mails.
+    </p>
+  </background>
+  <description>
+    <p>
+    Keigo Yamazaki discovered that the miniserv.pl webserver, used in
+    both Webmin and Usermin, does not properly validate authentication
+    credentials before sending them to the PAM (Pluggable Authentication
+    Modules) authentication process. The default configuration shipped with
+    Gentoo does not enable the "full PAM conversations" option and is
+    therefore unaffected by this flaw.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could bypass the authentication process and run
+    any command as the root user on the target server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not enable "full PAM conversations" in the Authentication
+    options of Webmin and Usermin.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Webmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/webmin-1.230"</code>
+    <p>
+    All Usermin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/usermin-1.160"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3042">CAN-2005-3042</uri>
+    <uri link="http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html">Original Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-23T12:50:05Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-23T12:50:25Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-18.xml b/metadata/glsa/glsa-200509-18.xml
new file mode 100644
index 000000000000..36b4f31dbddf
--- /dev/null
+++ b/metadata/glsa/glsa-200509-18.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-18">
+  <title>Qt: Buffer overflow in the included zlib library</title>
+  <synopsis>
+    Qt is vulnerable to a buffer overflow which could potentially lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">qt</product>
+  <announced>2005-09-26</announced>
+  <revised count="02">2005-09-26</revised>
+  <bug>105695</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/qt" auto="yes" arch="*">
+      <unaffected range="ge">3.3.4-r8</unaffected>
+      <vulnerable range="lt">3.3.4-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qt is a cross-platform GUI toolkit used by KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Qt links to a bundled vulnerable version of zlib when emerged with the
+    zlib USE-flag disabled. This may lead to a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By creating a specially crafted compressed data stream, attackers can
+    overwrite data structures for applications that use Qt, resulting in a
+    Denial of Service or potentially arbitrary code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Emerge Qt with the zlib USE-flag enabled.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Qt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/qt-3.3.4-r8"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200507-05.xml">GLSA 200507-05</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200507-19.xml">GLSA 200507-19</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849">CAN-2005-1849</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096">CAN-2005-2096</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-22T16:49:17Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-23T12:32:05Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-19.xml b/metadata/glsa/glsa-200509-19.xml
new file mode 100644
index 000000000000..ab7cd8001246
--- /dev/null
+++ b/metadata/glsa/glsa-200509-19.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-19">
+  <title>PHP: Vulnerabilities in included PCRE and XML-RPC libraries</title>
+  <synopsis>
+    PHP makes use of an affected PCRE library and ships with an affected
+    XML-RPC library and is therefore potentially vulnerable to remote execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2005-09-27</announced>
+  <revised count="01">2005-09-27</revised>
+  <bug>102373</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/php" auto="yes" arch="*">
+      <unaffected range="rge">4.3.11-r1</unaffected>
+      <unaffected range="ge">4.4.0-r1</unaffected>
+      <vulnerable range="lt">4.4.0-r1</vulnerable>
+    </package>
+    <package name="dev-php/mod_php" auto="yes" arch="*">
+      <unaffected range="rge">4.3.11-r1</unaffected>
+      <unaffected range="ge">4.4.0-r2</unaffected>
+      <vulnerable range="lt">4.4.0-r2</vulnerable>
+    </package>
+    <package name="dev-php/php-cgi" auto="yes" arch="*">
+      <unaffected range="rge">4.3.11-r2</unaffected>
+      <unaffected range="ge">4.4.0-r2</unaffected>
+      <vulnerable range="lt">4.4.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a general-purpose scripting language widely used to develop
+    web-based applications. It can run inside a web server using the
+    mod_php module or the CGI version of PHP, or can run stand-alone in a
+    CLI.
+    </p>
+  </background>
+  <description>
+    <p>
+    PHP makes use of a private copy of libpcre which is subject to an
+    integer overflow leading to a heap overflow (see GLSA 200508-17). It
+    also ships with an XML-RPC library affected by a script injection
+    vulnerability (see GLSA 200508-13).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could target a PHP-based web application that would
+    use untrusted data as regular expressions, potentially resulting in the
+    execution of arbitrary code. If web applications make use of the
+    XML-RPC library shipped with PHP, they are also vulnerable to remote
+    execution of arbitrary PHP code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-php/php</code>
+    <p>
+    All mod_php users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-php/mod_php</code>
+    <p>
+    All php-cgi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-php/php-cgi</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491">CAN-2005-2491</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498">CAN-2005-2498</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200508-13.xml">GLSA 200508-13</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200508-17.xml">GLSA 200508-17</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-09-26T15:50:10Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-27T07:58:50Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-20.xml b/metadata/glsa/glsa-200509-20.xml
new file mode 100644
index 000000000000..77428e87b8f3
--- /dev/null
+++ b/metadata/glsa/glsa-200509-20.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-20">
+  <title>AbiWord: RTF import stack-based buffer overflow</title>
+  <synopsis>
+    AbiWord is vulnerable to a stack-based buffer overflow during RTF import,
+    making it vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">AbiWord</product>
+  <announced>2005-09-30</announced>
+  <revised count="01">2005-09-30</revised>
+  <bug>107351</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/abiword" auto="yes" arch="*">
+      <unaffected range="ge">2.2.10</unaffected>
+      <vulnerable range="lt">2.2.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    AbiWord is a free and cross-platform word processing program. It
+    allows to import RTF files into AbiWord documents.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans discovered that the RTF import function in AbiWord is
+    vulnerable to a stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could design a malicious RTF file and entice the user
+    to import it in AbiWord, potentially resulting in the execution of
+    arbitrary code with the rights of the user running AbiWord.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AbiWord users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/abiword-2.2.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2964">CAN-2005-2964</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-28T16:02:24Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-29T12:13:23Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-29T20:47:05Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200509-21.xml b/metadata/glsa/glsa-200509-21.xml
new file mode 100644
index 000000000000..01f3d5f2ccd1
--- /dev/null
+++ b/metadata/glsa/glsa-200509-21.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200509-21">
+  <title>Hylafax: Insecure temporary file creation in xferfaxstats script</title>
+  <synopsis>
+    Hylafax is vulnerable to linking attacks, potentially allowing a local user
+    to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">hylafax</product>
+  <announced>2005-09-30</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>106882</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/hylafax" auto="yes" arch="*">
+      <unaffected range="rge">4.2.0-r3</unaffected>
+      <unaffected range="rge">4.2.1-r2</unaffected>
+      <unaffected range="ge">4.2.2</unaffected>
+      <vulnerable range="lt">4.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Hylafax is a client-server fax package for class 1 and 2 fax modems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Javier Fernandez-Sanguino has discovered that xferfaxstats cron script
+    supplied by Hylafax insecurely creates temporary files with predictable
+    filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary file
+    directory, pointing to a valid file somewhere on the filesystem. When
+    the xferfaxstats script of Hylafax is executed, this would result in
+    the file being overwritten with the rights of the user running the
+    script, which typically is the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Hylafax users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-misc/hylafax</code>
+  </resolution>
+  <references>
+    <uri link="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384">Original bug report</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3069">CVE-2005-3069</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-28T15:24:43Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-28T19:07:36Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-09-30T07:45:48Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-01.xml b/metadata/glsa/glsa-200510-01.xml
new file mode 100644
index 000000000000..b66a820f7239
--- /dev/null
+++ b/metadata/glsa/glsa-200510-01.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-01">
+  <title>gtkdiskfree: Insecure temporary file creation</title>
+  <synopsis>
+    gtkdiskfree is vulnerable to symlink attacks, potentially allowing a local
+    user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">gtkdiskfree</product>
+  <announced>2005-10-03</announced>
+  <revised count="01">2005-10-03</revised>
+  <bug>104565</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/gtkdiskfree" auto="yes" arch="*">
+      <unaffected range="ge">1.9.3-r1</unaffected>
+      <vulnerable range="lt">1.9.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gtkdiskfree is a GTK-based GUI to show free disk space.
+    </p>
+  </background>
+  <description>
+    <p>
+    Eric Romang discovered that gtkdiskfree insecurely creates a
+    predictable temporary file to handle command output.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create a symbolic link in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When gtkdiskfree is executed, this would result in the file being
+    overwritten with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gtkdiskfree users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/gtkdiskfree-1.9.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2918">CAN-2005-2918</uri>
+    <uri link="http://www.zataz.net/adviso/gtkdiskfree-09052005.txt">Original Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-03T07:42:10Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-03T07:42:18Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-02.xml b/metadata/glsa/glsa-200510-02.xml
new file mode 100644
index 000000000000..f6a2418b1487
--- /dev/null
+++ b/metadata/glsa/glsa-200510-02.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-02">
+  <title>Berkeley MPEG Tools: Multiple insecure temporary files</title>
+  <synopsis>
+    The Berkeley MPEG Tools use temporary files in various insecure ways,
+    potentially allowing a local user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">MPEG Tools</product>
+  <announced>2005-10-03</announced>
+  <revised count="01">2005-10-03</revised>
+  <bug>107344</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-video/mpeg-tools" auto="yes" arch="*">
+      <unaffected range="ge">1.5b-r2</unaffected>
+      <vulnerable range="lt">1.5b-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Berkeley MPEG Tools are a collection of utilities for
+    manipulating MPEG video technology, including an encoder (mpeg_encode)
+    and various conversion utilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mike Frysinger of the Gentoo Security Team discovered that
+    mpeg_encode and the conversion utilities were creating temporary files
+    with predictable or fixed filenames. The 'test' make target of the MPEG
+    Tools also relied on several temporary files created insecurely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When the utilities are executed (or 'make test' is run), this would
+    result in the file being overwritten with the rights of the user
+    running the command.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Berkeley MPEG Tools users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mpeg-tools-1.5b-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3115">CAN-2005-3115</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-30T07:41:47Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-01T09:55:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-02T13:13:54Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-03.xml b/metadata/glsa/glsa-200510-03.xml
new file mode 100644
index 000000000000..17a1eb000cf6
--- /dev/null
+++ b/metadata/glsa/glsa-200510-03.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-03">
+  <title>Uim: Privilege escalation vulnerability</title>
+  <synopsis>
+    Under certain conditions, applications linked against Uim suffer from a
+    privilege escalation vulnerability.
+  </synopsis>
+  <product type="ebuild">uim</product>
+  <announced>2005-10-04</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>107748</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-i18n/uim" auto="yes" arch="*">
+      <unaffected range="ge">0.4.9.1</unaffected>
+      <vulnerable range="lt">0.4.9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Uim is a multilingual input method library which provides secure and
+    useful input method for all languages.
+    </p>
+  </background>
+  <description>
+    <p>
+    Masanari Yamamoto discovered that Uim uses environment variables
+    incorrectly. This bug causes a privilege escalation if setuid/setgid
+    applications are linked to libuim. This bug only affects
+    immodule-enabled Qt (if you build Qt 3.3.2 or later versions with
+    USE="immqt" or USE="immqt-bc").
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious local user could exploit this vulnerability to execute
+    arbitrary code with escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Uim users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-i18n/uim-0.4.9.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://lists.freedesktop.org/pipermail/uim/2005-September/001346.html">Original advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3149">CVE-2005-3149</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-02T13:02:25Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-02T13:02:52Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-03T09:56:44Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-04.xml b/metadata/glsa/glsa-200510-04.xml
new file mode 100644
index 000000000000..a274a3866d18
--- /dev/null
+++ b/metadata/glsa/glsa-200510-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-04">
+  <title>Texinfo: Insecure temporary file creation</title>
+  <synopsis>
+    Texinfo is vulnerable to symlink attacks, potentially allowing a local user
+    to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">Texinfo</product>
+  <announced>2005-10-05</announced>
+  <revised count="01">2005-10-05</revised>
+  <bug>106105</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/texinfo" auto="yes" arch="*">
+      <unaffected range="ge">4.8-r1</unaffected>
+      <vulnerable range="lt">4.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Texinfo is the official documentation system created by the GNU
+    project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Frank Lichtenheld has discovered that the "sort_offline()"
+    function in texindex insecurely creates temporary files with
+    predictable filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary
+    files directory, pointing to a valid file somewhere on the filesystem.
+    When texindex is executed, this would result in the file being
+    overwritten with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Texinfo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/texinfo-4.8-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011">CAN-2005-3011</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-29T14:54:06Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-09-29T19:15:57Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-01T09:53:58Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-05.xml b/metadata/glsa/glsa-200510-05.xml
new file mode 100644
index 000000000000..5b8748c0dd2f
--- /dev/null
+++ b/metadata/glsa/glsa-200510-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-05">
+  <title>Ruby: Security bypass vulnerability</title>
+  <synopsis>
+    Ruby is vulnerable to a security bypass of the safe level mechanism.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2005-10-06</announced>
+  <revised count="01">2005-10-06</revised>
+  <bug>106996</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">1.8.3</unaffected>
+      <vulnerable range="lt">1.8.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is an interpreted scripting language for quick and easy
+    object-oriented programming. Ruby supports the safe execution of
+    untrusted code using a safe level and taint flag mechanism.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce
+    safe level protections.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability to execute arbitrary
+    code beyond the restrictions specified in each safe level.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2337">CAN-2005-2337</uri>
+    <uri link="https://www.ruby-lang.org/en/20051003.html">Ruby release announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-04T12:55:13Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-04T12:55:25Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-04T18:17:21Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-06.xml b/metadata/glsa/glsa-200510-06.xml
new file mode 100644
index 000000000000..235d6a99e09f
--- /dev/null
+++ b/metadata/glsa/glsa-200510-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-06">
+  <title>Dia: Arbitrary code execution through SVG import</title>
+  <synopsis>
+    Improperly sanitised data in Dia allows remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">dia</product>
+  <announced>2005-10-06</announced>
+  <revised count="01">2005-10-06</revised>
+  <bug>107916</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/dia" auto="yes" arch="*">
+      <unaffected range="ge">0.94-r3</unaffected>
+      <vulnerable range="lt">0.94-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dia is a gtk+ based diagram creation program released under the
+    GPL license.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joxean Koret discovered that the SVG import plugin in Dia fails to
+    properly sanitise data read from an SVG file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could create a specially crafted SVG file, which, when
+    imported into Dia, could lead to the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dia users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/dia-0.94-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2966">CAN-2005-2966</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-04T12:58:56Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-04T18:51:11Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-05T07:39:21Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-07.xml b/metadata/glsa/glsa-200510-07.xml
new file mode 100644
index 000000000000..70b7e483c47a
--- /dev/null
+++ b/metadata/glsa/glsa-200510-07.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-07">
+  <title>RealPlayer, Helix Player: Format string vulnerability</title>
+  <synopsis>
+    RealPlayer and Helix Player are vulnerable to a format string vulnerability
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">realplayer helixplayer</product>
+  <announced>2005-10-07</announced>
+  <revised count="02">2005-11-22</revised>
+  <bug>107309</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/realplayer" auto="yes" arch="*">
+      <unaffected range="ge">10.0.6</unaffected>
+      <vulnerable range="lt">10.0.6</vulnerable>
+    </package>
+    <package name="media-video/helixplayer" auto="yes" arch="*">
+      <vulnerable range="lt">1.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    RealPlayer is a multimedia player capable of handling multiple
+    multimedia file formats. Helix Player is an open source media player
+    for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    "c0ntex" reported that RealPlayer and Helix Player suffer from a heap
+    overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to play a specially crafted realpix (.rp) or
+    realtext (.rt) file, an attacker could execute arbitrary code with the
+    permissions of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All RealPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/realplayer-10.0.6"</code>
+    <p>
+    Note to Helix Player users: There is currently no stable secure Helix
+    Player package. Affected users should remove the package until an
+    updated Helix Player package is released.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2710">CAN-2005-2710</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-01T10:35:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-04T19:39:34Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-07T14:20:23Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-08.xml b/metadata/glsa/glsa-200510-08.xml
new file mode 100644
index 000000000000..939e64a2d1c1
--- /dev/null
+++ b/metadata/glsa/glsa-200510-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-08">
+  <title>xine-lib: Format string vulnerability</title>
+  <synopsis>
+    xine-lib contains a format string error in CDDB response handling that may
+    be exploited to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2005-10-08</announced>
+  <revised count="01">2005-10-08</revised>
+  <bug>107854</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.0-r5</unaffected>
+      <unaffected range="rge">1.0.1-r4</unaffected>
+      <unaffected range="rge">1_rc8-r2</unaffected>
+      <vulnerable range="lt">1.1.0-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is a multimedia library which can be utilized to create
+    multimedia frontends. It includes functions to retrieve information
+    about audio CD contents from public CDDB servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar discovered a format string bug in the routines
+    handling CDDB server response contents.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could submit malicious information about an audio CD
+    to a public CDDB server (or impersonate a public CDDB server). When the
+    victim plays this CD on a multimedia frontend relying on xine-lib, it
+    could end up executing arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose media-libs/xine-lib</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2967">CAN-2005-2967</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-07T11:30:51Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-08T16:01:28Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-09.xml b/metadata/glsa/glsa-200510-09.xml
new file mode 100644
index 000000000000..79bdef7c9400
--- /dev/null
+++ b/metadata/glsa/glsa-200510-09.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-09">
+  <title>Weex: Format string vulnerability</title>
+  <synopsis>
+    Weex contains a format string error that may be exploited by malicious
+    servers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">Weex</product>
+  <announced>2005-10-08</announced>
+  <revised count="01">2005-10-08</revised>
+  <bug>107849</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/weex" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1.5-r1</unaffected>
+      <vulnerable range="lt">2.6.1.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Weex is a non-interactive FTP client typically used to update web
+    pages.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar discovered a format string bug in Weex that can be
+    triggered when it is first run (or when its cache files are rebuilt,
+    using the -r option).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could setup a malicious FTP server which, when
+    accessed using Weex, could trigger the format string bug and end up
+    executing arbitrary code with the rights of the user running Weex.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Weex users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/weex-2.6.1.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3150">CAN-2005-3150</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-07T11:45:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-07T11:46:02Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-10.xml b/metadata/glsa/glsa-200510-10.xml
new file mode 100644
index 000000000000..f18b18737242
--- /dev/null
+++ b/metadata/glsa/glsa-200510-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-10">
+  <title>uw-imap: Remote buffer overflow</title>
+  <synopsis>
+    uw-imap is vulnerable to remote overflow of a buffer in the IMAP server
+    leading to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">uw-imap</product>
+  <announced>2005-10-11</announced>
+  <revised count="01">2005-10-11</revised>
+  <bug>108206</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/uw-imap" auto="yes" arch="*">
+      <unaffected range="ge">2004g</unaffected>
+      <vulnerable range="lt">2004g</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    uw-imap is the University of Washington's IMAP and POP server
+    daemons.
+    </p>
+  </background>
+  <description>
+    <p>
+    Improper bounds checking of user supplied data while parsing IMAP
+    mailbox names can lead to overflowing the stack buffer.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Successful exploitation requires an authenticated IMAP user to
+    request a malformed mailbox name. This can lead to execution of
+    arbitrary code with the permissions of the IMAP server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All uw-imap users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/uw-imap-2004g"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933">CAN-2005-2933</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=313&amp;type=vulnerabilities&amp;flashstatus=false">iDEFENSE Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-07T11:49:05Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-07T15:06:14Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-08T06:13:24Z">
+    r2d2
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-11.xml b/metadata/glsa/glsa-200510-11.xml
new file mode 100644
index 000000000000..8e87ee78db09
--- /dev/null
+++ b/metadata/glsa/glsa-200510-11.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-11">
+  <title>OpenSSL: SSL 2.0 protocol rollback</title>
+  <synopsis>
+    When using a specific option, OpenSSL can be forced to fallback to the less
+    secure SSL 2.0 protocol.
+  </synopsis>
+  <product type="ebuild">OpenSSL</product>
+  <announced>2005-10-12</announced>
+  <revised count="02">2005-11-07</revised>
+  <bug>108852</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.7h</unaffected>
+      <unaffected range="rge">0.9.7g-r1</unaffected>
+      <unaffected range="rge">0.9.7e-r2</unaffected>
+      <vulnerable range="lt">0.9.7h</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
+    Layer Security protocols and a general-purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the
+    SSL_OP_ALL option, that implies it) can be forced by a third-party to
+    fallback to the less secure SSL 2.0 protocol, even if both parties
+    support the more secure SSL 3.0 or TLS 1.0 protocols.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A man-in-the-middle attacker can weaken the encryption used to
+    communicate between two parties, potentially revealing sensitive
+    information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    If possible, disable the use of SSL 2.0 in all OpenSSL-enabled
+    applications.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-libs/openssl</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969">CAN-2005-2969</uri>
+    <uri link="https://www.openssl.org/news/secadv_20051011.txt ">OpenSSL security advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-11T07:50:27Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-11T08:03:33Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-12T07:47:42Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-12.xml b/metadata/glsa/glsa-200510-12.xml
new file mode 100644
index 000000000000..fcef449d9737
--- /dev/null
+++ b/metadata/glsa/glsa-200510-12.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-12">
+  <title>KOffice, KWord: RTF import buffer overflow</title>
+  <synopsis>
+    KOffice and KWord are vulnerable to a buffer overflow in the RTF importer,
+    potentially resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">koffice, kword</product>
+  <announced>2005-10-14</announced>
+  <revised count="01">2005-10-14</revised>
+  <bug>108411</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/koffice" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1-r1</unaffected>
+      <vulnerable range="lt">1.4.1-r1</vulnerable>
+    </package>
+    <package name="app-office/kword" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1-r1</unaffected>
+      <vulnerable range="lt">1.4.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KOffice is an integrated office suite for KDE. KWord is the
+    KOffice word processor.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans discovered that the KWord RTF importer was vulnerable
+    to a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially-crafted RTF
+    file, potentially resulting in the execution of arbitrary code with the
+    rights of the user running the affected application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KOffice users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/koffice-1.4.1-r1"</code>
+    <p>
+    All KWord users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/kword-1.4.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2971">CAN-2005-2971</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20051011-1.txt">KDE Security Advisory: KWord RTF import buffer overflow</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-11T14:40:11Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-14T05:26:32Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-13.xml b/metadata/glsa/glsa-200510-13.xml
new file mode 100644
index 000000000000..82fa933b1642
--- /dev/null
+++ b/metadata/glsa/glsa-200510-13.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-13">
+  <title>SPE: Insecure file permissions</title>
+  <synopsis>
+    SPE files are installed with world-writeable permissions, potentially
+    leading to privilege escalation.
+  </synopsis>
+  <product type="ebuild">spe</product>
+  <announced>2005-10-15</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>108538</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-util/spe" auto="yes" arch="*">
+      <unaffected range="ge">0.7.5c-r1</unaffected>
+      <unaffected range="rge">0.5.1f-r1</unaffected>
+      <vulnerable range="lt">0.7.5c-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SPE is a cross-platform Python Integrated Development Environment
+    (IDE).
+    </p>
+  </background>
+  <description>
+    <p>
+    It was reported that due to an oversight all SPE's files are set as
+    world-writeable.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could modify the executable files, causing arbitrary
+    code to be executed with the permissions of the user running SPE.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SPE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-util/spe</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3291">CVE-2005-3291</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-11T21:00:30Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-12T02:02:14Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-15T08:06:19Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-14.xml b/metadata/glsa/glsa-200510-14.xml
new file mode 100644
index 000000000000..deebe28af1c9
--- /dev/null
+++ b/metadata/glsa/glsa-200510-14.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-14">
+  <title>Perl, Qt-UnixODBC, CMake: RUNPATH issues</title>
+  <synopsis>
+    Multiple packages suffer from RUNPATH issues that may allow users in the
+    "portage" group to escalate privileges.
+  </synopsis>
+  <product type="ebuild">Perl Qt-UnixODBC CMake</product>
+  <announced>2005-10-17</announced>
+  <revised count="03">2006-05-22</revised>
+  <bug>105719</bug>
+  <bug>105721</bug>
+  <bug>106678</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.8.7-r1</unaffected>
+      <unaffected range="rge">5.8.6-r6</unaffected>
+      <vulnerable range="lt">5.8.7-r1</vulnerable>
+    </package>
+    <package name="dev-db/qt-unixODBC" auto="yes" arch="*">
+      <unaffected range="ge">3.3.4-r1</unaffected>
+      <vulnerable range="lt">3.3.4-r1</vulnerable>
+    </package>
+    <package name="dev-util/cmake" auto="yes" arch="*">
+      <unaffected range="ge">2.2.0-r1</unaffected>
+      <unaffected range="rge">2.0.6-r1</unaffected>
+      <vulnerable range="lt">2.2.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Perl is a stable, cross-platform programming language created by Larry
+    Wall. Qt-UnixODBC is an ODBC library for Qt. CMake is a cross-platform
+    build environment.
+    </p>
+  </background>
+  <description>
+    <p>
+    Some packages may introduce insecure paths into the list of directories
+    that are searched for libraries at runtime. Furthermore, packages
+    depending on the MakeMaker Perl module for build configuration may have
+    incorrectly copied the LD_RUN_PATH into the DT_RPATH.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local attacker, who is a member of the "portage" group, could create
+    a malicious shared object in the Portage temporary build directory that
+    would be loaded at runtime by a dependent executable, potentially
+    resulting in privilege escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Only grant "portage" group rights to trusted users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Perl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-lang/perl</code>
+    <p>
+    All Qt-UnixODBC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/qt-unixODBC-3.3.4-r1"</code>
+    <p>
+    All CMake users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-util/cmake</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4278">CVE-2005-4278</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4279">CVE-2005-4279</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4280">CVE-2005-4280</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-09-27T08:00:50Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-10T08:34:31Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-15T10:08:27Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-15.xml b/metadata/glsa/glsa-200510-15.xml
new file mode 100644
index 000000000000..6c7708a2a011
--- /dev/null
+++ b/metadata/glsa/glsa-200510-15.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-15">
+  <title>Lynx: Buffer overflow in NNTP processing</title>
+  <synopsis>
+    Lynx contains a buffer overflow that may be exploited to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">Lynx</product>
+  <announced>2005-10-17</announced>
+  <revised count="01">2005-10-17</revised>
+  <bug>108451</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/lynx" auto="yes" arch="*">
+      <unaffected range="ge">2.8.5-r1</unaffected>
+      <vulnerable range="lt">2.8.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Lynx is a text-mode browser for the World Wide Web. It supports
+    multiple URL types, including HTTP and NNTP URLs.
+    </p>
+  </background>
+  <description>
+    <p>
+    When accessing a NNTP URL, Lynx connects to a NNTP server and
+    retrieves information about the available articles in the target
+    newsgroup. Ulf Harnhammar discovered a buffer overflow in a function
+    that handles the escaping of special characters.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could setup a malicious NNTP server and entice a user
+    to access it using Lynx (either by creating NNTP links on a web page or
+    by forcing a redirect for Lynx users). The data returned by the NNTP
+    server would trigger the buffer overflow and execute arbitrary code
+    with the rights of the user running Lynx.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Lynx users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/lynx-2.8.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3120">CAN-2005-3120</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-15T09:30:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-17T12:46:58Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-16.xml b/metadata/glsa/glsa-200510-16.xml
new file mode 100644
index 000000000000..935c786fe0c0
--- /dev/null
+++ b/metadata/glsa/glsa-200510-16.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-16">
+  <title>phpMyAdmin: Local file inclusion vulnerability</title>
+  <synopsis>
+    phpMyAdmin contains a local file inclusion vulnerability that may lead to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2005-10-17</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>108939</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.6.4_p2</unaffected>
+      <vulnerable range="lt">2.6.4_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL over the web.
+    </p>
+  </background>
+  <description>
+    <p>
+    Maksymilian Arciemowicz reported that in
+    libraries/grab_globals.lib.php, the $__redirect parameter was not
+    correctly validated. Systems running PHP in safe mode are not affected.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker may exploit this vulnerability by sending malicious
+    requests, causing the execution of arbitrary code with the rights of
+    the user running the web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Run PHP in safe mode.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.6.4_p2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-4">PMASA-2005-4</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299">CVE-2005-3299</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-15T08:08:40Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-16T19:41:39Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-17T03:54:58Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-17.xml b/metadata/glsa/glsa-200510-17.xml
new file mode 100644
index 000000000000..91053fc1eb78
--- /dev/null
+++ b/metadata/glsa/glsa-200510-17.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-17">
+  <title>AbiWord: New RTF import buffer overflows</title>
+  <synopsis>
+    AbiWord is vulnerable to an additional set of buffer overflows during RTF
+    import, making it vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">AbiWord</product>
+  <announced>2005-10-20</announced>
+  <revised count="01">2005-10-20</revised>
+  <bug>109157</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/abiword" auto="yes" arch="*">
+      <unaffected range="ge">2.2.11</unaffected>
+      <vulnerable range="lt">2.2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    AbiWord is a free and cross-platform word processing program. It
+    allows to import RTF files into AbiWord documents.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans discovered a different set of buffer overflows than
+    the one described in GLSA 200509-20 in the RTF import function in
+    AbiWord.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could design a malicious RTF file and entice a user to
+    import it in AbiWord, potentially resulting in the execution of
+    arbitrary code with the rights of the user running AbiWord.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AbiWord users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/abiword-2.2.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200509-20.xml">GLSA-200509-20</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2972">CAN-2005-2972</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-18T07:36:44Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-18T14:22:32Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-20T05:41:16Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-18.xml b/metadata/glsa/glsa-200510-18.xml
new file mode 100644
index 000000000000..83e77708e3ae
--- /dev/null
+++ b/metadata/glsa/glsa-200510-18.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-18">
+  <title>Netpbm: Buffer overflow in pnmtopng</title>
+  <synopsis>
+    The pnmtopng utility, part of the Netpbm tools, contains a vulnerability
+    which can potentially result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Netpbm</product>
+  <announced>2005-10-20</announced>
+  <revised count="06">2009-05-28</revised>
+  <bug>109705</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/netpbm" auto="yes" arch="*">
+      <unaffected range="ge">10.29</unaffected>
+      <unaffected range="rge">10.26.32</unaffected>
+      <unaffected range="rge">10.26.33</unaffected>
+      <unaffected range="rge">10.26.42</unaffected>
+      <unaffected range="rge">10.26.43</unaffected>
+      <unaffected range="rge">10.26.44</unaffected>
+      <unaffected range="rge">10.26.48</unaffected>
+      <unaffected range="rge">10.26.49</unaffected>
+      <unaffected range="rge">10.26.52</unaffected>
+      <unaffected range="rge">10.26.53</unaffected>
+      <unaffected range="rge">10.26.59</unaffected>
+      <unaffected range="rge">10.26.61</unaffected>
+      <vulnerable range="lt">10.29</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Netpbm is a package of 220 graphics programs and a programming library,
+    including pnmtopng, a tool to convert PNM image files to the PNG
+    format.
+    </p>
+  </background>
+  <description>
+    <p>
+    RedHat reported that pnmtopng is vulnerable to a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious PNM file and entice a user to run
+    pnmtopng on it, potentially resulting in the execution of arbitrary
+    code with the permissions of the user running pnmtopng.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Netpbm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose media-libs/netpbm</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2978">CAN-2005-2978</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-15T09:38:18Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-20T07:38:22Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-19.xml b/metadata/glsa/glsa-200510-19.xml
new file mode 100644
index 000000000000..a9ea6bb2c62c
--- /dev/null
+++ b/metadata/glsa/glsa-200510-19.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-19">
+  <title>cURL: NTLM username stack overflow</title>
+  <synopsis>
+    cURL is vulnerable to a buffer overflow which could lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cURL</product>
+  <announced>2005-10-22</announced>
+  <revised count="01">2005-10-22</revised>
+  <bug>109097</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.15.0</unaffected>
+      <vulnerable range="lt">7.15.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cURL is a command line tool and library for transferring files via
+    many different protocols. It supports NTLM authentication to retrieve
+    files from Windows-based systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDEFENSE reported that insufficient bounds checking on a memcpy()
+    of the supplied NTLM username can result in a stack overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could setup a malicious server and entice an
+    user to connect to it using a cURL client, potentially leading to the
+    execution of arbitrary code with the permissions of the user running
+    cURL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable NTLM authentication by not using the --anyauth or --ntlm
+    options when using cURL (the command line version). Workarounds for
+    programs that use the cURL library depend on the configuration options
+    presented by those programs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All cURL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.15.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185">CVE-2005-3185</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=322&amp;type=vulnerabilities">iDefense Security Advisory 10.13.05</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-21T09:04:01Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-21T09:04:50Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-20.xml b/metadata/glsa/glsa-200510-20.xml
new file mode 100644
index 000000000000..9825f95ca314
--- /dev/null
+++ b/metadata/glsa/glsa-200510-20.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-20">
+  <title>Zope: File inclusion through RestructuredText</title>
+  <synopsis>
+    Zope is vulnerable to a file inclusion vulnerability when exposing
+    RestructuredText functionalities to untrusted users.
+  </synopsis>
+  <product type="ebuild">Zope</product>
+  <announced>2005-10-25</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>109087</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-zope/zope" auto="yes" arch="*">
+      <unaffected range="ge">2.7.8</unaffected>
+      <vulnerable range="lt">2.7.8</vulnerable>
+      <vulnerable range="eq">2.8.0</vulnerable>
+      <vulnerable range="eq">2.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Zope is an application server that can be used to build content
+    management systems, intranets, portals or other custom applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Zope honors file inclusion directives in RestructuredText objects by
+    default.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit the vulnerability by sending malicious input
+    that would be interpreted in a RestructuredText Zope object,
+    potentially resulting in the execution of arbitrary Zope code with the
+    rights of the Zope server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Zope users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-zope/zope</code>
+  </resolution>
+  <references>
+    <uri link="http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert">Zope Hotfix 2005-10-09 Alert</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3323">CVE-2005-3323</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-20T15:36:29Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-23T15:31:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-23T16:31:59Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-21.xml b/metadata/glsa/glsa-200510-21.xml
new file mode 100644
index 000000000000..4791d403907c
--- /dev/null
+++ b/metadata/glsa/glsa-200510-21.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-21">
+  <title>phpMyAdmin: Local file inclusion and XSS vulnerabilities</title>
+  <synopsis>
+    phpMyAdmin contains a local file inclusion vulnerability that may lead to
+    the execution of arbitrary code, along with several cross-site scripting
+    issues.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2005-10-25</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>110146</bug>
+  <access>local and remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.6.4_p3</unaffected>
+      <vulnerable range="lt">2.6.4_p3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL over the web.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser discovered that by calling certain PHP files directly, it
+    was possible to workaround the grab_globals.lib.php security model and
+    overwrite the $cfg configuration array. Systems running PHP in safe
+    mode are not affected. Futhermore, Tobias Klein reported several
+    cross-site-scripting issues resulting from insufficient user input
+    sanitizing.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker may exploit this vulnerability by sending malicious
+    requests, causing the execution of arbitrary code with the rights of
+    the user running the web server. Furthermore, the cross-site scripting
+    issues give a remote attacker the ability to inject and execute
+    malicious script code or to steal cookie-based authentication
+    credentials, potentially compromising the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround for all those issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.6.4_p3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5">PMASA-2005-5</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3300">CVE-2005-3300</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301">CVE-2005-3301</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-24T08:28:30Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-25T08:03:47Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-22.xml b/metadata/glsa/glsa-200510-22.xml
new file mode 100644
index 000000000000..66d1fb35e43b
--- /dev/null
+++ b/metadata/glsa/glsa-200510-22.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-22">
+  <title>SELinux PAM: Local password guessing attack</title>
+  <synopsis>
+    A vulnerability in the SELinux version of PAM allows a local attacker to
+    brute-force system passwords.
+  </synopsis>
+  <product type="ebuild">PAM</product>
+  <announced>2005-10-28</announced>
+  <revised count="01">2005-10-28</revised>
+  <bug>109485</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/pam" auto="yes" arch="*">
+      <unaffected range="ge">0.78-r3</unaffected>
+      <vulnerable range="lt">0.78-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PAM (Pluggable Authentication Modules) is an architecture allowing
+    the separation of the development of privilege granting software from
+    the development of secure and appropriate authentication schemes.
+    SELinux is an operating system based on Linux which includes Mandatory
+    Access Control.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SELinux patches for PAM introduce a vulnerability allowing a
+    password to be checked with the unix_chkpwd utility without delay or
+    logging. This vulnerability doesn't affect users who do not run
+    SELinux.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to brute-force
+    passwords and escalate privileges on an SELinux system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SELinux PAM users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-libs/pam-0.78-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2977">CVE-2005-2977</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-26T15:44:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-27T07:49:03Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-27T12:12:27Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-23.xml b/metadata/glsa/glsa-200510-23.xml
new file mode 100644
index 000000000000..dc33206fcdcf
--- /dev/null
+++ b/metadata/glsa/glsa-200510-23.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-23">
+  <title>TikiWiki: XSS vulnerability</title>
+  <synopsis>
+    TikiWiki is vulnerable to cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2005-10-28</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>109858</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.9.1.1</unaffected>
+      <vulnerable range="lt">1.9.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is a web-based groupware and content management system (CMS),
+    using PHP, ADOdb and Smarty.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to improper input validation, TikiWiki can be exploited to perform
+    cross-site scripting attacks.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could exploit this to inject and execute malicious
+    script code or to steal cookie-based authentication credentials,
+    potentially compromising the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.9.1.1"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3283">CVE-2005-3283</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-26T19:43:33Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-27T18:43:45Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-24.xml b/metadata/glsa/glsa-200510-24.xml
new file mode 100644
index 000000000000..91624cd6127f
--- /dev/null
+++ b/metadata/glsa/glsa-200510-24.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-24">
+  <title>Mantis: Multiple vulnerabilities</title>
+  <synopsis>
+    Mantis is affected by multiple vulnerabilities ranging from information
+    disclosure to arbitrary script execution.
+  </synopsis>
+  <product type="ebuild">Mantis</product>
+  <announced>2005-10-28</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>110326</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mantisbt" auto="yes" arch="*">
+      <unaffected range="ge">0.19.3</unaffected>
+      <vulnerable range="lt">0.19.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mantis is a web-based bugtracking system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mantis contains several vulnerabilities, including:
+    </p>
+    <ul>
+    <li>a remote file inclusion vulnerability</li>
+    <li>an SQL injection vulnerability</li>
+    <li>multiple cross site scripting vulnerabilities</li>
+    <li>multiple information disclosure vulnerabilities</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit the remote file inclusion vulnerability to
+    execute arbitrary script code, and the SQL injection vulnerability to
+    access or modify sensitive information from the Mantis database.
+    Furthermore the cross-site scripting issues give an attacker the
+    ability to inject and execute malicious script code or to steal
+    cookie-based authentication credentials, potentially compromising the
+    victim's browser. An attacker could exploit other vulnerabilities to
+    disclose information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mantis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mantisbt-0.19.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.mantisbt.org/changelog.php">Mantis ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3335">CVE-2005-3335</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3336">CVE-2005-3336</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3337">CVE-2005-3337</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3338">CVE-2005-3338</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3339">CVE-2005-3339</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-26T05:38:14Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-26T05:38:58Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-25.xml b/metadata/glsa/glsa-200510-25.xml
new file mode 100644
index 000000000000..2b7c90d97781
--- /dev/null
+++ b/metadata/glsa/glsa-200510-25.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-25">
+  <title>Ethereal: Multiple vulnerabilities in protocol dissectors</title>
+  <synopsis>
+    Ethereal is vulnerable to numerous vulnerabilities, potentially resulting
+    in the execution of arbitrary code or abnormal termination.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2005-10-30</announced>
+  <revised count="01">2005-10-30</revised>
+  <bug>109348</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.13-r1</unaffected>
+      <vulnerable range="lt">0.10.13-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature-rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are numerous vulnerabilities in versions of Ethereal prior
+    to 0.10.13, including:
+    </p>
+    <ul>
+    <li>The SLIM3 and AgentX dissectors
+    could overflow a buffer (CVE-2005-3243).</li>
+    <li>iDEFENSE discovered a
+    buffer overflow in the SRVLOC dissector (CVE-2005-3184).</li>
+    <li>Multiple potential crashes in many dissectors have been fixed, see
+    References for further details.</li>
+    </ul>
+    <p>
+    Furthermore an infinite
+    loop was discovered in the IRC protocol dissector of the 0.10.13
+    release (CVE-2005-3313).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to use these vulnerabilities to crash
+    Ethereal or execute arbitrary code with the permissions of the user
+    running Ethereal, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ethereal-0.10.13-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3184">CVE-2005-3184</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3241">CVE-2005-3241</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3242">CVE-2005-3242</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3243">CVE-2005-3243</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3244">CVE-2005-3244</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3245">CVE-2005-3245</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3246">CVE-2005-3246</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3247">CVE-2005-3247</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3248">CVE-2005-3248</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3249">CVE-2005-3249</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3313">CVE-2005-3313</uri>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00021.html">Ethereal enpa-sa-00021</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-17T05:29:11Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-30T09:10:32Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200510-26.xml b/metadata/glsa/glsa-200510-26.xml
new file mode 100644
index 000000000000..a5cffb6b15d1
--- /dev/null
+++ b/metadata/glsa/glsa-200510-26.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200510-26">
+  <title>XLI, Xloadimage: Buffer overflow</title>
+  <synopsis>
+    XLI and Xloadimage contain a vulnerability which could potentially result
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xli xloadimage</product>
+  <announced>2005-10-30</announced>
+  <revised count="01">2005-10-30</revised>
+  <bug>108365</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xli" auto="yes" arch="*">
+      <unaffected range="ge">1.17.0-r2</unaffected>
+      <vulnerable range="lt">1.17.0-r2</vulnerable>
+    </package>
+    <package name="media-gfx/xloadimage" auto="yes" arch="*">
+      <unaffected range="ge">4.1-r4</unaffected>
+      <vulnerable range="lt">4.1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XLI and Xloadimage are X11 image manipulation utilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    When XLI or Xloadimage process an image, they create a new image
+    object to contain the new image, copying the title from the old image
+    to the newly created image. Ariel Berkman reported that the 'zoom',
+    'reduce', and 'rotate' functions use a fixed length buffer to contain
+    the new title, which could be overwritten by the NIFF or XPM image
+    processors.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious user could craft a malicious XPM or NIFF file and
+    entice a user to view it using XLI, or manipulate it using Xloadimage,
+    potentially resulting in the execution of arbitrary code with the
+    permissions of the user running XLI or Xloadimage.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All XLI users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/xli-1.17.0-r2"</code>
+    <p>
+    All Xloadimage users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/xloadimage-4.1-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178">CAN-2005-3178</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-26T15:18:40Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-10-28T03:10:06Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-30T15:11:22Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-01.xml b/metadata/glsa/glsa-200511-01.xml
new file mode 100644
index 000000000000..086b6e02f139
--- /dev/null
+++ b/metadata/glsa/glsa-200511-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-01">
+  <title>libgda: Format string vulnerabilities</title>
+  <synopsis>
+    Two format string vulnerabilities in libgda may lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">libgda</product>
+  <announced>2005-11-02</announced>
+  <revised count="01">2005-11-02</revised>
+  <bug>110467</bug>
+  <access>remote</access>
+  <affected>
+    <package name="gnome-extra/libgda" auto="yes" arch="*">
+      <unaffected range="ge">1.2.2-r1</unaffected>
+      <vulnerable range="lt">1.2.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libgda is the library handling the data abstraction layer in the
+    Gnome data access architecture (GNOME-DB). It can also be used by
+    non-GNOME applications to manage data stored in databases or XML files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Steve Kemp discovered two format string vulnerabilities in the
+    gda_log_error and gda_log_message functions. Some applications may pass
+    untrusted input to those functions and be vulnerable.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could pass malicious input to an application making
+    use of the vulnerable libgda functions, potentially resulting in the
+    execution of arbitrary code with the rights of that application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libgda users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=gnome-extra/libgda-1.2.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2958">CVE-2005-2958</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-30T15:09:20Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-10-30T15:09:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-01T13:44:10Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-02.xml b/metadata/glsa/glsa-200511-02.xml
new file mode 100644
index 000000000000..8beaf24ec8a2
--- /dev/null
+++ b/metadata/glsa/glsa-200511-02.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-02">
+  <title>QDBM, ImageMagick, GDAL: RUNPATH issues</title>
+  <synopsis>
+    Multiple packages suffer from RUNPATH issues that may allow users in the
+    "portage" group to escalate privileges.
+  </synopsis>
+  <product type="ebuild">QDBM ImageMagick GDAL</product>
+  <announced>2005-11-02</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>105717</bug>
+  <bug>105760</bug>
+  <bug>108534</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-db/qdbm" auto="yes" arch="*">
+      <unaffected range="ge">1.8.33-r2</unaffected>
+      <vulnerable range="lt">1.8.33-r2</vulnerable>
+    </package>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.2.4.2-r1</unaffected>
+      <vulnerable range="lt">6.2.4.2-r1</vulnerable>
+    </package>
+    <package name="sci-libs/gdal" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0-r1</unaffected>
+      <unaffected range="rge">1.2.6-r4</unaffected>
+      <vulnerable range="lt">1.3.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    QDBM is a library of routines for managing a database. ImageMagick is a
+    collection of tools to read, write and manipulate images. GDAL is a
+    geospatial data abstraction library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Some packages may introduce insecure paths into the list of directories
+    that are searched for libraries at runtime. Furthermore, packages
+    depending on the MakeMaker Perl module for build configuration may have
+    incorrectly copied the LD_RUN_PATH into the DT_RPATH.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local attacker, who is a member of the "portage" group, could create
+    a malicious shared object in the Portage temporary build directory that
+    would be loaded at runtime by a dependent executable, potentially
+    resulting in privilege escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Only grant "portage" group rights to trusted users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All QDBM users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/qdbm-1.8.33-r2"</code>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.2.4.2-r1"</code>
+    <p>
+    All GDAL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose sci-libs/gdal</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3580">CVE-2005-3580</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3581">CVE-2005-3581</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3582">CVE-2005-3582</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-10-15T10:06:06Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-01T13:10:18Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-03.xml b/metadata/glsa/glsa-200511-03.xml
new file mode 100644
index 000000000000..135f7232c5be
--- /dev/null
+++ b/metadata/glsa/glsa-200511-03.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-03">
+  <title>giflib: Multiple vulnerabilities</title>
+  <synopsis>
+    giflib may dereference NULL or write out of bounds when processing
+    malformed images, potentially resulting in Denial of Service or arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">giflib</product>
+  <announced>2005-11-04</announced>
+  <revised count="01">2005-11-04</revised>
+  <bug>109997</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/giflib" auto="yes" arch="*">
+      <unaffected range="ge">4.1.4</unaffected>
+      <vulnerable range="lt">4.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    giflib is a library for reading and writing GIF images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans and Daniel Eisenbud independently discovered two
+    out-of-bounds memory write operations and a NULL pointer dereference in
+    giflib.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious GIF image and entice users to
+    load it using an application making use of the giflib library,
+    resulting in an application crash or potentially the execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All giflib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/giflib-4.1.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974">CVE-2005-2974</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350">CVE-2005-3350</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-10-29T09:30:14Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-02T12:50:36Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-04T08:45:23Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-04.xml b/metadata/glsa/glsa-200511-04.xml
new file mode 100644
index 000000000000..d94381f86ee1
--- /dev/null
+++ b/metadata/glsa/glsa-200511-04.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-04">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>
+    ClamAV has many security flaws which make it vulnerable to remote execution
+    of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2005-11-06</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>109213</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.87.1</unaffected>
+      <vulnerable range="lt">0.87.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL anti-virus toolkit, designed for integration with mail
+    servers to perform attachment scanning. ClamAV also provides a command
+    line scanner and a tool for fetching updates of the virus database.
+    </p>
+  </background>
+  <description>
+    <p>
+    ClamAV has multiple security flaws: a boundary check was performed
+    incorrectly in petite.c, a buffer size calculation in unfsg_133 was
+    incorrect in fsg.c, a possible infinite loop was fixed in tnef.c and a
+    possible infinite loop in cabd_find was fixed in cabd.c . In addition
+    to this, Marcin Owsiany reported that a corrupted DOC file causes a
+    segmentation fault in ClamAV.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a malicious attachment to a mail server that is hooked with
+    ClamAV, a remote attacker could cause a Denial of Service or the
+    execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.87.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239">CAN-2005-3239</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303">CAN-2005-3303</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500">CVE-2005-3500</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3501">CVE-2005-3501</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3587">CVE-2005-3587</uri>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=368319">ClamAV release notes</uri>
+    <uri link="https://www.zerodayinitiative.com/advisories/ZDI-05-002.html">Zero Day Initiative advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-04T08:33:36Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-04T15:17:11Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-06T14:23:05Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-05.xml b/metadata/glsa/glsa-200511-05.xml
new file mode 100644
index 000000000000..ffa96dac9fce
--- /dev/null
+++ b/metadata/glsa/glsa-200511-05.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-05">
+  <title>GNUMP3d: Directory traversal and XSS vulnerabilities</title>
+  <synopsis>
+    GNUMP3d is vulnerable to directory traversal and cross-site scripting
+    attacks that may result in information disclosure or the compromise of a
+    browser.
+  </synopsis>
+  <product type="ebuild">gnump3d</product>
+  <announced>2005-11-06</announced>
+  <revised count="02">2007-08-21</revised>
+  <bug>109667</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/gnump3d" auto="yes" arch="*">
+      <unaffected range="ge">2.9_pre7</unaffected>
+      <vulnerable range="lt">2.9_pre7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and
+    other media formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Steve Kemp reported about two cross-site scripting attacks that are
+    related to the handling of files (CVE-2005-3424, CVE-2005-3425). Also
+    reported is a directory traversal vulnerability which comes from the
+    attempt to sanitize input paths (CVE-2005-3123).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this to disclose sensitive information
+    or inject and execute malicious script code, potentially compromising
+    the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNUMP3d users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/gnump3d-2.9_pre7"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3123">CVE-2005-3123</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3424">CVE-2005-3424</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3425">CVE-2005-3425</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-03T12:32:56Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-04T13:55:23Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-05T08:54:39Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-06.xml b/metadata/glsa/glsa-200511-06.xml
new file mode 100644
index 000000000000..226cd8806d06
--- /dev/null
+++ b/metadata/glsa/glsa-200511-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-06">
+  <title>fetchmail: Password exposure in fetchmailconf</title>
+  <synopsis>
+    fetchmailconf fails to properly handle file permissions, temporarily
+    exposing sensitive information to other local users.
+  </synopsis>
+  <product type="ebuild">fetchmail</product>
+  <announced>2005-11-06</announced>
+  <revised count="01">2005-11-06</revised>
+  <bug>110366</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-mail/fetchmail" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5.2-r1</unaffected>
+      <vulnerable range="lt">6.2.5.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    fetchmail is a utility that retrieves and forwards mail from
+    remote systems using IMAP, POP, and other protocols. It ships with
+    fetchmailconf, a graphical utility used to create configuration files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Thomas Wolff discovered that fetchmailconf opens the configuration
+    file with default permissions, writes the configuration to it, and only
+    then restricts read permissions to the owner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit the race condition to retrieve
+    sensitive information like IMAP/POP passwords.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Run "umask 077" to temporarily strengthen default permissions,
+    then run "fetchmailconf" from the same shell.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All fetchmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/fetchmail-6.2.5.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt">Fetchmail Security Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088">CVE-2005-3088</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-11-04T12:31:43Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-04T12:31:54Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-07.xml b/metadata/glsa/glsa-200511-07.xml
new file mode 100644
index 000000000000..7d85fef74549
--- /dev/null
+++ b/metadata/glsa/glsa-200511-07.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-07">
+  <title>OpenVPN: Multiple vulnerabilities</title>
+  <synopsis>
+    The OpenVPN client is potentially vulnerable to the execution of arbitrary
+    code and the OpenVPN server is vulnerable to a Denial of Service issue.
+  </synopsis>
+  <product type="ebuild">OpenVPN</product>
+  <announced>2005-11-06</announced>
+  <revised count="01">2005-11-06</revised>
+  <bug>111116</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openvpn" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4</unaffected>
+      <vulnerable range="lt">2.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenVPN is a multi-platform, full-featured SSL VPN solution.
+    </p>
+  </background>
+  <description>
+    <p>
+    The OpenVPN client contains a format string bug in the handling of
+    the foreign_option in options.c. Furthermore, when the OpenVPN server
+    runs in TCP mode, it may dereference a NULL pointer under specific
+    error conditions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could setup a malicious OpenVPN server and trick
+    the user into connecting to it, potentially executing arbitrary code on
+    the client's computer. A remote attacker could also exploit the NULL
+    dereference issue by sending specific packets to an OpenVPN server
+    running in TCP mode, resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not use "pull" or "client" options in the OpenVPN client
+    configuration file, and use UDP mode for the OpenVPN server.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenVPN users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openvpn-2.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3393">CVE-2005-3393</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409">CVE-2005-3409</uri>
+    <uri link="https://openvpn.net/changelog.html">OpenVPN changelog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-02T12:34:18Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-04T13:01:51Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-06T14:23:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-08.xml b/metadata/glsa/glsa-200511-08.xml
new file mode 100644
index 000000000000..689a78939214
--- /dev/null
+++ b/metadata/glsa/glsa-200511-08.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-08">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    PHP suffers from multiple issues, resulting in security functions bypass,
+    local Denial of service, cross-site scripting or PHP variables overwrite.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2005-11-13</announced>
+  <revised count="01">2005-11-13</revised>
+  <bug>107602</bug>
+  <bug>111032</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="dev-php/php" auto="yes" arch="*">
+      <unaffected range="rge">4.3.11-r4</unaffected>
+      <unaffected range="ge">4.4.0-r4</unaffected>
+      <vulnerable range="lt">4.4.0-r4</vulnerable>
+    </package>
+    <package name="dev-php/mod_php" auto="yes" arch="*">
+      <unaffected range="rge">4.3.11-r4</unaffected>
+      <unaffected range="ge">4.4.0-r8</unaffected>
+      <vulnerable range="lt">4.4.0-r8</vulnerable>
+    </package>
+    <package name="dev-php/php-cgi" auto="yes" arch="*">
+      <unaffected range="rge">4.3.11-r5</unaffected>
+      <unaffected range="ge">4.4.0-r5</unaffected>
+      <vulnerable range="lt">4.4.0-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a general-purpose scripting language widely used to develop
+    web-based applications. It can run inside a web server using the
+    mod_php module or the CGI version and also stand-alone in a CLI.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been found and fixed in PHP:
+    </p>
+    <ul>
+    <li>a possible $GLOBALS variable overwrite problem through file
+    upload handling, extract() and import_request_variables()
+    (CVE-2005-3390)</li>
+    <li>a local Denial of Service through the use of
+    the session.save_path option (CVE-2005-3319)</li>
+    <li>an issue with
+    trailing slashes in allowed basedirs (CVE-2005-3054)</li>
+    <li>an issue
+    with calling virtual() on Apache 2, allowing to bypass safe_mode and
+    open_basedir restrictions (CVE-2005-3392)</li>
+    <li>a problem when a
+    request was terminated due to memory_limit constraints during certain
+    parse_str() calls (CVE-2005-3389)</li>
+    <li>The curl and gd modules
+    allowed to bypass the safe mode open_basedir restrictions
+    (CVE-2005-3391)</li>
+    <li>a cross-site scripting (XSS) vulnerability in
+    phpinfo() (CVE-2005-3388)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    Attackers could leverage these issues to exploit applications that
+    are assumed to be secure through the use of proper register_globals,
+    safe_mode or open_basedir parameters. Remote attackers could also
+    conduct cross-site scripting attacks if a page calling phpinfo() was
+    available. Finally, a local attacker could cause a local Denial of
+    Service using malicious session.save_path options.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround that would solve all issues at this
+    time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-php/php</code>
+    <p>
+    All mod_php users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-php/mod_php</code>
+    <p>
+    All php-cgi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-php/php-cgi</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054">CVE-2005-3054</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319">CVE-2005-3319</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388">CVE-2005-3388</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389">CVE-2005-3389</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390">CVE-2005-3390</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391">CVE-2005-3391</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3392">CVE-2005-3392</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-11-07T14:11:50Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-13T14:44:31Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-09.xml b/metadata/glsa/glsa-200511-09.xml
new file mode 100644
index 000000000000..21bb2f60c30b
--- /dev/null
+++ b/metadata/glsa/glsa-200511-09.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-09">
+  <title>Lynx: Arbitrary command execution</title>
+  <synopsis>
+    Lynx is vulnerable to an issue which allows the remote execution of
+    arbitrary commands.
+  </synopsis>
+  <product type="ebuild">lynx</product>
+  <announced>2005-11-13</announced>
+  <revised count="01">2005-11-13</revised>
+  <bug>112213</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/lynx" auto="yes" arch="*">
+      <unaffected range="ge">2.8.5-r2</unaffected>
+      <vulnerable range="lt">2.8.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Lynx is a fully-featured WWW client for users running
+    cursor-addressable, character-cell display devices such as vt100
+    terminals and terminal emulators.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense labs discovered a problem within the feature to execute
+    local cgi-bin programs via the "lynxcgi:" URI handler. Due to a
+    configuration error, the default settings allow websites to specify
+    commands to run as the user running Lynx.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can entice a user to access a malicious HTTP
+    server, causing Lynx to execute arbitrary commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable "lynxcgi" links by specifying the following directive in
+    lynx.cfg:
+    </p>
+    <code>
+    TRUSTED_LYNXCGI:none</code>
+  </workaround>
+  <resolution>
+    <p>
+    All Lynx users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/lynx-2.8.5-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2929">CVE-2005-2929</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=338&amp;type=vulnerabilities">iDefense Security Advisory 11.11.05</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-11T20:17:54Z">
+    taviso
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-11T21:30:52Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-13T17:03:02Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-10.xml b/metadata/glsa/glsa-200511-10.xml
new file mode 100644
index 000000000000..ca53698c3911
--- /dev/null
+++ b/metadata/glsa/glsa-200511-10.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-10">
+  <title>RAR: Format string and buffer overflow vulnerabilities</title>
+  <synopsis>
+    RAR contains a format string error and a buffer overflow vulnerability that
+    may be used to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rar</product>
+  <announced>2005-11-13</announced>
+  <revised count="01">2005-11-13</revised>
+  <bug>111926</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/rar" auto="yes" arch="*">
+      <unaffected range="ge">3.5.1</unaffected>
+      <vulnerable range="lt">3.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    RAR is a powerful archive manager that can decompress RAR, ZIP and
+    other files, and can create new archives in RAR and ZIP file format.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tan Chew Keong reported about two vulnerabilities found in RAR:
+    </p>
+    <ul>
+    <li>A format string error exists when displaying a diagnostic
+    error message that informs the user of an invalid filename in an
+    UUE/XXE encoded file.</li>
+    <li>Some boundary errors in the processing
+    of malicious ACE archives can be exploited to cause a buffer
+    overflow.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by enticing
+    a user to:
+    </p>
+    <ul><li>decode a specially crafted UUE/XXE file,
+    or</li>
+    <li>extract a malicious ACE archive containing a file with an
+    overly long filename.</li>
+    </ul>
+    <p>
+    When the user performs these
+    actions, the arbitrary code of the attacker's choice will be executed.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All RAR users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/rar-3.5.1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.rarlabs.com/rarnew.htm">RAR Release Notes</uri>
+    <uri link="https://secunia.com/secunia_research/2005-53/advisory/">Secunia Research 11/10/2005</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-11T09:12:31Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-11T14:35:09Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-11T14:35:22Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-11.xml b/metadata/glsa/glsa-200511-11.xml
new file mode 100644
index 000000000000..ac15194870da
--- /dev/null
+++ b/metadata/glsa/glsa-200511-11.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-11">
+  <title>linux-ftpd-ssl: Remote buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability has been found, allowing a remote attacker
+    to execute arbitrary code with escalated privileges on the local system.
+  </synopsis>
+  <product type="ebuild">linux-ftpd-ssl</product>
+  <announced>2005-11-13</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>111573</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/netkit-ftpd" auto="yes" arch="*">
+      <unaffected range="ge">0.17-r3</unaffected>
+      <vulnerable range="lt">0.17-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    linux-ftpd-ssl is the netkit FTP server with encryption support.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow vulnerability has been found in the
+    linux-ftpd-ssl package. A command that generates an excessively long
+    response from the server may overrun a stack buffer.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker that has permission to create directories that are
+    accessible via the FTP server could exploit this vulnerability.
+    Successful exploitation would execute arbitrary code on the local
+    machine with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ftpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/netkit-ftpd-0.17-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3524">CVE-2005-3524</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-06T18:51:48Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-06T21:31:18Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-12T21:51:01Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-12.xml b/metadata/glsa/glsa-200511-12.xml
new file mode 100644
index 000000000000..8423aa2816bf
--- /dev/null
+++ b/metadata/glsa/glsa-200511-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-12">
+  <title>Scorched 3D: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Scorched 3D allow a remote attacker to deny
+    service or execute arbitrary code on game servers.
+  </synopsis>
+  <product type="ebuild">scorched3d</product>
+  <announced>2005-11-15</announced>
+  <revised count="03">2006-08-10</revised>
+  <bug>111421</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-strategy/scorched3d" auto="yes" arch="*">
+      <unaffected range="ge">40</unaffected>
+      <vulnerable range="le">39.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Scorched 3D is a clone of the classic "Scorched Earth" DOS game, adding
+    features like a 3D island environment and Internet multiplayer
+    capabilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma discovered multiple flaws in the Scorched 3D game
+    server, including a format string vulnerability and several buffer
+    overflows.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can exploit these vulnerabilities to crash a game
+    server or execute arbitrary code with the rights of the game server
+    user. Users not running a Scorched 3D game server are not affected by
+    these flaws.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Scorched 3D users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-strategy/scorched3d-40"</code>
+  </resolution>
+  <references>
+    <uri link="http://seclists.org/lists/fulldisclosure/2005/Nov/0079.html">Original advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3486">CVE-2005-3486</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3487">CVE-2005-3487</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3488">CVE-2005-3488</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-11-14T13:02:43Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-14T13:04:09Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-13.xml b/metadata/glsa/glsa-200511-13.xml
new file mode 100644
index 000000000000..ec0416daf914
--- /dev/null
+++ b/metadata/glsa/glsa-200511-13.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-13">
+  <title>Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer</title>
+  <synopsis>
+    Sylpheed and Sylpheed-Claws contain a buffer overflow vulnerability which
+    may lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">sylpheed sylpheed-claws</product>
+  <announced>2005-11-15</announced>
+  <revised count="01">2005-11-15</revised>
+  <bug>111853</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/sylpheed" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4</unaffected>
+      <vulnerable range="lt">2.0.4</vulnerable>
+    </package>
+    <package name="mail-client/sylpheed-claws" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5-r1</unaffected>
+      <vulnerable range="lt">1.0.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sylpheed is a lightweight email client and newsreader.
+    Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both
+    support the import of address books in LDIF (Lightweight Directory
+    Interchange Format).
+    </p>
+  </background>
+  <description>
+    <p>
+    Colin Leroy reported buffer overflow vulnerabilities in Sylpheed
+    and Sylpheed-Claws. The LDIF importer uses a fixed length buffer to
+    store data of variable length. Two similar problems exist also in the
+    Mutt and Pine addressbook importers of Sylpheed-Claws.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By convincing a user to import a specially-crafted LDIF file into
+    the address book, a remote attacker could cause the program to crash,
+    potentially allowing the execution of arbitrary code with the
+    privileges of the user running the software.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sylpheed users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/sylpheed-2.0.4"</code>
+    <p>
+    All Sylpheed-Claws users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/sylpheed-claws-1.0.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3354">CVE-2005-3354</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-13T17:42:22Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-13T18:10:25Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-15T08:35:12Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-14.xml b/metadata/glsa/glsa-200511-14.xml
new file mode 100644
index 000000000000..68c4067fd3fa
--- /dev/null
+++ b/metadata/glsa/glsa-200511-14.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-14">
+  <title>GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities</title>
+  <synopsis>
+    The GdkPixbuf library, that is also included in GTK+ 2, contains
+    vulnerabilities that could lead to a Denial of Service or the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">gtk+</product>
+  <announced>2005-11-16</announced>
+  <revised count="01">2005-11-16</revised>
+  <bug>112608</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gtk+" auto="yes" arch="*">
+      <unaffected range="ge">2.8.6-r1</unaffected>
+      <unaffected range="rge">2.6.10-r1</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.8.6-r1</vulnerable>
+    </package>
+    <package name="media-libs/gdk-pixbuf" auto="yes" arch="*">
+      <unaffected range="ge">0.22.0-r5</unaffected>
+      <vulnerable range="lt">0.22.0-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GTK+ (the GIMP Toolkit) is a toolkit for creating graphical user
+    interfaces. The GdkPixbuf library provides facilities for image
+    handling. It is available as a standalone library and also packaged
+    with GTK+ 2.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDEFENSE reported a possible heap overflow in the XPM loader
+    (CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two
+    additional issues in the XPM processing functions : an integer overflow
+    (CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop
+    (CVE-2005-2975).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Using a specially crafted XPM image an attacker could cause an
+    affected application to enter an infinite loop or trigger the
+    overflows, potentially allowing the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GTK+ 2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose x11-libs/gtk+</code>
+    <p>
+    All GdkPixbuf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/gdk-pixbuf-0.22.0-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975">CVE-2005-2975</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976">CVE-2005-2976</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186">CVE-2005-3186</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=339&amp;type=vulnerabilities">iDefense Security Advisory 11.15.05</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-11-14T14:55:40Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-16T12:54:54Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-15.xml b/metadata/glsa/glsa-200511-15.xml
new file mode 100644
index 000000000000..f17ace66fb0c
--- /dev/null
+++ b/metadata/glsa/glsa-200511-15.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-15">
+  <title>Smb4k: Local unauthorized file access</title>
+  <synopsis>
+    A vulnerability has been identified that allows unauthorized access to the
+    contents of /etc/sudoers and /etc/super.tab files.
+  </synopsis>
+  <product type="ebuild">Smb4k</product>
+  <announced>2005-11-18</announced>
+  <revised count="01">2005-11-18</revised>
+  <bug>111089</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/smb4k" auto="yes" arch="*">
+      <unaffected range="ge">0.6.4</unaffected>
+      <vulnerable range="lt">0.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Smb4K is a SMB/CIFS share browser for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability leading to unauthorized file access has been
+    found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a
+    textfile will cause Smb4k to write the contents of these files to the
+    target of the symlink, as Smb4k does not check for the existence of
+    these files before writing to them.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could acquire local privilege escalation by adding
+    username(s) to the list of sudoers.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All smb4k users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/smb4k-0.6.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2851">CVE-2005-2851</uri>
+    <uri link="http://smb4k.berlios.de/">Smb4k Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-15T09:03:00Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-15T09:04:04Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-16T02:48:46Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-16.xml b/metadata/glsa/glsa-200511-16.xml
new file mode 100644
index 000000000000..b2975e89330c
--- /dev/null
+++ b/metadata/glsa/glsa-200511-16.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-16">
+  <title>GNUMP3d: Directory traversal and insecure temporary file creation</title>
+  <synopsis>
+    Two vulnerabilities have been identified in GNUMP3d allowing for limited
+    directory traversal and insecure temporary file creation.
+  </synopsis>
+  <product type="ebuild">GNUMP3d</product>
+  <announced>2005-11-21</announced>
+  <revised count="02">2007-08-21</revised>
+  <bug>111990</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/gnump3d" auto="yes" arch="*">
+      <unaffected range="ge">2.9_pre7</unaffected>
+      <vulnerable range="lt">2.9_pre7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and
+    other media formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ludwig Nussel from SUSE Linux has identified two vulnerabilities in
+    GNUMP3d. GNUMP3d fails to properly check for the existence of
+    /tmp/index.lok before writing to the file, allowing for local
+    unauthorized access to files owned by the user running GNUMP3d. GNUMP3d
+    also fails to properly validate the "theme" GET variable from CGI
+    input, allowing for unauthorized file inclusion.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could overwrite files owned by the user running GNUMP3d by
+    symlinking /tmp/index.lok to the file targeted for overwrite. An
+    attacker could also include arbitrary files by traversing up the
+    directory tree (at most two times, i.e. "../..") with the "theme" GET
+    variable.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNUMP3d users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/gnump3d-2.9_pre7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3349">CVE-2005-3349</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3355">CVE-2005-3355</uri>
+    <uri link="https://www.gnu.org/software/gnump3d/ChangeLog">GNUMP3d Changelog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-18T12:35:13Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-18T12:35:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-18T22:47:09Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-17.xml b/metadata/glsa/glsa-200511-17.xml
new file mode 100644
index 000000000000..d99af133df54
--- /dev/null
+++ b/metadata/glsa/glsa-200511-17.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-17">
+  <title>FUSE: mtab corruption through fusermount</title>
+  <synopsis>
+    The fusermount utility from FUSE can be abused to corrupt the /etc/mtab
+    file contents, potentially allowing a local attacker to set unauthorized
+    mount options.
+  </synopsis>
+  <product type="ebuild">FUSE</product>
+  <announced>2005-11-22</announced>
+  <revised count="01">2005-11-22</revised>
+  <bug>112902</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/fuse" auto="yes" arch="*">
+      <unaffected range="ge">2.4.1-r1</unaffected>
+      <vulnerable range="lt">2.4.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FUSE (Filesystem in Userspace) allows implementation of a fully
+    functional filesystem in a userspace program. The fusermount utility is
+    used to mount/unmount FUSE file systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Thomas Biege discovered that fusermount fails to securely handle
+    special characters specified in mount points.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could corrupt the contents of the /etc/mtab file
+    by mounting over a maliciously-named directory using fusermount,
+    potentially allowing the attacker to set unauthorized mount options.
+    This is possible only if fusermount is installed setuid root, which is
+    the default in Gentoo.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FUSE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-fs/fuse-2.4.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3531">CVE-2005-3531</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-20T12:06:35Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-21T13:30:54Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-22T16:07:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-18.xml b/metadata/glsa/glsa-200511-18.xml
new file mode 100644
index 000000000000..aacc8813aad1
--- /dev/null
+++ b/metadata/glsa/glsa-200511-18.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-18">
+  <title>phpSysInfo: Multiple vulnerabilities</title>
+  <synopsis>
+    phpSysInfo is vulnerable to multiple issues, including a local file
+    inclusion leading to information disclosure and the potential execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">phpsysinfo</product>
+  <announced>2005-11-22</announced>
+  <revised count="01">2005-11-22</revised>
+  <bug>112482</bug>
+  <access>local and remote</access>
+  <affected>
+    <package name="www-apps/phpsysinfo" auto="yes" arch="*">
+      <unaffected range="ge">2.4.1</unaffected>
+      <vulnerable range="lt">2.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpSysInfo displays various system stats via PHP scripts.
+    </p>
+  </background>
+  <description>
+    <p>
+    Christopher Kunz from the Hardened-PHP Project discovered
+    that phpSysInfo is vulnerable to local file inclusion, cross-site
+    scripting and a HTTP Response Splitting attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker may exploit the file inclusion vulnerability by
+    sending malicious requests, causing the execution of arbitrary code
+    with the rights of the user running the web server. A remote attacker
+    could exploit the vulnerability to disclose local file content.
+    Furthermore, the cross-site scripting issues gives a remote attacker
+    the ability to inject and execute malicious script code in the user's
+    browser context or to steal cookie-based authentication credentials.
+    The HTTP response splitting issue give an attacker the ability to
+    perform site hijacking and cache poisoning.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpSysInfo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpsysinfo-2.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.hardened-php.net/advisory_222005.81.html">Original advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3347">CVE-2005-3347</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3348">CVE-2005-3348</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-21T11:13:22Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-21T13:32:38Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-21T18:14:24Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-19.xml b/metadata/glsa/glsa-200511-19.xml
new file mode 100644
index 000000000000..d27129cfb23a
--- /dev/null
+++ b/metadata/glsa/glsa-200511-19.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-19">
+  <title>eix: Insecure temporary file creation</title>
+  <synopsis>
+    eix has an insecure temporary file creation vulnerability, potentially
+    allowing a local user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">eix</product>
+  <announced>2005-11-22</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>112061</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-portage/eix" auto="yes" arch="*">
+      <unaffected range="ge">0.5.0_pre2</unaffected>
+      <unaffected range="rge">0.3.0-r2</unaffected>
+      <vulnerable range="lt">0.5.0_pre2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    eix is a small utility for searching ebuilds with indexing for fast
+    results.
+    </p>
+  </background>
+  <description>
+    <p>
+    Eric Romang discovered that eix creates a temporary file with a
+    predictable name. eix creates a temporary file in /tmp/eix.*.sync where
+    * is the process ID of the shell running eix.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker can watch the process list and determine the process
+    ID of the shell running eix while the "emerge --sync" command is
+    running, then create a link from the corresponding temporary file to a
+    system file, which would result in the file being overwritten with the
+    rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All eix users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-portage/eix</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3785">CVE-2005-3785</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-21T09:11:10Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-21T20:48:28Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-22T08:46:22Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-20.xml b/metadata/glsa/glsa-200511-20.xml
new file mode 100644
index 000000000000..66b5aadc0c91
--- /dev/null
+++ b/metadata/glsa/glsa-200511-20.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-20">
+  <title>Horde Application Framework: XSS vulnerability</title>
+  <synopsis>
+    The Horde Application Framework is vulnerable to a cross-site scripting
+    vulnerability which could lead to the compromise of the victim's browser
+    content.
+  </synopsis>
+  <product type="ebuild">horde</product>
+  <announced>2005-11-22</announced>
+  <revised count="01">2005-11-22</revised>
+  <bug>112491</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde" auto="yes" arch="*">
+      <unaffected range="ge">2.2.9</unaffected>
+      <vulnerable range="lt">2.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Horde Application Framework is a general-purpose web
+    application framework written in PHP, providing classes for handling
+    preferences, compression, browser detection, connection tracking, MIME,
+    and more.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Horde Team reported a potential XSS vulnerability. Horde fails
+    to properly escape error messages which may lead to displaying
+    unsanitized error messages via Notification_Listener::getMessage()
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By enticing a user to read a specially-crafted e-mail or using a
+    manipulated URL, an attacker can execute arbitrary scripts running in
+    the context of the victim's browser. This could lead to a compromise of
+    the user's browser content.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde Application Framework users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-2.2.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3570">CVE-2005-3570</uri>
+    <uri link="https://lists.horde.org/archives/announce/2005/000231.html">Horde Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-20T18:32:42Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-20T19:23:12Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-21T09:22:48Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-21.xml b/metadata/glsa/glsa-200511-21.xml
new file mode 100644
index 000000000000..49d049df89bc
--- /dev/null
+++ b/metadata/glsa/glsa-200511-21.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-21">
+  <title>Macromedia Flash Player: Remote arbitrary code execution</title>
+  <synopsis>
+    A vulnerability has been identified that allows arbitrary code execution on
+    a user's system via the handling of malicious SWF files.
+  </synopsis>
+  <product type="ebuild">Flash</product>
+  <announced>2005-11-25</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>112251</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">7.0.61</unaffected>
+      <vulnerable range="lt">7.0.61</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Macromedia Flash Player is a renderer for the popular SWF
+    filetype which is commonly used to provide interactive websites,
+    digital experiences and mobile content.
+    </p>
+  </background>
+  <description>
+    <p>
+    When handling a SWF file, the Macromedia Flash Player incorrectly
+    validates the frame type identifier stored in the SWF file which is
+    used as an index to reference an array of function pointers. A
+    specially crafted SWF file can cause this index to reference memory
+    outside of the scope of the Macromedia Flash Player, which in turn can
+    cause the Macromedia Flash Player to use unintended memory address(es)
+    as function pointers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker serving a maliciously crafted SWF file could entice a
+    user to view the SWF file and execute arbitrary code on the user's
+    machine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Macromedia Flash Player users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-7.0.61"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2628">CVE-2005-2628</uri>
+    <uri link="http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html">Macromedia Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-18T12:28:16Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-18T22:27:02Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-25T08:20:52Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-22.xml b/metadata/glsa/glsa-200511-22.xml
new file mode 100644
index 000000000000..f608246b3688
--- /dev/null
+++ b/metadata/glsa/glsa-200511-22.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-22">
+  <title>Inkscape: Buffer overflow</title>
+  <synopsis>
+    A vulnerability has been identified that allows a specially crafted SVG
+    file to exploit a buffer overflow and potentially execute arbitrary code
+    when opened.
+  </synopsis>
+  <product type="ebuild">Inkscape</product>
+  <announced>2005-11-28</announced>
+  <revised count="01">2005-11-28</revised>
+  <bug>109993</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/inkscape" auto="yes" arch="*">
+      <unaffected range="ge">0.43</unaffected>
+      <vulnerable range="lt">0.43</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Inkscape is an Open Source vector graphics editor using the W3C
+    standard Scalable Vector Graphics (SVG) file format.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joxean Koret has discovered that Inkscape incorrectly allocates
+    memory when opening an SVG file, creating the possibility of a buffer
+    overflow if the SVG file being opened is specially crafted.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user into opening a maliciously crafted
+    SVG file, allowing for the execution of arbitrary code on a machine
+    with the privileges of the user running Inkscape.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Inkscape users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/inkscape-0.43"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3737">CVE-2005-3737</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-23T12:36:14Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-23T22:39:24Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-27T21:35:11Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200511-23.xml b/metadata/glsa/glsa-200511-23.xml
new file mode 100644
index 000000000000..0b6152d7fd26
--- /dev/null
+++ b/metadata/glsa/glsa-200511-23.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200511-23">
+  <title>chmlib, KchmViewer: Stack-based buffer overflow</title>
+  <synopsis>
+    chmlib and KchmViewer contain a buffer overflow vulnerability which may
+    lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chmlib kchmviewer</product>
+  <announced>2005-11-28</announced>
+  <revised count="03">2009-05-28</revised>
+  <bug>110557</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/chmlib" auto="yes" arch="*">
+      <unaffected range="ge">0.37.4</unaffected>
+      <vulnerable range="lt">0.37.4</vulnerable>
+    </package>
+    <package name="app-text/kchmviewer" auto="yes" arch="*">
+      <unaffected range="ge">1.1</unaffected>
+      <vulnerable range="lt">1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    chmlib is a library for dealing with Microsoft ITSS and CHM format
+    files. KchmViewer is a CHM viewer that includes its own copy of the
+    chmlib library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sven Tantau reported about a buffer overflow vulnerability in
+    chmlib. The function "_chm_decompress_block()" does not properly
+    perform boundary checking, resulting in a stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By convincing a user to open a specially crafted ITSS or CHM file,
+    using KchmViewer or a program makes use of chmlib, a remote attacker
+    could execute arbitrary code with the privileges of the user running
+    the software.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All chmlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/chmlib-0.37.4"</code>
+    <p>
+    All KchmViewer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/kchmviewer-1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3318">CVE-2005-3318</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-11-25T10:03:15Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-11-26T02:10:11Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-11-27T20:16:26Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-01.xml b/metadata/glsa/glsa-200512-01.xml
new file mode 100644
index 000000000000..1586458545c4
--- /dev/null
+++ b/metadata/glsa/glsa-200512-01.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-01">
+  <title>Perl: Format string errors can lead to code execution</title>
+  <synopsis>
+    A fix is available for Perl to mitigate the effects of format string
+    programming errors, that could otherwise be exploited to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">Perl</product>
+  <announced>2005-12-07</announced>
+  <revised count="01">2005-12-07</revised>
+  <bug>114113</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.8.7-r3</unaffected>
+      <unaffected range="rge">5.8.6-r8</unaffected>
+      <vulnerable range="lt">5.8.7-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Perl is a stable, cross-platform programming language created by
+    Larry Wall. It contains printf functions that allows construction of
+    strings from format specifiers and parameters, like the C printf
+    functions. A well-known class of vulnerabilities, called format string
+    errors, result of the improper use of the printf functions in C. Perl
+    in itself is vulnerable to a limited form of format string errors
+    through its own sprintf function, especially through wrapper functions
+    that call sprintf (for example the syslog function) and by taking
+    advantage of Perl powerful string expansion features rather than using
+    format string specifiers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jack Louis discovered a new way to exploit format string errors in
+    Perl that could lead to the execution of arbitrary code. This is
+    perfomed by causing an integer wrap overflow in the efix variable
+    inside the function Perl_sv_vcatpvfn. The proposed fix closes that
+    specific exploitation vector to mitigate the risk of format string
+    programming errors in Perl. This fix does not remove the need to fix
+    such errors in Perl code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Perl applications making improper use of printf functions (or
+    derived functions) using untrusted data may be vulnerable to the
+    already-known forms of Perl format string exploits and also to the
+    execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Fix all misbehaving Perl applications so that they make proper use
+    of the printf and derived Perl functions.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Perl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-lang/perl</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962">CVE-2005-3962</uri>
+    <uri link="https://www.dyadsecurity.com/perl-0002.html">Dyad Security Advisory</uri>
+    <uri link="http://www.securityfocus.com/archive/1/418460/30/30">Research on format string errors in Perl</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-01T12:36:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-01T16:05:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-07T10:06:40Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-02.xml b/metadata/glsa/glsa-200512-02.xml
new file mode 100644
index 000000000000..bfbdcd1bf6fd
--- /dev/null
+++ b/metadata/glsa/glsa-200512-02.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-02">
+  <title>Webmin, Usermin: Format string vulnerability</title>
+  <synopsis>
+    Webmin and Usermin are vulnerable to a format string vulnerability which
+    may lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">webmin usermin</product>
+  <announced>2005-12-07</announced>
+  <revised count="01">2005-12-07</revised>
+  <bug>113888</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/webmin" auto="yes" arch="*">
+      <unaffected range="ge">1.250</unaffected>
+      <vulnerable range="lt">1.250</vulnerable>
+    </package>
+    <package name="app-admin/usermin" auto="yes" arch="*">
+      <unaffected range="ge">1.180</unaffected>
+      <vulnerable range="lt">1.180</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Webmin is a web-based interface for Unix-like systems. Usermin is
+    a simplified version of Webmin designed for use by normal users rather
+    than system administrators.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jack Louis discovered that the Webmin and Usermin "miniserv.pl"
+    web server component is vulnerable to a Perl format string
+    vulnerability. Login with the supplied username is logged via the Perl
+    "syslog" facility in an unsafe manner.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can trigger this vulnerability via a specially
+    crafted username containing format string data. This can be exploited
+    to consume a large amount of CPU and memory resources on a vulnerable
+    system, and possibly to execute arbitrary code of the attacker's choice
+    with the permissions of the user running Webmin.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Webmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/webmin-1.250"</code>
+    <p>
+    All Usermin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/usermin-1.180"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912">CVE-2005-3912</uri>
+    <uri link="https://www.dyadsecurity.com/webmin-0001.html">Dyad Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-01T16:39:12Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-04T19:02:00Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-05T03:16:21Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-03.xml b/metadata/glsa/glsa-200512-03.xml
new file mode 100644
index 000000000000..0761a75d00b7
--- /dev/null
+++ b/metadata/glsa/glsa-200512-03.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-03">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple flaws in phpMyAdmin may lead to several XSS issues and local and
+    remote file inclusion vulnerabilities.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2005-12-11</announced>
+  <revised count="01">2005-12-11</revised>
+  <bug>114662</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.7.0_p1</unaffected>
+      <vulnerable range="lt">2.7.0_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL over the web.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser from Hardened-PHP reported about multiple
+    vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows
+    modifying the global variable import_blacklist to open phpMyAdmin to
+    local and remote file inclusion, depending on your PHP version
+    (CVE-2005-4079, PMASA-2005-9). Furthermore, it is also possible to
+    conduct an XSS attack via the $HTTP_HOST variable and a local and
+    remote file inclusion because the contents of the variable are under
+    total control of the attacker (CVE-2005-3665, PMASA-2005-8).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may exploit these vulnerabilities by sending
+    malicious requests, causing the execution of arbitrary code with the
+    rights of the user running the web server. The cross-site scripting
+    issues allow a remote attacker to inject and execute malicious script
+    code or to steal cookie-based authentication credentials, potentially
+    allowing unauthorized access to phpMyAdmin.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.7.0_p1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3665">CVE-2005-3665</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4079">CVE-2005-4079</uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-8">PMASA-2005-8</uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-9">PMASA-2005-9</uri>
+    <uri link="https://www.hardened-php.net/advisory_252005.110.html">Hardened-PHP Advisory 25/2005</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-07T12:42:53Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-08T11:27:37Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-11T17:53:22Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-04.xml b/metadata/glsa/glsa-200512-04.xml
new file mode 100644
index 000000000000..2f6c865dcbd3
--- /dev/null
+++ b/metadata/glsa/glsa-200512-04.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-04">
+  <title>Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation</title>
+  <synopsis>
+    Openswan and IPsec-Tools suffer from an implementation flaw which may allow
+    a Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">openswan ipsec-tools</product>
+  <announced>2005-12-12</announced>
+  <revised count="02">2005-12-14</revised>
+  <bug>112568</bug>
+  <bug>113201</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openswan" auto="yes" arch="*">
+      <unaffected range="ge">2.4.4</unaffected>
+      <vulnerable range="lt">2.4.4</vulnerable>
+    </package>
+    <package name="net-firewall/ipsec-tools" auto="yes" arch="*">
+      <unaffected range="ge">0.6.3</unaffected>
+      <unaffected range="rge">0.6.2-r1</unaffected>
+      <unaffected range="rge">0.4-r2</unaffected>
+      <vulnerable range="lt">0.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Openswan is an implementation of IPsec for Linux. IPsec-Tools is a port
+    of KAME's implementation of the IPsec utilities, including racoon, an
+    Internet Key Exchange daemon. Internet Key Exchange version 1 (IKEv1),
+    a derivate of ISAKMP, is an important part of IPsec. IPsec is widely
+    used to secure exchange of packets at the IP layer and mostly used to
+    implement Virtual Private Networks (VPNs).
+    </p>
+  </background>
+  <description>
+    <p>
+    The Oulu University Secure Programming Group (OUSPG) discovered that
+    various ISAKMP implementations, including Openswan and racoon (included
+    in the IPsec-Tools package), behave in an anomalous way when they
+    receive and handle ISAKMP Phase 1 packets with invalid or abnormal
+    contents.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could craft specific packets that would result in a
+    Denial of Service attack, if Openswan and racoon are used in specific,
+    weak configurations.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Openswan users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openswan-2.4.4"</code>
+    <p>
+    All IPsec-Tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-firewall/ipsec-tools</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3671">CVE-2005-3671</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3732">CVE-2005-3732</uri>
+    <uri link="http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/">Original Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-02T12:39:46Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-05T03:24:10Z">
+    adir
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-05T03:54:41Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-05.xml b/metadata/glsa/glsa-200512-05.xml
new file mode 100644
index 000000000000..355f1365803e
--- /dev/null
+++ b/metadata/glsa/glsa-200512-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-05">
+  <title>Xmail: Privilege escalation through sendmail</title>
+  <synopsis>
+    The sendmail program in Xmail is vulnerable to a buffer overflow,
+    potentially resulting in local privilege escalation.
+  </synopsis>
+  <product type="ebuild">xmail</product>
+  <announced>2005-12-14</announced>
+  <revised count="01">2005-12-14</revised>
+  <bug>109381</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-mta/xmail" auto="yes" arch="*">
+      <unaffected range="ge">1.22</unaffected>
+      <vulnerable range="lt">1.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xmail is an Internet and intranet mail server.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDEFENSE reported that the AddressFromAtPtr function in the
+    sendmail program fails to check bounds on arguments passed from other
+    functions, and as a result an exploitable stack overflow condition
+    occurs when specifying the "-t" command line option.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker can make a malicious call to sendmail,
+    potentially resulting in code execution with elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/xmail-1.22"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2943">CVE-2005-2943</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=321&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-11T18:01:24Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-12T15:24:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-13T08:46:36Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-06.xml b/metadata/glsa/glsa-200512-06.xml
new file mode 100644
index 000000000000..62ced5afba88
--- /dev/null
+++ b/metadata/glsa/glsa-200512-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-06">
+  <title>Ethereal: Buffer overflow in OSPF protocol dissector</title>
+  <synopsis>
+    Ethereal is missing bounds checking in the OSPF protocol dissector that
+    could lead to abnormal program termination or the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2005-12-14</announced>
+  <revised count="01">2005-12-14</revised>
+  <bug>115030</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.10.13-r2</unaffected>
+      <vulnerable range="lt">0.10.13-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature-rich network protocol analyzer. It provides
+    protocol analyzers for various network flows, including one for Open
+    Shortest Path First (OSPF) Interior Gateway Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDEFENSE reported a possible overflow due to the lack of bounds
+    checking in the dissect_ospf_v3_address_prefix() function, part of the
+    OSPF protocol dissector.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to craft a malicious network flow that
+    would crash Ethereal. It may be possible, though unlikely, to exploit
+    this flaw to execute arbitrary code with the permissions of the user
+    running Ethereal, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ethereal-0.10.13-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3651">CVE-2005-3651</uri>
+    <uri link="http://www.idefense.com/application/poi/display?id=349&amp;type=vulnerabilities">iDEFENSE Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-12-12T15:18:48Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-14T12:23:23Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-07.xml b/metadata/glsa/glsa-200512-07.xml
new file mode 100644
index 000000000000..cd9d4232cd28
--- /dev/null
+++ b/metadata/glsa/glsa-200512-07.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-07">
+  <title>OpenLDAP, Gauche: RUNPATH issues</title>
+  <synopsis>
+    OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the
+    "portage" group to escalate privileges.
+  </synopsis>
+  <product type="ebuild">OpenLDAP Gauche</product>
+  <announced>2005-12-15</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>105380</bug>
+  <bug>112577</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-nds/openldap" auto="yes" arch="*">
+      <unaffected range="ge">2.2.28-r3</unaffected>
+      <unaffected range="rge">2.1.30-r6</unaffected>
+      <vulnerable range="lt">2.2.28-r3</vulnerable>
+    </package>
+    <package name="dev-scheme/gauche" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6-r1</unaffected>
+      <vulnerable range="lt">0.8.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenLDAP is a suite of LDAP-related application and development tools.
+    Gauche is an R5RS Scheme interpreter.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths
+    into the list of directories that are searched for libraries at
+    runtime.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local attacker, who is a member of the "portage" group, could create
+    a malicious shared object in the Portage temporary build directory that
+    would be loaded at runtime by a dependent binary, potentially resulting
+    in privilege escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Only grant "portage" group rights to trusted users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenLDAP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-nds/openldap</code>
+    <p>
+    All Gauche users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-scheme/gauche-0.8.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4442">CVE-2005-4442</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4443">CVE-2005-4443</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-12-14T13:30:23Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-14T13:31:28Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-08.xml b/metadata/glsa/glsa-200512-08.xml
new file mode 100644
index 000000000000..80c8e744a956
--- /dev/null
+++ b/metadata/glsa/glsa-200512-08.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-08">
+  <title>Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and
+    Poppler potentially resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xpdf, gpdf, poppler,cups</product>
+  <announced>2005-12-16</announced>
+  <revised count="02">2005-12-17</revised>
+  <bug>114428</bug>
+  <bug>115286</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.01-r2</unaffected>
+      <vulnerable range="lt">3.01-r2</vulnerable>
+    </package>
+    <package name="app-text/gpdf" auto="yes" arch="*">
+      <unaffected range="ge">2.10.0-r2</unaffected>
+      <vulnerable range="lt">2.10.0-r2</vulnerable>
+    </package>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.4.2-r1</unaffected>
+      <unaffected range="rge">0.3.0-r1</unaffected>
+      <vulnerable range="lt">0.4.2-r1</vulnerable>
+    </package>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.1.23-r3</unaffected>
+      <vulnerable range="lt">1.1.23-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xpdf and GPdf are PDF file viewers that run under the X Window System.
+    Poppler is a PDF rendering library based on Xpdf code. The Common UNIX
+    Printing System (CUPS) is a cross-platform print spooler. It makes use
+    of Xpdf code to handle PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    infamous41md discovered that several Xpdf functions lack sufficient
+    boundary checking, resulting in multiple exploitable buffer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially-crafted PDF file
+    which would trigger an overflow, potentially resulting in execution of
+    arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or
+    Poppler.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/xpdf-3.01-r2"</code>
+    <p>
+    All GPdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/gpdf-2.10.0-r2"</code>
+    <p>
+    All Poppler users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-text/poppler</code>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.1.23-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191">CVE-2005-3191</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192">CVE-2005-3192</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193">CVE-2005-3193</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-08T08:57:56Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-14T12:15:58Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-15T11:55:50Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-09.xml b/metadata/glsa/glsa-200512-09.xml
new file mode 100644
index 000000000000..881ce48c14d0
--- /dev/null
+++ b/metadata/glsa/glsa-200512-09.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-09">
+  <title>cURL: Off-by-one errors in URL handling</title>
+  <synopsis>
+    cURL is vulnerable to local arbitrary code execution via buffer overflow
+    due to the insecure parsing of URLs.
+  </synopsis>
+  <product type="ebuild">cURL</product>
+  <announced>2005-12-16</announced>
+  <revised count="01">2005-12-16</revised>
+  <bug>114710</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.15.1</unaffected>
+      <vulnerable range="lt">7.15.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cURL is a command line tool for transferring files with URL
+    syntax, supporting numerous protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser from the Hardened-PHP Project has reported a
+    vulnerability in cURL that allows for a local buffer overflow when cURL
+    attempts to parse specially crafted URLs. The URL can be specially
+    crafted in one of two ways: the URL could be malformed in a way that
+    prevents a terminating null byte from being added to either a hostname
+    or path buffer; or the URL could contain a "?" separator in the
+    hostname portion, which causes a "/" to be prepended to the resulting
+    string.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker capable of getting cURL to parse a maliciously crafted
+    URL could cause a denial of service or execute arbitrary code with the
+    privileges of the user making the call to cURL. An attacker could also
+    escape open_basedir or safe_mode pseudo-restrictions when exploiting
+    this problem from within a PHP program when PHP is compiled with
+    libcurl.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All cURL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.15.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077">CVE-2005-4077</uri>
+    <uri link="https://www.hardened-php.net/advisory_242005.109.html">Hardened-PHP Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-14T13:39:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-14T17:20:45Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-15T11:37:18Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-10.xml b/metadata/glsa/glsa-200512-10.xml
new file mode 100644
index 000000000000..bcac81620401
--- /dev/null
+++ b/metadata/glsa/glsa-200512-10.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-10">
+  <title>Opera: Command-line URL shell command injection</title>
+  <synopsis>
+    Lack of URL validation in Opera command-line wrapper could be abused to
+    execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2005-12-18</announced>
+  <revised count="01">2005-12-18</revised>
+  <bug>113239</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">8.51</unaffected>
+      <vulnerable range="lt">8.51</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Peter Zelezny discovered that the shell script used to launch
+    Opera parses shell commands that are enclosed within backticks in the
+    URL provided via the command line.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability by enticing a
+    user to follow a specially crafted URL from a tool that uses Opera to
+    open URLs, resulting in the execution of arbitrary commands on the
+    targeted machine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-8.51"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3750">CVE-2005-3750</uri>
+    <uri link="https://www.opera.com/docs/changelogs/linux/851/">Opera 8.51 Changelog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-15T12:24:01Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-15T12:24:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-16T02:18:07Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-11.xml b/metadata/glsa/glsa-200512-11.xml
new file mode 100644
index 000000000000..9ed225fe095e
--- /dev/null
+++ b/metadata/glsa/glsa-200512-11.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-11">
+  <title>CenterICQ: Multiple vulnerabilities</title>
+  <synopsis>
+    CenterICQ is vulnerable to a Denial of Service issue, and also potentially
+    to the execution of arbitrary code through an included vulnerable ktools
+    library.
+  </synopsis>
+  <product type="ebuild">CenterICQ</product>
+  <announced>2005-12-20</announced>
+  <revised count="01">2005-12-20</revised>
+  <bug>100519</bug>
+  <bug>114038</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/centericq" auto="yes" arch="*">
+      <unaffected range="ge">4.21.0-r2</unaffected>
+      <vulnerable range="lt">4.21.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CenterICQ is a text-based instant messaging interface that
+    supports multiple protocols. It includes the ktools library, which
+    provides text-mode user interface controls.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gentoo developer Wernfried Haas discovered that when the "Enable
+    peer-to-peer communications" option is enabled, CenterICQ opens a port
+    that insufficiently validates whatever is sent to it. Furthermore,
+    Zone-H Research reported a buffer overflow in the ktools library.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause a crash of CenterICQ by sending
+    packets to the peer-to-peer communications port, and potentially cause
+    the execution of arbitrary code by enticing a CenterICQ user to edit
+    overly long contact details.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CenterICQ users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/centericq-4.21.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3694">CVE-2005-3694</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3863">CVE-2005-3863</uri>
+    <uri link="http://www.zone-h.org/en/advisories/read/id=8480/">Zone-H Research ZRCSA 200503</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-16T12:39:29Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-17T10:48:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-18T11:38:58Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-12.xml b/metadata/glsa/glsa-200512-12.xml
new file mode 100644
index 000000000000..d408a4829559
--- /dev/null
+++ b/metadata/glsa/glsa-200512-12.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-12">
+  <title>Mantis: Multiple vulnerabilities</title>
+  <synopsis>
+    Mantis is affected by multiple vulnerabilities ranging from file upload and
+    SQL injection to cross-site scripting and HTTP response splitting.
+  </synopsis>
+  <product type="ebuild">Mantis</product>
+  <announced>2005-12-22</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>116036</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mantisbt" auto="yes" arch="*">
+      <unaffected range="ge">0.19.4</unaffected>
+      <vulnerable range="lt">0.19.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mantis is a web-based bugtracking system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tobias Klein discovered that Mantis contains several vulnerabilities,
+    including:
+    </p>
+    <ul>
+    <li>a file upload vulnerability.</li>
+    <li>an injection vulnerability in filters.</li>
+    <li>an SQL injection vulnerability in the user-management page.</li>
+    <li>a port cross-site-scripting vulnerability in filters.</li>
+    <li>an HTTP header CRLF injection vulnerability.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could possibly exploit the file upload vulnerability to
+    execute arbitrary script code, and the SQL injection vulnerability to
+    access or modify sensitive information from the Mantis database.
+    Furthermore, the cross-site scripting and HTTP response splitting may
+    allow an attacker to inject and execute malicious script code or to
+    steal cookie-based authentication credentials, potentially compromising
+    the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mantis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mantisbt-0.19.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.mantisbt.org/changelog.php">Mantis ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4518">CVE-2005-4518</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4519">CVE-2005-4519</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4520">CVE-2005-4520</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4521">CVE-2005-4521</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4522">CVE-2005-4522</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-12-20T11:13:27Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-20T11:13:46Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-13.xml b/metadata/glsa/glsa-200512-13.xml
new file mode 100644
index 000000000000..8e391aa43642
--- /dev/null
+++ b/metadata/glsa/glsa-200512-13.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-13">
+  <title>Dropbear: Privilege escalation</title>
+  <synopsis>
+    A buffer overflow in Dropbear could allow authenticated users to execute
+    arbitrary code as the root user.
+  </synopsis>
+  <product type="ebuild">dropbear</product>
+  <announced>2005-12-23</announced>
+  <revised count="01">2005-12-23</revised>
+  <bug>116006</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dropbear" auto="yes" arch="*">
+      <unaffected range="ge">0.47</unaffected>
+      <vulnerable range="lt">0.47</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dropbear is an SSH server and client with a small memory
+    footprint.
+    </p>
+  </background>
+  <description>
+    <p>
+    Under certain conditions Dropbear could fail to allocate a
+    sufficient amount of memory, possibly resulting in a buffer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending specially crafted data to the server, authenticated
+    users could exploit this vulnerability to execute arbitrary code with
+    the permissions of the SSH server user, which is the root user by
+    default.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dropbear users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/dropbear-0.47"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4178">CVE-2005-4178</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-20T11:10:03Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-20T16:40:12Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-21T10:00:54Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-14.xml b/metadata/glsa/glsa-200512-14.xml
new file mode 100644
index 000000000000..8ff71fa807bc
--- /dev/null
+++ b/metadata/glsa/glsa-200512-14.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-14">
+  <title>NBD Tools: Buffer overflow in NBD server</title>
+  <synopsis>
+    The NBD server is vulnerable to a buffer overflow that may result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">NBD</product>
+  <announced>2005-12-23</announced>
+  <revised count="01">2005-12-23</revised>
+  <bug>116314</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-block/nbd" auto="yes" arch="*">
+      <unaffected range="ge">2.8.2-r1</unaffected>
+      <vulnerable range="lt">2.8.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The NBD Tools are the Network Block Device utilities allowing one
+    to use remote block devices over a TCP/IP network. It includes a
+    userland NBD server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kurt Fitzner discovered that the NBD server allocates a request
+    buffer that fails to take into account the size of the reply header.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a malicious request that can result
+    in the execution of arbitrary code with the rights of the NBD server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NBD Tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-block/nbd-2.8.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3534">CVE-2005-3534</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-12-23T10:21:27Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-23T10:21:38Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-15.xml b/metadata/glsa/glsa-200512-15.xml
new file mode 100644
index 000000000000..87bcd5cce0dc
--- /dev/null
+++ b/metadata/glsa/glsa-200512-15.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-15">
+  <title>rssh: Privilege escalation</title>
+  <synopsis>
+    Local users could gain root privileges by chrooting into arbitrary
+    directories.
+  </synopsis>
+  <product type="ebuild">rssh</product>
+  <announced>2005-12-27</announced>
+  <revised count="01">2005-12-27</revised>
+  <bug>115082</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-shells/rssh" auto="yes" arch="*">
+      <unaffected range="ge">2.3.0</unaffected>
+      <vulnerable range="lt">2.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rssh is a restricted shell, allowing only a few commands like scp
+    or sftp. It is often used as a complement to OpenSSH to provide limited
+    access to users.
+    </p>
+  </background>
+  <description>
+    <p>
+    Max Vozeler discovered that the rssh_chroot_helper command allows
+    local users to chroot into arbitrary directories.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could exploit this vulnerability to gain root
+    privileges by chrooting into arbitrary directories.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All rssh users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-shells/rssh-2.3.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3345">CVE-2005-3345</uri>
+    <uri link="http://www.pizzashack.org/rssh/security.shtml">rssh security announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-23T10:25:35Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2005-12-25T13:06:13Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-26T13:28:20Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-16.xml b/metadata/glsa/glsa-200512-16.xml
new file mode 100644
index 000000000000..d1fd1664d4d3
--- /dev/null
+++ b/metadata/glsa/glsa-200512-16.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-16">
+  <title>OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library</title>
+  <synopsis>
+    Two buffer overflows have been discovered in libUil, part of the OpenMotif
+    toolkit, that can potentially lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openmotif</product>
+  <announced>2005-12-28</announced>
+  <revised count="03">2006-01-29</revised>
+  <bug>114234</bug>
+  <bug>116481</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/openmotif" auto="yes" arch="*">
+      <unaffected range="ge">2.2.3-r8</unaffected>
+      <unaffected range="rge">2.1.30-r13</unaffected>
+      <vulnerable range="lt">2.2.3-r8</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-xlibs" auto="yes" arch="amd64">
+      <unaffected range="ge">2.2.1</unaffected>
+      <vulnerable range="lt">2.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenMotif provides a free version of the Motif toolkit for open source
+    applications. The OpenMotif libraries are included in the AMD64 x86
+    emulation X libraries, which emulate the x86 (32-bit) architecture on
+    the AMD64 (64-bit) architecture.
+    </p>
+  </background>
+  <description>
+    <p>
+    xfocus discovered two potential buffer overflows in the libUil library,
+    in the diag_issue_diagnostic and open_source_file functions.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Remotely-accessible or SUID applications making use of the affected
+    functions might be exploited to execute arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenMotif users should upgrade to an unaffected version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --unmerge --verbose x11-libs/openmotif
+    # emerge --ask --oneshot --verbose x11-libs/openmotif</code>
+    <p>
+    All AMD64 x86 emulation X libraries users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-emulation/emul-linux-x86-xlibs</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3964">CVE-2005-3964</uri>
+    <uri link="http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0047.html">xfocus SD-051202 Original Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-12-27T10:06:00Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-27T10:07:13Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-17.xml b/metadata/glsa/glsa-200512-17.xml
new file mode 100644
index 000000000000..cc49503bd515
--- /dev/null
+++ b/metadata/glsa/glsa-200512-17.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-17">
+  <title>scponly: Multiple privilege escalation issues</title>
+  <synopsis>
+    Local users can exploit an scponly flaw to gain root privileges, and
+    scponly restricted users can use another vulnerability to evade shell
+    restrictions.
+  </synopsis>
+  <product type="ebuild">scponly</product>
+  <announced>2005-12-29</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>116526</bug>
+  <access>local and remote</access>
+  <affected>
+    <package name="net-misc/scponly" auto="yes" arch="*">
+      <unaffected range="ge">4.2</unaffected>
+      <vulnerable range="lt">4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    scponly is a restricted shell, allowing only a few predefined commands.
+    It is often used as a complement to OpenSSH to provide access to remote
+    users without providing any remote execution privileges.
+    </p>
+  </background>
+  <description>
+    <p>
+    Max Vozeler discovered that the scponlyc command allows users to chroot
+    into arbitrary directories. Furthermore, Pekka Pessi reported that
+    scponly insufficiently validates command-line parameters to a scp or
+    rsync command.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could gain root privileges by chrooting into arbitrary
+    directories containing hardlinks to setuid programs. A remote scponly
+    user could also send malicious parameters to a scp or rsync command
+    that would allow to escape the shell restrictions and execute arbitrary
+    programs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All scponly users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/scponly-4.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://sublimation.org/scponly/index.html#relnotes">scponly release notes</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4532">CVE-2005-4532</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4533">CVE-2005-4533</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-12-27T09:38:39Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-29T10:10:38Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200512-18.xml b/metadata/glsa/glsa-200512-18.xml
new file mode 100644
index 000000000000..fea62ab62728
--- /dev/null
+++ b/metadata/glsa/glsa-200512-18.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200512-18">
+  <title>XnView: Privilege escalation</title>
+  <synopsis>
+    XnView may search for shared libraries in an untrusted location,
+    potentially allowing local users to execute arbitrary code with the
+    privileges of another user.
+  </synopsis>
+  <product type="ebuild">xnview</product>
+  <announced>2005-12-30</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>117063</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-misc/xnview" auto="yes" arch="x86">
+      <unaffected range="ge">1.70-r1</unaffected>
+      <vulnerable range="lt">1.70-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XnView is an efficient multimedia viewer, browser and converter,
+    distributed free for non-commercial use.
+    </p>
+  </background>
+  <description>
+    <p>
+    Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for
+    IA32 used the DT_RPATH field insecurely, causing the dynamic loader to
+    search for shared libraries in potentially untrusted directories.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create a malicious shared object that would be
+    loaded and executed when a user attempted to use an XnView utility.
+    This would allow a malicious user to effectively hijack XnView and
+    execute arbitrary code with the privileges of the user running the
+    program.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The system administrator may use the chrpath utility to remove the
+    DT_RPATH field from the XnView utilities:
+    </p>
+    <code>
+    # emerge app-admin/chrpath
+    # chrpath --delete /opt/bin/nconvert /opt/bin/nview /opt/bin/xnview</code>
+  </workaround>
+  <resolution>
+    <p>
+    All XnView users on the x86 platform should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-misc/xnview-1.70-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4595">CVE-2005-4595</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-12-29T17:05:23Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-30T12:33:06Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-01.xml b/metadata/glsa/glsa-200601-01.xml
new file mode 100644
index 000000000000..53e6fc35f81e
--- /dev/null
+++ b/metadata/glsa/glsa-200601-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-01">
+  <title>pinentry: Local privilege escalation</title>
+  <synopsis>
+    pinentry is vulnerable to privilege escalation.
+  </synopsis>
+  <product type="ebuild">pinentry</product>
+  <announced>2006-01-03</announced>
+  <revised count="01">2006-01-03</revised>
+  <bug>116822</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-crypt/pinentry" auto="yes" arch="*">
+      <unaffected range="ge">0.7.2-r2</unaffected>
+      <vulnerable range="lt">0.7.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pinentry is a collection of simple PIN or passphrase entry dialogs
+    which utilize the Assuan protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team has
+    discovered that the pinentry ebuild incorrectly sets the permissions of
+    the pinentry binaries upon installation, so that the sgid bit is set
+    making them execute with the privileges of group ID 0.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A user of pinentry could potentially read and overwrite files with
+    a group ID of 0.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pinentry users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/pinentry-0.7.2-r2"</code>
+  </resolution>
+  <references>
+        <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0071">CVE-2006-0071</uri>
+  </references>
+  <metadata tag="requester" timestamp="2005-12-31T13:13:15Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-12-31T13:13:43Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-02T22:02:30Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-02.xml b/metadata/glsa/glsa-200601-02.xml
new file mode 100644
index 000000000000..ec576f68eec4
--- /dev/null
+++ b/metadata/glsa/glsa-200601-02.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-02">
+  <title>KPdf, KWord: Multiple overflows in included Xpdf code</title>
+  <synopsis>
+    KPdf and KWord both include vulnerable Xpdf code to handle PDF files,
+    making them vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">kdegraphics, kpdf, koffice, kword</product>
+  <announced>2006-01-04</announced>
+  <revised count="03">2006-01-07</revised>
+  <bug>114429</bug>
+  <bug>115851</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="ge">3.4.3-r3</unaffected>
+      <vulnerable range="lt">3.4.3-r3</vulnerable>
+    </package>
+    <package name="kde-base/kpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.4.3-r3</unaffected>
+      <vulnerable range="lt">3.4.3-r3</vulnerable>
+    </package>
+    <package name="app-office/koffice" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2-r6</unaffected>
+      <vulnerable range="lt">1.4.2-r6</vulnerable>
+    </package>
+    <package name="app-office/kword" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2-r6</unaffected>
+      <vulnerable range="lt">1.4.2-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KPdf is a KDE-based PDF viewer included in the kdegraphics package.
+    KWord is a KDE-based word processor also included in the koffice
+    package.
+    </p>
+  </background>
+  <description>
+    <p>
+    KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf
+    code is vulnerable to several heap overflows (GLSA 200512-08) as well
+    as several buffer and integer overflows discovered by Chris Evans
+    (CESA-2005-003).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted PDF file
+    with Kpdf or KWord, potentially resulting in the execution of arbitrary
+    code with the rights of the user running the affected application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdegraphics users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdegraphics-3.4.3-r3"</code>
+    <p>
+    All Kpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kpdf-3.4.3-r3"</code>
+    <p>
+    All KOffice users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/koffice-1.4.2-r6"</code>
+    <p>
+    All KWord users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/kword-1.4.2-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191">CAN-2005-3191</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192">CAN-2005-3192</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193">CAN-2005-3193</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624">CVE-2005-3624</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625">CVE-2005-3625</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626">CVE-2005-3626</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627">CVE-2005-3627</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628">CVE-2005-3628</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200512-08.xml">GLSA 200512-08</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20051207-2.txt">KDE Security Advisory: kpdf/xpdf multiple integer overflows</uri>
+    <uri link="http://scary.beasts.org/security/CESA-2005-003.txt">CESA-2005-003</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-12-08T08:56:38Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-04T21:03:58Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-03.xml b/metadata/glsa/glsa-200601-03.xml
new file mode 100644
index 000000000000..a0c326254c55
--- /dev/null
+++ b/metadata/glsa/glsa-200601-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-03">
+  <title>HylaFAX: Multiple vulnerabilities</title>
+  <synopsis>
+    HylaFAX is vulnerable to arbitrary code execution and unauthorized access
+    vulnerabilities.
+  </synopsis>
+  <product type="ebuild">hylafax</product>
+  <announced>2006-01-06</announced>
+  <revised count="01">2006-01-06</revised>
+  <bug>116389</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/hylafax" auto="yes" arch="*">
+      <unaffected range="ge">4.2.3-r1</unaffected>
+      <vulnerable range="lt">4.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    HylaFAX is an enterprise-class system for sending and receiving
+    facsimile messages and for sending alpha-numeric pages.
+    </p>
+  </background>
+  <description>
+    <p>
+    Patrice Fournier discovered that HylaFAX runs the notify script on
+    untrusted user input. Furthermore, users can log in without a password
+    when HylaFAX is installed with the pam USE-flag disabled.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit the input validation vulnerability to
+    run arbitrary code as the user running HylaFAX, which is usually uucp.
+    The password vulnerability could be exploited to log in without proper
+    user credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All HylaFAX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/hylafax-4.2.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3538">CVE-2005-3538</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3539">CVE-2005-3539</uri>
+    <uri link="https://www.hylafax.org/content/HylaFAX_4.2.4_release">HylaFAX release announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-01-02T21:40:30Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-06T13:37:21Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-04.xml b/metadata/glsa/glsa-200601-04.xml
new file mode 100644
index 000000000000..e7374eccfbb1
--- /dev/null
+++ b/metadata/glsa/glsa-200601-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-04">
+  <title>VMware Workstation: Vulnerability in NAT networking</title>
+  <synopsis>
+    VMware guest operating systems can execute arbitrary code with elevated
+    privileges on the host operating system through a flaw in NAT networking.
+  </synopsis>
+  <product type="ebuild">VMware</product>
+  <announced>2006-01-07</announced>
+  <revised count="02">2006-05-25</revised>
+  <bug>116238</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="app-emulation/vmware-workstation" auto="yes" arch="*">
+      <unaffected range="ge">5.5.1.19175</unaffected>
+      <unaffected range="rge">4.5.3.19414</unaffected>
+      <unaffected range="rge">3.2.1.2242-r10</unaffected>
+      <vulnerable range="lt">5.5.1.19175</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VMware Workstation is a powerful virtual machine for developers and
+    system administrators.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tim Shelton discovered that vmnet-natd, the host module providing
+    NAT-style networking for VMware guest operating systems, is unable to
+    process incorrect 'EPRT' and 'PORT' FTP requests.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Malicious guest operating systems using the NAT networking feature or
+    local VMware Workstation users could exploit this vulnerability to
+    execute arbitrary code on the host system with elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the NAT service by following the instructions at <uri link="http://www.vmware.com/support/kb">http://www.vmware.com/support/k
+    b</uri>, Answer ID 2002.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VMware Workstation users should upgrade to a fixed version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose app-emulation/vmware-workstation</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4459">CVE-2005-4459</uri>
+    <uri link="https://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000">VMware Security Response</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-01-04T10:03:43Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-05T15:09:42Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-05.xml b/metadata/glsa/glsa-200601-05.xml
new file mode 100644
index 000000000000..44cd9c9b3afe
--- /dev/null
+++ b/metadata/glsa/glsa-200601-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-05">
+  <title>mod_auth_pgsql: Multiple format string vulnerabilities</title>
+  <synopsis>
+    Format string vulnerabilities in mod_auth_pgsql may lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mod_auth_pgsql</product>
+  <announced>2006-01-10</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>118096</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_auth_pgsql" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3</unaffected>
+      <unaffected range="lt">1.0.0</unaffected>
+      <vulnerable range="lt">2.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mod_auth_pgsql is an Apache2 module that allows user authentication
+    against a PostgreSQL database.
+    </p>
+  </background>
+  <description>
+    <p>
+    The error logging functions of mod_auth_pgsql fail to validate certain
+    strings before passing them to syslog, resulting in format string
+    vulnerabilities.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An unauthenticated remote attacker could exploit these vulnerabilities
+    to execute arbitrary code with the rights of the user running the
+    Apache2 server by sending specially crafted login names.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mod_auth_pgsql users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_auth_pgsql-2.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3656">CVE-2005-3656</uri>
+    <uri link="http://www.frsirt.com/english/advisories/2006/0070">FrSIRT ADV-2006-0070</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-08T17:42:51Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-08T17:43:17Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-09T09:56:56Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-06.xml b/metadata/glsa/glsa-200601-06.xml
new file mode 100644
index 000000000000..4fcb4a00c9fc
--- /dev/null
+++ b/metadata/glsa/glsa-200601-06.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-06">
+  <title>xine-lib, FFmpeg: Heap-based buffer overflow</title>
+  <synopsis>
+    xine-lib and FFmpeg are vulnerable to a buffer overflow that may be
+    exploited by attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib ffmpeg</product>
+  <announced>2006-01-10</announced>
+  <revised count="01">2006-01-10</revised>
+  <bug>115849</bug>
+  <bug>116181</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1-r3</unaffected>
+      <vulnerable range="lt">1.1.1-r3</vulnerable>
+    </package>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">0.4.9_p20051216</unaffected>
+      <vulnerable range="lt">0.4.9_p20051216</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine is a GPL high-performance, portable and reusable multimedia
+    playback engine. xine-lib is xine's core engine. FFmpeg is a very fast
+    video and audio converter and is used in xine-lib.
+    </p>
+  </background>
+  <description>
+    <p>
+    Simon Kilvington has reported a vulnerability in FFmpeg
+    libavcodec. The flaw is due to a buffer overflow error in the
+    "avcodec_default_get_buffer()" function. This function doesn't properly
+    handle specially crafted PNG files as a result of a heap overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run an FFmpeg based
+    application on a maliciously crafted PNG file, resulting in the
+    execution of arbitrary code with the permissions of the user running
+    the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.1-r3"</code>
+    <p>
+    All FFmpeg users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-0.4.9_p20051216"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048">CVE-2005-4048</uri>
+    <uri link="https://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558">Original advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-03T10:30:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-06T00:22:43Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-09T22:59:16Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-07.xml b/metadata/glsa/glsa-200601-07.xml
new file mode 100644
index 000000000000..a4e38f87eb58
--- /dev/null
+++ b/metadata/glsa/glsa-200601-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-07">
+  <title>ClamAV: Remote execution of arbitrary code</title>
+  <synopsis>
+    ClamAV is vulnerable to a buffer overflow which may lead to remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2006-01-13</announced>
+  <revised count="01">2006-01-13</revised>
+  <bug>118459</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.88</unaffected>
+      <vulnerable range="lt">0.88</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    Zero Day Initiative (ZDI) reported a heap buffer overflow
+    vulnerability. The vulnerability is due to an incorrect boundary check
+    of the user-supplied data prior to copying it to an insufficiently
+    sized memory buffer. The flaw occurs when the application attempts to
+    handle compressed UPX files.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    For example by sending a maliciously crafted UPX file into a mail
+    server that is integrated with ClamAV, a remote attacker's supplied
+    code could be executed with escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.88"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162">CVE-2006-0162</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-09T23:12:07Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-11T01:55:27Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-12T21:27:50Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-08.xml b/metadata/glsa/glsa-200601-08.xml
new file mode 100644
index 000000000000..a5c8993a79bd
--- /dev/null
+++ b/metadata/glsa/glsa-200601-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-08">
+  <title>Blender: Heap-based buffer overflow</title>
+  <synopsis>
+    Blender is vulnerable to a buffer overflow that may be exploited by
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">blender</product>
+  <announced>2006-01-13</announced>
+  <revised count="01">2006-01-13</revised>
+  <bug>118163</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/blender" auto="yes" arch="*">
+      <unaffected range="ge">2.40</unaffected>
+      <vulnerable range="lt">2.40</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Blender is an open source software for 3D modeling, animation,
+    rendering, post-production, interactive creation and playback.
+    </p>
+  </background>
+  <description>
+    <p>
+    Damian Put has reported a flaw due to an integer overflow in the
+    "get_bhead()" function, leading to a heap overflow when processing
+    malformed ".blend" files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user into opening a specially
+    crafted ".blend" file, resulting in the execution of arbitrary code
+    with the permissions of the user running Blender.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Blender users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/blender-2.40"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470">CVE-2005-4470</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-10T19:17:22Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-10T19:17:39Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-11T01:12:10Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-09.xml b/metadata/glsa/glsa-200601-09.xml
new file mode 100644
index 000000000000..e53c6d9a907e
--- /dev/null
+++ b/metadata/glsa/glsa-200601-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-09">
+  <title>Wine: Windows Metafile SETABORTPROC vulnerability</title>
+  <synopsis>
+    There is a flaw in Wine in the handling of Windows Metafiles (WMF) files,
+    which could possibly result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">wine</product>
+  <announced>2006-01-13</announced>
+  <revised count="03">2007-02-26</revised>
+  <bug>118101</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/wine" auto="yes" arch="*">
+      <unaffected range="ge">0.9</unaffected>
+      <vulnerable range="lt">20060000</vulnerable>
+      <vulnerable range="gt">20040000</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wine is a free implementation of Windows APIs for Unix-like systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    H D Moore discovered that Wine implements the insecure-by-design
+    SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted Windows
+    Metafile (WMF) file from within a Wine executed Windows application,
+    possibly resulting in the execution of arbitrary code with the rights
+    of the user running Wine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wine users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/wine-0.9.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106">CVE-2006-0106</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-08T16:28:07Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-08T17:43:07Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-12T08:25:50Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-10.xml b/metadata/glsa/glsa-200601-10.xml
new file mode 100644
index 000000000000..3ae17e79f91d
--- /dev/null
+++ b/metadata/glsa/glsa-200601-10.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-10">
+  <title>Sun and Blackdown Java: Applet privilege escalation</title>
+  <synopsis>
+    Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate
+    their privileges.
+  </synopsis>
+  <product type="ebuild">sun-jdk sun-jre-bin blackdown-jre blackdown-jdk</product>
+  <announced>2006-01-16</announced>
+  <revised count="01">2006-01-16</revised>
+  <bug>118114</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.09</unaffected>
+      <vulnerable range="lt">1.4.2.09</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.09</unaffected>
+      <vulnerable range="lt">1.4.2.09</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.03</unaffected>
+      <vulnerable range="lt">1.4.2.03</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jre" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.03</unaffected>
+      <vulnerable range="lt">1.4.2.03</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sun and Blackdown both provide implementations of the Java
+    Development Kit (JDK) and Java Runtime Environment (JRE).
+    </p>
+  </background>
+  <description>
+    <p>
+    Adam Gowdiak discovered multiple vulnerabilities in the Java
+    Runtime Environment's Reflection APIs that may allow untrusted applets
+    to elevate privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could embed a malicious Java applet in a web
+    page and entice a victim to view it. This applet can then bypass
+    security restrictions and execute any command or access any file with
+    the rights of the user running the web browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun JDK users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.4.2.09"</code>
+    <p>
+    All Sun JRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.4.2.09"</code>
+    <p>
+    All Blackdown JDK users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/blackdown-jdk-1.4.2.03"</code>
+    <p>
+    All Blackdown JRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/blackdown-jre-1.4.2.03"</code>
+    <p>
+    Note to SPARC and PPC users: There is no stable secure
+    Blackdown Java for the SPARC or PPC architectures. Affected users on
+    the PPC architecture should consider switching to the IBM Java packages
+    (ibm-jdk-bin and ibm-jre-bin). Affected users on the SPARC should
+    remove the package until a SPARC package is released.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3905">CVE-2005-3905</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3906">CVE-2005-3906</uri>
+    <uri link="http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1">Sun Security Alert ID 102003</uri>
+    <uri link="http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2005-03.txt">Blackdown Java-Linux Security Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-01-13T09:49:14Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-13T09:55:18Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-11.xml b/metadata/glsa/glsa-200601-11.xml
new file mode 100644
index 000000000000..9fec84ec7a38
--- /dev/null
+++ b/metadata/glsa/glsa-200601-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-11">
+  <title>KDE kjs: URI heap overflow vulnerability</title>
+  <synopsis>
+    KDE fails to properly validate URIs when handling javascript, potentially
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">KDE</product>
+  <announced>2006-01-22</announced>
+  <revised count="01">2006-01-22</revised>
+  <bug>118550</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.4.3-r1</unaffected>
+      <vulnerable range="lt">3.4.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. kjs is the javascript interpreter used in
+    Konqueror and other parts of KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Maksim Orlovich discovered an incorrect bounds check in kjs when
+    handling URIs.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to load a specially crafted webpage containing
+    malicious javascript, an attacker could execute arbitrary code with the
+    rights of the user running kjs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdelibs-3.4.3-r1</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019">CVE-2006-0019</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20060119-1.txt">KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-01-20T06:30:56Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-21T13:57:57Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-12.xml b/metadata/glsa/glsa-200601-12.xml
new file mode 100644
index 000000000000..d3061b25e336
--- /dev/null
+++ b/metadata/glsa/glsa-200601-12.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-12">
+  <title>Trac: Cross-site scripting vulnerability</title>
+  <synopsis>
+    Trac is vulnerable to a cross-site scripting attack that could allow
+    arbitrary JavaScript code execution.
+  </synopsis>
+  <product type="ebuild">trac</product>
+  <announced>2006-01-26</announced>
+  <revised count="01">2006-01-26</revised>
+  <bug>118302</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/trac" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3</unaffected>
+      <vulnerable range="lt">0.9.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Trac is a minimalistic web-based project management, wiki and bug
+    tracking system including a Subversion interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    Christophe Truc discovered that Trac fails to properly sanitize
+    input passed in the URL.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could exploit this to inject and execute
+    malicious script code or to steal cookie-based authentication
+    credentials, potentially compromising the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Trac users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/trac-0.9.3"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4305">CVE-2005-4305</uri>
+    <uri link="http://projects.edgewall.com/trac/wiki/ChangeLog#a0.9.3">Trac Changelog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-18T15:05:49Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-18T15:05:57Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-22T19:44:58Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-13.xml b/metadata/glsa/glsa-200601-13.xml
new file mode 100644
index 000000000000..ecb26cf2c36c
--- /dev/null
+++ b/metadata/glsa/glsa-200601-13.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-13">
+  <title>Gallery: Cross-site scripting vulnerability</title>
+  <synopsis>
+    Gallery is possibly vulnerable to a cross-site scripting attack that could
+    allow arbitrary JavaScript code execution.
+  </synopsis>
+  <product type="ebuild">gallery</product>
+  <announced>2006-01-26</announced>
+  <revised count="01">2006-01-26</revised>
+  <bug>119590</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">1.5.2</unaffected>
+      <vulnerable range="lt">1.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is a web application written in PHP which is used to
+    organize and publish photo albums. It allows multiple users to build
+    and maintain their own albums. It also supports the mirroring of images
+    on other servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Peter Schumacher discovered that Gallery fails to sanitize the
+    fullname set by users, possibly leading to a cross-site scripting
+    vulnerability.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By setting a specially crafted fullname, an attacker can inject
+    and execute script code in the victim's browser window and potentially
+    compromise the user's gallery.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gallery users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/gallery-1.5.2"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://gallery.menalto.com/page/gallery_1_5_2_release">Gallery Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0330">CVE-2006-0330</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-22T19:16:38Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-22T19:17:06Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-22T19:28:37Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-14.xml b/metadata/glsa/glsa-200601-14.xml
new file mode 100644
index 000000000000..b92682897147
--- /dev/null
+++ b/metadata/glsa/glsa-200601-14.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-14">
+  <title>LibAST: Privilege escalation</title>
+  <synopsis>
+    A buffer overflow in LibAST may result in execution of arbitrary code with
+    escalated privileges.
+  </synopsis>
+  <product type="ebuild">LibAST</product>
+  <announced>2006-01-29</announced>
+  <revised count="02">2006-01-29</revised>
+  <bug>120106</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/libast" auto="yes" arch="*">
+      <unaffected range="ge">0.7</unaffected>
+      <vulnerable range="lt">0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LibAST is a utility library that was originally intended to accompany
+    Eterm, but may be used by various other applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michael Jennings discovered an exploitable buffer overflow in the
+    configuration engine of LibAST.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The vulnerability can be exploited to gain escalated privileges if the
+    application using LibAST is setuid/setgid and passes a specifically
+    crafted filename to LibAST's configuration engine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Identify all applications linking against LibAST and verify they are
+    not setuid/setgid.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest version and run revdep-rebuild:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/libast-0.7"
+    # revdep-rebuild</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0224">CVE-2006-0224</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-25T21:44:39Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-26T09:35:14Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-27T21:23:22Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-15.xml b/metadata/glsa/glsa-200601-15.xml
new file mode 100644
index 000000000000..d7b030aef9de
--- /dev/null
+++ b/metadata/glsa/glsa-200601-15.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-15">
+  <title>Paros: Default administrator password</title>
+  <synopsis>
+    Paros's database component is installed without a password, allowing
+    execution of arbitrary system commands.
+  </synopsis>
+  <product type="ebuild">Paros</product>
+  <announced>2006-01-29</announced>
+  <revised count="01">2006-01-29</revised>
+  <bug>120352</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/paros" auto="yes" arch="*">
+      <unaffected range="gt">3.2.5</unaffected>
+      <vulnerable range="le">3.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Paros is an intercepting proxy between a web server and a client
+    meant to be used for security assessments. It allows the user to watch
+    and modify the HTTP(S) traffic.
+    </p>
+  </background>
+  <description>
+    <p>
+    Andrew Christensen discovered that in older versions of Paros the
+    database component HSQLDB is installed with an empty password for the
+    database administrator "sa".
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Since the database listens globally by default, an attacker can
+    connect and issue arbitrary commands, including execution of binaries
+    installed on the host.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Paros users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --snyc
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/paros-3.2.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3280">CVE-2005-3280</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-01-26T06:06:09Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-27T21:44:45Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-16.xml b/metadata/glsa/glsa-200601-16.xml
new file mode 100644
index 000000000000..0c4f4968825e
--- /dev/null
+++ b/metadata/glsa/glsa-200601-16.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-16">
+  <title>MyDNS: Denial of service</title>
+  <synopsis>
+    MyDNS contains a vulnerability that may lead to a Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">MyDNS</product>
+  <announced>2006-01-30</announced>
+  <revised count="01">2006-01-30</revised>
+  <bug>119548</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/mydns" auto="yes" arch="*">
+      <unaffected range="ge">1.1.0</unaffected>
+      <vulnerable range="lt">1.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MyDNS is a DNS server using a MySQL database as a backend. It is
+    designed to allow for fast updates and small resource usage.
+    </p>
+  </background>
+  <description>
+    <p>
+    MyDNS contains an unspecified flaw that may allow a remote Denial
+    of Service.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could cause a Denial of Service by sending malformed
+    DNS queries to the MyDNS server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MyDNS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/mydns-1.1.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0351">CVE-2006-0351</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-25T19:31:44Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-27T05:37:45Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-27T21:29:58Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200601-17.xml b/metadata/glsa/glsa-200601-17.xml
new file mode 100644
index 000000000000..79a52bba1541
--- /dev/null
+++ b/metadata/glsa/glsa-200601-17.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200601-17">
+  <title>Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows</title>
+  <synopsis>
+    Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer
+    overflows that may be exploited to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xpdf poppler gpdf libextractor pdftohtml</product>
+  <announced>2006-01-30</announced>
+  <revised count="01">2006-01-30</revised>
+  <bug>117481</bug>
+  <bug>117494</bug>
+  <bug>117495</bug>
+  <bug>115789</bug>
+  <bug>118665</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.01-r5</unaffected>
+      <vulnerable range="lt">3.01-r5</vulnerable>
+    </package>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.4.3-r4</unaffected>
+      <vulnerable range="lt">0.4.3-r4</vulnerable>
+    </package>
+    <package name="app-text/gpdf" auto="yes" arch="*">
+      <unaffected range="ge">2.10.0-r3</unaffected>
+      <vulnerable range="lt">2.10.0-r3</vulnerable>
+    </package>
+    <package name="media-libs/libextractor" auto="yes" arch="*">
+      <unaffected range="ge">0.5.9</unaffected>
+      <vulnerable range="lt">0.5.9</vulnerable>
+    </package>
+    <package name="app-text/pdftohtml" auto="yes" arch="*">
+      <vulnerable range="lt">0.36-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xpdf is a PDF file viewer that runs under the X Window System.
+    Poppler is a PDF rendering library based on the Xpdf 3.0 code base.
+    GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf.
+    libextractor is a library which includes Xpdf code to extract arbitrary
+    meta-data from files. pdftohtml is a utility to convert PDF files to
+    HTML or XML formats that makes use of Xpdf code to decode PDF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans has reported some integer overflows in Xpdf when
+    attempting to calculate buffer sizes for memory allocation, leading to
+    a heap overflow and a potential infinite loop when handling malformed
+    input files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted PDF file to a victim, an attacker
+    could cause an overflow, potentially resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/xpdf-3.01-r5"</code>
+    <p>
+    All Poppler users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.4.3-r4"</code>
+    <p>
+    All GPdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/gpdf-2.10.0-r3"</code>
+    <p>
+    All libextractor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libextractor-0.5.9"</code>
+    <p>
+    All pdftohtml users should migrate to the latest stable version
+    of Poppler.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627">CVE-2005-3627</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626">CVE-2005-3626</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625">CVE-2005-3625</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624">CVE-2005-3624</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-16T22:04:57Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-17T03:14:48Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-29T17:26:11Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-01.xml b/metadata/glsa/glsa-200602-01.xml
new file mode 100644
index 000000000000..55989f5648c3
--- /dev/null
+++ b/metadata/glsa/glsa-200602-01.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-01">
+  <title>GStreamer FFmpeg plugin: Heap-based buffer overflow</title>
+  <synopsis>
+    The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be
+    exploited by attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gst-plugins-ffmpeg</product>
+  <announced>2006-02-05</announced>
+  <revised count="01">2006-02-05</revised>
+  <bug>119512</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-plugins/gst-plugins-ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">0.8.7-r1</unaffected>
+      <vulnerable range="lt">0.8.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GStreamer FFmpeg plugin uses code from the FFmpeg library to
+    provide fast colorspace conversion and multimedia decoders to the
+    GStreamer open source media framework.
+    </p>
+  </background>
+  <description>
+    <p>
+    The GStreamer FFmpeg plugin contains derived code from the FFmpeg
+    library, which is vulnerable to a heap overflow in the
+    "avcodec_default_get_buffer()" function discovered by Simon Kilvington
+    (see GLSA 200601-06).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run an application using
+    the GStreamer FFmpeg plugin on a maliciously crafted PIX_FMT_PAL8
+    format image file (like PNG images), possibly leading to the execution
+    of arbitrary code with the permissions of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GStreamer FFmpeg plugin users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-plugins/gst-plugins-ffmpeg-0.8.7-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048">CVE-2005-4048</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200601-06.xml">GLSA 200601-06</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-29T21:54:38Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-01-31T03:13:44Z">
+    adir
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-01T15:27:50Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-02.xml b/metadata/glsa/glsa-200602-02.xml
new file mode 100644
index 000000000000..8cd24c11a72a
--- /dev/null
+++ b/metadata/glsa/glsa-200602-02.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-02">
+  <title>ADOdb: PostgresSQL command injection</title>
+  <synopsis>
+    ADOdb is vulnerable to SQL injections if used in conjunction with a
+    PostgreSQL database.
+  </synopsis>
+  <product type="ebuild">ADOdb</product>
+  <announced>2006-02-06</announced>
+  <revised count="01">2006-02-06</revised>
+  <bug>120215</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/adodb" auto="yes" arch="*">
+      <unaffected range="ge">4.71</unaffected>
+      <vulnerable range="lt">4.71</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ADOdb is an abstraction library for PHP creating a common API for
+    a wide range of database backends.
+    </p>
+  </background>
+  <description>
+    <p>
+    Andy Staudacher discovered that ADOdb does not properly sanitize
+    all parameters.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending specifically crafted requests to an application that
+    uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw
+    to execute arbitrary SQL queries on the host.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ADOdb users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/adodb-4.71"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0410">CVE-2006-0410</uri>
+  </references>
+  <metadata tag="bugReady" timestamp="2006-02-04T17:34:56Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-06T08:23:05Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-03.xml b/metadata/glsa/glsa-200602-03.xml
new file mode 100644
index 000000000000..0ca40392a1f2
--- /dev/null
+++ b/metadata/glsa/glsa-200602-03.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-03">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>
+    Apache can be exploited for cross-site scripting attacks and is vulnerable
+    to a Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2006-02-06</announced>
+  <revised count="03">2007-12-30</revised>
+  <bug>115324</bug>
+  <bug>118875</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.0.55-r1</unaffected>
+      <unaffected range="rge">2.0.54-r16</unaffected>
+      <unaffected range="eq">1.3.34-r2</unaffected>
+      <unaffected range="rge">1.3.34-r11</unaffected>
+      <unaffected range="rge">1.3.37</unaffected>
+      <vulnerable range="lt">2.0.55-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    Internet. mod_imap provides support for server-side image maps; mod_ssl
+    provides secure HTTP connections.
+    </p>
+  </background>
+  <description>
+    <p>
+    Apache's mod_imap fails to properly sanitize the "Referer" directive of
+    imagemaps in some cases, leaving the HTTP Referer header unescaped. A
+    flaw in mod_ssl can lead to a NULL pointer dereference if the site uses
+    a custom "Error 400" document. These vulnerabilities were reported by
+    Marc Cox and Hartmut Keil, respectively.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit mod_imap to inject arbitrary HTML or
+    JavaScript into a user's browser to gather sensitive information.
+    Attackers could also cause a Denial of Service on hosts using the SSL
+    module (Apache 2.0.x only).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache users should upgrade to the latest version, depending on
+    whether they still use the old configuration style
+    (/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).
+    </p>
+    <p>
+    2.0.x users, new style config:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.0.55-r1"</code>
+    <p>
+    2.0.x users, old style config:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=www-servers/apache-2.0.54-r16"</code>
+    <p>
+    1.x users, new style config:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=www-servers/apache-1.3.34-r11"</code>
+    <p>
+    1.x users, old style config:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=www-servers/apache-1.3.34-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">CVE-2005-3357</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-01-23T08:56:54Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-01-27T06:31:39Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-06T06:26:14Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-04.xml b/metadata/glsa/glsa-200602-04.xml
new file mode 100644
index 000000000000..325c058e181e
--- /dev/null
+++ b/metadata/glsa/glsa-200602-04.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-04">
+  <title>Xpdf, Poppler: Heap overflow</title>
+  <synopsis>
+    Xpdf and Poppler are vulnerable to a heap overflow that may be exploited to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xpdf poppler</product>
+  <announced>2006-02-12</announced>
+  <revised count="01">2006-02-12</revised>
+  <bug>120985</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.01-r7</unaffected>
+      <vulnerable range="lt">3.01-r7</vulnerable>
+    </package>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.5.0-r4</unaffected>
+      <vulnerable range="lt">0.5.0-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xpdf is a PDF file viewer that runs under the X Window System.
+    Poppler is a PDF rendering library based on the Xpdf 3.0 code base.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dirk Mueller has reported a vulnerability in Xpdf. It is caused by
+    a missing boundary check in the splash rasterizer engine when handling
+    PDF splash images with overly large dimensions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted PDF file to a victim, an attacker
+    could cause an overflow, potentially resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/xpdf-3.01-r7"</code>
+    <p>
+    All Poppler users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.5.0-r4"</code>
+    <p>
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301">CVE-2006-0301</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-02-08T03:05:29Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-08T03:06:48Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-05.xml b/metadata/glsa/glsa-200602-05.xml
new file mode 100644
index 000000000000..28206778f059
--- /dev/null
+++ b/metadata/glsa/glsa-200602-05.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-05">
+  <title>KPdf: Heap based overflow</title>
+  <synopsis>
+    KPdf includes vulnerable Xpdf code to handle PDF files, making it
+    vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">kdegraphics, kpdf</product>
+  <announced>2006-02-12</announced>
+  <revised count="01">2006-02-12</revised>
+  <bug>121375</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="ge">3.4.3-r4</unaffected>
+      <vulnerable range="lt">3.4.3-r4</vulnerable>
+    </package>
+    <package name="kde-base/kpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.4.3-r4</unaffected>
+      <vulnerable range="lt">3.4.3-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KPdf is a KDE-based PDF viewer included in the kdegraphics
+    package.
+    </p>
+  </background>
+  <description>
+    <p>
+    KPdf includes Xpdf code to handle PDF files. Dirk Mueller
+    discovered that the Xpdf code is vulnerable a heap based overflow in
+    the splash rasterizer engine.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted PDF
+    file with Kpdf, potentially resulting in the execution of arbitrary
+    code with the rights of the user running the affected application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdegraphics users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdegraphics-3.4.3-r4"</code>
+    <p>
+    All Kpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kpdf-3.4.3-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301">CVE-2006-0301</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20060202-1.txt">KDE Security Advisory: kpdf/xpdf heap based buffer overflow</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-02-10T17:37:49Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-11T21:32:42Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-06.xml b/metadata/glsa/glsa-200602-06.xml
new file mode 100644
index 000000000000..428cc6f7af05
--- /dev/null
+++ b/metadata/glsa/glsa-200602-06.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-06">
+  <title>ImageMagick: Format string vulnerability</title>
+  <synopsis>
+    A vulnerability in ImageMagick allows attackers to crash the application
+    and potentially execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ImageMagick</product>
+  <announced>2006-02-13</announced>
+  <revised count="01">2006-02-13</revised>
+  <bug>83542</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5.5</unaffected>
+      <vulnerable range="lt">6.2.5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is an application suite to manipulate and convert
+    images. It is often used as a utility backend by web applications like
+    forums, content management systems or picture galleries.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SetImageInfo function was found vulnerable to a format string
+    mishandling. Daniel Kobras discovered that the handling of "%"-escaped
+    sequences in filenames passed to the function is inadequate. This is a
+    new vulnerability that is not addressed by GLSA 200503-11.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By feeding specially crafted file names to ImageMagick, an
+    attacker can crash the program and possibly execute arbitrary code with
+    the privileges of the user running ImageMagick.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.2.5.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082">CVE-2006-0082</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200503-11.xml">GLSA 200503-11</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-01T19:11:00Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-02T08:22:50Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-09T18:59:37Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-07.xml b/metadata/glsa/glsa-200602-07.xml
new file mode 100644
index 000000000000..1800b84f1a91
--- /dev/null
+++ b/metadata/glsa/glsa-200602-07.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-07">
+  <title>Sun JDK/JRE: Applet privilege escalation</title>
+  <synopsis>
+    Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not
+    adequately constrain applets from privilege escalation and arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">Sun JDK, applet</product>
+  <announced>2006-02-15</announced>
+  <revised count="01">2006-02-15</revised>
+  <bug>122156</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.10</unaffected>
+      <vulnerable range="lt">1.4.2.10</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.10</unaffected>
+      <vulnerable range="lt">1.4.2.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sun's JDK and JRE provide interpreters for Java Applets in a
+    sandboxed environment. These implementations provide the Java Web Start
+    technology that can be used for easy client-side deployment of Java
+    applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Applets executed using JRE or JDK can use "reflection" APIs
+    functions to elevate its privileges beyond the sandbox restrictions.
+    Adam Gowdiak discovered five vulnerabilities that use this method for
+    privilege escalation. Two more vulnerabilities were discovered by the
+    vendor. Peter Csepely discovered that Web Start Java applications also
+    can an escalate their privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious Java applet can bypass Java sandbox restrictions and
+    hence access local files, connect to arbitrary network locations and
+    execute arbitrary code on the user's machine. Java Web Start
+    applications are affected likewise.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Select another Java implementation using java-config.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun JDK users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.4.2.10"</code>
+    <p>
+    All Sun JRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.4.2.10"</code>
+  </resolution>
+  <references>
+    <uri link="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1">Sun Security Alert ID 102170</uri>
+    <uri link="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1">Sun Security Alert ID 102171</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0614">CVE-2006-0614</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0615">CVE-2006-0615</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0616">CVE-2006-0616</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0617">CVE-2006-0617</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-02-09T20:48:45Z">
+    dragonheart
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-12T13:04:50Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-08.xml b/metadata/glsa/glsa-200602-08.xml
new file mode 100644
index 000000000000..3c8e86e37db6
--- /dev/null
+++ b/metadata/glsa/glsa-200602-08.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-08">
+  <title>libtasn1, GNU TLS: Security flaw in DER decoding</title>
+  <synopsis>
+    A flaw in the parsing of Distinguished Encoding Rules (DER) has been
+    discovered in libtasn1, potentially resulting in the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">libtasn1</product>
+  <announced>2006-02-16</announced>
+  <revised count="01">2006-02-16</revised>
+  <bug>122307</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libtasn1" auto="yes" arch="*">
+      <unaffected range="ge">0.2.18</unaffected>
+      <vulnerable range="lt">0.2.18</vulnerable>
+    </package>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">1.2.10</unaffected>
+      <vulnerable range="lt">1.2.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Libtasn1 is a library used to parse ASN.1 (Abstract Syntax
+    Notation One) objects, and perform DER (Distinguished Encoding Rules)
+    decoding. Libtasn1 is included with the GNU TLS library, which is used
+    by applications to provide a cryptographically secure communications
+    channel.
+    </p>
+  </background>
+  <description>
+    <p>
+    Evgeny Legerov has reported a flaw in the DER decoding routines
+    provided by libtasn1, which could cause an out of bounds access to
+    occur.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could cause an application using libtasn1 to
+    crash and potentially execute arbitrary code by sending specially
+    crafted input.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libtasn1 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libtasn1-0.2.18"</code>
+    <p>
+    All GNU TLS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-1.2.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645">CVE-2006-0645</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-13T20:11:10Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-13T20:11:49Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-14T22:53:09Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-09.xml b/metadata/glsa/glsa-200602-09.xml
new file mode 100644
index 000000000000..79f00057b96d
--- /dev/null
+++ b/metadata/glsa/glsa-200602-09.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-09">
+  <title>BomberClone: Remote execution of arbitrary code</title>
+  <synopsis>
+    BomberClone is vulnerable to a buffer overflow which may lead to remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">games-action/bomberclone</product>
+  <announced>2006-02-16</announced>
+  <revised count="01">2006-02-16</revised>
+  <bug>121605</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-action/bomberclone" auto="yes" arch="*">
+      <unaffected range="ge">0.11.6.2-r1</unaffected>
+      <vulnerable range="lt">0.11.6.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BomberClone is a remake of the classic game "BomberMan". It
+    supports multiple players via IP network connection.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Cornelius of the Gentoo Security team discovered multiple
+    missing buffer checks in BomberClone's code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending overly long error messages to the game via network, a
+    remote attacker may exploit buffer overflows to execute arbitrary code
+    with the rights of the user running BomberClone.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BomberClone users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-action/bomberclone-0.11.6.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0460">CVE-2006-0460</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-14T17:56:10Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-14T17:58:09Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-15T11:54:36Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-10.xml b/metadata/glsa/glsa-200602-10.xml
new file mode 100644
index 000000000000..4ed673463680
--- /dev/null
+++ b/metadata/glsa/glsa-200602-10.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-10">
+  <title>GnuPG: Incorrect signature verification</title>
+  <synopsis>
+    Applications relying on GnuPG to authenticate digital signatures may
+    incorrectly believe a signature has been verified.
+  </synopsis>
+  <product type="ebuild">gnupg</product>
+  <announced>2006-02-18</announced>
+  <revised count="01">2006-02-18</revised>
+  <bug>122721</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.1</unaffected>
+      <vulnerable range="lt">1.4.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnuPG (The GNU Privacy Guard) is a free replacement for PGP
+    (Pretty Good Privacy). As GnuPG does not rely on any patented
+    algorithms, it can be used without any restrictions. gpgv is the
+    OpenPGP signature verification tool provided by the GnuPG system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Auditing Team
+    discovered that automated systems relying on the return code of GnuPG
+    or gpgv to authenticate digital signatures may be misled by malformed
+    signatures. GnuPG documentation states that a return code of zero (0)
+    indicates success, however gpg and gpgv may also return zero if no
+    signature data was found in a detached signature file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may be able to bypass authentication in automated
+    systems relying on the return code of gpg or gpgv to authenticate
+    digital signatures.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuPG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html">GnuPG Security Announcement</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455">CVE-2006-0455</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-02-15T16:05:31Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-18T12:22:36Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-11.xml b/metadata/glsa/glsa-200602-11.xml
new file mode 100644
index 000000000000..6b4da07cdac1
--- /dev/null
+++ b/metadata/glsa/glsa-200602-11.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-11">
+  <title>OpenSSH, Dropbear: Insecure use of system() call</title>
+  <synopsis>
+    A flaw in OpenSSH and Dropbear allows local users to elevate their
+    privileges via scp.
+  </synopsis>
+  <product type="ebuild">OpenSSH</product>
+  <announced>2006-02-20</announced>
+  <revised count="01">2006-02-20</revised>
+  <bug>119232</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">4.2_p1-r1</unaffected>
+      <vulnerable range="lt">4.2_p1-r1</vulnerable>
+    </package>
+    <package name="net-misc/dropbear" auto="yes" arch="*">
+      <unaffected range="ge">0.47-r1</unaffected>
+      <vulnerable range="lt">0.47-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSH is a free application suite consisting of server and
+    clients that replace tools like telnet, rlogin, rcp and ftp with more
+    secure versions offering additional functionality. Dropbear is an SSH
+    server and client designed with a small memory footprint that includes
+    OpenSSH scp code.
+    </p>
+  </background>
+  <description>
+    <p>
+    To copy from a local filesystem to another local filesystem, scp
+    constructs a command line using 'cp' which is then executed via
+    system(). Josh Bressers discovered that special characters are not
+    escaped by scp, but are simply passed to the shell.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By tricking other users or applications to use scp on maliciously
+    crafted filenames, a local attacker user can execute arbitrary commands
+    with the rights of the user running scp.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSH users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-4.2_p1-r1"</code>
+    <p>
+    All Dropbear users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/dropbear-0.47-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225">CVE-2006-0225</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-06T20:22:40Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-07T06:29:22Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-20T20:03:36Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-12.xml b/metadata/glsa/glsa-200602-12.xml
new file mode 100644
index 000000000000..cb9e2fe45a1f
--- /dev/null
+++ b/metadata/glsa/glsa-200602-12.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-12">
+  <title>GPdf: heap overflows in included Xpdf code</title>
+  <synopsis>
+    GPdf includes vulnerable Xpdf code to handle PDF files, making it
+    vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gpdf</product>
+  <announced>2006-02-21</announced>
+  <revised count="01">2006-02-21</revised>
+  <bug>121511</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/gpdf" auto="yes" arch="*">
+      <unaffected range="ge">2.10.0-r4</unaffected>
+      <vulnerable range="lt">2.10.0-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GPdf is a Gnome PDF viewer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dirk Mueller found a heap overflow vulnerability in the XPdf
+    codebase when handling splash images that exceed size of the associated
+    bitmap.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted PDF
+    file with GPdf, potentially resulting in the execution of arbitrary
+    code with the rights of the user running the affected application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GPdf users should upgrade to the latest version.
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/gpdf-2.10.0-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301">CVE-2006-0301</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-16T20:47:35Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-17T21:40:10Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-17T23:04:04Z">
+    dragonheart
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-13.xml b/metadata/glsa/glsa-200602-13.xml
new file mode 100644
index 000000000000..904fba411003
--- /dev/null
+++ b/metadata/glsa/glsa-200602-13.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-13">
+  <title>GraphicsMagick: Format string vulnerability</title>
+  <synopsis>
+    A vulnerability in GraphicsMagick allows attackers to crash the application
+    and potentially execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">graphicsmagick</product>
+  <announced>2006-02-26</announced>
+  <revised count="01">2006-02-26</revised>
+  <bug>119476</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphicsmagick" auto="yes" arch="*">
+      <unaffected range="ge">1.1.7</unaffected>
+      <vulnerable range="lt">1.1.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GraphicsMagick is a collection of tools to read, write and
+    manipulate images in many formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SetImageInfo function was found vulnerable to a format string
+    mishandling. Daniel Kobras discovered that the handling of "%"-escaped
+    sequences in filenames passed to the function is inadequate in
+    ImageMagick GLSA 200602-06 and the same vulnerability exists in
+    GraphicsMagick.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By feeding specially crafted file names to GraphicsMagick an
+    attacker can crash the program and possibly execute arbitrary code with
+    the privileges of the user running GraphicsMagick.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GraphicsMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphicsmagick-1.1.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200602-06.xml">GLSA 200602-06</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082">CVE-2006-0082</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-21T18:24:37Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-22T11:24:17Z">
+    dragonheart
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-22T21:18:32Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200602-14.xml b/metadata/glsa/glsa-200602-14.xml
new file mode 100644
index 000000000000..8f035e731a2b
--- /dev/null
+++ b/metadata/glsa/glsa-200602-14.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200602-14">
+  <title>noweb: Insecure temporary file creation</title>
+  <synopsis>
+    noweb is vulnerable to symlink attacks, potentially allowing a local user
+    to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">noweb</product>
+  <announced>2006-02-26</announced>
+  <revised count="01">2006-02-26</revised>
+  <bug>122705</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/noweb" auto="yes" arch="*">
+      <unaffected range="ge">2.9-r5</unaffected>
+      <vulnerable range="lt">2.9-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    noweb is a simple, extensible, and language independent literate
+    programming tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Javier Fernandez-Sanguino has discovered that the lib/toascii.nw
+    and shell/roff.mm scripts insecurely create temporary files with
+    predictable filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary file
+    directory, pointing to a valid file somewhere on the filesystem. When
+    an affected script is called, this would result in the file being
+    overwritten with the rights of the user running the script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All noweb users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/noweb-2.9-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3342">CVE-2005-3342</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-23T20:08:48Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-23T20:09:04Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-24T14:44:04Z">
+    formula7
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-01.xml b/metadata/glsa/glsa-200603-01.xml
new file mode 100644
index 000000000000..3298aae4f2ae
--- /dev/null
+++ b/metadata/glsa/glsa-200603-01.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-01">
+  <title>WordPress: SQL injection vulnerability</title>
+  <synopsis>
+    WordPress is vulnerable to an SQL injection vulnerability.
+  </synopsis>
+  <product type="ebuild">WordPress</product>
+  <announced>2006-03-04</announced>
+  <revised count="01">2006-03-04</revised>
+  <bug>121661</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <unaffected range="ge">2.0.1</unaffected>
+      <vulnerable range="le">1.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a PHP and MySQL based content management and
+    publishing system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Patrik Karlsson reported that WordPress 1.5.2 makes use of an
+    insufficiently filtered User Agent string in SQL queries related to
+    comments posting. This vulnerability was already fixed in the
+    2.0-series of WordPress.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could send a comment with a malicious User Agent
+    parameter, resulting in SQL injection and potentially in the subversion
+    of the WordPress database. This vulnerability wouldn't affect WordPress
+    sites which do not allow comments or which require that comments go
+    through a moderator.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable or moderate comments on your WordPress blogs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WordPress users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-2.0.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1012">CVE-2006-1012</uri>
+  </references>
+  
+  <metadata tag="submitter" timestamp="2006-02-26T14:42:26Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-02-26T14:42:47Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-02.xml b/metadata/glsa/glsa-200603-02.xml
new file mode 100644
index 000000000000..c9e47e382d36
--- /dev/null
+++ b/metadata/glsa/glsa-200603-02.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-02">
+  <title>teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code</title>
+  <synopsis>
+    CSTeTeX, pTeX, and teTeX include vulnerable XPdf code to handle PDF files,
+    making them vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tetex</product>
+  <announced>2006-03-04</announced>
+  <revised count="01">2006-03-04</revised>
+  <bug>115775</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/tetex" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r8</unaffected>
+      <vulnerable range="lt">2.0.2-r8</vulnerable>
+    </package>
+    <package name="app-text/cstetex" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r2</unaffected>
+      <vulnerable range="lt">2.0.2-r2</vulnerable>
+    </package>
+    <package name="app-text/ptex" auto="yes" arch="*">
+      <unaffected range="ge">3.1.5-r1</unaffected>
+      <vulnerable range="lt">3.1.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    teTex is a complete TeX distribution. It is used for creating and
+    manipulating LaTeX documents. CSTeX is a TeX distribution with Czech
+    and Slovak support. pTeX is and ASCII publishing TeX distribution.
+    </p>
+  </background>
+  <description>
+    <p>
+    CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This
+    XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as
+    well as several buffer and integer overflows discovered by Chris Evans
+    (CESA-2005-003).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted PDF
+    file with teTeX, pTeX or CSTeX, potentially resulting in the execution
+    of arbitrary code with the rights of the user running the affected
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All teTex users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/tetex-2.0.2-r8"</code>
+    <p>
+    All CSTeX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/cstetex-2.0.2-r2"</code>
+    <p>
+    All pTeX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/ptex-3.1.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193">CVE-2005-3193</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200512-08.xml">GLSA 200512-08</uri>
+    <uri link="http://scary.beasts.org/security/CESA-2005-003.txt">CESA-2005-003</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-16T20:57:52Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-02-17T12:11:23Z">
+    dragonheart
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-04T16:30:04Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-03.xml b/metadata/glsa/glsa-200603-03.xml
new file mode 100644
index 000000000000..bb275e96d682
--- /dev/null
+++ b/metadata/glsa/glsa-200603-03.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-03">
+  <title>MPlayer: Multiple integer overflows</title>
+  <synopsis>
+    MPlayer is vulnerable to integer overflows in FFmpeg and ASF decoding that
+    could potentially result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">MPlayer</product>
+  <announced>2006-03-04</announced>
+  <revised count="02">2006-06-21</revised>
+  <bug>115760</bug>
+  <bug>122029</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0.20060217</unaffected>
+      <unaffected range="ge">1.0_pre8</unaffected>
+      <vulnerable range="lt">1.0.20060217</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player capable of handling multiple multimedia file
+    formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    MPlayer makes use of the FFmpeg library, which is vulnerable to a heap
+    overflow in the avcodec_default_get_buffer() function discovered by
+    Simon Kilvington (see GLSA 200601-06). Furthermore, AFI Security
+    Research discovered two integer overflows in ASF file format decoding,
+    in the new_demux_packet() function from libmpdemux/demuxer.h and the
+    demux_asf_read_packet() function from libmpdemux/demux_asf.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious media file which, when opened using
+    MPlayer, would lead to a heap-based buffer overflow. This could result
+    in the execution of arbitrary code with the permissions of the user
+    running MPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0.20060217"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048">CVE-2005-4048</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0579">CVE-2006-0579</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200601-06.xml">GLSA 200601-06</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-03-04T11:56:49Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-04T11:56:59Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-04.xml b/metadata/glsa/glsa-200603-04.xml
new file mode 100644
index 000000000000..6576ee60cd8f
--- /dev/null
+++ b/metadata/glsa/glsa-200603-04.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-04">
+  <title>IMAP Proxy: Format string vulnerabilities</title>
+  <synopsis>
+    Format string vulnerabilities in IMAP Proxy may lead to the execution of
+    arbitrary code when connected to malicious IMAP servers.
+  </synopsis>
+  <product type="ebuild">up-imapproxy</product>
+  <announced>2006-03-06</announced>
+  <revised count="01">2006-03-06</revised>
+  <bug>107679</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/up-imapproxy" auto="yes" arch="*">
+      <unaffected range="ge">1.2.4</unaffected>
+      <vulnerable range="lt">1.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    IMAP Proxy (also known as up-imapproxy) proxies IMAP transactions
+    between an IMAP client and an IMAP server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Steve Kemp discovered two format string errors in IMAP Proxy.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could design a malicious IMAP server and entice
+    someone to connect to it using IMAP Proxy, resulting in the execution
+    of arbitrary code with the rights of the victim user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Only connect to trusted IMAP servers using IMAP Proxy.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IMAP Proxy users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/up-imapproxy-1.2.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2661">CVE-2005-2661</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-05T09:44:08Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-05T09:44:28Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-05T15:59:30Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-05.xml b/metadata/glsa/glsa-200603-05.xml
new file mode 100644
index 000000000000..d95e3099d933
--- /dev/null
+++ b/metadata/glsa/glsa-200603-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-05">
+  <title>zoo: Stack-based buffer overflow</title>
+  <synopsis>
+    A stack-based buffer overflow in zoo may be exploited to execute arbitrary
+    code through malicious ZOO archives.
+  </synopsis>
+  <product type="ebuild">zoo</product>
+  <announced>2006-03-06</announced>
+  <revised count="01">2006-03-06</revised>
+  <bug>123782</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/zoo" auto="yes" arch="*">
+      <unaffected range="ge">2.10-r1</unaffected>
+      <vulnerable range="lt">2.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    zoo is a file archiving utility for maintaining collections of
+    files, written by Rahul Dhesi.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jean-Sebastien Guay-Leroux discovered a boundary error in the
+    fullpath() function in misc.c when processing overly long file and
+    directory names in ZOO archives.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious ZOO archive and entice someone
+    to open it using zoo. This would trigger a stack-based buffer overflow
+    and potentially allow execution of arbitrary code with the rights of
+    the victim user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All zoo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/zoo-2.10-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0855">CVE-2006-0855</uri>
+    <uri link="http://www.guay-leroux.com/projects/zoo-advisory.txt">Original Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-26T17:26:29Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-03T17:54:01Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-04T16:06:52Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-06.xml b/metadata/glsa/glsa-200603-06.xml
new file mode 100644
index 000000000000..d3b6cc635c63
--- /dev/null
+++ b/metadata/glsa/glsa-200603-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-06">
+  <title>GNU tar: Buffer overflow</title>
+  <synopsis>
+    A malicious tar archive could trigger a Buffer overflow in GNU tar,
+    potentially resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tar</product>
+  <announced>2006-03-10</announced>
+  <revised count="01">2006-03-10</revised>
+  <bug>123038</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/tar" auto="yes" arch="*">
+      <unaffected range="ge">1.15.1-r1</unaffected>
+      <vulnerable range="lt">1.15.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU tar is the standard GNU utility for creating and manipulating
+    tar archives, a common format used for creating backups and
+    distributing files on UNIX-like systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jim Meyering discovered a flaw in the handling of certain header
+    fields that could result in a buffer overflow when extracting or
+    listing the contents of an archive.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could construct a malicious tar archive that
+    could potentially execute arbitrary code with the privileges of the
+    user running GNU tar.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU tar users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/tar-1.15.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300">CVE-2006-0300</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-07T20:43:28Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-08T16:57:53Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-10T18:23:47Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-07.xml b/metadata/glsa/glsa-200603-07.xml
new file mode 100644
index 000000000000..79002b55429e
--- /dev/null
+++ b/metadata/glsa/glsa-200603-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-07">
+  <title>flex: Potential insecure code generation</title>
+  <synopsis>
+    flex might generate code with a buffer overflow, making applications using
+    such scanners vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">flex</product>
+  <announced>2006-03-10</announced>
+  <revised count="01">2006-03-10</revised>
+  <bug>122940</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="sys-devel/flex" auto="yes" arch="*">
+      <unaffected range="ge">2.5.33-r1</unaffected>
+      <vulnerable range="lt">2.5.33-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    flex is a programming tool used to generate scanners (programs
+    which recognize lexical patterns in text).
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Moore discovered a buffer overflow in a special class of
+    lexicographical scanners generated by flex. Only scanners generated by
+    grammars which use either REJECT, or rules with a "variable trailing
+    context" might be at risk.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could feed malicious input to an application making
+    use of an affected scanner and trigger the buffer overflow, potentially
+    resulting in the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Avoid using vulnerable grammar in your flex scanners.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All flex users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-devel/flex-2.5.33-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0459">CVE-2006-0459</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-03T18:28:11Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-03T18:29:09Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-07T21:06:21Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-08.xml b/metadata/glsa/glsa-200603-08.xml
new file mode 100644
index 000000000000..f42c53a1ab20
--- /dev/null
+++ b/metadata/glsa/glsa-200603-08.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-08">
+  <title>GnuPG: Incorrect signature verification</title>
+  <synopsis>
+    GnuPG may erroneously report a modified or unsigned message has a valid
+    digital signature.
+  </synopsis>
+  <product type="ebuild">gnupg</product>
+  <announced>2006-03-10</announced>
+  <revised count="01">2006-03-10</revised>
+  <bug>125217</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.2</unaffected>
+      <vulnerable range="lt">1.4.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU Privacy Guard, GnuPG, is a free replacement for the PGP
+    suite of cryptographic software that may be used without restriction,
+    as it does not rely on any patented algorithms. GnuPG can be used to
+    digitally sign messages, a method of ensuring the authenticity of a
+    message using public key cryptography.
+    </p>
+  </background>
+  <description>
+    <p>
+    OpenPGP is the standard that defines the format of digital
+    signatures supported by GnuPG. OpenPGP signatures consist of multiple
+    sections, in a strictly defined order. Tavis Ormandy of the Gentoo
+    Linux Security Audit Team discovered that certain illegal signature
+    formats could allow signed data to be modified without detection. GnuPG
+    has previously attempted to be lenient when processing malformed or
+    legacy signature formats, but this has now been found to be insecure.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may be able to construct or modify a
+    digitally-signed message, potentially allowing them to bypass
+    authentication systems, or impersonate another user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuPG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.2.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049">CVE-2006-0049</uri>
+    <uri link="http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html">GnuPG Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-03-08T22:34:09Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-10T21:32:19Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-09.xml b/metadata/glsa/glsa-200603-09.xml
new file mode 100644
index 000000000000..393397679807
--- /dev/null
+++ b/metadata/glsa/glsa-200603-09.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-09">
+  <title>SquirrelMail: Cross-site scripting and IMAP command injection</title>
+  <synopsis>
+    SquirrelMail is vulnerable to several cross-site scripting vulnerabilities
+    and IMAP command injection.
+  </synopsis>
+  <product type="ebuild">squirrelmail</product>
+  <announced>2006-03-12</announced>
+  <revised count="01">2006-03-12</revised>
+  <bug>123781</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <unaffected range="ge">1.4.6</unaffected>
+      <vulnerable range="lt">1.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SquirrelMail is a webmail package written in PHP. It supports IMAP
+    and SMTP protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    SquirrelMail does not validate the right_frame parameter in
+    webmail.php, possibly allowing frame replacement or cross-site
+    scripting (CVE-2006-0188). Martijn Brinkers and Scott Hughes discovered
+    that MagicHTML fails to handle certain input correctly, potentially
+    leading to cross-site scripting (only Internet Explorer,
+    CVE-2006-0195). Vicente Aguilera reported that the
+    sqimap_mailbox_select function did not strip newlines from the mailbox
+    or subject parameter, possibly allowing IMAP command injection
+    (CVE-2006-0377).
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By exploiting the cross-site scripting vulnerabilities, an
+    attacker can execute arbitrary scripts running in the context of the
+    victim's browser. This could lead to a compromise of the user's webmail
+    account, cookie theft, etc. A remote attacker could exploit the IMAP
+    command injection to execute arbitrary IMAP commands on the configured
+    IMAP server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SquirrelMail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/squirrelmail-1.4.6"</code>
+    <p>
+    Note: Users with the vhosts USE flag set should manually use
+    webapp-config to finalize the update.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188">CVE-2006-0188</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195">CVE-2006-0195</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377">CVE-2006-0377</uri>
+  </references>
+  <metadata tag="">
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-11T16:55:59Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-11T21:38:55Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-10.xml b/metadata/glsa/glsa-200603-10.xml
new file mode 100644
index 000000000000..825a3389ea1a
--- /dev/null
+++ b/metadata/glsa/glsa-200603-10.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-10">
+  <title>Cube: Multiple vulnerabilities</title>
+  <synopsis>
+    Cube is vulnerable to a buffer overflow, invalid memory access and remote
+    client crashes, possibly leading to a Denial of Service or remote code
+    execution.
+  </synopsis>
+  <product type="ebuild">cube</product>
+  <announced>2006-03-13</announced>
+  <revised count="01">2006-03-13</revised>
+  <bug>125289</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-fps/cube" auto="yes" arch="*">
+      <vulnerable range="le">20050829</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cube is an open source first person shooter game engine supporting
+    multiplayer via LAN or internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma reported that Cube is vulnerable to a buffer
+    overflow in the sgetstr() function (CVE-2006-1100) and that the
+    sgetstr() and getint() functions fail to verify the length of the
+    supplied argument, possibly leading to the access of invalid memory
+    regions (CVE-2006-1101). Furthermore, he discovered that a client
+    crashes when asked to load specially crafted mapnames (CVE-2006-1102).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit the buffer overflow to execute
+    arbitrary code with the rights of the user running cube. An attacker
+    could also exploit the other vulnerabilities to crash a Cube client or
+    server, resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Play solo games or restrict your multiplayer games to trusted
+    parties.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Upstream stated that there will be no fixed version of Cube, thus
+    the Gentoo Security Team decided to hardmask Cube for security reasons.
+    All Cube users are encouraged to uninstall Cube:
+    </p>
+    <code>
+    # emerge --ask --unmerge games-fps/cube</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1100">CVE-2006-1100</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1101">CVE-2006-1101</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1102">CVE-2006-1102</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-03-11T12:37:07Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-11T16:16:08Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-11.xml b/metadata/glsa/glsa-200603-11.xml
new file mode 100644
index 000000000000..0585a3400a31
--- /dev/null
+++ b/metadata/glsa/glsa-200603-11.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-11">
+  <title>Freeciv: Denial of service</title>
+  <synopsis>
+    A memory allocation bug in Freeciv allows a remote attacker to perform a
+    Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">freeciv</product>
+  <announced>2006-03-16</announced>
+  <revised count="01">2006-03-16</revised>
+  <bug>125304</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-strategy/freeciv" auto="yes" arch="*">
+      <unaffected range="ge">2.0.8</unaffected>
+      <vulnerable range="lt">2.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Freeciv is an open source turn-based multiplayer strategy game,
+    similar to the famous Civilization series.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma discovered that Freeciv could be tricked into the
+    allocation of enormous chunks of memory when trying to uncompress
+    malformed data packages, possibly leading to an out of memory condition
+    which causes Freeciv to crash or freeze.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this issue to cause a Denial of
+    Service by sending specially crafted data packages to the Freeciv game
+    server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Play solo games or restrict your multiplayer games to trusted
+    parties.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Freeciv users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-strategy/freeciv-2.0.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0047">CVE-2006-0047</uri>
+    <uri link="http://aluigi.altervista.org/adv/freecivdos-adv.txt">Original advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-03-12T20:13:19Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-12T20:29:12Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-12.xml b/metadata/glsa/glsa-200603-12.xml
new file mode 100644
index 000000000000..e119c1ccd0e4
--- /dev/null
+++ b/metadata/glsa/glsa-200603-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-12">
+  <title>zoo: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow in zoo may be exploited to execute arbitrary when
+    creating archives of specially crafted directories and files.
+  </synopsis>
+  <product type="ebuild">zoo</product>
+  <announced>2006-03-16</announced>
+  <revised count="01">2006-03-16</revised>
+  <bug>125622</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-arch/zoo" auto="yes" arch="*">
+      <unaffected range="ge">2.10-r2</unaffected>
+      <vulnerable range="lt">2.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    zoo is a file archiving utility for maintaining collections of
+    files, written by Rahul Dhesi.
+    </p>
+  </background>
+  <description>
+    <p>
+    zoo is vulnerable to a new buffer overflow due to insecure use of
+    the strcpy() function when trying to create an archive from certain
+    directories or filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this issue by enticing a user to create
+    a zoo archive of specially crafted directories and filenames, possibly
+    leading to the execution of arbitrary code with the rights of the user
+    running zoo.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All zoo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/zoo-2.10-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426">RedHat Bug #183426</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1269">CVE-2006-1269</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-11T11:35:08Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-12T16:19:21Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-12T17:50:06Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-13.xml b/metadata/glsa/glsa-200603-13.xml
new file mode 100644
index 000000000000..b97d64703bbd
--- /dev/null
+++ b/metadata/glsa/glsa-200603-13.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-13">
+  <title>PEAR-Auth: Potential authentication bypass</title>
+  <synopsis>
+    PEAR-Auth did not correctly verify data passed to the DB and LDAP
+    containers, thus allowing to inject false credentials to bypass the
+    authentication.
+  </synopsis>
+  <product type="ebuild">pear-auth</product>
+  <announced>2006-03-17</announced>
+  <revised count="01">2006-03-17</revised>
+  <bug>123832</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/PEAR-Auth" auto="yes" arch="*">
+      <unaffected range="ge">1.2.4</unaffected>
+      <vulnerable range="lt">1.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PEAR-Auth is a PEAR package that provides methods to create a PHP
+    based authentication system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Matt Van Gundy discovered that PEAR-Auth did not correctly
+    validate data passed to the DB and LDAP containers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly exploit this vulnerability to
+    bypass the authentication mechanism by injecting specially crafted
+    input to the underlying storage containers.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PEAR-Auth users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-Auth-1.2.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0868">CVE-2006-0868</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-14T21:29:18Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-14T21:29:45Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-14T23:22:04Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-14.xml b/metadata/glsa/glsa-200603-14.xml
new file mode 100644
index 000000000000..6a355355868f
--- /dev/null
+++ b/metadata/glsa/glsa-200603-14.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-14">
+  <title>Heimdal: rshd privilege escalation</title>
+  <synopsis>
+    An error in the rshd daemon of Heimdal could allow authenticated users to
+    elevate privileges.
+  </synopsis>
+  <product type="ebuild">heimdal</product>
+  <announced>2006-03-17</announced>
+  <revised count="01">2006-03-17</revised>
+  <bug>121839</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/heimdal" auto="yes" arch="*">
+      <unaffected range="ge">0.7.2</unaffected>
+      <vulnerable range="lt">0.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heimdal is a free implementation of Kerberos 5.
+    </p>
+  </background>
+  <description>
+    <p>
+    An unspecified privilege escalation vulnerability in the rshd
+    server of Heimdal has been reported.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Authenticated users could exploit the vulnerability to escalate
+    privileges or to change the ownership and content of arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Heimdal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/heimdal-0.7.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0582">CVE-2006-0582</uri>
+    <uri link="https://www.pdc.kth.se/heimdal/advisory/2006-02-06/">Heimdal Advisory 2006-02-06</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-14T18:02:33Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-16T09:34:15Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-17T10:14:03Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-15.xml b/metadata/glsa/glsa-200603-15.xml
new file mode 100644
index 000000000000..afe97fd66b13
--- /dev/null
+++ b/metadata/glsa/glsa-200603-15.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-15">
+  <title>Crypt::CBC: Insecure initialization vector</title>
+  <synopsis>
+    Crypt::CBC uses an insecure initialization vector, potentially resulting in
+    a weaker encryption.
+  </synopsis>
+  <product type="ebuild">crypt-cbc</product>
+  <announced>2006-03-17</announced>
+  <revised count="01">2006-03-17</revised>
+  <bug>126048</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/crypt-cbc" auto="yes" arch="*">
+      <unaffected range="ge">2.17</unaffected>
+      <vulnerable range="lt">2.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Crypt::CBC is a Perl module to encrypt data using cipher block
+    chaining (CBC).
+    </p>
+  </background>
+  <description>
+    <p>
+    Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes
+    long initializiation vectors correctly when running in the RandomIV
+    mode, resulting in a weaker encryption because the second part of every
+    block will always be encrypted with zeros if the blocksize of the
+    cipher is greater than 8 bytes.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could exploit weak ciphertext produced by Crypt::CBC
+    to bypass certain security restrictions or to gain access to sensitive
+    data.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Crypt::CBC users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-perl/crypt-cbc-2.17"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0898">CVE-2006-0898</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-14T21:26:26Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-14T21:26:50Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-14T23:04:56Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-16.xml b/metadata/glsa/glsa-200603-16.xml
new file mode 100644
index 000000000000..e878aad39d61
--- /dev/null
+++ b/metadata/glsa/glsa-200603-16.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-16">
+  <title>Metamail: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow in Metamail could possibly be exploited to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">metamail</product>
+  <announced>2006-03-17</announced>
+  <revised count="01">2006-03-17</revised>
+  <bug>126052</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/metamail" auto="yes" arch="*">
+      <unaffected range="ge">2.7.45.3-r1</unaffected>
+      <vulnerable range="lt">2.7.45.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Metamail is a program that decodes MIME encoded mail.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar discovered a buffer overflow in Metamail when
+    processing mime boundraries.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a specially crafted email, attackers could potentially
+    exploit this vulnerability to crash Metamail or to execute arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Metamail users should update to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/metamail-2.7.45.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0709">CVE-2006-0709</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-14T21:16:22Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-16T09:48:07Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-16T21:04:49Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-17.xml b/metadata/glsa/glsa-200603-17.xml
new file mode 100644
index 000000000000..c914d759cb9e
--- /dev/null
+++ b/metadata/glsa/glsa-200603-17.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-17">
+  <title>PeerCast: Buffer overflow</title>
+  <synopsis>
+    PeerCast is vulnerable to a buffer overflow that may lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">peercast</product>
+  <announced>2006-03-21</announced>
+  <revised count="01">2006-03-21</revised>
+  <bug>123432</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/peercast" auto="yes" arch="*">
+      <unaffected range="ge">0.1217</unaffected>
+      <vulnerable range="lt">0.1217</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PeerCast is a Peer to Peer broadcasting technology for listening
+    to radio and watching video on the Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    INFIGO discovered a problem in the URL handling code. Buffers that
+    are allocated on the stack can be overflowed inside of nextCGIarg()
+    function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a specially crafted request to the HTTP server, a
+    remote attacker can cause a stack overflow, resulting in the execution
+    of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PeerCast users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/peercast-0.1217"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1148">CVE-2006-1148</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-11T11:34:53Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-12T17:55:02Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-18T02:16:00Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-18.xml b/metadata/glsa/glsa-200603-18.xml
new file mode 100644
index 000000000000..5ed5c25ec55d
--- /dev/null
+++ b/metadata/glsa/glsa-200603-18.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-18">
+  <title>Pngcrush: Buffer overflow</title>
+  <synopsis>
+    Pngcrush is vulnerable to a buffer overflow which could potentially lead to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pngcrush</product>
+  <announced>2006-03-21</announced>
+  <revised count="01">2006-03-21</revised>
+  <bug>123286</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/pngcrush" auto="yes" arch="*">
+      <unaffected range="ge">1.6.2</unaffected>
+      <vulnerable range="lt">1.6.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pngcrush is an optimizer for PNG files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a
+    vulnerable version of zlib (GLSA 200507-19).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By creating a specially crafted data stream, attackers can
+    overwrite data structures for applications that use Pngcrush, resulting
+    in a Denial of Service and potentially arbitrary code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pngcrush users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/pngcrush-1.6.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200507-19.xml">GLSA 200507-19</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849">CVE-2005-1849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-02-22T18:06:23Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-03T17:03:15Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-18T02:00:13Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-19.xml b/metadata/glsa/glsa-200603-19.xml
new file mode 100644
index 000000000000..dcf72c7582cc
--- /dev/null
+++ b/metadata/glsa/glsa-200603-19.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-19">
+  <title>cURL/libcurl: Buffer overflow in the handling of TFTP URLs</title>
+  <synopsis>
+    libcurl is affected by a buffer overflow in the handling of URLs for the
+    TFTP protocol, which could be exploited to compromise a user's system.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2006-03-21</announced>
+  <revised count="01">2006-03-21</revised>
+  <bug>125766</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="rge">7.15.1-r1</unaffected>
+      <unaffected range="ge">7.15.3</unaffected>
+      <unaffected range="le">7.14.1</unaffected>
+      <vulnerable range="lt">7.15.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cURL is a command line tool for transferring files with URL
+    syntax, supporting numerous protocols. libcurl is the corresponding
+    client-side library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar reported a possible buffer overflow in the handling
+    of TFTP URLs in libcurl due to the lack of boundary checks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability to compromise a
+    user's system by enticing the user to request a malicious URL with
+    cURL/libcurl or to use a HTTP server redirecting to a malicious TFTP
+    URL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All cURL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.15.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://curl.haxx.se/docs/adv_20060320.html">Project cURL Security Advisory, March 20th 2006</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1061">CVE-2006-1061</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-20T17:27:58Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-20T17:28:46Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-20T22:09:32Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-20.xml b/metadata/glsa/glsa-200603-20.xml
new file mode 100644
index 000000000000..a63eae02f4a4
--- /dev/null
+++ b/metadata/glsa/glsa-200603-20.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-20">
+  <title>Macromedia Flash Player: Arbitrary code execution</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified that allows arbitrary code execution on
+    a user's system via the handling of malicious SWF files.
+  </synopsis>
+  <product type="ebuild">Flash</product>
+  <announced>2006-03-21</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>102777</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">7.0.63</unaffected>
+      <vulnerable range="lt">7.0.63</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Macromedia Flash Player is a renderer for the popular SWF
+    filetype which is commonly used to provide interactive websites,
+    digital experiences and mobile content.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Macromedia Flash Player contains multiple unspecified
+    vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker serving a maliciously crafted SWF file could entice a
+    user to view the SWF file and execute arbitrary code on the user's
+    machine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Macromedia Flash Player users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-7.0.63"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024">CVE-2006-0024</uri>
+    <uri link="http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html">Macromedia Announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-03-21T19:42:52Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-21T19:43:49Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-21.xml b/metadata/glsa/glsa-200603-21.xml
new file mode 100644
index 000000000000..ed8637b19294
--- /dev/null
+++ b/metadata/glsa/glsa-200603-21.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-21">
+  <title>Sendmail: Race condition in the handling of asynchronous signals</title>
+  <synopsis>
+    Sendmail is vulnerable to a race condition which could lead to the
+    execution of arbitrary code with sendmail privileges.
+  </synopsis>
+  <product type="ebuild">sendmail</product>
+  <announced>2006-03-22</announced>
+  <revised count="01">2006-03-22</revised>
+  <bug>125623</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/sendmail" auto="yes" arch="*">
+      <unaffected range="ge">8.13.6</unaffected>
+      <vulnerable range="lt">8.13.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sendmail is a popular mail transfer agent (MTA).
+    </p>
+  </background>
+  <description>
+    <p>
+    ISS discovered that Sendmail is vulnerable to a race condition in
+    the handling of asynchronous signals.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this via certain crafted timing
+    conditions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sendmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/sendmail-8.13.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058">CVE-2006-0058</uri>
+    <uri link="https://www.sendmail.com/company/advisory/index.shtml">Sendmail Inc. advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-03-21T20:21:08Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-22T19:48:59Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-22.xml b/metadata/glsa/glsa-200603-22.xml
new file mode 100644
index 000000000000..91b80e7aeea1
--- /dev/null
+++ b/metadata/glsa/glsa-200603-22.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-22">
+  <title>PHP: Format string and XSS vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in PHP allow remote attackers to inject arbitrary
+    HTTP headers, perform cross site scripting or in some cases execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2006-03-22</announced>
+  <revised count="01">2006-03-22</revised>
+  <bug>125878</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.1.2</unaffected>
+      <vulnerable range="lt">4.4.2</vulnerable>
+      <vulnerable range="rge">5.1.1</vulnerable>
+      <vulnerable range="rge">5.0.5</vulnerable>
+      <vulnerable range="rge">5.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a general-purpose scripting language widely used to develop
+    web-based applications. It can run on a web server with the mod_php
+    module or the CGI version and also stand-alone in a CLI.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser of the Hardened PHP project has reported a few
+    vulnerabilities found in PHP:
+    </p>
+    <ul>
+    <li>Input passed to the session
+    ID in the session extension isn't properly sanitised before being
+    returned to the user via a "Set-Cookie" HTTP header, which can contain
+    arbitrary injected data.</li>
+    <li>A format string error while
+    processing error messages using the mysqli extension in version 5.1 and
+    above.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted request, a remote attacker can
+    exploit this vulnerability to inject arbitrary HTTP headers, which will
+    be included in the response sent to the user. The format string
+    vulnerability may be exploited to execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP 5.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.1.2"</code>
+    <p>
+    All PHP 4.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-4.4.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207">CVE-2006-0207</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208">CVE-2006-0208</uri>
+    <uri link="https://www.hardened-php.net/advisory_022006.112.html">Hardened-PHP Advisory 01/2006</uri>
+    <uri link="https://www.hardened-php.net/advisory_012006.113.html">Hardened-PHP Advisory 02/2006</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-14T21:28:04Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-14T21:28:11Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-18T03:27:49Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-23.xml b/metadata/glsa/glsa-200603-23.xml
new file mode 100644
index 000000000000..5dac985c6db7
--- /dev/null
+++ b/metadata/glsa/glsa-200603-23.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-23">
+  <title>NetHack, Slash'EM, Falcon's Eye: Local privilege escalation</title>
+  <synopsis>
+    NetHack, Slash'EM and Falcon's Eye are vulnerable to local privilege
+    escalation vulnerabilities that could potentially allow the execution of
+    arbitrary code as other users.
+  </synopsis>
+  <product type="ebuild">nethack slashem falconseye</product>
+  <announced>2006-03-23</announced>
+  <revised count="01">2006-03-30</revised>
+  <bug>125902</bug>
+  <bug>122376</bug>
+  <bug>127167</bug>
+  <bug>127319</bug>
+  <access>local</access>
+  <affected>
+    <package name="games-roguelike/nethack" auto="yes" arch="*">
+      <vulnerable range="le">3.4.3-r1</vulnerable>
+    </package>
+    <package name="games-roguelike/falconseye" auto="yes" arch="*">
+      <vulnerable range="le">1.9.4a</vulnerable>
+    </package>
+    <package name="games-roguelike/slashem" auto="yes" arch="*">
+      <vulnerable range="le">0.0.760</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NetHack is the classic single player dungeon exploration game. Slash'EM
+    and Falcon's Eye are NetHack variants.
+    </p>
+  </background>
+  <description>
+    <p>
+    NetHack, Slash'EM and Falcon's Eye have been found to be incompatible
+    with the system used for managing games on Gentoo Linux. As a result,
+    they cannot be played securely on systems with multiple users.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local user who is a member of group "games" may be able to modify the
+    state data used by NetHack, Slash'EM or Falcon's Eye to trigger the
+    execution of arbitrary code with the privileges of other players.
+    Additionally, the games may create save game files in a manner not
+    suitable for use on Gentoo Linux, potentially allowing a local user to
+    create or overwrite files with the permissions of other players.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not add untrusted users to the "games" group.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    NetHack has been masked in Portage pending the resolution of these
+    issues. Vulnerable NetHack users are advised to uninstall the package
+    until further notice.
+    </p>
+    <code>
+    # emerge --ask --verbose --unmerge "games-roguelike/nethack"</code>
+    <p>
+    Slash'EM has been masked in Portage pending the resolution of these
+    issues. Vulnerable Slash'EM users are advised to uninstall the package
+    until further notice.
+    </p>
+    <code>
+    # emerge --ask --verbose --unmerge "games-roguelike/slashem"</code>
+    <p>
+    Falcon's Eye has been masked in Portage pending the resolution of these
+    issues. Vulnerable Falcon's Eye users are advised to uninstall the
+    package until further notice.
+    </p>
+    <code>
+    # emerge --ask --verbose --unmerge "games-roguelike/falconseye"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1390">CVE-2006-1390</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-22T22:13:28Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-22T22:57:23Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-23T22:05:55Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-24.xml b/metadata/glsa/glsa-200603-24.xml
new file mode 100644
index 000000000000..69f5ebbe8bc4
--- /dev/null
+++ b/metadata/glsa/glsa-200603-24.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-24">
+  <title>RealPlayer: Buffer overflow vulnerability</title>
+  <synopsis>
+    RealPlayer is vulnerable to a buffer overflow that could lead to remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">RealPlayer</product>
+  <announced>2006-03-26</announced>
+  <revised count="01">2006-03-26</revised>
+  <bug>127352</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/realplayer" auto="yes" arch="*">
+      <unaffected range="ge">10.0.7</unaffected>
+      <vulnerable range="lt">10.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    RealPlayer is a multimedia player capable of handling multiple
+    multimedia file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    RealPlayer is vulnerable to a buffer overflow when processing
+    malicious SWF files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted SWF file an
+    attacker could execute arbitrary code with the permissions of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All RealPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/realplayer-10.0.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323">CVE-2006-0323</uri>
+    <uri link="http://service.real.com/realplayer/security/03162006_player/en/">RealNetworks Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-23T23:38:12Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-24T13:36:18Z">
+    formula7
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-26T17:28:15Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-25.xml b/metadata/glsa/glsa-200603-25.xml
new file mode 100644
index 000000000000..f2fa976e41c0
--- /dev/null
+++ b/metadata/glsa/glsa-200603-25.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-25">
+  <title>OpenOffice.org: Heap overflow in included libcurl</title>
+  <synopsis>
+    OpenOffice.org contains a vulnerable version of libcurl that may cause a
+    heap overflow when parsing URLs.
+  </synopsis>
+  <product type="ebuild">openoffice openoffice-bin</product>
+  <announced>2006-03-27</announced>
+  <revised count="01">2006-03-27</revised>
+  <bug>126433</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2</unaffected>
+      <vulnerable range="lt">2.0.2</vulnerable>
+    </package>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.0.1-r1</unaffected>
+      <vulnerable range="lt">2.0.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an office productivity suite, including word
+    processing, spreadsheet, presentation, data charting, formula editing
+    and file conversion facilities. libcurl, which is included in
+    OpenOffice.org, is a free and easy-to-use client-side library for
+    transferring files with URL syntaxes, supporting numerous protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    OpenOffice.org includes libcurl code. This libcurl code is
+    vulnerable to a heap overflow when it tries to parse a URL that exceeds
+    a 256-byte limit (GLSA 200512-09).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to call a specially crafted URL
+    with OpenOffice.org, potentially resulting in the execution of
+    arbitrary code with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-2.0.2"</code>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.0.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077">CVE-2005-4077</uri>
+    <uri link="https://www.hardened-php.net/advisory_242005.109.html">Hardened-PHP Advisory 24/2005</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200512-09.xml">GLSA 200512-09</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-17T09:53:36Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-17T18:15:26Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-18T01:42:41Z">
+    adir
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200603-26.xml b/metadata/glsa/glsa-200603-26.xml
new file mode 100644
index 000000000000..4f0bacb011e1
--- /dev/null
+++ b/metadata/glsa/glsa-200603-26.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200603-26">
+  <title>bsd-games: Local privilege escalation in tetris-bsd</title>
+  <synopsis>
+    tetris-bsd is prone to local privilege escalation vulnerabilities.
+  </synopsis>
+  <product type="ebuild">bsd-games</product>
+  <announced>2006-03-29</announced>
+  <revised count="02">2006-05-22</revised>
+  <bug>122399</bug>
+  <access>local</access>
+  <affected>
+    <package name="games-misc/bsd-games" auto="yes" arch="*">
+      <unaffected range="ge">2.17-r1</unaffected>
+      <vulnerable range="lt">2.17-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    bsd-games is a collection of NetBSD games ported to Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that
+    the checkscores() function in scores.c reads in the data from the
+    /var/games/tetris-bsd.scores file without validation, rendering it
+    vulnerable to buffer overflows and incompatible with the system used
+    for managing games on Gentoo Linux. As a result, it cannot be played
+    securely on systems with multiple users. Please note that this is
+    probably a Gentoo-specific issue.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local user who is a member of group "games" may be able to modify the
+    tetris-bsd.scores file to trigger the execution of arbitrary code with
+    the privileges of other players.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not add untrusted users to the "games" group.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All bsd-games users are advised to update to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-misc/bsd-games-2.17-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1539">CVE-2006-1539</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-21T19:50:34Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-03-27T15:36:51Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-03-28T18:00:28Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-01.xml b/metadata/glsa/glsa-200604-01.xml
new file mode 100644
index 000000000000..6b53569e7778
--- /dev/null
+++ b/metadata/glsa/glsa-200604-01.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-01">
+  <title>MediaWiki: Cross-site scripting vulnerability</title>
+  <synopsis>
+    MediaWiki is vulnerable to a cross-site scripting attack that could allow
+    arbitrary JavaScript code execution.
+  </synopsis>
+  <product type="ebuild">mediawiki</product>
+  <announced>2006-04-04</announced>
+  <revised count="01">2006-04-04</revised>
+  <bug>127971</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.4.15</unaffected>
+      <vulnerable range="lt">1.4.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MediaWiki is a collaborative editing software, used by big
+    projects like Wikipedia.
+    </p>
+  </background>
+  <description>
+    <p>
+    MediaWiki fails to decode certain encoded URLs correctly.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By supplying specially crafted links, a remote attacker could
+    exploit this vulnerability to inject malicious HTML or JavaScript code
+    that will be executed in a user's browser session in the context of the
+    vulnerable site.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MediaWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.4.15"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1498">CVE-2006-1498</uri>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=404869">MediaWiki 1.4.15 Release Notes</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-02T08:58:31Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-02T08:58:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-02T17:15:00Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-02.xml b/metadata/glsa/glsa-200604-02.xml
new file mode 100644
index 000000000000..fc8889f07fc8
--- /dev/null
+++ b/metadata/glsa/glsa-200604-02.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-02">
+  <title>Horde Application Framework: Remote code execution</title>
+  <synopsis>
+    The help viewer of the Horde Framework allows attackers to execute
+    arbitrary remote code.
+  </synopsis>
+  <product type="ebuild">horde</product>
+  <announced>2006-04-04</announced>
+  <revised count="01">2006-04-04</revised>
+  <bug>127889</bug>
+  <bug>126435</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde" auto="yes" arch="*">
+      <unaffected range="ge">3.1.1</unaffected>
+      <vulnerable range="lt">3.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Horde Application Framework is a general-purpose web
+    application framework written in PHP, providing classes for handling
+    preferences, compression, browser detection, connection tracking, MIME
+    and more.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jan Schneider of the Horde team discovered a vulnerability in the
+    help viewer of the Horde Application Framework that could allow remote
+    code execution (CVE-2006-1491). Paul Craig reported that
+    "services/go.php" fails to validate the passed URL parameter correctly
+    (CVE-2006-1260).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit the vulnerability in the help viewer to
+    execute arbitrary code with the privileges of the web server user. By
+    embedding a NULL character in the URL parameter, an attacker could
+    exploit the input validation issue in go.php to read arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde Application Framework users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-3.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1260">CVE-2006-1260</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1491">CVE-2006-1491</uri>
+    <uri link="https://lists.horde.org/archives/announce/2006/000271.html">Horde Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-03-31T23:07:49Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-03T09:02:34Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-04T18:34:51Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-03.xml b/metadata/glsa/glsa-200604-03.xml
new file mode 100644
index 000000000000..94feb4d077a2
--- /dev/null
+++ b/metadata/glsa/glsa-200604-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-03">
+  <title>FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module</title>
+  <synopsis>
+    The EAP-MSCHAPv2 module of FreeRADIUS is affected by a validation issue
+    which causes some authentication checks to be bypassed.
+  </synopsis>
+  <product type="ebuild">freeradius</product>
+  <announced>2006-04-04</announced>
+  <revised count="01">2006-04-04</revised>
+  <bug>127229</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1</unaffected>
+      <unaffected range="lt">1.0.0</unaffected>
+      <vulnerable range="lt">1.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeRADIUS is an open source RADIUS authentication server
+    implementation.
+    </p>
+  </background>
+  <description>
+    <p>
+    FreeRADIUS suffers from insufficient input validation in the
+    EAP-MSCHAPv2 state machine.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could cause the server to bypass authentication checks
+    by manipulating the EAP-MSCHAPv2 client state machine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeRADIUS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dialup/freeradius-1.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354">CVE-2006-1354</uri>
+    <uri link="https://www.freeradius.org/security.html">FreeRADIUS Vulnerability Notifications</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-01T10:41:34Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-01T10:42:20Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-01T23:30:58Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-04.xml b/metadata/glsa/glsa-200604-04.xml
new file mode 100644
index 000000000000..89ecc6a0bd71
--- /dev/null
+++ b/metadata/glsa/glsa-200604-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-04">
+  <title>Kaffeine: Buffer overflow</title>
+  <synopsis>
+    Kaffeine is vulnerable to a buffer overflow that could lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">kaffeine</product>
+  <announced>2006-04-05</announced>
+  <revised count="01">2006-04-05</revised>
+  <bug>127326</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/kaffeine" auto="yes" arch="*">
+      <unaffected range="ge">0.7.1-r2</unaffected>
+      <vulnerable range="lt">0.7.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Kaffeine is a graphical front-end for the xine-lib multimedia
+    library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kaffeine uses an unchecked buffer when fetching remote RAM
+    playlists via HTTP.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to play a specially-crafted
+    RAM playlist resulting in the execution of arbitrary code with the
+    permissions of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Kaffeine users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/kaffeine-0.7.1-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0051">CVE-2006-0051</uri>
+    <uri link="https://www.kde.org/info/security/advisory-20060404-1.txt">KDE Security Advisory: Kaffeine buffer overflow</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-04T13:17:18Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-04T19:29:42Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-05T21:13:35Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-05.xml b/metadata/glsa/glsa-200604-05.xml
new file mode 100644
index 000000000000..97c8feb1a02e
--- /dev/null
+++ b/metadata/glsa/glsa-200604-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-05">
+  <title>Doomsday: Format string vulnerability</title>
+  <synopsis>
+    Format string vulnerabilities in Doomsday may lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">doomsday</product>
+  <announced>2006-04-06</announced>
+  <revised count="02">2006-06-15</revised>
+  <bug>128690</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-fps/doomsday" auto="yes" arch="*">
+      <unaffected range="ge">1.9.0_beta4</unaffected>
+      <vulnerable range="le">1.9.0_beta4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Doomsday is a modern gaming engine for popular ID games like Doom,
+    Heretic and Hexen.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma discovered that Doomsday incorrectly implements
+    formatted printing.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to execute
+    arbitrary code with the rights of the user running the Doomsday server
+    or client by sending specially crafted strings.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Doomsday users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-fps/doomsday-1.9.0_beta4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1618">CVE-2006-1618</uri>
+    <uri link="http://aluigi.altervista.org/adv/doomsdayfs-adv.txt">Original advisory by Luigi Auriemma</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-04T04:57:40Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-04T10:51:26Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-04T12:10:41Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-06.xml b/metadata/glsa/glsa-200604-06.xml
new file mode 100644
index 000000000000..cd96cf897b36
--- /dev/null
+++ b/metadata/glsa/glsa-200604-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-06">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>
+    ClamAV contains multiple vulnerabilities that could lead to remote
+    execution of arbitrary code or cause an application crash.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2006-04-07</announced>
+  <revised count="01">2006-04-07</revised>
+  <bug>128963</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.88.1</unaffected>
+      <vulnerable range="lt">0.88.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    ClamAV contains format string vulnerabilities in the logging code
+    (CVE-2006-1615). Furthermore Damian Put discovered an integer overflow
+    in ClamAV's PE header parser (CVE-2006-1614) and David Luyer discovered
+    that ClamAV can be tricked into performing an invalid memory access
+    (CVE-2006-1630).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a malicious attachment to a mail server running ClamAV,
+    a remote attacker could cause a Denial of Service or the execution of
+    arbitrary code. Note that the overflow in the PE header parser is only
+    exploitable when the ArchiveMaxFileSize option is disabled.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.88.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614">CVE-2006-1614</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615">CVE-2006-1615</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630">CVE-2006-1630</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-04-06T18:09:01Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-07T19:35:00Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-07.xml b/metadata/glsa/glsa-200604-07.xml
new file mode 100644
index 000000000000..522822a1ce35
--- /dev/null
+++ b/metadata/glsa/glsa-200604-07.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-07">
+  <title>Cacti: Multiple vulnerabilities in included ADOdb</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in the ADOdb layer included
+    in Cacti, potentially resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Cacti</product>
+  <announced>2006-04-14</announced>
+  <revised count="01">2006-04-14</revised>
+  <bug>129284</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6h_p20060108-r2</unaffected>
+      <vulnerable range="lt">0.8.6h_p20060108-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cacti is a complete web-based frontend to rrdtool. ADOdb is a
+    PHP-based database abstraction layer which is included in Cacti.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities have been identified in the copy of ADOdb
+    included in Cacti. Andreas Sandblad discovered a dynamic code
+    evaluation vulnerability (CVE-2006-0147) and a potential SQL injection
+    vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL
+    injection vulnerability (CVE-2006-0410), and Gulftech Security
+    discovered multiple cross-site-scripting issues (CVE-2006-0806).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Remote attackers could trigger these vulnerabilities by sending
+    malicious queries to the Cacti web application, resulting in arbitrary
+    code execution, database compromise through arbitrary SQL execution,
+    and malicious HTML or JavaScript code injection.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cacti users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-0.8.6h_p20060108-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0146">CVE-2006-0146</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0147">CVE-2006-0147</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0410">CVE-2006-0410</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0806">CVE-2006-0806</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-13T06:13:49Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-13T16:58:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-13T20:36:27Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-08.xml b/metadata/glsa/glsa-200604-08.xml
new file mode 100644
index 000000000000..5ce55538a05f
--- /dev/null
+++ b/metadata/glsa/glsa-200604-08.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-08">
+  <title>libapreq2: Denial of Service vulnerability</title>
+  <synopsis>
+    A vulnerability has been reported in libapreq2 which could lead to a Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">libapreq2</product>
+  <announced>2006-04-17</announced>
+  <revised count="01">2006-04-17</revised>
+  <bug>128610</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/libapreq2" auto="yes" arch="*">
+      <unaffected range="ge">2.07</unaffected>
+      <vulnerable range="lt">2.07</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libapreq is a shared library with associated modules for
+    manipulating client request data via the Apache API.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been reported in the apreq_parse_headers() and
+    apreq_parse_urlencoded() functions of Apache2::Request.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly exploit the vulnerability to
+    cause a Denial of Service by CPU consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libapreq2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/libapreq2-2.07"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0042">CVE-2006-0042</uri>
+    <uri link="https://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&amp;view=markup">libapreq2 Changes</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-09T19:33:11Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-11T17:20:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-13T19:11:49Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-09.xml b/metadata/glsa/glsa-200604-09.xml
new file mode 100644
index 000000000000..fb77749e5830
--- /dev/null
+++ b/metadata/glsa/glsa-200604-09.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-09">
+  <title>Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of service</title>
+  <synopsis>
+    Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could
+    lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">cyrus-sasl</product>
+  <announced>2006-04-21</announced>
+  <revised count="01">2006-04-21</revised>
+  <bug>129523</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/cyrus-sasl" auto="yes" arch="*">
+      <unaffected range="ge">2.1.21-r2</unaffected>
+      <vulnerable range="lt">2.1.21-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cyrus-SASL is an implementation of the Simple Authentication and
+    Security Layer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5
+    process that could lead to a Denial of Service.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could possibly exploit this vulnerability by sending
+    specially crafted data stream to the Cyrus-SASL server, resulting in a
+    Denial of Service even if the attacker is not able to authenticate.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cyrus-SASL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/cyrus-sasl-2.1.21-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721">CVE-2006-1721</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-15T12:54:10Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-17T16:43:15Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-20T16:06:22Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-10.xml b/metadata/glsa/glsa-200604-10.xml
new file mode 100644
index 000000000000..11897aec8d78
--- /dev/null
+++ b/metadata/glsa/glsa-200604-10.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-10">
+  <title>zgv, xzgv: Heap overflow</title>
+  <synopsis>
+    xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK colour
+    space incorrectly, potentially resulting in the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">xzgv</product>
+  <announced>2006-04-21</announced>
+  <revised count="02">2006-06-10</revised>
+  <bug>127008</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xzgv" auto="yes" arch="*">
+      <unaffected range="ge">0.8-r2</unaffected>
+      <vulnerable range="lt">0.8-r2</vulnerable>
+    </package>
+    <package name="media-gfx/zgv" auto="yes" arch="*">
+      <unaffected range="ge">5.9</unaffected>
+      <vulnerable range="lt">5.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xzgv and zgv are picture viewing utilities with a thumbnail based file
+    selector.
+    </p>
+  </background>
+  <description>
+    <p>
+    Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate
+    insufficient memory when rendering images with more than 3 output
+    components, such as images using the YCCK or CMYK colour space. When
+    xzgv or zgv attempt to render the image, data from the image overruns a
+    heap allocated buffer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may be able to construct a malicious image that executes
+    arbitrary code with the permissions of the xzgv or zgv user when
+    attempting to render the image.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xzgv users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/xzgv-0.8-r2"</code>
+    <p>
+    All zgv users should also upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/zgv-5.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060">CVE-2006-1060</uri>
+    <uri link="https://www.svgalib.org/rus/zgv/">homepage plus Changelog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-07T14:45:12Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-14T20:39:46Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-20T16:13:24Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-11.xml b/metadata/glsa/glsa-200604-11.xml
new file mode 100644
index 000000000000..0b9d274ef500
--- /dev/null
+++ b/metadata/glsa/glsa-200604-11.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-11">
+  <title>Crossfire server: Denial of Service and potential arbitrary code execution</title>
+  <synopsis>
+    The Crossfire game server is vulnerable to a Denial of Service and
+    potentially to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Crossfire</product>
+  <announced>2006-04-22</announced>
+  <revised count="01">2006-04-22</revised>
+  <bug>126169</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-server/crossfire-server" auto="yes" arch="*">
+      <unaffected range="ge">1.9.0</unaffected>
+      <vulnerable range="lt">1.9.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Crossfire is a cooperative multiplayer graphical adventure and
+    role-playing game. The Crossfire game server allows various compatible
+    clients to connect to participate in a cooperative game.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma discovered a vulnerability in the Crossfire game
+    server, in the handling of the "oldsocketmode" option when processing
+    overly large requests.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker can set up a malicious Crossfire client that would
+    send a large request in "oldsocketmode", resulting in a Denial of
+    Service on the Crossfire server and potentially in the execution of
+    arbitrary code on the server with the rights of the game server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Crossfire server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-server/crossfire-server-1.9.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1010">CVE-2006-1010</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-21T16:56:02Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-21T16:56:22Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-22T08:20:53Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-12.xml b/metadata/glsa/glsa-200604-12.xml
new file mode 100644
index 000000000000..e15da902e83e
--- /dev/null
+++ b/metadata/glsa/glsa-200604-12.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-12">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities in Mozilla Firefox allow attacks ranging from
+    execution of script code with elevated privileges to information leaks.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox</product>
+  <announced>2006-04-23</announced>
+  <revised count="01">2006-04-23</revised>
+  <bug>129924</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8</unaffected>
+      <vulnerable range="lt">1.0.8</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8</unaffected>
+      <vulnerable range="lt">1.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is the next-generation web browser from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found in Mozilla Firefox. Versions
+    1.0.8 and 1.5.0.2 were released to fix them.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft malicious web pages that would
+    leverage these issues to inject and execute arbitrary script code with
+    elevated privileges, steal local files, cookies or other information
+    from web pages, and spoof content. Some of these vulnerabilities might
+    even be exploited to execute arbitrary code with the rights of the
+    browser user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0.8"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134">CVE-2005-4134</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292">CVE-2006-0292</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296">CVE-2006-0296</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748">CVE-2006-0748</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749">CVE-2006-0749</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727">CVE-2006-1727</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728">CVE-2006-1728</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729">CVE-2006-1729</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730">CVE-2006-1730</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731">CVE-2006-1731</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732">CVE-2006-1732</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733">CVE-2006-1733</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734">CVE-2006-1734</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735">CVE-2006-1735</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736">CVE-2006-1736</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737">CVE-2006-1737</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738">CVE-2006-1738</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739">CVE-2006-1739</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740">CVE-2006-1740</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741">CVE-2006-1741</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742">CVE-2006-1742</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790">CVE-2006-1790</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox">Mozilla Foundation Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-04-22T20:40:23Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-22T20:48:17Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-13.xml b/metadata/glsa/glsa-200604-13.xml
new file mode 100644
index 000000000000..fc3ce19eae60
--- /dev/null
+++ b/metadata/glsa/glsa-200604-13.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-13">
+  <title>fbida: Insecure temporary file creation</title>
+  <synopsis>
+    fbida is vulnerable to linking attacks, potentially allowing a local user
+    to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">fbida</product>
+  <announced>2006-04-23</announced>
+  <revised count="01">2006-04-23</revised>
+  <bug>129470</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-gfx/fbida" auto="yes" arch="*">
+      <unaffected range="ge">2.03-r3</unaffected>
+      <vulnerable range="lt">2.03-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    fbida is a collection of image viewers and editors for the
+    framebuffer console and X11.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jan Braun has discovered that the "fbgs" script provided by fbida
+    insecurely creates temporary files in the "/var/tmp" directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create links in the temporary file
+    directory, pointing to a valid file somewhere on the filesystem. When
+    an affected script is called, this could result in the file being
+    overwritten with the rights of the user running the script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All fbida users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/fbida-2.03-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1695">CVE-2006-1695</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-21T15:53:11Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-21T16:54:39Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-22T21:26:19Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-14.xml b/metadata/glsa/glsa-200604-14.xml
new file mode 100644
index 000000000000..59eef2db37f3
--- /dev/null
+++ b/metadata/glsa/glsa-200604-14.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-14">
+  <title>Dia: Arbitrary code execution through XFig import</title>
+  <synopsis>
+    Buffer overflows in Dia's XFig import could allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">dia</product>
+  <announced>2006-04-23</announced>
+  <revised count="01">2006-04-23</revised>
+  <bug>128107</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/dia" auto="yes" arch="*">
+      <unaffected range="ge">0.94-r5</unaffected>
+      <vulnerable range="lt">0.94-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dia is a GTK+ based diagram creation program.
+    </p>
+  </background>
+  <description>
+    <p>
+    infamous41md discovered multiple buffer overflows in Dia's XFig
+    file import plugin.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to import a specially crafted XFig file into
+    Dia, an attacker could exploit this issue to execute arbitrary code
+    with the rights of the user running Dia.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dia users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/dia-0.94-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550">CVE-2006-1550</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-22T17:58:09Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-22T17:58:17Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-22T20:01:59Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-15.xml b/metadata/glsa/glsa-200604-15.xml
new file mode 100644
index 000000000000..9f9ef3ee6902
--- /dev/null
+++ b/metadata/glsa/glsa-200604-15.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-15">
+  <title>xine-ui: Format string vulnerabilities</title>
+  <synopsis>
+    Format string vulnerabilities in xine-ui may lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-ui</product>
+  <announced>2006-04-26</announced>
+  <revised count="01">2006-04-26</revised>
+  <bug>130801</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/xine-ui" auto="yes" arch="*">
+      <unaffected range="ge">0.99.4-r5</unaffected>
+      <vulnerable range="lt">0.99.4-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-ui is a skin-based user interface for xine. xine is a free
+    multimedia player. It plays CDs, DVDs, and VCDs, and can also decode
+    other common multimedia formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ludwig Nussel discovered that xine-ui incorrectly implements
+    formatted printing.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By constructing a malicious playlist file, a remote attacker could
+    exploit these vulnerabilities to execute arbitrary code with the rights
+    of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-ui users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/xine-ui-0.99.4-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1905">CVE-2006-1905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-22T18:05:30Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-23T00:24:14Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-25T05:57:00Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-16.xml b/metadata/glsa/glsa-200604-16.xml
new file mode 100644
index 000000000000..c02b5ff536de
--- /dev/null
+++ b/metadata/glsa/glsa-200604-16.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-16">
+  <title>xine-lib: Buffer overflow vulnerability</title>
+  <synopsis>
+    xine-lib contains a buffer overflow vulnerability which may lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2006-04-26</announced>
+  <revised count="01">2006-04-26</revised>
+  <bug>128838</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2_pre20060328-r1</unaffected>
+      <vulnerable range="lt">1.1.2_pre20060328-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is the xine core engine. xine is a free multimedia
+    player. It plays CDs, DVDs, and VCDs, and can also decode other common
+    multimedia formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Federico L. Bossi Bonin discovered that when handling MPEG streams
+    xine-lib fails to make a proper boundary check of the input data
+    supplied by the user before copying it to an insufficiently sized
+    memory buffer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to play a specially-crafted
+    MPEG file, resulting in the execution of arbitrary code with the
+    permissions of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.2_pre20060328-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1664">CVE-2006-1664</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-21T20:35:23Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-23T00:46:13Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-24T16:31:50Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-17.xml b/metadata/glsa/glsa-200604-17.xml
new file mode 100644
index 000000000000..8cd04dd4f0e7
--- /dev/null
+++ b/metadata/glsa/glsa-200604-17.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-17">
+  <title>Ethereal: Multiple vulnerabilities in protocol dissectors</title>
+  <synopsis>
+    Ethereal is vulnerable to numerous vulnerabilities, potentially resulting
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Ethereal</product>
+  <announced>2006-04-27</announced>
+  <revised count="01">2006-04-27</revised>
+  <bug>130505</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <unaffected range="ge">0.99.0</unaffected>
+      <vulnerable range="lt">0.99.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ethereal is a feature-rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Coverity discovered numerous vulnerabilities in versions of
+    Ethereal prior to 0.99.0, including:
+    </p>
+    <ul>
+    <li>
+    buffer overflows in the ALCAP (CVE-2006-1934), COPS (CVE-2006-1935)
+    and telnet (CVE-2006-1936) dissectors.</li>
+    <li>buffer overflows
+    in the NetXray/Windows Sniffer and Network Instruments file code
+    (CVE-2006-1934).</li>
+    </ul>
+    <p>
+    For further details please consult the
+    references below.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker might be able to exploit these vulnerabilities to crash
+    Ethereal or execute arbitrary code with the permissions of the user
+    running Ethereal, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ethereal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ethereal-0.99.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1932">CVE-2006-1932</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1933">CVE-2006-1933</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1934">CVE-2006-1934</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1935">CVE-2006-1935</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1936">CVE-2006-1936</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1937">CVE-2006-1937</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1938">CVE-2006-1938</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1939">CVE-2006-1939</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1940">CVE-2006-1940</uri>
+    <uri link="http://www.ethereal.com/appnotes/enpa-sa-00023.html">Ethereal enpa-sa-00023</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-04-25T11:35:49Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-27T05:10:07Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200604-18.xml b/metadata/glsa/glsa-200604-18.xml
new file mode 100644
index 000000000000..5aec77fc9779
--- /dev/null
+++ b/metadata/glsa/glsa-200604-18.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200604-18">
+  <title>Mozilla Suite: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities in Mozilla Suite allow attacks ranging from script
+    execution with elevated privileges to information leaks.
+  </synopsis>
+  <product type="ebuild">mozilla</product>
+  <announced>2006-04-28</announced>
+  <revised count="01">2006-04-28</revised>
+  <bug>130887</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <unaffected range="ge">1.7.13</unaffected>
+      <vulnerable range="lt">1.7.13</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.13</unaffected>
+      <vulnerable range="lt">1.7.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Suite is a popular all-in-one web browser that
+    includes a mail and news reader.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found in Mozilla Suite. Version
+    1.7.13 was released to fix them.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft malicious web pages or emails that
+    would leverage these issues to inject and execute arbitrary script code
+    with elevated privileges, steal local files, cookies or other
+    information from web pages or emails, and spoof content. Some of these
+    vulnerabilities might even be exploited to execute arbitrary code with
+    the rights of the user running the client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Suite users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-1.7.13"</code>
+    <p>
+    All Mozilla Suite binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-bin-1.7.13"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134">CVE-2005-4134</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292">CVE-2006-0292</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0293">CVE-2006-0293</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296">CVE-2006-0296</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748">CVE-2006-0748</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749">CVE-2006-0749</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884">CVE-2006-0884</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045">CVE-2006-1045</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727">CVE-2006-1727</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728">CVE-2006-1728</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729">CVE-2006-1729</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730">CVE-2006-1730</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731">CVE-2006-1731</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732">CVE-2006-1732</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733">CVE-2006-1733</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734">CVE-2006-1734</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735">CVE-2006-1735</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736">CVE-2006-1736</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737">CVE-2006-1737</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738">CVE-2006-1738</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739">CVE-2006-1739</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740">CVE-2006-1740</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741">CVE-2006-1741</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742">CVE-2006-1742</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790">CVE-2006-1790</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla">Mozilla Foundation Security Advisories</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-24T16:32:37Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-24T22:51:13Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-26T17:28:01Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-01.xml b/metadata/glsa/glsa-200605-01.xml
new file mode 100644
index 000000000000..24c4506df1c3
--- /dev/null
+++ b/metadata/glsa/glsa-200605-01.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-01">
+  <title>MPlayer: Heap-based buffer overflow</title>
+  <synopsis>
+    MPlayer contains multiple integer overflows that may lead to a heap-based
+    buffer overflow.
+  </synopsis>
+  <product type="ebuild">mplayer mplayer-bin</product>
+  <announced>2006-05-01</announced>
+  <revised count="02">2006-06-21</revised>
+  <bug>127969</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0.20060415</unaffected>
+      <unaffected range="ge">1.0_pre8</unaffected>
+      <vulnerable range="lt">1.0.20060415</vulnerable>
+    </package>
+    <package name="media-video/mplayer-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.20060415</unaffected>
+      <unaffected range="ge">1.0_pre8</unaffected>
+      <vulnerable range="lt">1.0.20060415</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player that supports many multimedia file types.
+    </p>
+  </background>
+  <description>
+    <p>
+    Xfocus Team discovered multiple integer overflows that may lead to a
+    heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to play a specially crafted multimedia
+    file, potentially resulting in the execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0.20060415"</code>
+    <p>
+    All MPlayer binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-bin-1.0.20060415"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502">CVE-2006-1502</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-09T10:59:36Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-23T01:03:22Z">
+    adir
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-04-30T14:44:19Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-02.xml b/metadata/glsa/glsa-200605-02.xml
new file mode 100644
index 000000000000..4d0052697750
--- /dev/null
+++ b/metadata/glsa/glsa-200605-02.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-02">
+  <title>X.Org: Buffer overflow in XRender extension</title>
+  <synopsis>
+    A buffer overflow in the XRender extension potentially allows any X.Org
+    user to execute arbitrary code with elevated privileges.
+  </synopsis>
+  <product type="ebuild">X.Org</product>
+  <announced>2006-05-02</announced>
+  <revised count="01">2006-05-02</revised>
+  <bug>130979</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-x11" auto="yes" arch="*">
+      <unaffected range="ge">6.8.2-r7</unaffected>
+      <vulnerable range="lt">6.8.2-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    X.Org is X.Org Foundation's public implementation of the X Window
+    System.
+    </p>
+  </background>
+  <description>
+    <p>
+    X.Org miscalculates the size of a buffer in the XRender extension.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An X.Org user could exploit this issue to make the X server
+    execute arbitrary code with elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.Org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-x11-6.8.2-r7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526">CVE-2006-1526</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-01T14:14:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-02T17:42:54Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-03.xml b/metadata/glsa/glsa-200605-03.xml
new file mode 100644
index 000000000000..a2433d6a5e1a
--- /dev/null
+++ b/metadata/glsa/glsa-200605-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-03">
+  <title>ClamAV: Buffer overflow in Freshclam</title>
+  <synopsis>
+    Freshclam is vulnerable to a buffer overflow that could lead to execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2006-05-02</announced>
+  <revised count="01">2006-05-02</revised>
+  <bug>131791</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.88.2</unaffected>
+      <vulnerable range="lt">0.88.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner. Freshclam is a utility to download
+    virus signature updates.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar and an anonymous German researcher discovered that
+    Freshclam fails to check the size of the header data returned by a
+    webserver.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to connect to a malicious webserver an attacker
+    could cause the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.88.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1989">CVE-2006-1989</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-02T04:03:38Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-02T04:54:25Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-04.xml b/metadata/glsa/glsa-200605-04.xml
new file mode 100644
index 000000000000..83e2b8213065
--- /dev/null
+++ b/metadata/glsa/glsa-200605-04.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-04">
+  <title>phpWebSite: Local file inclusion</title>
+  <synopsis>
+    Remote attackers can include local files which may lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">phpwebsite</product>
+  <announced>2006-05-02</announced>
+  <revised count="01">2006-05-02</revised>
+  <bug>130295</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpwebsite" auto="yes" arch="*">
+      <unaffected range="ge">0.10.2</unaffected>
+      <vulnerable range="lt">0.10.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpWebSite provides a complete web site content management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    rgod has reported that the "hub_dir" parameter in "index.php"
+    isn't properly verified. When "magic_quotes_gpc" is disabled, this can
+    be exploited to include arbitrary files from local ressources.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If "magic_quotes_gpc" is disabled, which is not the default on
+    Gentoo Linux, a remote attacker could exploit this issue to include and
+    execute PHP scripts from local ressources with the rights of the user
+    running the web server, or to disclose sensitive information and
+    potentially compromise a vulnerable system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpWebSite users should upgrade to the latest available
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpwebsite-0.10.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1819">CVE-2006-1819</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-01T10:33:24Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-01T10:58:55Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-01T11:02:34Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-05.xml b/metadata/glsa/glsa-200605-05.xml
new file mode 100644
index 000000000000..6c3a99f0f010
--- /dev/null
+++ b/metadata/glsa/glsa-200605-05.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-05">
+  <title>rsync: Potential integer overflow</title>
+  <synopsis>
+    An attacker having write access to an rsync module might be able to execute
+    arbitrary code on an rsync server.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2006-05-06</announced>
+  <revised count="01">2006-05-06</revised>
+  <bug>131631</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">2.6.8</unaffected>
+      <vulnerable range="lt">2.6.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rsync is a server and client utility that provides fast
+    incremental file transfers. It is used to efficiently synchronize files
+    between hosts and is used by emerge to fetch Gentoo's Portage tree.
+    </p>
+  </background>
+  <description>
+    <p>
+    An integer overflow was found in the receive_xattr function from
+    the extended attributes patch (xattr.c) for rsync. The vulnerable
+    function is only present when the "acl" USE flag is set.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker with write access to an rsync module could craft
+    malicious extended attributes which would trigger the integer overflow,
+    potentially resulting in the execution of arbitrary code with the
+    rights of the rsync daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not provide write access to an rsync module to untrusted
+    parties.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All rsync users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-2.6.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083">CVE-2006-2083</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-02T15:25:29Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-02T16:18:28Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-04T20:00:28Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-06.xml b/metadata/glsa/glsa-200605-06.xml
new file mode 100644
index 000000000000..a6ca0d4ab50f
--- /dev/null
+++ b/metadata/glsa/glsa-200605-06.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-06">
+  <title>Mozilla Firefox: Potential remote code execution</title>
+  <synopsis>
+    The Mozilla Firefox 1.5 line is vulnerable to a buffer overflow in the
+    JavaScript extension which may in theory lead to remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox</product>
+  <announced>2006-05-06</announced>
+  <revised count="01">2006-05-06</revised>
+  <bug>131138</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.3</unaffected>
+      <unaffected range="lt">1.5</unaffected>
+      <vulnerable range="lt">1.5.0.3</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.3</unaffected>
+      <unaffected range="lt">1.5</unaffected>
+      <vulnerable range="lt">1.5.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is the next-generation web browser from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Martijn Wargers and Nick Mott discovered a vulnerability when
+    rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is
+    not affected.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If JavaScript is enabled, by tricking a user into visiting a
+    malicious web page which would send a specially crafted HTML script
+    that contains references to deleted objects with the "designMode"
+    property enabled, an attacker can crash the web browser and in theory
+    manage to execute arbitrary code with the rights of the user running
+    the browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox 1.5 users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.5.0.3"</code>
+    <p>
+    All Mozilla Firefox 1.5 binary users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.5.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993">CVE-2006-1993</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-04T16:54:02Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-05T18:30:27Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-06T13:15:08Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-07.xml b/metadata/glsa/glsa-200605-07.xml
new file mode 100644
index 000000000000..2b97274333af
--- /dev/null
+++ b/metadata/glsa/glsa-200605-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-07">
+  <title>Nagios: Buffer overflow</title>
+  <synopsis>
+    Nagios is vulnerable to a buffer overflow which may lead to remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nagios</product>
+  <announced>2006-05-07</announced>
+  <revised count="03">2006-05-25</revised>
+  <bug>132159</bug>
+  <bug>133487</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/nagios-core" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1</unaffected>
+      <vulnerable range="lt">1.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Nagios is an open source host, service and network monitoring program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer of the SuSE security team discovered a buffer
+    overflow vulnerability in the handling of a negative HTTP
+    Content-Length header.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A buffer overflow in Nagios CGI scripts under certain web servers
+    allows remote attackers to execute arbitrary code via a negative
+    content length HTTP header.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Nagios users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nagios-core-1.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162">CVE-2006-2162</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2489">CVE-2006-2489</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-04T17:10:32Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-05T19:09:01Z">
+    fox2mike
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-06T04:21:12Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-08.xml b/metadata/glsa/glsa-200605-08.xml
new file mode 100644
index 000000000000..777b9d1e32e1
--- /dev/null
+++ b/metadata/glsa/glsa-200605-08.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-08">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    PHP is affected by multiple issues, including a buffer overflow in
+    wordwrap() which may lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2006-05-08</announced>
+  <revised count="09">2007-05-15</revised>
+  <bug>127939</bug>
+  <bug>128883</bug>
+  <bug>131135</bug>
+  <bug>133524</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="arm hppa ppc s390 sh sparc x86">
+      <unaffected range="ge">5.1.4</unaffected>
+      <unaffected range="rge">4.4.2-r2</unaffected>
+      <unaffected range="rge">4.4.3-r1</unaffected>
+      <unaffected range="rge">4.4.4-r4</unaffected>
+      <unaffected range="rge">4.4.6</unaffected>
+      <unaffected range="ge">4.4.7</unaffected>
+      <vulnerable range="lt">5.1.4</vulnerable>
+    </package>
+    <package name="dev-lang/php" auto="yes" arch="alpha amd64 ia64 ppc64">
+      <unaffected range="ge">5.1.4-r4</unaffected>
+      <unaffected range="rge">4.4.2-r6</unaffected>
+      <unaffected range="rge">4.4.3-r1</unaffected>
+      <unaffected range="rge">4.4.4-r4</unaffected>
+      <unaffected range="rge">4.4.6</unaffected>
+      <unaffected range="ge">4.4.7</unaffected>
+      <vulnerable range="lt">5.1.4-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were discovered on PHP4 and PHP5 by Infigo,
+    Tonu Samuel and Maksymilian Arciemowicz. These included a buffer
+    overflow in the wordwrap() function, restriction bypasses in the copy()
+    and tempname() functions, a cross-site scripting issue in the phpinfo()
+    function, a potential crash in the substr_compare() function and a
+    memory leak in the non-binary-safe html_entity_decode() function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Remote attackers might be able to exploit these issues in PHP
+    applications making use of the affected functions, potentially
+    resulting in the execution of arbitrary code, Denial of Service,
+    execution of scripted contents in the context of the affected site,
+    security bypass or information leak.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this point.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-lang/php</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996">CVE-2006-0996</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490">CVE-2006-1490</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990">CVE-2006-1990</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1991">CVE-2006-1991</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-05T20:33:13Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-06T09:55:35Z">
+    fox2mike
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-08T13:38:05Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-09.xml b/metadata/glsa/glsa-200605-09.xml
new file mode 100644
index 000000000000..9b1482270c98
--- /dev/null
+++ b/metadata/glsa/glsa-200605-09.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-09">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from
+    script execution with elevated privileges to information leaks.
+  </synopsis>
+  <product type="ebuild">mozilla-thunderbird</product>
+  <announced>2006-05-08</announced>
+  <revised count="01">2006-05-08</revised>
+  <bug>130888</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8</unaffected>
+      <vulnerable range="lt">1.0.8</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8</unaffected>
+      <vulnerable range="lt">1.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Thunderbird is the next-generation mail client from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found and fixed in Mozilla
+    Thunderbird.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft malicious emails that would leverage
+    these issues to inject and execute arbitrary script code with elevated
+    privileges, steal local files or other information from emails, and
+    spoof content. Some of these vulnerabilities might even be exploited to
+    execute arbitrary code with the rights of the user running Thunderbird.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.0.8"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.0.8"</code>
+    <p>
+    Note: There is no stable fixed version for the ALPHA
+    architecture yet. Users of Mozilla Thunderbird on ALPHA should consider
+    unmerging it until such a version is available.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292">CVE-2006-0292</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296">CVE-2006-0296</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748">CVE-2006-0748</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749">CVE-2006-0749</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884">CVE-2006-0884</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045">CVE-2006-1045</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727">CVE-2006-1727</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728">CVE-2006-1728</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730">CVE-2006-1730</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731">CVE-2006-1731</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732">CVE-2006-1732</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733">CVE-2006-1733</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734">CVE-2006-1734</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735">CVE-2006-1735</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737">CVE-2006-1737</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738">CVE-2006-1738</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739">CVE-2006-1739</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741">CVE-2006-1741</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742">CVE-2006-1742</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790">CVE-2006-1790</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird">Mozilla Foundation Security Advisories</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-04-24T16:32:56Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-04-24T22:23:09Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-08T17:36:25Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-10.xml b/metadata/glsa/glsa-200605-10.xml
new file mode 100644
index 000000000000..eb4e2659f376
--- /dev/null
+++ b/metadata/glsa/glsa-200605-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-10">
+  <title>pdnsd: Denial of Service and potential arbitrary code execution</title>
+  <synopsis>
+    pdnsd is vulnerable to a buffer overflow that may result in arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">pdnsd</product>
+  <announced>2006-05-10</announced>
+  <revised count="01">2006-05-10</revised>
+  <bug>131341</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdnsd" auto="yes" arch="*">
+      <unaffected range="ge">1.2.4</unaffected>
+      <vulnerable range="lt">1.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pdnsd is a proxy DNS server with permanent caching that is
+    designed to cope with unreachable DNS servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    The pdnsd team has discovered an unspecified buffer overflow
+    vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure
+    Programming Group (OUSPG), has also revealed a memory leak error within
+    the handling of the QTYPE and QCLASS DNS queries, leading to
+    consumption of large amounts of memory.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker can craft malicious DNS queries leading to a Denial of
+    Service, and potentially the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pdnsd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/pdnsd-1.2.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2076">CVE-2006-2076</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2077">CVE-2006-2077</uri>
+  </references>
+  <metadata tag="bugReady" timestamp="2006-05-06T16:17:08Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-07T10:55:02Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-11.xml b/metadata/glsa/glsa-200605-11.xml
new file mode 100644
index 000000000000..3cee0b37eff0
--- /dev/null
+++ b/metadata/glsa/glsa-200605-11.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-11">
+  <title>Ruby: Denial of service</title>
+  <synopsis>
+    Ruby WEBrick and XMLRPC servers are vulnerable to Denial of Service.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2006-05-10</announced>
+  <revised count="01">2006-05-10</revised>
+  <bug>130657</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">1.8.4-r1</unaffected>
+      <vulnerable range="lt">1.8.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is an interpreted scripting language for quick and easy
+    object-oriented programming. It comes bundled with HTTP ("WEBrick") and
+    XMLRPC server objects.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ruby uses blocking sockets for WEBrick and XMLRPC servers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could send large amounts of data to an affected server
+    to block the socket and thus deny other connections to the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931">CVE-2006-1931</uri>
+    <uri link="https://www.ruby-lang.org/en/20051224.html">Ruby release announcement</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-08T06:23:42Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-08T13:21:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-12.xml b/metadata/glsa/glsa-200605-12.xml
new file mode 100644
index 000000000000..5ed103981e14
--- /dev/null
+++ b/metadata/glsa/glsa-200605-12.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-12">
+  <title>Quake 3 engine based games: Buffer Overflow</title>
+  <synopsis>
+    The Quake 3 engine has a vulnerability that could be exploited to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">quake</product>
+  <announced>2006-05-10</announced>
+  <revised count="01">2006-05-10</revised>
+  <bug>132377</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-fps/quake3-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.32c</unaffected>
+      <vulnerable range="lt">1.32c</vulnerable>
+    </package>
+    <package name="games-fps/rtcw" auto="yes" arch="*">
+      <unaffected range="ge">1.41b</unaffected>
+      <vulnerable range="lt">1.41b</vulnerable>
+    </package>
+    <package name="games-fps/enemy-territory" auto="yes" arch="*">
+      <unaffected range="ge">2.60b</unaffected>
+      <vulnerable range="lt">2.60b</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Quake 3 is a multiplayer first person shooter.
+    </p>
+  </background>
+  <description>
+    <p>
+    landser discovered a vulnerability within the "remapShader"
+    command. Due to a boundary handling error in "remapShader", there is a
+    possibility of a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could set up a malicious game server and entice users
+    to connect to it, potentially resulting in the execution of arbitrary
+    code with the rights of the game user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not connect to untrusted game servers.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Quake 3 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-fps/quake3-bin-1.32c"</code>
+    <p>
+    All RTCW users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-fps/rtcw-1.41b"</code>
+    <p>
+    All Enemy Territory users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-fps/enemy-territory-2.60b"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2236">CVE-2006-2236</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-09T16:37:35Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-09T16:37:43Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-09T17:21:13Z">
+    fox2mike
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-13.xml b/metadata/glsa/glsa-200605-13.xml
new file mode 100644
index 000000000000..1327f8345441
--- /dev/null
+++ b/metadata/glsa/glsa-200605-13.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-13">
+  <title>MySQL: Information leakage</title>
+  <synopsis>
+    A MySQL server may leak information to unauthorized users.
+  </synopsis>
+  <product type="ebuild">MySQL</product>
+  <announced>2006-05-11</announced>
+  <revised count="04">2006-05-15</revised>
+  <bug>132146</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">4.1.19</unaffected>
+      <unaffected range="rge">4.0.27</unaffected>
+      <vulnerable range="lt">4.1.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular multi-threaded, multi-user SQL database server.
+    </p>
+  </background>
+  <description>
+    <p>
+    The processing of the COM_TABLE_DUMP command by a MySQL server fails to
+    properly validate packets that arrive from the client via a network
+    socket.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By crafting specific malicious packets an attacker could gather
+    confidential information from the memory of a MySQL server process, for
+    example results of queries by other users or applications. By using PHP
+    code injection or similar techniques it would be possible to exploit
+    this flaw through web applications that use MySQL as a database
+    backend.
+    </p>
+    <p>
+    Note that on 5.x versions it is possible to overwrite the stack and
+    execute arbitrary code with this technique. Users of MySQL 5.x are
+    urged to upgrade to the latest available version.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version.
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-4.0.27"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-05/msg00041.html">Original advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516">CVE-2006-1516</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517">CVE-2006-1517</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-06T16:33:38Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-08T07:03:06Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-08T13:21:08Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-14.xml b/metadata/glsa/glsa-200605-14.xml
new file mode 100644
index 000000000000..45f2e4f08441
--- /dev/null
+++ b/metadata/glsa/glsa-200605-14.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-14">
+  <title>libextractor: Two heap-based buffer overflows</title>
+  <synopsis>
+    libextractor is vulnerable to two heap overflow vulnerabilities which could
+    lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libextractor</product>
+  <announced>2006-05-21</announced>
+  <revised count="01">2006-05-21</revised>
+  <bug>133570</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libextractor" auto="yes" arch="*">
+      <unaffected range="ge">0.5.14</unaffected>
+      <vulnerable range="lt">0.5.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libextractor is a library used to extract metadata from arbitrary
+    files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma has found two heap-based buffer overflows in
+    libextractor 0.5.13 and earlier: one of them occurs in the
+    asf_read_header function in the ASF plugin, and the other occurs in the
+    parse_trak_atom function in the Qt plugin.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a malformed file using an application
+    that employs libextractor and its ASF or Qt plugins, an attacker could
+    execute arbitrary code in the context of the application running the
+    affected library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libextractor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libextractor-0.5.14"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2458">CVE-2006-2458</uri>
+    <uri link="http://aluigi.altervista.org/adv/libextho-adv.txt">Original advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-19T13:49:39Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-19T13:49:51Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-19T16:16:14Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-15.xml b/metadata/glsa/glsa-200605-15.xml
new file mode 100644
index 000000000000..04a0a8989661
--- /dev/null
+++ b/metadata/glsa/glsa-200605-15.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-15">
+  <title>Quagga Routing Suite: Multiple vulnerabilities</title>
+  <synopsis>
+    Quagga's RIP daemon allows the injection of routes and the disclosure of
+    routing information. The BGP daemon is vulnerable to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">quagga</product>
+  <announced>2006-05-21</announced>
+  <revised count="01">2006-05-21</revised>
+  <bug>132353</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/quagga" auto="yes" arch="*">
+      <unaffected range="ge">0.98.6-r1</unaffected>
+      <vulnerable range="lt">0.98.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Quagga Routing Suite implements three major routing protocols:
+    RIP (v1/v2/v3), OSPF (v2/v3) and BGP4.
+    </p>
+  </background>
+  <description>
+    <p>
+    Konstantin V. Gavrilenko discovered two flaws in the Routing
+    Information Protocol (RIP) daemon that allow the processing of RIP v1
+    packets (carrying no authentication) even when the daemon is configured
+    to use MD5 authentication or, in another case, even if RIP v1 is
+    completely disabled. Additionally, Fredrik Widell reported that the
+    Border Gateway Protocol (BGP) daemon contains a flaw that makes it lock
+    up and use all available CPU when a specific command is issued from the
+    telnet interface.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending RIP v1 response packets, an unauthenticated attacker
+    can alter the routing table of a router running Quagga's RIP daemon and
+    disclose routing information. Additionally, it is possible to lock up
+    the BGP daemon from the telnet interface.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Quagga users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-0.98.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2223">CVE-2006-2223</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2224">CVE-2006-2224</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2276">CVE-2006-2276</uri>
+    <uri link="http://www.quagga.net/news2.php?y=2006&amp;m=5&amp;d=8#id1147115280">Official release information</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-15T05:35:52Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-15T16:38:23Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-16T05:49:19Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-16.xml b/metadata/glsa/glsa-200605-16.xml
new file mode 100644
index 000000000000..86b9ef255195
--- /dev/null
+++ b/metadata/glsa/glsa-200605-16.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-16">
+  <title>CherryPy: Directory traversal vulnerability</title>
+  <synopsis>
+    CherryPy is vulnerable to a directory traversal that could allow attackers
+    to read arbitrary files.
+  </synopsis>
+  <product type="ebuild">cherrypy</product>
+  <announced>2006-05-30</announced>
+  <revised count="01">2006-05-30</revised>
+  <bug>134273</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/cherrypy" auto="yes" arch="*">
+      <unaffected range="ge">2.1.1</unaffected>
+      <vulnerable range="lt">2.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CherryPy is a Python-based, object-oriented web development
+    framework.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ivo van der Wijk discovered that the "staticfilter" component of
+    CherryPy fails to sanitize input correctly.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could exploit this flaw to obtain arbitrary files from
+    the web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CherryPy users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-python/cherrypy-2.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0847">CVE-2006-0847</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-27T09:02:22Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-27T09:02:32Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-28T21:15:45Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200605-17.xml b/metadata/glsa/glsa-200605-17.xml
new file mode 100644
index 000000000000..9b937b48dcac
--- /dev/null
+++ b/metadata/glsa/glsa-200605-17.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200605-17">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in libTIFF could lead to the execution of
+    arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libtiff</product>
+  <announced>2006-05-30</announced>
+  <revised count="01">2006-05-30</revised>
+  <bug>129675</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">3.8.1</unaffected>
+      <vulnerable range="lt">3.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libTIFF provides support for reading and manipulating TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities, ranging from integer overflows and NULL
+    pointer dereferences to double frees, were reported in libTIFF.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities by enticing a user
+    to open a specially crafted TIFF image, possibly leading to the
+    execution of arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libTIFF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.8.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0405">CVE-2006-0405</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024">CVE-2006-2024</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025">CVE-2006-2025</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026">CVE-2006-2026</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-28T21:42:59Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-28T21:43:06Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-01.xml b/metadata/glsa/glsa-200606-01.xml
new file mode 100644
index 000000000000..130624b70afb
--- /dev/null
+++ b/metadata/glsa/glsa-200606-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-01">
+  <title>Opera: Buffer overflow</title>
+  <synopsis>
+    Opera contains an integer signedness error resulting in a buffer overflow
+    which may allow a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2006-06-07</announced>
+  <revised count="01">2006-06-07</revised>
+  <bug>129800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">8.54</unaffected>
+      <vulnerable range="lt">8.54</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    SEC Consult has discovered a buffer overflow in the code
+    processing style sheet attributes. It is caused by an integer
+    signedness error in a length check followed by a call to a string
+    function. It seems to be hard to exploit this buffer overflow to
+    execute arbitrary code because of the very large amount memory that has
+    to be copied.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can entice a user to visit a web page containing
+    a specially crafted style sheet attribute that will crash the user's
+    browser and maybe lead to the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-8.54"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1834">CVE-2006-1834</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-05-30T13:12:35Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-31T19:39:23Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-02.xml b/metadata/glsa/glsa-200606-02.xml
new file mode 100644
index 000000000000..e947b5cc70fa
--- /dev/null
+++ b/metadata/glsa/glsa-200606-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-02">
+  <title>shadow: Privilege escalation</title>
+  <synopsis>
+    A security issue in shadow allows a local user to perform certain actions
+    with escalated privileges.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2006-06-07</announced>
+  <revised count="01">2006-06-07</revised>
+  <bug>133615</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.0.15-r2</unaffected>
+      <vulnerable range="lt">4.0.15-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    shadow provides a set of utilities to deal with user accounts.
+    </p>
+  </background>
+  <description>
+    <p>
+    When the mailbox is created in useradd, the "open()" function does
+    not receive the three arguments it expects while O_CREAT is present,
+    which leads to random permissions on the created file, before fchmod()
+    is executed.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Depending on the random permissions given to the mailbox file
+    which is at this time owned by root, a local user may be able to open
+    this file for reading or writing, or even executing it, maybe as the
+    root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All shadow users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.0.15-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174">CVE-2006-1174</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-01T07:06:38Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-01T15:23:57Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-05T17:20:29Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-03.xml b/metadata/glsa/glsa-200606-03.xml
new file mode 100644
index 000000000000..496ba8cab84a
--- /dev/null
+++ b/metadata/glsa/glsa-200606-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-03">
+  <title>Dia: Format string vulnerabilities</title>
+  <synopsis>
+    Format string vulnerabilities in Dia may lead to the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">dia</product>
+  <announced>2006-06-07</announced>
+  <revised count="01">2006-06-07</revised>
+  <bug>133699</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/dia" auto="yes" arch="*">
+      <unaffected range="ge">0.95.1</unaffected>
+      <vulnerable range="lt">0.95.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dia is a GTK+ based diagram creation program.
+    </p>
+  </background>
+  <description>
+    <p>
+    KaDaL-X discovered a format string error within the handling of
+    filenames. Hans de Goede also discovered several other format
+    string errors in the processing of dia files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted file, a remote
+    attacker could exploit these vulnerabilities to execute arbitrary code
+    with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dia users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/dia-0.95.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2453">CVE-2006-2453</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480">CVE-2006-2480</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-30T16:11:11Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-30T23:25:33Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-05T17:20:31Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-04.xml b/metadata/glsa/glsa-200606-04.xml
new file mode 100644
index 000000000000..61ccc8d7a0f5
--- /dev/null
+++ b/metadata/glsa/glsa-200606-04.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-04">
+  <title>Tor: Several vulnerabilities</title>
+  <synopsis>
+    Tor is vulnerable to a possible buffer overflow, a Denial of Service,
+    information disclosure and information leak.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2006-06-07</announced>
+  <revised count="02">2006-09-05</revised>
+  <bug>134329</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.1.1.20</unaffected>
+      <unaffected range="rge">0.1.0.18</unaffected>
+      <vulnerable range="lt">0.1.1.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tor is an implementation of second generation Onion Routing, a
+    connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>
+    Some integer overflows exist when adding elements to the smartlists.
+    Non-printable characters received from the network are not properly
+    sanitised before being logged. There are additional unspecified bugs in
+    the directory server and in the internal circuits.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The possible buffer overflow may allow a remote attacker to execute
+    arbitrary code on the server by sending large inputs. The other
+    vulnerabilities can lead to a Denial of Service, a lack of logged
+    information, or some information disclosure.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-misc/tor</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0414">CVE-2006-0414</uri>
+    <uri link="https://tor.eff.org/cvs/tor/ChangeLog">Tor ChangeLog</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-01T07:05:28Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-01T17:37:03Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-05T17:15:10Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-05.xml b/metadata/glsa/glsa-200606-05.xml
new file mode 100644
index 000000000000..e0d160baa430
--- /dev/null
+++ b/metadata/glsa/glsa-200606-05.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-05">
+  <title>Pound: HTTP request smuggling</title>
+  <synopsis>
+    Pound is vulnerable to HTTP request smuggling, which could be exploited to
+    bypass security restrictions or poison web caches.
+  </synopsis>
+  <product type="ebuild">pound</product>
+  <announced>2006-06-07</announced>
+  <revised count="03">2006-11-24</revised>
+  <bug>118541</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/pound" auto="yes" arch="*">
+      <unaffected range="ge">2.0.5</unaffected>
+      <unaffected range="rge">1.10</unaffected>
+      <unaffected range="rge">1.9.4</unaffected>
+      <vulnerable range="lt">2.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pound is a reverse proxy, load balancer and HTTPS front-end. It allows
+    to distribute the load on several web servers and offers a SSL wrapper
+    for web servers that do not support SSL directly.
+    </p>
+  </background>
+  <description>
+    <p>
+    Pound fails to handle HTTP requests with conflicting "Content-Length"
+    and "Transfer-Encoding" headers correctly.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could exploit this vulnerability by sending HTTP requests
+    with specially crafted "Content-Length" and "Transfer-Encoding" headers
+    to bypass certain security restrictions or to poison the web proxy
+    cache.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pound users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose www-servers/pound</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3751">CVE-2005-3751</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-25T15:47:49Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-05-25T18:03:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-29T16:09:23Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-06.xml b/metadata/glsa/glsa-200606-06.xml
new file mode 100644
index 000000000000..6a90ef116ca3
--- /dev/null
+++ b/metadata/glsa/glsa-200606-06.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-06">
+  <title>AWStats: Remote execution of arbitrary code</title>
+  <synopsis>
+    AWStats contains a bug in the sanitization of the input parameters which
+    can lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">awstats</product>
+  <announced>2006-06-07</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>130487</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-misc/awstats" auto="yes" arch="*">
+      <unaffected range="ge">6.5-r1</unaffected>
+      <vulnerable range="lt">6.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    AWStats is an advanced log file analyzer and statistics generator.
+    </p>
+  </background>
+  <description>
+    <p>
+    Hendrik Weimer has found that if updating the statistics via the
+    web frontend is enabled, it is possible to inject arbitrary code via a
+    pipe character in the "migrate" parameter. Additionally, r0t has
+    discovered that AWStats fails to properly sanitize user-supplied input
+    in awstats.pl.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can execute arbitrary code on the server in the
+    context of the application running the AWStats CGI script if updating
+    of the statistics via web frontend is allowed. Nonetheless, all
+    configurations are affected by a cross-site scripting vulnerability in
+    awstats.pl, allowing a remote attacker to execute arbitrary scripts
+    running in the context of the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable statistics updates using the web frontend to avoid code
+    injection. However, there is no known workaround at this time
+    concerning the cross-site scripting vulnerability.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AWStats users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-misc/awstats-6.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1945">CVE-2006-1945</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237">CVE-2006-2237</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-05-20T08:51:28Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-05-21T19:06:44Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-05T17:20:28Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-07.xml b/metadata/glsa/glsa-200606-07.xml
new file mode 100644
index 000000000000..c39da2dd6b61
--- /dev/null
+++ b/metadata/glsa/glsa-200606-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-07">
+  <title>Vixie Cron: Privilege Escalation</title>
+  <synopsis>
+    Vixie Cron allows local users to execute programs as root.
+  </synopsis>
+  <product type="ebuild">vixie-cron</product>
+  <announced>2006-06-09</announced>
+  <revised count="01">2006-06-09</revised>
+  <bug>134194</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-process/vixie-cron" auto="yes" arch="*">
+      <unaffected range="ge">4.1-r9</unaffected>
+      <vulnerable range="lt">4.1-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Vixie Cron is a command scheduler with extended syntax over cron.
+    </p>
+  </background>
+  <description>
+    <p>
+    Roman Veretelnikov discovered that Vixie Cron fails to properly
+    check whether it can drop privileges accordingly if setuid() in
+    do_command.c fails due to a user exceeding assigned resource limits.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Local users can execute code with root privileges by deliberately
+    exceeding their assigned resource limits and then starting a command
+    through Vixie Cron. This requires resource limits to be in place on the
+    machine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Vixie Cron users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-process/vixie-cron-4.1-r9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2607">CVE-2006-2607</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-07T19:26:16Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-07T20:17:38Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-09T03:56:58Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-08.xml b/metadata/glsa/glsa-200606-08.xml
new file mode 100644
index 000000000000..c86768d33ca2
--- /dev/null
+++ b/metadata/glsa/glsa-200606-08.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-08">
+  <title>WordPress: Arbitrary command execution</title>
+  <synopsis>
+    WordPress fails to sufficiently check the format of cached username data.
+  </synopsis>
+  <product type="ebuild">wordpress</product>
+  <announced>2006-06-09</announced>
+  <revised count="02">2006-06-10</revised>
+  <bug>134397</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3</unaffected>
+      <vulnerable range="lt">2.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a PHP and MySQL based content management and publishing
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    rgod discovered that WordPress insufficiently checks the format of
+    cached username data.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this vulnerability to execute arbitrary
+    commands by sending a specially crafted username. As of Wordpress 2.0.2
+    the user data cache is disabled by default.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WordPress users should upgrade to the latest available version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-2.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2667">CVE-2006-2667</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2702">CVE-2006-2702</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-06-06T16:40:51Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-06T17:50:23Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-09.xml b/metadata/glsa/glsa-200606-09.xml
new file mode 100644
index 000000000000..927c5f6f940e
--- /dev/null
+++ b/metadata/glsa/glsa-200606-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-09">
+  <title>SpamAssassin: Execution of arbitrary code</title>
+  <synopsis>
+    SpamAssassin, when running with certain options, could allow local or even
+    remote attackers to execute arbitrary commands, possibly as the root user.
+  </synopsis>
+  <product type="ebuild">Spamassassin</product>
+  <announced>2006-06-11</announced>
+  <revised count="01">2006-06-11</revised>
+  <bug>135746</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/spamassassin" auto="yes" arch="*">
+      <unaffected range="ge">3.1.3</unaffected>
+      <vulnerable range="lt">3.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SpamAssassin is an extensible email filter used to identify junk
+    email. spamd is the daemonized version of SpamAssassin.
+    </p>
+  </background>
+  <description>
+    <p>
+    When spamd is run with both the "--vpopmail" (-v) and
+    "--paranoid" (-P) options, it is vulnerable to an unspecified issue.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    With certain configuration options, a local or even remote
+    attacker could execute arbitrary code with the rights of the user
+    running spamd, which is root by default, by sending a crafted message
+    to the spamd daemon. Furthermore, the attack can be remotely
+    performed if the "--allowed-ips" (-A) option is present and specifies
+    non-local adresses. Note that Gentoo Linux is not vulnerable in the
+    default configuration.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Don't use both the "--paranoid" (-P) and the "--vpopmail" (-v)
+    options.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SpamAssassin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-filter/spamassassin-3.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447">CVE-2006-2447</uri>
+  </references>
+  <metadata tag="bugReady" timestamp="2006-06-08T05:47:21Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-08T10:26:06Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-10.xml b/metadata/glsa/glsa-200606-10.xml
new file mode 100644
index 000000000000..65e4753f4df5
--- /dev/null
+++ b/metadata/glsa/glsa-200606-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-10">
+  <title>Cscope: Many buffer overflows</title>
+  <synopsis>
+    Cscope is vulnerable to multiple buffer overflows that could lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Cscope</product>
+  <announced>2006-06-11</announced>
+  <revised count="01">2006-06-11</revised>
+  <bug>133829</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/cscope" auto="yes" arch="*">
+      <unaffected range="ge">15.5-r6</unaffected>
+      <vulnerable range="lt">15.5-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cscope is a developer's tool for browsing source code.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cscope does not verify the length of file names sourced in
+    #include statements.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A user could be enticed to source a carefully crafted file which
+    will allow the attacker to execute arbitrary code with the permissions
+    of the user running Cscope.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cscope users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/cscope-15.5-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2541">CVE-2004-2541</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-01T07:07:22Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-05T17:21:43Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-05T18:50:34Z">
+    dizzutch
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-11.xml b/metadata/glsa/glsa-200606-11.xml
new file mode 100644
index 000000000000..c4ad483ce0c7
--- /dev/null
+++ b/metadata/glsa/glsa-200606-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-11">
+  <title>JPEG library: Denial of service</title>
+  <synopsis>
+    The JPEG library is vulnerable to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">jpeg</product>
+  <announced>2006-06-11</announced>
+  <revised count="02">2006-07-29</revised>
+  <bug>130889</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jpeg" auto="yes" arch="*">
+      <unaffected range="ge">6b-r7</unaffected>
+      <vulnerable range="lt">6b-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The JPEG library is able to load, handle and manipulate images in the
+    JPEG format.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the
+    vulnerable JPEG library ebuilds compile JPEG without the --maxmem
+    feature which is not recommended.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to load a specially crafted JPEG image file an
+    attacker could cause a Denial of Service, due to memory exhaustion.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    JPEG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/jpeg-6b-r7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3005">CVE-2006-3005</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-05T22:15:44Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-05T22:17:08Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-06T08:58:39Z">
+    daxomatic
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-12.xml b/metadata/glsa/glsa-200606-12.xml
new file mode 100644
index 000000000000..599752f1e090
--- /dev/null
+++ b/metadata/glsa/glsa-200606-12.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-12">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Vulnerabilities in Mozilla Firefox allow privilege escalations for
+    JavaScript code, cross site scripting attacks, HTTP response smuggling and
+    possibly the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox</product>
+  <announced>2006-06-11</announced>
+  <revised count="01">2006-06-11</revised>
+  <bug>135254</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.4</unaffected>
+      <vulnerable range="lt">1.5.0.4</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.4</unaffected>
+      <vulnerable range="lt">1.5.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is the next-generation web browser from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    A number of vulnerabilities were found and fixed in Mozilla
+    Firefox. For details please consult the references below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing the user to visit a malicious website, a remote
+    attacker can inject arbitrary HTML and JavaScript Code into the user's
+    browser, execute JavaScript code with elevated privileges and possibly
+    execute arbitrary code with the permissions of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.5.0.4"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.5.0.4"</code>
+    <p>
+    Note: There is no stable fixed version for the Alpha
+    architecture yet. Users of Mozilla Firefox on Alpha should consider
+    unmerging it until such a version is available.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775">CVE-2006-2775</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776">CVE-2006-2776</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777">CVE-2006-2777</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778">CVE-2006-2778</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779">CVE-2006-2779</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780">CVE-2006-2780</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782">CVE-2006-2782</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783">CVE-2006-2783</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784">CVE-2006-2784</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785">CVE-2006-2785</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786">CVE-2006-2786</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787">CVE-2006-2787</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox">Mozilla Foundation Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-06-07T17:33:16Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-08T10:36:32Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-13.xml b/metadata/glsa/glsa-200606-13.xml
new file mode 100644
index 000000000000..8519f8d3cd43
--- /dev/null
+++ b/metadata/glsa/glsa-200606-13.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-13">
+  <title>MySQL: SQL Injection</title>
+  <synopsis>
+    MySQL is vulnerable to an SQL Injection flaw in the multi-byte encoding
+    process.
+  </synopsis>
+  <product type="ebuild">MySQL</product>
+  <announced>2006-06-11</announced>
+  <revised count="04">2006-12-13</revised>
+  <bug>135076</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.0.22</unaffected>
+      <unaffected range="rge">4.1.20</unaffected>
+      <unaffected range="rge">4.1.21</unaffected>
+      <unaffected range="rge">4.1.22</unaffected>
+      <unaffected range="lt">4.1</unaffected>
+      <vulnerable range="lt">5.0.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular multi-threaded, multi-user SQL server.
+    </p>
+  </background>
+  <description>
+    <p>
+    MySQL is vulnerable to an injection flaw in mysql_real_escape() when
+    used with multi-byte characters.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Due to a flaw in the multi-byte character process, an attacker is still
+    able to inject arbitary SQL statements into the MySQL server for
+    execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are a few workarounds available: NO_BACKSLASH_ESCAPES mode as a
+    workaround for a bug in mysql_real_escape_string(): SET
+    sql_mode='NO_BACKSLASH_ESCAPES'; SET GLOBAL
+    sql_mode='NO_BACKSLASH_ESCAPES'; and server command line options:
+    --sql-mode=NO_BACKSLASH_ESCAPES.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-4.1.20"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753">CVE-2006-2753</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-01T07:09:29Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-05T19:55:54Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-07T09:13:55Z">
+    daxomatic
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-14.xml b/metadata/glsa/glsa-200606-14.xml
new file mode 100644
index 000000000000..8b0c3e126db7
--- /dev/null
+++ b/metadata/glsa/glsa-200606-14.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-14">
+  <title>GDM: Privilege escalation</title>
+  <synopsis>
+    An authentication error in GDM could allow users to gain elevated
+    privileges.
+  </synopsis>
+  <product type="ebuild">gdm</product>
+  <announced>2006-06-12</announced>
+  <revised count="02">2006-06-19</revised>
+  <bug>135027</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/gdm" auto="yes" arch="*">
+      <unaffected range="ge">2.8.0.8</unaffected>
+      <vulnerable range="lt">2.8.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GDM is the GNOME display manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    GDM allows a normal user to access the configuration manager.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    When the "face browser" in GDM is enabled, a normal user can use the
+    "configure login manager" with his/her own password instead of the root
+    password, and thus gain additional privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GDM users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=gnome-base/gdm-2.8.0.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://bugzilla.gnome.org/show_bug.cgi?id=343476">Gnome Bugzilla entry</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2452">CVE-2006-2452</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-08T10:45:03Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-09T08:32:35Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-12T04:30:05Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-15.xml b/metadata/glsa/glsa-200606-15.xml
new file mode 100644
index 000000000000..19a6bd381597
--- /dev/null
+++ b/metadata/glsa/glsa-200606-15.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-15">
+  <title>Asterisk: IAX2 video frame buffer overflow</title>
+  <synopsis>
+    Asterisk contains a bug in the IAX2 channel driver making it vulnerable to
+    the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2006-06-14</announced>
+  <revised count="01">2006-06-14</revised>
+  <bug>135680</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.0.11_p1</unaffected>
+      <vulnerable range="lt">1.0.11_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Asterisk is an open source implementation of a telephone private branch
+    exchange (PBX).
+    </p>
+  </background>
+  <description>
+    <p>
+    Asterisk fails to properly check the length of truncated video frames
+    in the IAX2 channel driver which results in a buffer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this vulnerability by sending a specially
+    crafted IAX2 video stream resulting in the execution of arbitrary code
+    with the permissions of the user running Asterisk.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable public IAX2 support.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Asterisk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.0.11_p1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2898">CVE-2006-2898</uri>
+    <uri link="https://www.coresecurity.com/common/showdoc.php?idx=547&amp;idxseccion=10">Corelabs Asterisk PBX truncated video frame vulnerability advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-08T10:46:16Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-09T08:21:48Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-14T09:36:11Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-16.xml b/metadata/glsa/glsa-200606-16.xml
new file mode 100644
index 000000000000..4f66e704afcb
--- /dev/null
+++ b/metadata/glsa/glsa-200606-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-16">
+  <title>DokuWiki: PHP code injection</title>
+  <synopsis>
+    A flaw in DokuWiki's spell checker allows for the execution of arbitrary
+    PHP commands, even without proper authentication.
+  </synopsis>
+  <product type="ebuild">DokuWiki</product>
+  <announced>2006-06-14</announced>
+  <revised count="01">2006-06-14</revised>
+  <bug>135623</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/dokuwiki" auto="yes" arch="*">
+      <unaffected range="ge">20060309-r1</unaffected>
+      <vulnerable range="lt">20060309-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DokuWiki is a simple to use wiki targeted at developer teams,
+    workgroups and small companies.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser discovered that the DokuWiki spell checker fails to
+    properly sanitize PHP's "complex curly syntax".
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A unauthenticated remote attacker may execute arbitrary PHP commands -
+    and thus possibly arbitrary system commands - with the permissions of
+    the user running the webserver that serves DokuWiki pages.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All DokuWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/dokuwiki-20060309-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.hardened-php.net/advisory_042006.119.html">Hardened-PHP advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2878">CVE-2006-2878</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-11T22:03:16Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-12T18:33:06Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-13T21:28:32Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-17.xml b/metadata/glsa/glsa-200606-17.xml
new file mode 100644
index 000000000000..e005880aea8d
--- /dev/null
+++ b/metadata/glsa/glsa-200606-17.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-17">
+  <title>OpenLDAP: Buffer overflow</title>
+  <synopsis>
+    The OpenLDAP replication server slurpd contains a buffer overflow that
+    could result in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">net-nds/openldap</product>
+  <announced>2006-06-15</announced>
+  <revised count="01">2006-06-15</revised>
+  <bug>134010</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-nsd/openldap" auto="yes" arch="*">
+      <unaffected range="ge">2.3.22</unaffected>
+      <vulnerable range="lt">2.3.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenLDAP is a suite of LDAP-related applications and development tools.
+    It includes slapd (the standalone LDAP server), slurpd (the standalone
+    LDAP replication server), various LDAP libraries, utilities and example
+    clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    slurpd contains a buffer overflow when reading very long hostnames from
+    the status file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By injecting an overly long hostname in the status file, an attacker
+    could possibly cause the execution of arbitrary code with the
+    permissions of the user running slurpd.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All openLDAP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-nds/openldap-2.3.22"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2754">CVE-2006-2754</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-08T10:43:24Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-11T20:44:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-12T07:06:11Z">
+    SeJo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-18.xml b/metadata/glsa/glsa-200606-18.xml
new file mode 100644
index 000000000000..de7eb9085411
--- /dev/null
+++ b/metadata/glsa/glsa-200606-18.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-18">
+  <title>PAM-MySQL: Multiple vulnerabilities</title>
+  <synopsis>
+    Vulnerabilities in PAM-MySQL can lead to a Denial of Service, making it
+    impossible to log into a machine.
+  </synopsis>
+  <product type="ebuild">pam_mysql</product>
+  <announced>2006-06-15</announced>
+  <revised count="02">2006-07-29</revised>
+  <bug>120842</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-auth/pam_mysql" auto="yes" arch="*">
+      <unaffected range="ge">0.7_rc1</unaffected>
+      <vulnerable range="lt">0.7_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PAM-MySQL is a PAM module used to authenticate users against a MySQL
+    backend.
+    </p>
+  </background>
+  <description>
+    <p>
+    A flaw in handling the result of pam_get_item() as well as further
+    unspecified flaws were discovered in PAM-MySQL.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By exploiting the mentioned flaws an attacker can cause a Denial of
+    Service and thus prevent users that authenticate against PAM-MySQL from
+    logging into a machine. There is also a possible additional attack
+    vector with more malicious impact that has not been confirmed yet.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PAM-MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-auth/pam_mysql-0.7_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://pam-mysql.sourceforge.net/News/">Official release information</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4713">CVE-2005-4713</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0056">CVE-2006-0056</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-11T20:13:52Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-11T20:15:46Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-13T04:26:43Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-19.xml b/metadata/glsa/glsa-200606-19.xml
new file mode 100644
index 000000000000..1c54e139b692
--- /dev/null
+++ b/metadata/glsa/glsa-200606-19.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-19">
+  <title>Sendmail: Denial of service</title>
+  <synopsis>
+    Faulty multipart MIME messages can cause forked Sendmail processes to
+    crash.
+  </synopsis>
+  <product type="ebuild">sendmail</product>
+  <announced>2006-06-15</announced>
+  <revised count="01">2006-06-15</revised>
+  <bug>135141</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/sendmail" auto="yes" arch="*">
+      <unaffected range="ge">8.13.6-r1</unaffected>
+      <vulnerable range="lt">8.13.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sendmail is a popular mail transfer agent (MTA).
+    </p>
+  </background>
+  <description>
+    <p>
+    Frank Sheiness discovered that the mime8to7() function can recurse
+    endlessly during the decoding of multipart MIME messages until the
+    stack of the process is filled and the process crashes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending specially crafted multipart MIME messages, a remote
+    attacker can cause a subprocess forked by Sendmail to crash. If
+    Sendmail is not set to use a randomized queue processing, the attack
+    will effectively halt the delivery of queued mails as well as the
+    malformed one, incoming mail delivered interactively is not affected.
+    Additionally, on systems where core dumps with an individual naming
+    scheme (like "core.pid") are enabled, a filesystem may fill up with
+    core dumps. Core dumps are disabled by default in Gentoo.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The Sendmail 8.13.7 release information offers some workarounds, please
+    see the Reference below. Note that the issue has actually been fixed in
+    the 8.13.6-r1 ebuild.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sendmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/sendmail-8.13.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173">CVE-2006-1173</uri>
+    <uri link="http://www.sendmail.org/releases/8.13.7.html">Sendmail 8.13.7 release information</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-14T18:47:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-14T19:21:03Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-15T16:00:46Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-20.xml b/metadata/glsa/glsa-200606-20.xml
new file mode 100644
index 000000000000..2a799106b3a2
--- /dev/null
+++ b/metadata/glsa/glsa-200606-20.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-20">
+  <title>Typespeed: Remote execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in the network code of Typespeed can lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">typespeed</product>
+  <announced>2006-06-19</announced>
+  <revised count="01">2006-06-19</revised>
+  <bug>135071</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-misc/typespeed" auto="yes" arch="*">
+      <unaffected range="ge">0.5.0</unaffected>
+      <vulnerable range="lt">0.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Typespeed is a game to test and practice 10-finger-typing. Network code
+    allows two users to compete head-to-head.
+    </p>
+  </background>
+  <description>
+    <p>
+    Niko Tyni discovered a buffer overflow in the addnewword() function of
+    Typespeed's network code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending specially crafted network packets to a machine running
+    Typespeed in multiplayer mode, a remote attacker can execute arbitrary
+    code with the permissions of the user running the game.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run Typespeed in multiplayer mode. There is no known workaround
+    at this time for multiplayer mode.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Typespeed users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-misc/typespeed-0.5.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1515">CVE-2006-1515</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-11T22:01:54Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-13T05:10:07Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-18T12:23:54Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-21.xml b/metadata/glsa/glsa-200606-21.xml
new file mode 100644
index 000000000000..addc13905277
--- /dev/null
+++ b/metadata/glsa/glsa-200606-21.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-21">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities in Mozilla Thunderbird allow cross site scripting,
+    JavaScript privilege escalation and possibly execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla-thunderbird</product>
+  <announced>2006-06-19</announced>
+  <revised count="01">2006-06-19</revised>
+  <bug>135256</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.4</unaffected>
+      <vulnerable range="lt">1.5.0.4</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.4</unaffected>
+      <vulnerable range="lt">1.5.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Thunderbird is the next-generation mail client from the Mozilla
+    project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found and fixed in Mozilla Thunderbird.
+    For details, please consult the references below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft malicious emails that would leverage
+    these issues to inject and execute arbitrary script code with elevated
+    privileges, spoof content, and possibly execute arbitrary code with the
+    rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.5.0.4"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.5.0.4"</code>
+    <p>
+    Note: There is no stable fixed version for the Alpha architecture yet.
+    Users of Mozilla Thunderbird on Alpha should consider unmerging it
+    until such a version is available.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775">CVE-2006-2775</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776">CVE-2006-2776</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778">CVE-2006-2778</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779">CVE-2006-2779</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780">CVE-2006-2780</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2781">CVE-2006-2781</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783">CVE-2006-2783</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786">CVE-2006-2786</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787">CVE-2006-2787</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird">Mozilla Foundation Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-06-07T17:49:37Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-18T10:01:22Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-22.xml b/metadata/glsa/glsa-200606-22.xml
new file mode 100644
index 000000000000..cd62d48ae354
--- /dev/null
+++ b/metadata/glsa/glsa-200606-22.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-22">
+  <title>aRts: Privilege escalation</title>
+  <synopsis>
+    The artswrapper part of aRts allows local users to execute arbitrary code
+    with elevated privileges.
+  </synopsis>
+  <product type="ebuild">aRts</product>
+  <announced>2006-06-22</announced>
+  <revised count="01">2006-06-22</revised>
+  <bug>135970</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-base/arts" auto="yes" arch="*">
+      <unaffected range="ge">3.5.2-r1</unaffected>
+      <unaffected range="rge">3.4.3-r1</unaffected>
+      <vulnerable range="lt">3.5.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    aRts is a real time modular system for synthesizing audio used by KDE.
+    artswrapper is a helper application used to start the aRts daemon.
+    </p>
+  </background>
+  <description>
+    <p>
+    artswrapper fails to properly check whether it can drop privileges
+    accordingly if setuid() fails due to a user exceeding assigned resource
+    limits.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Local attackers could exploit this vulnerability to execute arbitrary
+    code with elevated privileges. Note that the aRts package provided by
+    Gentoo is only vulnerable if the artswrappersuid USE-flag is enabled.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All aRts users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/arts</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916">CVE-2006-2916</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-06-15T13:39:42Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-17T13:17:47Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-23.xml b/metadata/glsa/glsa-200606-23.xml
new file mode 100644
index 000000000000..b66fe1d2a020
--- /dev/null
+++ b/metadata/glsa/glsa-200606-23.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-23">
+  <title>KDM: Symlink vulnerability</title>
+  <synopsis>
+    KDM is vulnerable to a symlink vulnerability that can lead to disclosure of
+    information.
+  </synopsis>
+  <product type="ebuild">kdebase, KDM</product>
+  <announced>2006-06-22</announced>
+  <revised count="02">2006-06-24</revised>
+  <bug>136201</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-base/kdebase" auto="yes" arch="*">
+      <unaffected range="ge">3.5.2-r2</unaffected>
+      <unaffected range="rge">3.4.3-r2</unaffected>
+      <vulnerable range="lt">3.5.2-r2</vulnerable>
+    </package>
+    <package name="kde-base/kdm" auto="yes" arch="*">
+      <unaffected range="ge">3.5.2-r1</unaffected>
+      <unaffected range="rge">3.4.3-r2</unaffected>
+      <vulnerable range="lt">3.5.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. KDM is the KDE Display Manager and is part
+    of the kdebase package.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ludwig Nussel discovered that KDM could be tricked into allowing users
+    to read files that would otherwise not be readable.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this issue to obtain potentially
+    sensitive information that is usually not accessable to the local user
+    such as shadow files or other user's files. The default Gentoo user
+    running KDM is root and, as a result, the local attacker can read any
+    file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdebase users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdebase</code>
+    <p>
+    All KDE split ebuild users should upgrade to the latest KDM version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose kde-base/kdm</code>
+  </resolution>
+  <references>
+    <uri link="https://www.kde.org/info/security/advisory-20060614-1.txt">KDE Security Advisory: KDM symlink attack vulnerability</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449">CVE-2006-2449</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-06-14T19:50:34Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-18T09:50:44Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-24.xml b/metadata/glsa/glsa-200606-24.xml
new file mode 100644
index 000000000000..27ba7e5f8c09
--- /dev/null
+++ b/metadata/glsa/glsa-200606-24.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-24">
+  <title>wv2: Integer overflow</title>
+  <synopsis>
+    An integer overflow could allow an attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">wv2</product>
+  <announced>2006-06-23</announced>
+  <revised count="01">2006-06-23</revised>
+  <bug>136759</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/wv2" auto="yes" arch="*">
+      <unaffected range="ge">0.2.3</unaffected>
+      <vulnerable range="lt">0.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    wv2 is a filter library for Microsoft Word files, used in many Office
+    suites.
+    </p>
+  </background>
+  <description>
+    <p>
+    A boundary checking error was found in wv2, which could lead to an
+    integer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could execute arbitrary code with the rights of the user
+    running the program that uses the library via a maliciously crafted
+    Microsoft Word document.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All wv2 users should update to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/wv2-0.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2197">CVE 2006-2197</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-21T15:46:28Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-21T17:08:02Z">
+    hlieberman
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-21T18:19:37Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-25.xml b/metadata/glsa/glsa-200606-25.xml
new file mode 100644
index 000000000000..0316421b3729
--- /dev/null
+++ b/metadata/glsa/glsa-200606-25.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-25">
+  <title>Hashcash: Possible heap overflow</title>
+  <synopsis>
+    A heap overflow vulnerability in the Hashcash utility could allow an
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">hashcash</product>
+  <announced>2006-06-26</announced>
+  <revised count="02">2006-07-29</revised>
+  <bug>134960</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/hashcash" auto="yes" arch="*">
+      <unaffected range="ge">1.21</unaffected>
+      <vulnerable range="lt">1.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Hashcash is a utility for generating Hashcash tokens, a proof-of-work
+    system to reduce the impact of spam.
+    </p>
+  </background>
+  <description>
+    <p>
+    Andreas Seltenreich has reported a possible heap overflow in the
+    array_push() function in hashcash.c, as a result of an incorrect amount
+    of allocated memory for the "ARRAY" structure.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending malicious entries to the Hashcash utility, an attacker may
+    be able to cause an overflow, potentially resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Hashcash users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/hashcash-1.21"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.hashcash.org/source/CHANGELOG">Hashcash ChangeLog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3251">CVE-2006-3251</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-18T12:26:10Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-18T12:57:56Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-23T18:48:20Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-26.xml b/metadata/glsa/glsa-200606-26.xml
new file mode 100644
index 000000000000..ce147a2f36f9
--- /dev/null
+++ b/metadata/glsa/glsa-200606-26.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-26">
+  <title>EnergyMech: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability was discovered in EnergyMech that is
+    easily exploitable via IRC.
+  </synopsis>
+  <product type="ebuild">emech</product>
+  <announced>2006-06-26</announced>
+  <revised count="02">2006-07-29</revised>
+  <bug>132749</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/emech" auto="yes" arch="*">
+      <unaffected range="ge">3.0.2</unaffected>
+      <vulnerable range="lt">3.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    EnergyMech is an IRC bot programmed in C.
+    </p>
+  </background>
+  <description>
+    <p>
+    A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and
+    will cause a crash from a segmentation fault.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending an empty CTCP NOTICE, a remote attacker could exploit this
+    vulnerability to cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All EnergyMech users should update to the latest stable version:
+    </p>
+    <code> 
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/emech-3.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.energymech.net/versions-3.0.html">EnergyMech Changelog</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3293">CVE-2006-3293</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-22T18:15:43Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-22T23:37:12Z">
+    hlieberman
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-23T18:56:34Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-27.xml b/metadata/glsa/glsa-200606-27.xml
new file mode 100644
index 000000000000..1343f110701d
--- /dev/null
+++ b/metadata/glsa/glsa-200606-27.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-27">
+  <title>Mutt: Buffer overflow</title>
+  <synopsis>
+    Mutt contains a buffer overflow that could result in arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">mutt</product>
+  <announced>2006-06-28</announced>
+  <revised count="01">2006-06-28</revised>
+  <bug>138125</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">1.5.11-r2</unaffected>
+      <vulnerable range="lt">1.5.11-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mutt is a small but very powerful text-based mail client.
+    </p>
+  </background>
+  <description>
+    <p>
+    TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in
+    the "browse_get_namespace()" function in browse.c, which can be
+    triggered when receiving an overly long namespace from an IMAP server.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious IMAP server can send an overly long namespace to Mutt in
+    order to crash the application, and possibly execute arbitrary code
+    with the permissions of the user running Mutt.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mutt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-1.5.11-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242">CVE-2006-3242</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-27T19:49:38Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-27T20:02:54Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-28T10:14:15Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-28.xml b/metadata/glsa/glsa-200606-28.xml
new file mode 100644
index 000000000000..59ccf99b54bb
--- /dev/null
+++ b/metadata/glsa/glsa-200606-28.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-28">
+  <title>Horde Web Application Framework: XSS vulnerability</title>
+  <synopsis>
+    The Horde Web Application Framework is vulnerable to a cross-site scripting
+    vulnerability.
+  </synopsis>
+  <product type="ebuild">horde</product>
+  <announced>2006-06-29</announced>
+  <revised count="01">2006-06-29</revised>
+  <bug>136830</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde" auto="yes" arch="*">
+      <unaffected range="ge">3.1.1-r1</unaffected>
+      <vulnerable range="lt">3.1.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Horde Web Application Framework is a general-purpose web
+    application framework written in PHP, providing classes for handling
+    preferences, compression, browser detection, connection tracking, MIME,
+    and more.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michael Marek discovered that the Horde Web Application Framework
+    performs insufficient input sanitizing.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could exploit these vulnerabilities to execute arbitrary
+    scripts running in the context of the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All horde users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-3.1.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2195">CVE-2006-2195</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-06-22T14:59:32Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-23T18:49:08Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-29.xml b/metadata/glsa/glsa-200606-29.xml
new file mode 100644
index 000000000000..6e30795159bb
--- /dev/null
+++ b/metadata/glsa/glsa-200606-29.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-29">
+  <title>Tikiwiki: SQL injection and multiple XSS vulnerabilities</title>
+  <synopsis>
+    An SQL injection vulnerability and multiple XSS vulnerabilities have been
+    discovered.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2006-06-29</announced>
+  <revised count="01">2006-06-29</revised>
+  <bug>136723</bug>
+  <bug>134483</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.9.4</unaffected>
+      <vulnerable range="lt">1.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tikiwiki is a web-based groupware and content management system (CMS),
+    using PHP, ADOdb and Smarty.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tikiwiki fails to properly sanitize user input before processing it,
+    including in SQL statements.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could execute arbitrary SQL statements on the underlying
+    database, or inject arbitrary scripts into the context of a user's
+    browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tikiwiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.9.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3048">CVE-2006-3048</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3047">CVE-2006-3047</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-06-26T00:18:20Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-26T20:19:12Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200606-30.xml b/metadata/glsa/glsa-200606-30.xml
new file mode 100644
index 000000000000..c7a11d445aeb
--- /dev/null
+++ b/metadata/glsa/glsa-200606-30.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200606-30">
+  <title>Kiax: Arbitrary code execution</title>
+  <synopsis>
+    A security vulnerability in the iaxclient library could lead to the
+    execution of arbitrary code by a remote attacker.
+  </synopsis>
+  <product type="ebuild">kiax</product>
+  <announced>2006-06-30</announced>
+  <revised count="01">2006-06-30</revised>
+  <bug>136099</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/kiax" auto="yes" arch="*">
+      <unaffected range="ge">0.8.5_p1</unaffected>
+      <vulnerable range="lt">0.8.5_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Kiax is a graphical softphone supporting the IAX protocol (Inter
+    Asterisk eXchange), which allows PC users to make VoIP calls to
+    Asterisk servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    The iax_net_read function in the iaxclient library fails to properly
+    handle IAX2 packets with truncated full frames or mini-frames. These
+    frames are detected in a length check but processed anyway, leading to
+    buffer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted IAX2 packet, an attacker could execute
+    arbitrary code with the permissions of the user running Kiax.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Kiax users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/kiax-0.8.5_p1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2923">CVE-2006-2923</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-22T11:02:44Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-06-22T11:16:37Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-22T15:23:48Z">
+    dizzutch
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-01.xml b/metadata/glsa/glsa-200607-01.xml
new file mode 100644
index 000000000000..dec28a834494
--- /dev/null
+++ b/metadata/glsa/glsa-200607-01.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-01">
+  <title>mpg123: Heap overflow</title>
+  <synopsis>
+    A heap overflow in mpg123 was discovered, which could result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mpg123</product>
+  <announced>2006-07-03</announced>
+  <revised count="02">2006-07-29</revised>
+  <bug>133988</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mpg123" auto="yes" arch="*">
+      <unaffected range="ge">0.59s-r11</unaffected>
+      <vulnerable range="lt">0.59s-r11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mpg123 is a real time audio player designed for the MPEG format.
+    </p>
+  </background>
+  <description>
+    <p>
+    In httpdget.c, a variable is assigned to the heap, and is supposed to
+    receive a smaller allocation. As this variable was not terminated
+    properly, strncpy() will overwrite the data assigned next in memory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to visit a malicious URL, an attacker could possibly
+    execute arbitrary code with the rights of the user running mpg123.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mpg123 users should update to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/mpg123-0.59s-r11"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3355">CVE-2006-3355</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-30T16:01:33Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-30T18:10:59Z">
+    hlieberman
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-02T14:50:47Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-02.xml b/metadata/glsa/glsa-200607-02.xml
new file mode 100644
index 000000000000..2597c615a564
--- /dev/null
+++ b/metadata/glsa/glsa-200607-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-02">
+  <title>FreeType: Multiple integer overflows</title>
+  <synopsis>
+    Multiple remotely exploitable buffer overflows have been discovered in
+    FreeType, resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">FreeType</product>
+  <announced>2006-07-09</announced>
+  <revised count="02">2006-09-03</revised>
+  <bug>124828</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.1.10-r2</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.1.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeType is a portable font engine.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple integer overflows exist in a variety of files (bdf/bdflib.c,
+    sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these buffer overflows by enticing a
+    user to load a specially crafted font, which could result in the
+    execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeType users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.1.10-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861">CVE-2006-1861</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-04T13:58:56Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-04T15:44:57Z">
+    hlieberman
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-05T16:43:48Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-03.xml b/metadata/glsa/glsa-200607-03.xml
new file mode 100644
index 000000000000..880ebd92749e
--- /dev/null
+++ b/metadata/glsa/glsa-200607-03.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-03">
+  <title>libTIFF: Multiple buffer overflows</title>
+  <synopsis>
+    libTIFF contains buffer overflows that could result in arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2006-07-09</announced>
+  <revised count="01">2006-07-09</revised>
+  <bug>135881</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">3.8.2-r1</unaffected>
+      <vulnerable range="lt">3.8.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libTIFF provides support for reading and manipulating TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow has been found in the t2p_write_pdf_string function
+    in tiff2pdf, which can been triggered with a TIFF file containing a
+    DocumentName tag with UTF-8 characters. An additional buffer overflow
+    has been found in the handling of the parameters in tiffsplit.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to load a specially crafted TIFF
+    file, resulting in the possible execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libTIFF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.8.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193">CVE-2006-2193</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2656">CVE-2006-2656</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-07-05T16:38:15Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-05T16:38:38Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-04.xml b/metadata/glsa/glsa-200607-04.xml
new file mode 100644
index 000000000000..d843912b175f
--- /dev/null
+++ b/metadata/glsa/glsa-200607-04.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-04">
+  <title>PostgreSQL: SQL injection</title>
+  <synopsis>
+    A flaw in the multibyte character handling allows execution of arbitrary
+    SQL statements.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2006-07-09</announced>
+  <revised count="03">2007-06-26</revised>
+  <bug>134168</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge">8.0.8</unaffected>
+      <unaffected range="eq">7.4*</unaffected>
+      <vulnerable range="lt">8.0.8</vulnerable>
+      <vulnerable range="lt">7.4.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PostgreSQL is an open source object-relational database management
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    PostgreSQL contains a flaw in the string parsing routines that allows
+    certain backslash-escaped characters to be bypassed with some multibyte
+    character encodings. This vulnerability was discovered by Akio Ishida
+    and Yasuo Ohgaki.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could execute arbitrary SQL statements on the PostgreSQL
+    server. Be aware that web applications using PostgreSQL as a database
+    back-end might be used to exploit this vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PostgreSQL users should upgrade to the latest version in the
+    respective branch they are using:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose dev-db/postgresql</code>
+    <p>
+    Note: While a fix exists for the 7.3 branch it doesn't currently work
+    on Gentoo. All 7.3.x users of PostgreSQL should consider updating their
+    installations to the 7.4 (or higher) branch as soon as possible!
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.postgresql.org/docs/techdocs.50">PostgreSQL technical information</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313">CVE-2006-2313</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314">CVE-2006-2314</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-01T07:08:33Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-07T19:43:38Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-09T16:30:11Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-05.xml b/metadata/glsa/glsa-200607-05.xml
new file mode 100644
index 000000000000..d6820c89fe66
--- /dev/null
+++ b/metadata/glsa/glsa-200607-05.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-05">
+  <title>SHOUTcast server: Multiple vulnerabilities</title>
+  <synopsis>
+    The SHOUTcast server is vulnerable to a file disclosure vulnerability and
+    multiple XSS vulnerabilities.
+  </synopsis>
+  <product type="ebuild">shoutcast</product>
+  <announced>2006-07-09</announced>
+  <revised count="03">2006-07-29</revised>
+  <bug>136721</bug>
+  <bug>136221</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/shoutcast-server-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.9.7</unaffected>
+      <vulnerable range="lt">1.9.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SHOUTcast server is a streaming audio server.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SHOUTcast server is vulnerable to a file disclosure when the server
+    receives a specially crafted GET request. Furthermore it also fails to
+    sanitize the input passed to the "Description", "URL", "Genre", "AIM",
+    and "ICQ" fields.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted GET request to the SHOUTcast server, the
+    attacker can read any file that can be read by the SHOUTcast process.
+    Furthermore it is possible that various request variables could also be
+    exploited to execute arbitrary scripts in the context of a victim's
+    browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SHOUTcast server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/shoutcast-server-bin-1.9.7"</code>
+  </resolution>
+  <references>
+    <uri link="http://people.ksp.sk/~goober/advisory/001-shoutcast.html">Original advisory</uri>
+    <uri link="https://secunia.com/advisories/20524/">SA20524</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3007">CVE-2006-3007</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3534">CVE-2006-3534</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3535">CVE-2006-3535</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-06-30T16:19:23Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-06-30T17:31:32Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-02T14:51:02Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-06.xml b/metadata/glsa/glsa-200607-06.xml
new file mode 100644
index 000000000000..ebe84a30e159
--- /dev/null
+++ b/metadata/glsa/glsa-200607-06.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-06">
+  <title>libpng: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow has been found in the libpng library that could lead to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2006-07-19</announced>
+  <revised count="01">2006-07-19</revised>
+  <bug>138433</bug>
+  <bug>138672</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.12</unaffected>
+      <vulnerable range="lt">1.2.12</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="amd64">
+      <unaffected range="ge">2.5.1</unaffected>
+      <vulnerable range="lt">2.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is an open, extensible image format library, with lossless
+    compression.
+    </p>
+  </background>
+  <description>
+    <p>
+    In pngrutil.c, the function png_decompress_chunk() allocates
+    insufficient space for an error message, potentially overwriting stack
+    data, leading to a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to load a maliciously crafted PNG image, an attacker
+    could execute arbitrary code with the rights of the user, or crash the
+    application using the libpng library, such as the
+    emul-linux-x86-baselibs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.12"</code>
+    <p>
+    All AMD64 emul-linux-x86-baselibs users should also upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-baselibs-2.5.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12-README.txt">libpng Changelog</uri>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334">CVE-2006-3334</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-04T14:10:20Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-04T18:53:23Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-17T16:54:49Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-07.xml b/metadata/glsa/glsa-200607-07.xml
new file mode 100644
index 000000000000..7f1768f593f4
--- /dev/null
+++ b/metadata/glsa/glsa-200607-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-07">
+  <title>xine-lib: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow has been found in the libmms library shipped with
+    xine-lib, potentially resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2006-07-20</announced>
+  <revised count="01">2006-07-20</revised>
+  <bug>139319</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2-r2</unaffected>
+      <vulnerable range="lt">1.1.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is the core library of xine, a multimedia player.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a stack based overflow in the libmms library included with
+    xine-lib which can be triggered by malicious use of the send_command,
+    string_utf16, get_data and get_media_packet functions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could design a malicious media file that would
+    trigger the overflow, potentially resulting in the execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.2-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200">CVE-2006-2200</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-12T17:17:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-12T20:18:19Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-17T16:55:34Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-08.xml b/metadata/glsa/glsa-200607-08.xml
new file mode 100644
index 000000000000..6fb3fcb8e1b9
--- /dev/null
+++ b/metadata/glsa/glsa-200607-08.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-08">
+  <title>GIMP: Buffer overflow</title>
+  <synopsis>
+    GIMP is prone to a buffer overflow which may lead to the execution of
+    arbitrary code when loading specially crafted XCF files.
+  </synopsis>
+  <product type="ebuild">gimp</product>
+  <announced>2006-07-23</announced>
+  <revised count="02">2006-07-24</revised>
+  <bug>139524</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gimp" auto="yes" arch="*">
+      <unaffected range="ge">2.2.12</unaffected>
+      <vulnerable range="lt">2.2.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GIMP is the GNU Image Manipulation Program. XCF is the native image
+    file format used by GIMP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Henning Makholm discovered that the "xcf_load_vector()" function is
+    vulnerable to a buffer overflow when loading a XCF file with a large
+    "num_axes" value.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this issue to execute arbitrary code by
+    enticing a user to open a specially crafted XCF file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GIMP users should update to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/gimp-2.2.12"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404">CVE-2006-3404</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-12T17:07:39Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-12T18:38:18Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-12T19:27:03Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-09.xml b/metadata/glsa/glsa-200607-09.xml
new file mode 100644
index 000000000000..c02a2631bcf0
--- /dev/null
+++ b/metadata/glsa/glsa-200607-09.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-09">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>
+    Wireshark (formerly known as Ethereal) is vulnerable to several security
+    issues, potentially allowing the execution of arbitrary code by a remote
+    attacker.
+  </synopsis>
+  <product type="ebuild">wireshark ethereal</product>
+  <announced>2006-07-25</announced>
+  <revised count="01">2006-07-25</revised>
+  <bug>140856</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">0.99.2</unaffected>
+      <vulnerable range="lt">0.99.2</vulnerable>
+    </package>
+    <package name="net-analyzer/ethereal" auto="yes" arch="*">
+      <vulnerable range="le">0.99.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark, formerly known as Ethereal, is a popular network protocol
+    analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Wireshark dissectors have been found vulnerable to a large number of
+    exploits, including off-by-one errors, buffer overflows, format string
+    overflows and an infinite loop.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Running an affected version of Wireshark or Ethereal could allow for a
+    remote attacker to execute arbitrary code on the user's computer by
+    sending specially crafted packets.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-0.99.2"</code>
+    <p>
+    All Ethereal users should migrate to Wireshark:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --unmerge net-analyzer/ethereal
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-0.99.2"</code>
+    <p>
+    To keep the [saved] configuration from Ethereal and reuse it with
+    Wireshark:
+    </p>
+    <code>
+    # mv ~/.ethereal ~/.wireshark</code>
+  </resolution>
+  <references>
+    <uri link="https://www.wireshark.org/security/wnpa-sec-2006-01.html">Wireshark wnpa-sec-2006-01</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3627">CVE-2006-3627</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3628">CVE-2006-3628</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3629">CVE-2006-3629</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3630">CVE-2006-3630</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3631">CVE-2006-3631</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3632">CVE-2006-3632</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-19T16:53:04Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-19T18:04:14Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-22T20:10:22Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-10.xml b/metadata/glsa/glsa-200607-10.xml
new file mode 100644
index 000000000000..c49412763872
--- /dev/null
+++ b/metadata/glsa/glsa-200607-10.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-10">
+  <title>Samba: Denial of Service vulnerability</title>
+  <synopsis>
+    A large number of share connection requests could cause a Denial of Service
+    within Samba.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2006-07-25</announced>
+  <revised count="01">2006-07-25</revised>
+  <bug>139369</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.22-r3</unaffected>
+      <vulnerable range="lt">3.0.22-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a freely available SMB/CIFS implementation which allows
+    seamless interoperability of file and print services to other SMB/CIFS
+    clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    During an internal audit the Samba team discovered that a flaw in the
+    way Samba stores share connection requests could lead to a Denial of
+    Service.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a large amount of share connection requests to a vulnerable
+    Samba server, an attacker could cause a Denial of Service due to memory
+    consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.22-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-23T19:09:42Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-23T19:57:17Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-23T19:57:30Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-11.xml b/metadata/glsa/glsa-200607-11.xml
new file mode 100644
index 000000000000..26ced1409b2f
--- /dev/null
+++ b/metadata/glsa/glsa-200607-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-11">
+  <title>TunePimp: Buffer overflow</title>
+  <synopsis>
+    A vulnerability in TunePimp has been reported which could lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Tunepimp</product>
+  <announced>2006-07-28</announced>
+  <revised count="02">2007-06-01</revised>
+  <bug>140184</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tunepimp" auto="yes" arch="*">
+      <unaffected range="ge">0.5.0</unaffected>
+      <vulnerable range="le">0.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The TunePimp library (also referred to as libtunepimp) is a development
+    library geared towards developers who wish to create MusicBrainz
+    enabled tagging applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kevin Kofler has reported a vulnerability where three stack variables
+    are allocated with 255, 255 and 100 bytes respectively, yet 256 bytes
+    are read into each. This could lead to buffer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Running an affected version of TunePimp could lead to the execution of
+    arbitrary code by a remote attacker.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All tunepimp users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/tunepimp-0.5."</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600">CVE-2006-3600</uri>
+    <uri link="http://bugs.musicbrainz.org/ticket/1764">MusicBrainz bug #1764</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-07-25T17:18:27Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-27T17:51:46Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-12.xml b/metadata/glsa/glsa-200607-12.xml
new file mode 100644
index 000000000000..252a1cd7417d
--- /dev/null
+++ b/metadata/glsa/glsa-200607-12.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-12">
+  <title>OpenOffice.org: Multiple vulnerabilities</title>
+  <synopsis>
+    OpenOffice.org is affected by three security vulnerabilities which can be
+    exploited to allow the execution of arbitrary code by a remote attacker.
+  </synopsis>
+  <product type="ebuild">OpenOffice.org</product>
+  <announced>2006-07-28</announced>
+  <revised count="01">2006-07-28</revised>
+  <bug>138545</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3</unaffected>
+      <vulnerable range="lt">2.0.3</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3</unaffected>
+      <vulnerable range="lt">2.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    Internal security audits by OpenOffice.org have discovered three
+    security vulnerabilities related to Java applets, macros and the XML
+    file format parser.
+    </p>
+    <ul><li>Specially crafted Java applets can
+    break through the "sandbox".</li>
+    <li>Specially crafted macros make it
+    possible to inject BASIC code into documents which is executed when the
+    document is loaded.</li>
+    <li>Loading a malformed XML file can cause a
+    buffer overflow.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker might exploit these vulnerabilities to escape the Java
+    sandbox, execute arbitrary code or BASIC code with the permissions of
+    the user running OpenOffice.org.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disabling Java applets will protect against the vulnerability in the
+    handling of Java applets. There are no workarounds for the macro and
+    file format vulnerabilities.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.openoffice.org/security/bulletin-20060629.html">OpenOffice.org Security Bulletin 2006-06-29</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2199">CVE-2006-2199</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198">CVE-2006-2198</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117">CVE-2006-3117</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-07-19T12:40:14Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-20T16:32:57Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200607-13.xml b/metadata/glsa/glsa-200607-13.xml
new file mode 100644
index 000000000000..c2aec45f25bb
--- /dev/null
+++ b/metadata/glsa/glsa-200607-13.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200607-13">
+  <title>Audacious: Multiple heap and buffer overflows</title>
+  <synopsis>
+    The adplug library included in Audacious is vulnerable to various overflows
+    that could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">audacious</product>
+  <announced>2006-07-29</announced>
+  <revised count="01">2006-07-29</revised>
+  <bug>139957</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/audacious" auto="yes" arch="*">
+      <unaffected range="ge">1.1.0</unaffected>
+      <vulnerable range="lt">1.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Audacious is a media player that has been forked from Beep Media
+    Player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma has found that the adplug library fails to verify the
+    size of the destination buffers in the unpacking instructions,
+    resulting in various possible heap and buffer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can entice a user to load a specially crafted media file,
+    resulting in a crash or possible execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Audacious users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/audacious-1.1.0"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/439432/30/0/threaded">BugTraq Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3581">CVE-2006-3581</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3582">CVE-2006-3582</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-12T17:07:27Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-16T10:46:17Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-17T16:55:12Z">
+    koon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-01.xml b/metadata/glsa/glsa-200608-01.xml
new file mode 100644
index 000000000000..a60de21feb87
--- /dev/null
+++ b/metadata/glsa/glsa-200608-01.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-01">
+  <title>Apache: Off-by-one flaw in mod_rewrite</title>
+  <synopsis>
+    A flaw in mod_rewrite could result in a Denial of Service or the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2006-08-01</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>141986</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="rge">1.3.34-r14</unaffected>
+      <unaffected range="rge">1.3.37</unaffected>
+      <unaffected range="ge">2.0.58-r2</unaffected>
+      <vulnerable range="lt">2.0.58-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    Internet. The Apache module mod_rewrite provides a rule-based engine to
+    rewrite requested URLs on the fly.
+    </p>
+  </background>
+  <description>
+    <p>
+    An off-by-one flaw has been found in Apache's mod_rewrite module by
+    Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on
+    the types of rewrite rules being used.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit the flaw to cause a Denial of Service
+    or execution of arbitrary code. Note that Gentoo Linux is not
+    vulnerable in the default configuration.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose www-servers/apache</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">CVE-2006-3747</uri>
+    <uri link="https://www.apache.org/dist/httpd/Announcement2.0.html">Apache HTTP Server 2.0 Announcement</uri>
+    <uri link="https://www.apache.org/dist/httpd/Announcement1.3.html">Apache HTTP Server 1.3 Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-28T11:10:33Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-28T12:10:22Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-29T21:48:21Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-02.xml b/metadata/glsa/glsa-200608-02.xml
new file mode 100644
index 000000000000..6a061657f76c
--- /dev/null
+++ b/metadata/glsa/glsa-200608-02.xml
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-02">
+  <title>Mozilla SeaMonkey: Multiple vulnerabilities</title>
+  <synopsis>
+    The Mozilla Foundation has reported numerous security vulnerabilities
+    related to Mozilla SeaMonkey.
+  </synopsis>
+  <product type="ebuild">SeaMonkey</product>
+  <announced>2006-08-03</announced>
+  <revised count="01">2006-08-03</revised>
+  <bug>141842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla SeaMonkey project is a community effort to deliver
+    production-quality releases of code derived from the application
+    formerly known as "Mozilla Application Suite".
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities have been reported:
+    </p>
+    <ul>
+    <li>Benjamin Smedberg discovered that chrome URL's could be made to
+    reference remote files.</li>
+    <li>Developers in the Mozilla community
+    looked for and fixed several crash bugs to improve the stability of
+    Mozilla clients, which could lead to the execution of arbitrary code by
+    a remote attacker.</li>
+    <li>"shutdown" reports that cross-site
+    scripting (XSS) attacks could be performed using the construct
+    XPCNativeWrapper(window).Function(...), which created a function that
+    appeared to belong to the window in question even after it had been
+    navigated to the target site.</li>
+    <li>"shutdown" reports that scripts
+    granting the UniversalBrowserRead privilege can leverage that into the
+    equivalent of the far more powerful UniversalXPConnect since they are
+    allowed to "read" into a privileged context.</li>
+    <li>"moz_bug_r_a4"
+    reports that A malicious Proxy AutoConfig (PAC) server could serve a
+    PAC script that can execute code with elevated privileges by setting
+    the required FindProxyForURL function to the eval method on a
+    privileged object that leaked into the PAC sandbox.</li>
+    <li>"moz_bug_r_a4" discovered that Named JavaScript functions have a
+    parent object created using the standard Object() constructor
+    (ECMA-specified behavior) and that this constructor can be redefined by
+    script (also ECMA-specified behavior).</li>
+    <li>Igor Bukanov and
+    shutdown found additional places where an untimely garbage collection
+    could delete a temporary object that was in active use.</li>
+    <li>Georgi
+    Guninski found potential integer overflow issues with long strings in
+    the toSource() methods of the Object, Array and String objects as well
+    as string function arguments.</li>
+    <li>H. D. Moore reported a testcase
+    that was able to trigger a race condition where JavaScript garbage
+    collection deleted a temporary variable still being used in the
+    creation of a new Function object.</li>
+    <li>A malicious page can hijack
+    native DOM methods on a document object in another domain, which will
+    run the attacker's script when called by the victim page.</li>
+    <li>Secunia Research has discovered a vulnerability which is caused due
+    to an memory corruption error within the handling of simultaneously
+    happening XPCOM events. This leads to use of a deleted timer
+    object.</li>
+    <li>An anonymous researcher for TippingPoint and the Zero
+    Day Initiative showed that when used in a web page Java would reference
+    properties of the window.navigator object as it started up.</li>
+    <li>Thilo Girmann discovered that in certain circumstances a JavaScript
+    reference to a frame or window was not properly cleared when the
+    referenced content went away.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A user can be enticed to open specially crafted URLs, visit webpages
+    containing malicious JavaScript or execute a specially crafted script.
+    These events could lead to the execution of arbitrary code, or the
+    installation of malware on the user's computer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113">CVE-2006-3113</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677">CVE-2006-3677</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801">CVE-2006-3801</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802">CVE-2006-3802</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803">CVE-2006-3803</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804">CVE-2006-3804</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805">CVE-2006-3805</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806">CVE-2006-3806</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807">CVE-2006-3807</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808">CVE-2006-3808</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809">CVE-2006-3809</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810">CVE-2006-3810</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811">CVE-2006-3811</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812">CVE-2006-3812</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-28T14:37:24Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-28T18:00:11Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-03T16:55:20Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-03.xml b/metadata/glsa/glsa-200608-03.xml
new file mode 100644
index 000000000000..d648c37ebe11
--- /dev/null
+++ b/metadata/glsa/glsa-200608-03.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-03">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    The Mozilla Foundation has reported numerous security vulnerabilities
+    related to Mozilla Firefox.
+  </synopsis>
+  <product type="ebuild">Firefox</product>
+  <announced>2006-08-03</announced>
+  <revised count="01">2006-08-03</revised>
+  <bug>141842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.5</unaffected>
+      <vulnerable range="lt">1.5.0.5</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.5</unaffected>
+      <vulnerable range="lt">1.5.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is a redesign of the Mozilla Navigator component. The
+    goal is to produce a cross-platform stand-alone browser application.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities have been reported:
+    </p>
+    <ul>
+    <li>Benjamin Smedberg discovered that chrome URL's could be made to
+    reference remote files.</li>
+    <li>Developers in the Mozilla community
+    looked for and fixed several crash bugs to improve the stability of
+    Mozilla clients.</li>
+    <li>"shutdown" reports that cross-site scripting
+    (XSS) attacks could be performed using the construct
+    XPCNativeWrapper(window).Function(...), which created a function that
+    appeared to belong to the window in question even after it had been
+    navigated to the target site.</li>
+    <li>"shutdown" reports that scripts
+    granting the UniversalBrowserRead privilege can leverage that into the
+    equivalent of the far more powerful UniversalXPConnect since they are
+    allowed to "read" into a privileged context.</li>
+    <li>"moz_bug_r_a4"
+    reports that A malicious Proxy AutoConfig (PAC) server could serve a
+    PAC script that can execute code with elevated privileges by setting
+    the required FindProxyForURL function to the eval method on a
+    privileged object that leaked into the PAC sandbox.</li>
+    <li>"moz_bug_r_a4" discovered that Named JavaScript functions have a
+    parent object created using the standard Object() constructor
+    (ECMA-specified behavior) and that this constructor can be redefined by
+    script (also ECMA-specified behavior).</li>
+    <li>Igor Bukanov and
+    shutdown found additional places where an untimely garbage collection
+    could delete a temporary object that was in active use.</li>
+    <li>Georgi
+    Guninski found potential integer overflow issues with long strings in
+    the toSource() methods of the Object, Array and String objects as well
+    as string function arguments.</li>
+    <li>H. D. Moore reported a testcase
+    that was able to trigger a race condition where JavaScript garbage
+    collection deleted a temporary variable still being used in the
+    creation of a new Function object.</li>
+    <li>A malicious page can hijack
+    native DOM methods on a document object in another domain, which will
+    run the attacker's script when called by the victim page.</li>
+    <li>Secunia Research has discovered a vulnerability which is caused due
+    to an memory corruption error within the handling of simultaneously
+    happening XPCOM events. This leads to use of a deleted timer
+    object.</li>
+    <li>An anonymous researcher for TippingPoint and the Zero
+    Day Initiative showed that when used in a web page Java would reference
+    properties of the window.navigator object as it started up.</li>
+    <li>Thilo Girmann discovered that in certain circumstances a JavaScript
+    reference to a frame or window was not properly cleared when the
+    referenced content went away.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A user can be enticed to open specially crafted URLs, visit webpages
+    containing malicious JavaScript or execute a specially crafted script.
+    These events could lead to the execution of arbitrary code, or the
+    installation of malware on the user's computer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.5.0.5"</code>
+    <p>
+    Users of the binary package should upgrade as well:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.5.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113">CVE-2006-3113</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677">CVE-2006-3677</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801">CVE-2006-3801</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802">CVE-2006-3802</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803">CVE-2006-3803</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805">CVE-2006-3805</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806">CVE-2006-3806</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807">CVE-2006-3807</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808">CVE-2006-3808</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809">CVE-2006-3809</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810">CVE-2006-3810</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811">CVE-2006-3811</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812">CVE-2006-3812</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-07-28T18:10:10Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-03T16:55:03Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-04.xml b/metadata/glsa/glsa-200608-04.xml
new file mode 100644
index 000000000000..0ab648f6d8d2
--- /dev/null
+++ b/metadata/glsa/glsa-200608-04.xml
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-04">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    The Mozilla Foundation has reported numerous security vulnerabilities
+    related to Mozilla Thunderbird.
+  </synopsis>
+  <product type="ebuild">Thunderbird</product>
+  <announced>2006-08-03</announced>
+  <revised count="01">2006-08-03</revised>
+  <bug>141842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.5</unaffected>
+      <vulnerable range="lt">1.5.0.5</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.5</unaffected>
+      <vulnerable range="lt">1.5.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail
+    component. The goal is to produce a cross-platform stand-alone mail
+    application using XUL (XML User Interface Language).
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities have been reported:
+    </p>
+    <ul>
+    <li>Benjamin Smedberg discovered that chrome URLss could be made to
+    reference remote files.</li>
+    <li>Developers in the Mozilla community
+    looked for and fixed several crash bugs to improve the stability of
+    Mozilla clients.</li>
+    <li>"shutdown" reports that cross-site scripting
+    (XSS) attacks could be performed using the construct
+    XPCNativeWrapper(window).Function(...), which created a function that
+    appeared to belong to the window in question even after it had been
+    navigated to the target site.</li>
+    <li>"shutdown" reports that scripts
+    granting the UniversalBrowserRead privilege can leverage that into the
+    equivalent of the far more powerful UniversalXPConnect since they are
+    allowed to "read" into a privileged context.</li>
+    <li>"moz_bug_r_a4"
+    discovered that Named JavaScript functions have a parent object created
+    using the standard Object() constructor (ECMA-specified behavior) and
+    that this constructor can be redefined by script (also ECMA-specified
+    behavior).</li>
+    <li>Igor Bukanov and shutdown found additional places
+    where an untimely garbage collection could delete a temporary object
+    that was in active use.</li>
+    <li>Georgi Guninski found potential
+    integer overflow issues with long strings in the toSource() methods of
+    the Object, Array and String objects as well as string function
+    arguments.</li>
+    <li>H. D. Moore reported a testcase that was able to
+    trigger a race condition where JavaScript garbage collection deleted a
+    temporary variable still being used in the creation of a new Function
+    object.</li>
+    <li>A malicious page can hijack native DOM methods on a
+    document object in another domain, which will run the attacker's script
+    when called by the victim page.</li>
+    <li>Secunia Research has
+    discovered a vulnerability which is caused due to an memory corruption
+    error within the handling of simultaneously happening XPCOM events.
+    This leads to use of a deleted timer object.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A user can be enticed to open specially crafted URLs, visit webpages
+    containing malicious JavaScript or execute a specially crafted script.
+    These events could lead to the execution of arbitrary code, or the
+    installation of malware on the user's computer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.5.0.5"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.5.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113">CVE-2006-3113</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802">CVE-2006-3802</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803">CVE-2006-3803</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804">CVE-2006-3804</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805">CVE-2006-3805</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806">CVE-2006-3806</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807">CVE-2006-3807</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809">CVE-2006-3809</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810">CVE-2006-3810</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811">CVE-2006-3811</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812">CVE-2006-3812</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-28T14:37:07Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-28T18:08:55Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-03T16:54:43Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-05.xml b/metadata/glsa/glsa-200608-05.xml
new file mode 100644
index 000000000000..b6406fc1bd2d
--- /dev/null
+++ b/metadata/glsa/glsa-200608-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-05">
+  <title>LibVNCServer: Authentication bypass</title>
+  <synopsis>
+    VNC servers created with LibVNCServer accept insecure protocol types, even
+    when the server does not offer it, resulting in unauthorized access to the
+    server.
+  </synopsis>
+  <product type="ebuild">libvncserver</product>
+  <announced>2006-08-04</announced>
+  <revised count="01">2006-08-04</revised>
+  <bug>136916</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libvncserver" auto="yes" arch="*">
+      <unaffected range="ge">0.8.2</unaffected>
+      <vulnerable range="lt">0.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LibVNCServer is a GPL'ed library for creating VNC servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    LibVNCServer fails to properly validate protocol types effectively
+    letting users decide what protocol to use, such as "Type 1 - None".
+    LibVNCServer will accept this security type, even if it is not offered
+    by the server.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could use this vulnerability to gain unauthorized access
+    with the privileges of the user running the VNC server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LibVNCServer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/libvncserver-0.8.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450">CVE-2006-2450</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-07-29T16:47:24Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-07-29T16:50:23Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-07-31T01:51:07Z">
+    hlieberman
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-06.xml b/metadata/glsa/glsa-200608-06.xml
new file mode 100644
index 000000000000..d91d1447931f
--- /dev/null
+++ b/metadata/glsa/glsa-200608-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-06">
+  <title>Courier MTA: Denial of Service vulnerability</title>
+  <synopsis>
+    Courier MTA has fixed a DoS issue related to usernames containing a "="
+    character.
+  </synopsis>
+  <product type="ebuild">Courier</product>
+  <announced>2006-08-04</announced>
+  <revised count="01">2006-08-04</revised>
+  <bug>135005</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/courier" auto="yes" arch="*">
+      <unaffected range="ge">0.53.2</unaffected>
+      <vulnerable range="lt">0.53.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Courier MTA is an integrated mail and groupware server based on open
+    protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Courier MTA has fixed a security issue relating to usernames containing
+    the "=" character, causing high CPU utilization.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability by sending a specially
+    crafted email to a mail gateway running a vulnerable version of Courier
+    MTA.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Courier MTA users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/courier-0.53.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2659">CVE-2006-2659</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-02T13:22:29Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-02T13:22:37Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-02T13:39:08Z">
+    dizzutch
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-07.xml b/metadata/glsa/glsa-200608-07.xml
new file mode 100644
index 000000000000..54970a0ccc62
--- /dev/null
+++ b/metadata/glsa/glsa-200608-07.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-07">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>
+    libTIFF contains several vulnerabilities that could result in arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2006-08-04</announced>
+  <revised count="01">2006-08-04</revised>
+  <bug>142383</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">3.8.2-r2</unaffected>
+      <vulnerable range="lt">3.8.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libTIFF provides support for reading and manipulating TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team discovered several heap and
+    stack buffer overflows and other flaws in libTIFF. The affected parts
+    include the TIFFFetchShortPair(), TIFFScanLineSize() and
+    EstimateStripByteCounts() functions, and the PixarLog and NeXT RLE
+    decoders.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted TIFF
+    file, resulting in the possible execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libTIFF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.8.2-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459">CVE-2006-3459</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460">CVE-2006-3460</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461">CVE-2006-3461</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462">CVE-2006-3462</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463">CVE-2006-3463</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464">CVE-2006-3464</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465">CVE-2006-3465</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-08-03T11:25:07Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-04T09:34:08Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-08.xml b/metadata/glsa/glsa-200608-08.xml
new file mode 100644
index 000000000000..fa592cdd8224
--- /dev/null
+++ b/metadata/glsa/glsa-200608-08.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-08">
+  <title>GnuPG: Integer overflow vulnerability</title>
+  <synopsis>
+    GnuPG is vulnerable to an integer overflow that could lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gnupg</product>
+  <announced>2006-08-05</announced>
+  <revised count="02">2006-08-08</revised>
+  <bug>142248</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">1.4.5</unaffected>
+      <vulnerable range="lt">1.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite
+    of cryptographic software.
+    </p>
+  </background>
+  <description>
+    <p>
+    Evgeny Legerov discovered a vulnerability in GnuPG that when certain
+    packets are handled an integer overflow may occur.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a specially crafted email to a user running an affected
+    version of GnuPG, a remote attacker could possibly execute arbitrary
+    code with the permissions of the user running GnuPG.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuPG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746">CVE-2006-3746</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-02T13:24:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-02T13:48:08Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-05T11:09:20Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-09.xml b/metadata/glsa/glsa-200608-09.xml
new file mode 100644
index 000000000000..85072294a7e0
--- /dev/null
+++ b/metadata/glsa/glsa-200608-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-09">
+  <title>MySQL: Denial of service</title>
+  <synopsis>
+    An authenticated user can crash MySQL through invalid parameters to the
+    date_format function.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2006-08-06</announced>
+  <revised count="02">2006-08-07</revised>
+  <bug>142429</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">4.1.21</unaffected>
+      <unaffected range="lt">4.1.0</unaffected>
+      <vulnerable range="lt">4.1.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular multi-threaded, multi-user SQL server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jean-David Maillefer discovered a format string vulnerability in
+    time.cc where MySQL fails to properly handle specially formatted user
+    input to the date_format function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By specifying a format string as the first parameter to the date_format
+    function, an authenticated attacker could cause MySQL to crash,
+    resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --verbose --oneshot "&gt;=dev-db/mysql-4.1.21"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469">CVE-2006-3469</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-06T17:22:07Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-06T17:22:38Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-06T18:32:52Z">
+    hlieberman
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-10.xml b/metadata/glsa/glsa-200608-10.xml
new file mode 100644
index 000000000000..e3c9dc2d802b
--- /dev/null
+++ b/metadata/glsa/glsa-200608-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-10">
+  <title>pike: SQL injection vulnerability</title>
+  <synopsis>
+    A flaw in the input handling could lead to the execution of arbitrary SQL
+    statements in the underlying PostgreSQL database.
+  </synopsis>
+  <product type="ebuild">pike</product>
+  <announced>2006-08-06</announced>
+  <revised count="02">2006-12-13</revised>
+  <bug>136065</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/pike" auto="yes" arch="*">
+      <unaffected range="ge">7.6.86</unaffected>
+      <vulnerable range="lt">7.6.86</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pike is a general purpose programming language, able to be used for
+    multiple tasks.
+    </p>
+  </background>
+  <description>
+    <p>
+    Some input is not properly sanitised before being used in a SQL
+    statement in the underlying PostgreSQL database.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could provide malicious input to a pike program,
+    which might result in the execution of arbitrary SQL statements.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pike users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/pike-7.6.86"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/20494/">Secunia Advisory SA20494</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4041">CVE-2006-4041</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-05T16:54:41Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-05T16:55:04Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-05T17:42:54Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-11.xml b/metadata/glsa/glsa-200608-11.xml
new file mode 100644
index 000000000000..04bedb746823
--- /dev/null
+++ b/metadata/glsa/glsa-200608-11.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-11">
+  <title>Webmin, Usermin: File Disclosure</title>
+  <synopsis>
+    Webmin and Usermin are vulnerable to an arbitrary file disclosure through a
+    specially crafted URL.
+  </synopsis>
+  <product type="ebuild">webmin/usermin</product>
+  <announced>2006-08-06</announced>
+  <revised count="01">2006-08-06</revised>
+  <bug>138552</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/webmin" auto="yes" arch="*">
+      <unaffected range="ge">1.290</unaffected>
+      <vulnerable range="lt">1.290</vulnerable>
+    </package>
+    <package name="app-admin/usermin" auto="yes" arch="*">
+      <unaffected range="ge">1.220</unaffected>
+      <vulnerable range="lt">1.220</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Webmin is a web-based interface for Unix-like systems. Usermin is a
+    simplified version of Webmin designed for use by normal users rather
+    than system administrators.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability in both Webmin and Usermin has been discovered by Kenny
+    Chen, wherein simplify_path is called before the HTML is decoded.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A non-authenticated user can read any file on the server using a
+    specially crafted URL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    For a temporary workaround, IP Access Control can be setup on Webmin
+    and Usermin.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Webmin users should update to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --verbose --oneshot "&gt;=app-admin/webmin-1.290"</code>
+    <p>
+    All Usermin users should update to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --verbose --oneshot "&gt;=app-admin/usermin-1.220"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3392">CVE-2006-3392</uri>
+  </references>
+  <metadata tag="">
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-06T17:23:21Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-06T18:24:45Z">
+    hlieberman
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-12.xml b/metadata/glsa/glsa-200608-12.xml
new file mode 100644
index 000000000000..9cd2069f9216
--- /dev/null
+++ b/metadata/glsa/glsa-200608-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-12">
+  <title>x11vnc: Authentication bypass in included LibVNCServer code</title>
+  <synopsis>
+    VNC servers created with x11vnc accept insecure protocol types, even when
+    the server does not offer it, resulting in the possibility of unauthorized
+    access to the server.
+  </synopsis>
+  <product type="ebuild">x11vnc</product>
+  <announced>2006-08-07</announced>
+  <revised count="01">2006-08-07</revised>
+  <bug>142559</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-misc/x11vnc" auto="yes" arch="*">
+      <unaffected range="ge">0.8.1</unaffected>
+      <vulnerable range="lt">0.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    x11vnc provides VNC servers for X displays.
+    </p>
+  </background>
+  <description>
+    <p>
+    x11vnc includes vulnerable LibVNCServer code, which fails to properly
+    validate protocol types effectively letting users decide what protocol
+    to use, such as "Type 1 - None" (GLSA-200608-05). x11vnc will accept
+    this security type, even if it is not offered by the server.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this vulnerability to gain unauthorized
+    access with the privileges of the user running the VNC server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All x11vnc users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-misc/x11vnc-0.8.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450">CVE-2006-2450</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200608-05.xml">GLSA-200608-05</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-05T07:18:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-05T16:44:29Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-05T17:17:11Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-13.xml b/metadata/glsa/glsa-200608-13.xml
new file mode 100644
index 000000000000..cd6e5def3dfa
--- /dev/null
+++ b/metadata/glsa/glsa-200608-13.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-13">
+  <title>ClamAV: Heap buffer overflow</title>
+  <synopsis>
+    ClamAV is vulnerable to a heap-based buffer overflow resulting in a Denial
+    of Service and potentially remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2006-08-08</announced>
+  <revised count="02">2006-08-08</revised>
+  <bug>143093</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.88.4</unaffected>
+      <vulnerable range="lt">0.88.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    Damian Put has discovered a boundary error in the pefromupx() function
+    used by the UPX extraction module, which unpacks PE Windows executable
+    files. Both the "clamscan" command-line utility and the "clamd" daemon
+    are affected.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a malicious attachment to a mail server running ClamAV, a
+    remote attacker can cause a Denial of Service and potentially the
+    execution of arbitrary code with the permissions of the user running
+    ClamAV.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.88.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.clamav.net/security/0.88.4.html">ClamAV security advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018">CVE-2006-4018</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-08-08T07:45:00Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-08T09:57:22Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-14.xml b/metadata/glsa/glsa-200608-14.xml
new file mode 100644
index 000000000000..d774fb8fdebe
--- /dev/null
+++ b/metadata/glsa/glsa-200608-14.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-14">
+  <title>DUMB: Heap buffer overflow</title>
+  <synopsis>
+    A heap-based buffer overflow in DUMB could result in the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">dumb</product>
+  <announced>2006-08-08</announced>
+  <revised count="01">2006-08-08</revised>
+  <bug>142387</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/dumb" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3-r1</unaffected>
+      <vulnerable range="lt">0.9.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DUMB (Dynamic Universal Music Bibliotheque) is an IT, XM, S3M and MOD
+    player library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma found a heap-based buffer overflow in the
+    it_read_envelope function which reads the envelope values for volume,
+    pan and pitch of the instruments referenced in a ".it" (Impulse
+    Tracker) file with a large number of nodes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to load a malicious ".it" (Impulse Tracker) file, an
+    attacker may execute arbitrary code with the rights of the user running
+    the application that uses a vulnerable DUMB library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of DUMB should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/dumb-0.9.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3668">CVE-2006-3668</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-05T16:58:21Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-05T17:55:25Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-08T09:58:20Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-15.xml b/metadata/glsa/glsa-200608-15.xml
new file mode 100644
index 000000000000..1f1ce9d0279b
--- /dev/null
+++ b/metadata/glsa/glsa-200608-15.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-15">
+  <title>MIT Kerberos 5: Multiple local privilege escalation vulnerabilities</title>
+  <synopsis>
+    Some applications shipped with MIT Kerberos 5 are vulnerable to local
+    privilege escalation.
+  </synopsis>
+  <product type="ebuild">MIT Kerberos 5</product>
+  <announced>2006-08-10</announced>
+  <revised count="01">2006-08-10</revised>
+  <bug>143240</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3-r3</unaffected>
+      <vulnerable range="lt">1.4.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT Kerberos 5 is a suite of applications that implement the Kerberos
+    network protocol. It is designed to provide strong authentication for
+    client/server applications by using secret-key cryptography.
+    </p>
+  </background>
+  <description>
+    <p>
+    Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked
+    calls to seteuid() in kftpd and in ksu, have been found in the MIT
+    Kerberos 5 program suite and may lead to a local root privilege
+    escalation.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could exploit this vulnerability to execute arbitrary
+    code with elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT Kerberos 5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.4.3-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083">CVE-2006-3083</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084">CVE-2006-3084</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-09T18:31:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-09T20:23:17Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-10T14:34:58Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-16.xml b/metadata/glsa/glsa-200608-16.xml
new file mode 100644
index 000000000000..1026578764b2
--- /dev/null
+++ b/metadata/glsa/glsa-200608-16.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-16">
+  <title>Warzone 2100 Resurrection: Multiple buffer overflows</title>
+  <synopsis>
+    Warzone 2100 Resurrection server and client are vulnerable to separate
+    buffer overflows, potentially allowing remote code execution.
+  </synopsis>
+  <product type="ebuild">warzone2100</product>
+  <announced>2006-08-10</announced>
+  <revised count="02">2006-09-04</revised>
+  <bug>142389</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-strategy/warzone2100" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4</unaffected>
+      <vulnerable range="le">2.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Warzone 2100 Resurrection is a real-time strategy game, developed by
+    Pumpkin Studios and published by Eidos Interactive.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma discovered two buffer overflow vulnerabilities in
+    Warzone 2100 Resurrection. The recvTextMessage function of the Warzone
+    2100 Resurrection server and the NETrecvFile function of the client use
+    insufficiently sized buffers.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending
+    specially crafted input to the server, or enticing a user to load a
+    specially crafted file from a malicious server. This may result in the
+    execution of arbitrary code with the permissions of the user running
+    Warzone 2100 Resurrection.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround for this issue.
+    </p>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Warzone 2100 Resurrection users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-strategy/warzone2100-2.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3849">CVE-2006-3849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-07T07:47:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-07T07:48:19Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-07T12:17:00Z">
+    dizzutch
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-17.xml b/metadata/glsa/glsa-200608-17.xml
new file mode 100644
index 000000000000..6c4f4ceb9229
--- /dev/null
+++ b/metadata/glsa/glsa-200608-17.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-17">
+  <title>libwmf: Buffer overflow vulnerability</title>
+  <synopsis>
+    libwmf is vulnerable to an integer overflow potentially resulting in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libwmf</product>
+  <announced>2006-08-10</announced>
+  <revised count="01">2006-08-10</revised>
+  <bug>139325</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libwmf" auto="yes" arch="*">
+      <unaffected range="ge">0.2.8.4</unaffected>
+      <vulnerable range="lt">0.2.8.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libwmf is a library for reading and converting vector images in
+    Microsoft's native Windows Metafile Format (WMF).
+    </p>
+  </background>
+  <description>
+    <p>
+    infamous41md discovered that libwmf fails to do proper bounds checking
+    on the MaxRecordSize variable in the WMF file header. This could lead
+    to an head-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted WMF file, a remote
+    attacker could cause a heap-based buffer overflow and execute arbitrary
+    code with the permissions of the user running the application that uses
+    libwmf.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround for this issue.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libwmf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libwmf-0.2.8.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376">CVE-2006-3376</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-07T08:01:55Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-07T12:39:07Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-08T11:33:41Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-18.xml b/metadata/glsa/glsa-200608-18.xml
new file mode 100644
index 000000000000..1de32877dd8f
--- /dev/null
+++ b/metadata/glsa/glsa-200608-18.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-18">
+  <title>Net::Server: Format string vulnerability</title>
+  <synopsis>
+    A format string vulnerability has been reported in Net::Server which can be
+    exploited to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">net-server</product>
+  <announced>2006-08-10</announced>
+  <revised count="01">2006-08-10</revised>
+  <bug>142386</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/net-server" auto="yes" arch="*">
+      <unaffected range="ge">0.88</unaffected>
+      <vulnerable range="lt">0.88</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Net::Server is an extensible, generic Perl server engine. It is used by
+    several Perl applications like Postgrey.
+    </p>
+  </background>
+  <description>
+    <p>
+    The log function of Net::Server does not handle format string
+    specifiers properly before they are sent to syslog.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted datastream to an application using
+    Net::Server, an attacker could cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Net::Server should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-perl/net-server-0.88"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1127">CVE-2005-1127</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-07T08:06:01Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-07T12:30:18Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-08T10:05:21Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-19.xml b/metadata/glsa/glsa-200608-19.xml
new file mode 100644
index 000000000000..55cb5d90bd90
--- /dev/null
+++ b/metadata/glsa/glsa-200608-19.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-19">
+  <title>WordPress: Privilege escalation</title>
+  <synopsis>
+    A flaw in WordPress allows registered WordPress users to elevate
+    privileges.
+  </synopsis>
+  <product type="ebuild">wordpress</product>
+  <announced>2006-08-10</announced>
+  <revised count="02">2006-12-13</revised>
+  <bug>142142</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4</unaffected>
+      <vulnerable range="lt">2.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a PHP and MySQL based multiuser blogging system.
+    </p>
+  </background>
+  <description>
+    <p>
+    The WordPress developers have confirmed a vulnerability in capability
+    checking for plugins.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By exploiting a flaw, a user can circumvent WordPress access
+    restrictions when using plugins. The actual impact depends on the
+    configuration of WordPress and may range from trivial to critical,
+    possibly even the execution of arbitrary PHP code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WordPress users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-2.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3389">CVE-2006-3389</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3390">CVE-2006-3390</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4028">CVE-2006-4028</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-07T16:38:11Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-08T02:48:29Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-08T13:15:28Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-20.xml b/metadata/glsa/glsa-200608-20.xml
new file mode 100644
index 000000000000..5d7c5baf9479
--- /dev/null
+++ b/metadata/glsa/glsa-200608-20.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-20">
+  <title>Ruby on Rails: Several vulnerabilities</title>
+  <synopsis>
+    Ruby on Rails has some weaknesses potentially allowing a Denial of Service
+    and maybe the remote execution of arbitrary Ruby scripts.
+  </synopsis>
+  <product type="ebuild">rails</product>
+  <announced>2006-08-14</announced>
+  <revised count="02">2006-12-13</revised>
+  <bug>143369</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/rails" auto="yes" arch="*">
+      <unaffected range="ge">1.1.6</unaffected>
+      <vulnerable range="lt">1.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby on Rails is an open-source web framework.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Ruby on Rails developers have corrected some weaknesses in
+    action_controller/, relative to the handling of the user input and the
+    LOAD_PATH variable. A remote attacker could inject arbitrary entries
+    into the LOAD_PATH variable and alter the main Ruby on Rails process.
+    The security hole has only been partly solved in version 1.1.5. Version
+    1.1.6 now fully corrects it.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker that would exploit these weaknesses might cause a
+    Denial of Service of the web framework and maybe inject arbitrary Ruby
+    scripts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby on Rails users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rails-1.1.6"</code>
+  </resolution>
+  <references>
+    <uri link="http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits">Ruby on Rails original advisory (1.1.5)</uri>
+    <uri link="http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure">Ruby on Rails update  (1.1.6)</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111">CVE-2006-4111</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112">CVE-2006-4112</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-10T07:34:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-10T14:54:45Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-10T21:05:59Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-21.xml b/metadata/glsa/glsa-200608-21.xml
new file mode 100644
index 000000000000..6de472e046dd
--- /dev/null
+++ b/metadata/glsa/glsa-200608-21.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-21">
+  <title>Heimdal: Multiple local privilege escalation vulnerabilities</title>
+  <synopsis>
+    Certain Heimdal components, ftpd and rcp, are vulnerable to a local
+    privilege escalation.
+  </synopsis>
+  <product type="ebuild">Heimdal</product>
+  <announced>2006-08-23</announced>
+  <revised count="01">2006-08-23</revised>
+  <bug>143371</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-crypt/heimdal" auto="yes" arch="*">
+      <unaffected range="ge">0.7.2-r3</unaffected>
+      <vulnerable range="lt">0.7.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heimdal is a free implementation of Kerberos 5.
+    </p>
+  </background>
+  <description>
+    <p>
+    The ftpd and rcp applications provided by Heimdal fail to check the
+    return value of calls to seteuid().
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could exploit this vulnerability to execute arbitrary
+    code with elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Heimdal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/heimdal-0.7.2-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.pdc.kth.se/heimdal/advisory/2006-08-08/">Official advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083">CVE-2006-3083</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084">CVE-2006-3084</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-12T15:34:55Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-13T22:34:21Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-14T15:19:23Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-22.xml b/metadata/glsa/glsa-200608-22.xml
new file mode 100644
index 000000000000..8401a1a7f393
--- /dev/null
+++ b/metadata/glsa/glsa-200608-22.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-22">
+  <title>fbida: Arbitrary command execution</title>
+  <synopsis>
+    The fbgs script provided by fbida allows the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">fbida</product>
+  <announced>2006-08-23</announced>
+  <revised count="01">2006-08-23</revised>
+  <bug>141684</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/fbida" auto="yes" arch="*">
+      <unaffected range="ge">2.03-r4</unaffected>
+      <vulnerable range="lt">2.03-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    fbida is a collection of image viewers and editors for the framebuffer
+    console and X11. fbgs is a PostScript and PDF viewer for the linux
+    framebuffer console.
+    </p>
+  </background>
+  <description>
+    <p>
+    Toth Andras has discovered a typographic mistake in the "fbgs" script,
+    shipped with fbida if the "fbcon" and "pdf" USE flags are both enabled.
+    This script runs "gs" without the -dSAFER option, thus allowing a
+    PostScript file to execute, delete or create any kind of file on the
+    system.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can entice a vulnerable user to view a malicious
+    PostScript or PDF file with fbgs, which may result with the execution
+    of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All fbida users with the "fbcon" and "pdf" USE flags both enabled
+    should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/fbida-2.03-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3119">CVE-2006-3119</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-19T16:25:22Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-21T14:00:00Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-23T14:19:22Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-23.xml b/metadata/glsa/glsa-200608-23.xml
new file mode 100644
index 000000000000..2fc97981e5fa
--- /dev/null
+++ b/metadata/glsa/glsa-200608-23.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-23">
+  <title>Heartbeat: Denial of service</title>
+  <synopsis>
+    Heartbeat is vulnerable to a Denial of Service which can be triggered by a
+    remote attacker without authentication.
+  </synopsis>
+  <product type="ebuild">heartbeat</product>
+  <announced>2006-08-24</announced>
+  <revised count="02">2006-09-22</revised>
+  <bug>141894</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-cluster/heartbeat" auto="yes" arch="*">
+      <unaffected range="ge">2.0.7</unaffected>
+      <unaffected range="rge">1.2.5</unaffected>
+      <vulnerable range="lt">2.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Heartbeat is a component of the High-Availability Linux project. It is
+    used to perform death-of-node detection, communications and cluster
+    management.
+    </p>
+  </background>
+  <description>
+    <p>
+    Yan Rong Ge discovered that the peel_netstring() function in
+    cl_netstring.c does not validate the "length" parameter of user input,
+    which can lead to an out-of-bounds memory access when processing
+    certain Heartbeat messages (CVE-2006-3121). Furthermore an unspecified
+    local DoS issue was fixed (CVE-2006-3815).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a malicious UDP Heartbeat message, even before
+    authentication, a remote attacker can crash the master control process
+    of the cluster.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Heartbeat users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose sys-cluster/heartbeat</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3121">CVE-2006-3121</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3815">CVE-2006-3815</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-19T16:22:39Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-21T14:22:38Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-23T14:19:23Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-24.xml b/metadata/glsa/glsa-200608-24.xml
new file mode 100644
index 000000000000..0f22b8f66246
--- /dev/null
+++ b/metadata/glsa/glsa-200608-24.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-24">
+  <title>AlsaPlayer: Multiple buffer overflows</title>
+  <synopsis>
+    AlsaPlayer is vulnerable to multiple buffer overflows which could lead to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">AlsaPlayer</product>
+  <announced>2006-08-26</announced>
+  <revised count="01">2006-08-26</revised>
+  <bug>143402</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/alsaplayer" auto="yes" arch="*">
+      <vulnerable range="le">0.99.76-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    AlsaPlayer is a heavily multithreaded PCM player that tries to utilize
+    ALSA utilities and drivers. As of June 2004, the project is inactive.
+    </p>
+  </background>
+  <description>
+    <p>
+    AlsaPlayer contains three buffer overflows: in the function that
+    handles the HTTP connections, the GTK interface, and the CDDB querying
+    mechanism.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit the first vulnerability by enticing a user to
+    load a malicious URL resulting in the execution of arbitrary code with
+    the permissions of the user running AlsaPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    AlsaPlayer has been masked in Portage pending the resolution of these
+    issues. AlsaPlayer users are advised to uninstall the package until
+    further notice:
+    </p>
+    <code>
+    # emerge --ask --unmerge "media-sound/alsaplayer"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4089">CVE-2006-4089</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-18T15:04:43Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-18T21:34:55Z">
+    hlieberman
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-18T21:40:51Z">
+    hlieberman
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-25.xml b/metadata/glsa/glsa-200608-25.xml
new file mode 100644
index 000000000000..c55cf93497f5
--- /dev/null
+++ b/metadata/glsa/glsa-200608-25.xml
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-25">
+  <title>X.org and some X.org libraries: Local privilege escalations</title>
+  <synopsis>
+    X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable
+    to local privilege escalations because of unchecked setuid() calls.
+  </synopsis>
+  <product type="ebuild">xorg-x11,xorg-server,xtrans,xload,xinit,xterm,xf86dga,xdm,libX11</product>
+  <announced>2006-08-28</announced>
+  <revised count="02">2006-12-13</revised>
+  <bug>135974</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-apps/xdm" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4-r1</unaffected>
+      <vulnerable range="lt">1.0.4-r1</vulnerable>
+    </package>
+    <package name="x11-apps/xinit" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2-r6</unaffected>
+      <vulnerable range="lt">1.0.2-r6</vulnerable>
+    </package>
+    <package name="x11-apps/xload" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1-r1</unaffected>
+      <vulnerable range="lt">1.0.1-r1</vulnerable>
+    </package>
+    <package name="x11-apps/xf86dga" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1-r1</unaffected>
+      <vulnerable range="lt">1.0.1-r1</vulnerable>
+    </package>
+    <package name="x11-base/xorg-x11" auto="yes" arch="*">
+      <unaffected range="rge">6.8.2-r8</unaffected>
+      <unaffected range="ge">6.9.0-r2</unaffected>
+      <vulnerable range="lt">6.9.0-r2</vulnerable>
+    </package>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="rge">1.0.2-r6</unaffected>
+      <unaffected range="ge">1.1.0-r1</unaffected>
+      <vulnerable range="lt">1.1.0-r1</vulnerable>
+    </package>
+    <package name="x11-libs/libx11" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1-r1</unaffected>
+      <vulnerable range="lt">1.0.1-r1</vulnerable>
+    </package>
+    <package name="x11-libs/xtrans" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0-r1</unaffected>
+      <vulnerable range="lt">1.0.0-r1</vulnerable>
+    </package>
+    <package name="x11-terms/xterm" auto="yes" arch="*">
+      <unaffected range="ge">215</unaffected>
+      <vulnerable range="lt">215</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-xlibs" auto="yes" arch="amd64">
+      <unaffected range="ge">7.0-r2</unaffected>
+      <vulnerable range="lt">7.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    X.org is an implementation of the X Window System.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several X.org libraries and X.org itself contain system calls to
+    set*uid() functions, without checking their result.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Local users could deliberately exceed their assigned resource limits
+    and elevate their privileges after an unsuccessful set*uid() system
+    call. This requires resource limits to be enabled on the machine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.Org xdm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-apps/xdm-1.0.4-r1"</code>
+    <p>
+    All X.Org xinit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-apps/xinit-1.0.2-r6"</code>
+    <p>
+    All X.Org xload users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-apps/xload-1.0.1-r1"</code>
+    <p>
+    All X.Org xf86dga users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-apps/xf86dga-1.0.1-r1"</code>
+    <p>
+    All X.Org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-x11-6.9.0-r2"</code>
+    <p>
+    All X.Org X servers users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.1.0-r1"</code>
+    <p>
+    All X.Org X11 library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/libx11-1.0.1-r1"</code>
+    <p>
+    All X.Org xtrans library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/xtrans-1.0.1-r1"</code>
+    <p>
+    All xterm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/xterm-215"</code>
+    <p>
+    All users of the X11R6 libraries for emulation of 32bit x86 on amd64
+    should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-xlibs-7.0-r2"</code>
+    <p>
+    Please note that the fixed packages have been available for most
+    architectures since June 30th but the GLSA release was held up waiting
+    for the remaining architectures.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://lists.freedesktop.org/archives/xorg/2006-June/016146.html">X.Org security advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447">CVE-2006-4447</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-16T08:09:58Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-21T15:45:11Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-23T20:02:52Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-26.xml b/metadata/glsa/glsa-200608-26.xml
new file mode 100644
index 000000000000..3d604a70a73f
--- /dev/null
+++ b/metadata/glsa/glsa-200608-26.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-26">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>
+    Wireshark is vulnerable to several security issues that may lead to a
+    Denial of Service and/or the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2006-08-29</announced>
+  <revised count="01">2006-08-29</revised>
+  <bug>144946</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">0.99.3</unaffected>
+      <vulnerable range="lt">0.99.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a feature-rich network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities have been discovered in Wireshark.
+    Firstly, if the IPsec ESP parser is used it is susceptible to
+    off-by-one errors, this parser is disabled by default; secondly, the
+    SCSI dissector is vulnerable to an unspecified crash; and finally, the
+    Q.2931 dissector of the SSCOP payload may use all the available memory
+    if a port range is configured. By default, no port ranges are
+    configured.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker might be able to exploit these vulnerabilities, resulting
+    in a crash or the execution of arbitrary code with the permissions of
+    the user running Wireshark, possibly the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the SCSI and Q.2931 dissectors with the "Analyse" and "Enabled
+    protocols" menus. Make sure the ESP decryption is disabled, with the
+    "Edit -&gt; Preferences -&gt; Protocols -&gt; ESP" menu.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-0.99.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4330">CVE-2006-4330</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4331">CVE-2006-4331</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4332">CVE-2006-4332</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4333">CVE-2006-4333</uri>
+    <uri link="https://www.wireshark.org/security/wnpa-sec-2006-02.html">Wireshark official advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-25T07:36:40Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-26T14:34:42Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-26T14:55:04Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-27.xml b/metadata/glsa/glsa-200608-27.xml
new file mode 100644
index 000000000000..c4b1e5edb59e
--- /dev/null
+++ b/metadata/glsa/glsa-200608-27.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-27">
+  <title>Motor: Execution of arbitrary code</title>
+  <synopsis>
+    Motor uses a vulnerable ktools library, which could lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">motor</product>
+  <announced>2006-08-29</announced>
+  <revised count="01">2006-08-29</revised>
+  <bug>135020</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/motor" auto="yes" arch="*">
+      <unaffected range="rge">3.3.0-r1</unaffected>
+      <unaffected range="ge">3.4.0-r1</unaffected>
+      <vulnerable range="lt">3.4.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Motor is a text mode based programming environment for Linux, with a
+    syntax highlighting feature, project manager, makefile generator, gcc
+    and gdb front-end, and CVS integration.
+    </p>
+  </background>
+  <description>
+    <p>
+    In November 2005, Zone-H Research reported a boundary error in the
+    ktools library in the VGETSTRING() macro of kkstrtext.h, which may
+    cause a buffer overflow via an overly long input string.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to use a malicious file or input,
+    which could lead to the crash of Motor and possibly the execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Motor 3.3.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/motor-3.3.0-r1"</code>
+    <p>
+    All motor 3.4.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/motor-3.4.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3863">CVE-2005-3863</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-23T15:20:34Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-26T14:27:17Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-26T15:28:41Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200608-28.xml b/metadata/glsa/glsa-200608-28.xml
new file mode 100644
index 000000000000..50401bf89410
--- /dev/null
+++ b/metadata/glsa/glsa-200608-28.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200608-28">
+  <title>PHP: Arbitary code execution</title>
+  <synopsis>
+    PHP contains a function that, when used, could allow a remote attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2006-08-29</announced>
+  <revised count="05">2008-03-29</revised>
+  <bug>143126</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="rge">4.4.3-r1</unaffected>
+      <unaffected range="rge">4.4.4-r4</unaffected>
+      <unaffected range="rge">4.4.6</unaffected>
+      <unaffected range="rge">4.4.7</unaffected>
+      <unaffected range="rge">4.4.8_pre20070816</unaffected>
+      <unaffected range="ge">5.1.4-r6</unaffected>
+      <vulnerable range="lt">5.1.4-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    The sscanf() PHP function contains an array boundary error that can be
+    exploited to dereference a null pointer. This can possibly allow the
+    bypass of the safe mode protection by executing arbitrary code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might be able to exploit this vulnerability in PHP
+    applications making use of the sscanf() function, potentially resulting
+    in the execution of arbitrary code or the execution of scripted
+    contents in the context of the affected site.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP 4.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-4.4.3-r1"</code>
+    <p>
+    All PHP 5.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.1.4-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020">CVE-2006-4020</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-23T20:16:18Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-08-26T14:28:36Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-08-26T15:12:31Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-01.xml b/metadata/glsa/glsa-200609-01.xml
new file mode 100644
index 000000000000..83fc8dfd5948
--- /dev/null
+++ b/metadata/glsa/glsa-200609-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-01">
+  <title>Streamripper: Multiple remote buffer overflows</title>
+  <synopsis>
+    Streamripper is vulnerable to multiple remote buffer overflows, leading to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">streamripper</product>
+  <announced>2006-09-06</announced>
+  <revised count="01">2006-09-06</revised>
+  <bug>144861</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/streamripper" auto="yes" arch="*">
+      <unaffected range="ge">1.61.26</unaffected>
+      <vulnerable range="lt">1.61.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Streamripper extracts and records individual MP3 file tracks from
+    SHOUTcast streams.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar, from the Debian Security Audit Project, has found that
+    Streamripper is vulnerable to multiple stack based buffer overflows
+    caused by improper bounds checking when processing malformed HTTP
+    headers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to connect to a malicious server, an attacker could
+    execute arbitrary code with the permissions of the user running
+    Streamripper
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Streamripper users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/streamripper-1.61.26"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3124">CVE-2006-3124</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-04T14:37:38Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-04T18:11:08Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-05T19:33:58Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-02.xml b/metadata/glsa/glsa-200609-02.xml
new file mode 100644
index 000000000000..33581dc5b24d
--- /dev/null
+++ b/metadata/glsa/glsa-200609-02.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-02">
+  <title>GTetrinet: Remote code execution</title>
+  <synopsis>
+    GTetrinet is vulnerable to a remote buffer overflow, potentially leading to
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">GTetrinet</product>
+  <announced>2006-09-06</announced>
+  <revised count="02">2006-09-07</revised>
+  <bug>144867</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-puzzle/gtetrinet" auto="yes" arch="*">
+      <unaffected range="ge">0.7.10</unaffected>
+      <vulnerable range="lt">0.7.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GTetrinet is a networked Tetris clone for GNOME 2.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michael Gehring has found that GTetrinet fails to properly handle array
+    indexes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can potentially execute arbitrary code by sending a
+    negative number of players to the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GTetrinet users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-puzzle/gtetrinet-0.7.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3125">CVE-2006-3125</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-05T17:41:35Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-05T18:25:31Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-05T19:36:59Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-03.xml b/metadata/glsa/glsa-200609-03.xml
new file mode 100644
index 000000000000..92a3af875a88
--- /dev/null
+++ b/metadata/glsa/glsa-200609-03.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-03">
+  <title>OpenTTD: Remote Denial of service</title>
+  <synopsis>
+    The OpenTTD server is vulnerable to a remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">openttd</product>
+  <announced>2006-09-06</announced>
+  <revised count="01">2006-09-06</revised>
+  <bug>131010</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-simulation/openttd" auto="yes" arch="*">
+      <unaffected range="ge">0.4.8</unaffected>
+      <vulnerable range="lt">0.4.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenTTD is a clone of Transport Tycoon Deluxe.
+    </p>
+  </background>
+  <description>
+    <p>
+    OpenTTD is vulnerable to a Denial of Service attack due to a flaw in
+    the manner the game server handles errors in command packets.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An authenticated attacker can cause a Denial of Service by sending an
+    invalid error number to a vulnerable OpenTTD server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenTTD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-simulation/openttd-0.4.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1998">CVE-2006-1998</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1999">CVE-2006-1999</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-05T13:05:28Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-05T18:04:07Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-06T14:54:55Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-04.xml b/metadata/glsa/glsa-200609-04.xml
new file mode 100644
index 000000000000..da86cf42f58b
--- /dev/null
+++ b/metadata/glsa/glsa-200609-04.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-04">
+  <title>LibXfont: Multiple integer overflows</title>
+  <synopsis>
+    A buffer overflow was discovered in the PCF font parser, potentially
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">LibXfont</product>
+  <announced>2006-09-06</announced>
+  <revised count="01">2006-09-06</revised>
+  <bug>144092</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.2.0-r1</unaffected>
+      <vulnerable range="lt">1.2.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libXfont is the X.Org Xfont library, some parts are based on the
+    FreeType code base.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several integer overflows have been found in the PCF font parser.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could possibly execute arbitrary code or crash the
+    Xserver by enticing a user to load a specially crafted PCF font file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not use untrusted PCF Font files.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libXfont users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.2.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467">CVE-2006-3467</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-31T17:04:06Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-03T12:10:42Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-05T19:36:43Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-05.xml b/metadata/glsa/glsa-200609-05.xml
new file mode 100644
index 000000000000..ebfb7d8d13e4
--- /dev/null
+++ b/metadata/glsa/glsa-200609-05.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-05">
+  <title>OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery</title>
+  <synopsis>
+    OpenSSL fails to properly validate PKCS #1 v1.5 signatures.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2006-09-07</announced>
+  <revised count="02">2006-09-08</revised>
+  <bug>146375</bug>
+  <bug>146438</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.7k</unaffected>
+      <vulnerable range="lt">0.9.7k</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="amd64">
+      <unaffected range="ge">2.5.2</unaffected>
+      <vulnerable range="lt">2.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
+    Layer Security protocols and a general-purpose cryptography library.
+    The x86 emulation base libraries for AMD64 contain a vulnerable version
+    of OpenSSL.
+    </p>
+  </background>
+  <description>
+    <p>
+    Daniel Bleichenbacher discovered that it might be possible to forge
+    signatures signed by RSA keys with the exponent of 3.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Since several CAs are using an exponent of 3 it might be possible for
+    an attacker to create a key with a false CA signature.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.7k"</code>
+    <p>
+    All AMD64 x86 emulation base libraries users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-baselibs-2.5.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339">CVE-2006-4339</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-05T19:16:58Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-06T10:57:51Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-07T20:02:33Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-06.xml b/metadata/glsa/glsa-200609-06.xml
new file mode 100644
index 000000000000..63ee689dd5b2
--- /dev/null
+++ b/metadata/glsa/glsa-200609-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-06">
+  <title>AdPlug: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple heap and buffer overflows exist in AdPlug.
+  </synopsis>
+  <product type="ebuild">adplug</product>
+  <announced>2006-09-12</announced>
+  <revised count="01">2006-09-12</revised>
+  <bug>139593</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-libs/adplug" auto="yes" arch="*">
+      <unaffected range="ge">2.0.1</unaffected>
+      <vulnerable range="lt">2.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    AdPlug is a free, cross-platform, and hardware-independent AdLib sound
+    player library.
+    </p>
+  </background>
+  <description>
+    <p>
+    AdPlug is vulnerable to buffer and heap overflows when processing the
+    following types of files: CFF, MTK, DMO, U6M, DTM, and S3M.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to load a specially crafted file, an attacker could
+    execute arbitrary code with the privileges of the user running AdPlug.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AdPlug users should update to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/adplug-2.0.1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.securityfocus.com/archive/1/439432/30/0/threaded">BugTraq Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3581">CVE-2006-3581</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3582">CVE-2006-3582</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-06T14:38:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-06T23:03:51Z">
+    hlieberman
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-12T00:51:08Z">
+    hlieberman
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-07.xml b/metadata/glsa/glsa-200609-07.xml
new file mode 100644
index 000000000000..3ed4b70358df
--- /dev/null
+++ b/metadata/glsa/glsa-200609-07.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-07">
+  <title>LibXfont, monolithic X.org: Multiple integer overflows</title>
+  <synopsis>
+    Some buffer overflows were discovered in the CID font parser, potentially
+    resulting in the execution of arbitrary code with elevated privileges.
+  </synopsis>
+  <product type="ebuild">libxfont</product>
+  <announced>2006-09-13</announced>
+  <revised count="01">2006-09-13</revised>
+  <bug>145513</bug>
+  <access>local and remote</access>
+  <affected>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+    <package name="x11-base/xorg-x11" auto="yes" arch="*">
+      <unaffected range="ge">7.0</unaffected>
+      <vulnerable range="lt">7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libXfont is the X.Org Xfont library, some parts are based on the
+    FreeType code base.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several integer overflows have been found in the CID font parser.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability by enticing a user
+    to load a malicious font file resulting in the execution of arbitrary
+    code with the permissions of the user running the X server which
+    typically is the root user. A local user could exploit this
+    vulnerability to gain elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable CID-encoded Type 1 fonts by removing the "type1" module and
+    replacing it with the "freetype" module in xorg.conf.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libXfont users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.2.1"</code>
+    <p>
+    All monolithic X.org users are advised to migrate to modular X.org.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3739">CVE-2006-3739</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3740">CVE-2006-3740</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-12T16:30:32Z">
+    frilled
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-12T18:16:51Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-13T08:07:36Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-08.xml b/metadata/glsa/glsa-200609-08.xml
new file mode 100644
index 000000000000..78853ba70616
--- /dev/null
+++ b/metadata/glsa/glsa-200609-08.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-08">
+  <title>xine-lib: Buffer overflows</title>
+  <synopsis>
+    xine-lib is vulnerable to multiple buffer overflows that could be exploited
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2006-09-13</announced>
+  <revised count="01">2006-09-13</revised>
+  <bug>133520</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2-r2</unaffected>
+      <vulnerable range="lt">1.1.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine is a high performance, portable and reusable multimedia playback
+    engine. xine-lib is xine's core engine.
+    </p>
+  </background>
+  <description>
+    <p>
+    xine-lib contains buffer overflows in the processing of AVI.
+    Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP
+    plugin (xineplug_inp_http.so) via a long reply from an HTTP server.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could trigger the buffer overflow vulnerabilities by
+    enticing a user to load a specially crafted AVI file in xine. This
+    might result in the execution of arbitrary code with the rights of the
+    user running xine. Additionally, a remote HTTP server serving a xine
+    client a specially crafted reply could crash xine and possibly execute
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.2-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802">CVE-2006-2802</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-08-31T17:11:30Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-07T12:33:52Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-12T15:13:19Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-09.xml b/metadata/glsa/glsa-200609-09.xml
new file mode 100644
index 000000000000..8d203adb91ca
--- /dev/null
+++ b/metadata/glsa/glsa-200609-09.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-09">
+  <title>FFmpeg: Buffer overflows</title>
+  <synopsis>
+    FFmpeg is vulnerable to multiple buffer overflows that might be exploited
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ffmpeg</product>
+  <announced>2006-09-13</announced>
+  <revised count="02">2006-12-13</revised>
+  <bug>133520</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">0.4.9_p20060530</unaffected>
+      <vulnerable range="lt">0.4.9_p20060530</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FFmpeg is a very fast video and audio converter.
+    </p>
+  </background>
+  <description>
+    <p>
+    FFmpeg contains buffer overflows in the AVI processing code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could trigger the buffer overflows by enticing a user to
+    load a specially crafted AVI file in an application using the FFmpeg
+    library. This might result in the execution of arbitrary code in the
+    context of the running application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FFmpeg users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-0.4.9_p20060530"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4799">CVE-2006-4799</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800">CVE-2006-4800</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-09-12T15:05:01Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-12T15:13:14Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-10.xml b/metadata/glsa/glsa-200609-10.xml
new file mode 100644
index 000000000000..3fba9c96032f
--- /dev/null
+++ b/metadata/glsa/glsa-200609-10.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-10">
+  <title>DokuWiki: Arbitrary command execution</title>
+  <synopsis>
+    Vulnerabilities in some accessory scripts of DokuWiki allow remote code
+    execution.
+  </synopsis>
+  <product type="ebuild">dokuwiki</product>
+  <announced>2006-09-14</announced>
+  <revised count="01">2006-09-14</revised>
+  <bug>146800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/dokuwiki" auto="yes" arch="*">
+      <unaffected range="ge">20060309d</unaffected>
+      <vulnerable range="lt">20060309d</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DokuWiki is a wiki targeted at developer teams, workgroups and small
+    companies. It does not use a database backend.
+    </p>
+  </background>
+  <description>
+    <p>
+    "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR
+    HTTP header, allowing the injection of arbitrary contents - such as PHP
+    commands - into a file. Additionally, the accessory scripts installed
+    in the "bin" DokuWiki directory are vulnerable to directory traversal
+    attacks, allowing to copy and execute the previously injected code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker may execute arbitrary PHP (and thus probably system)
+    commands with the permissions of the user running the process serving
+    DokuWiki pages.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable remote access to the "bin" subdirectory of the DokuWiki
+    installation. Remove the directory if you don't use the scripts in
+    there.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All DokuWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/dokuwiki-20060309d"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4674">CVE-2006-4674</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4675">CVE-2006-4675</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4679">CVE-2006-4679</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-09-14T07:55:18Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-14T15:09:04Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-11.xml b/metadata/glsa/glsa-200609-11.xml
new file mode 100644
index 000000000000..bc717d55702f
--- /dev/null
+++ b/metadata/glsa/glsa-200609-11.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-11">
+  <title>BIND: Denial of service</title>
+  <synopsis>
+    ISC BIND contains two vulnerabilities allowing a Denial of Service under
+    certain conditions.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2006-09-15</announced>
+  <revised count="01">2006-09-15</revised>
+  <bug>146486</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.3.2-r4</unaffected>
+      <unaffected range="rge">9.2.6-r4</unaffected>
+      <vulnerable range="lt">9.3.2-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC BIND is the Internet Systems Consortium implementation of the
+    Domain Name System (DNS) protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Queries for SIG records will cause an assertion error if more than one
+    SIG RRset is returned. Additionally, an INSIST failure can be triggered
+    by sending multiple recursive queries if the response to the query
+    arrives after all the clients looking for the response have left the
+    recursion queue.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker having access to a recursive server can crash the server by
+    querying the SIG records where there are multiple SIG RRsets, or by
+    sending many recursive queries in a short time. The exposure can be
+    lowered by restricting the clients that can ask for recursion. An
+    attacker can also crash an authoritative server serving a DNSSEC zone
+    in which there are multiple SIG RRsets.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BIND 9.3 users should update to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.3.2-r4"</code>
+    <p>
+    All BIND 9.2 users should update to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.2.6-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095">CVE-2006-4095</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096">CVE-2006-4096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-06T10:13:53Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-07T11:28:27Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-14T22:49:56Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-12.xml b/metadata/glsa/glsa-200609-12.xml
new file mode 100644
index 000000000000..a057c3f7ccf1
--- /dev/null
+++ b/metadata/glsa/glsa-200609-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-12">
+  <title>Mailman: Multiple vulnerabilities</title>
+  <synopsis>
+    Mailman has multiple vulnerable that can result in Denial of Service, log
+    file injection and XSS.
+  </synopsis>
+  <product type="ebuild">mailman</product>
+  <announced>2006-09-19</announced>
+  <revised count="01">2006-09-19</revised>
+  <bug>139976</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/mailman" auto="yes" arch="*">
+      <unaffected range="ge">2.1.9_rc1</unaffected>
+      <vulnerable range="lt">2.1.9_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mailman is a Python based mailing list server with an extensive web
+    interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mailman fails to properly handle standards-breaking RFC 2231 formatted
+    headers. Furthermore, Moritz Naumann discovered several XSS
+    vulnerabilities and a log file injection.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to cause Mailman to
+    stop processing mails, to inject content into the log file or to
+    execute arbitrary scripts running in the context of the administrator
+    or mailing list user's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mailman users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/mailman-2.1.9_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2941">CVE-2006-2941</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3636">CVE-2006-3636</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-14T10:21:53Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-14T16:20:16Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-19T07:26:33Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-13.xml b/metadata/glsa/glsa-200609-13.xml
new file mode 100644
index 000000000000..c82aa8ebe66f
--- /dev/null
+++ b/metadata/glsa/glsa-200609-13.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-13">
+  <title>gzip: Multiple vulnerabilities</title>
+  <synopsis>
+    gzip is affected by multiple vulnerabilities, including buffer overflows
+    and infinite loops, possibly allowing the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gzip</product>
+  <announced>2006-09-23</announced>
+  <revised count="01">2006-09-23</revised>
+  <bug>145511</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/gzip" auto="yes" arch="*">
+      <unaffected range="ge">1.3.5-r9</unaffected>
+      <vulnerable range="lt">1.3.5-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gzip, the GNU zip compression utility, is a free and patent
+    unencumbered replacement for the standard compress utility.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team has reported multiple
+    vulnerabilities in gzip. A stack buffer modification vulnerability was
+    discovered in the LZH decompression code, where a pathological data
+    stream may result in the modification of stack data such as frame
+    pointer, return address or saved registers. A static buffer underflow
+    was discovered in the pack decompression support, allowing a specially
+    crafted pack archive to underflow a .bss buffer. A static buffer
+    overflow was uncovered in the LZH decompression code, allowing a data
+    stream consisting of pathological huffman codes to overflow a .bss
+    buffer. Multiple infinite loops were also uncovered in the LZH
+    decompression code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may create a specially crafted gzip archive, which
+    when decompressed by a user or automated system exectues arbitrary code
+    with the privileges of the user id invoking gzip. The infinite loops
+    may be abused by an attacker to disrupt any automated systems invoking
+    gzip to handle data decompression.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gzip users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/gzip-1.3.5-r9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334">CVE-2006-4334</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335">CVE-2006-4335</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336">CVE-2006-4336</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337">CVE-2006-4337</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338">CVE-2006-4338</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-09-19T13:55:56Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-23T06:36:04Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-14.xml b/metadata/glsa/glsa-200609-14.xml
new file mode 100644
index 000000000000..813122b124b9
--- /dev/null
+++ b/metadata/glsa/glsa-200609-14.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-14">
+  <title>ImageMagick: Multiple Vulnerabilities</title>
+  <synopsis>
+    Multiple buffer overflows have been discovered in ImageMagick, which could
+    potentially result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Imagemagick</product>
+  <announced>2006-09-26</announced>
+  <revised count="01">2006-09-26</revised>
+  <bug>144091</bug>
+  <bug>143533</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.2.9.5</unaffected>
+      <vulnerable range="lt">6.2.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a free software suite to manipulate, convert, and create
+    many image formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team discovered a stack and heap
+    buffer overflow in the GIMP XCF Image decoder and multiple heap and
+    integer overflows in the SUN bitmap decoder. Damian Put discovered a
+    heap overflow in the SGI image decoder.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may be able to create a specially crafted image that, when
+    processed with ImageMagick, executes arbitrary code with the privileges
+    of the executing user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.2.9.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743">CVE-2006-3743</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744">CVE-2006-3744</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144">CVE-2006-4144</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-19T07:52:00Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-22T10:27:30Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-25T18:09:30Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-15.xml b/metadata/glsa/glsa-200609-15.xml
new file mode 100644
index 000000000000..306e4ba70b0e
--- /dev/null
+++ b/metadata/glsa/glsa-200609-15.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-15">
+  <title>GnuTLS: RSA Signature Forgery</title>
+  <synopsis>
+    GnuTLS fails to handle excess data which could allow an attacker to forge a
+    PKCS #1 v1.5 signature.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2006-09-26</announced>
+  <revised count="01">2006-09-26</revised>
+  <bug>147682</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4</unaffected>
+      <vulnerable range="lt">1.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnuTLS is an implementation of SSL 3.0 and TLS 1.0.
+    </p>
+  </background>
+  <description>
+    <p>
+    verify.c fails to properly handle excess data in
+    digestAlgorithm.parameters field while generating a hash when using an
+    RSA key with exponent 3. RSA keys that use exponent 3 are commonplace.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could forge PKCS #1 v1.5 signatures that are signed
+    with an RSA key, preventing GnuTLS from correctly verifying X.509 and
+    other certificates that use PKCS.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuTLS users should update both packages:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --update --ask --verbose "&gt;=net-libs/gnutls-1.4.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4790">CVE-2006-4790</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-23T06:35:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-25T13:07:32Z">
+    hlieberman
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-25T18:24:37Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-16.xml b/metadata/glsa/glsa-200609-16.xml
new file mode 100644
index 000000000000..bc06bb518c42
--- /dev/null
+++ b/metadata/glsa/glsa-200609-16.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-16">
+  <title>Tikiwiki: Arbitrary command execution</title>
+  <synopsis>
+    Tikiwiki contains a cross-site scripting (XSS) vulnerability as well as a
+    second vulnerability which may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2006-09-26</announced>
+  <revised count="01">2006-09-26</revised>
+  <bug>145714</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.9.5</unaffected>
+      <vulnerable range="lt">1.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tikiwiki is a web-based groupware and content management system,
+    developed with PHP, ADOdb and Smarty.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability in jhot.php allows for an unrestricted file upload to
+    the img/wiki/ directory. Additionally, an XSS exists in the highlight
+    parameter of tiki-searchindex.php.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could execute arbitrary code with the rights of the user
+    running the web server by uploading a file and executing it via a
+    filepath parameter. The XSS could be exploited to inject and execute
+    malicious script code or to steal cookie-based authentication
+    credentials, potentially compromising the victim's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tikiwiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --oneshot --verbose --ask "&gt;=www-apps/tikiwiki-1.9.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4299">CVE-2006-4299</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4602">CVE-2006-4602</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-19T09:06:28Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-19T13:40:09Z">
+    hlieberman
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-25T18:24:26Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-17.xml b/metadata/glsa/glsa-200609-17.xml
new file mode 100644
index 000000000000..3a4a79d4b484
--- /dev/null
+++ b/metadata/glsa/glsa-200609-17.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-17">
+  <title>OpenSSH: Denial of service</title>
+  <synopsis>
+    A flaw in the OpenSSH daemon allows remote unauthenticated attackers to
+    cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2006-09-27</announced>
+  <revised count="02">2006-09-27</revised>
+  <bug>148228</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">4.3_p2-r5</unaffected>
+      <vulnerable range="lt">4.3_p2-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSH is a free suite of applications for the SSH protocol, developed
+    and maintained by the OpenBSD project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team discovered a Denial of
+    Service vulnerability in the SSH protocol version 1 CRC compensation
+    attack detector.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote unauthenticated attacker may be able to trigger excessive CPU
+    usage by sending a pathological SSH message, denying service to other
+    legitimate users or processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The system administrator may disable SSH protocol version 1 in
+    /etc/ssh/sshd_config.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSH users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-4.3_p2-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924">CVE-2006-4924</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-09-21T22:24:46Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-27T16:06:09Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-18.xml b/metadata/glsa/glsa-200609-18.xml
new file mode 100644
index 000000000000..c925679e8070
--- /dev/null
+++ b/metadata/glsa/glsa-200609-18.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-18">
+  <title>Opera: RSA signature forgery</title>
+  <synopsis>
+    Opera fails to correctly verify certain signatures.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2006-09-28</announced>
+  <revised count="02">2006-09-28</revised>
+  <bug>147838</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.02</unaffected>
+      <vulnerable range="lt">9.02</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Opera makes use of OpenSSL, which fails to correctly verify PKCS #1
+    v1.5 RSA signatures signed by a key with exponent 3. Some CAs in
+    Opera's list of trusted signers are using root certificates with
+    exponent 3.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could forge certificates which will appear valid and signed
+    by a trusted CA.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.02"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.opera.com/support/search/supsearch.dml?index=845">Opera Advisory</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200609-05.xml">GLSA 200609-05</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-27T07:51:04Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-27T14:08:17Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-27T14:32:20Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-19.xml b/metadata/glsa/glsa-200609-19.xml
new file mode 100644
index 000000000000..66bf206fff01
--- /dev/null
+++ b/metadata/glsa/glsa-200609-19.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-19">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    The Mozilla Foundation has reported numerous vulnerabilities in Mozilla
+    Firefox, including one that may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Firefox</product>
+  <announced>2006-09-28</announced>
+  <revised count="01">2006-09-28</revised>
+  <bug>147652</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.7</unaffected>
+      <vulnerable range="lt">1.5.0.7</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.7</unaffected>
+      <vulnerable range="lt">1.5.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is a redesign of the Mozilla Navigator component. The
+    goal is to produce a cross-platform, stand-alone browser application.
+    </p>
+  </background>
+  <description>
+    <p>
+    A number of vulnerabilities were found and fixed in Mozilla Firefox.
+    For details please consult the references below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The most severe vulnerability involves enticing a user to visit a
+    malicious website, crashing the browser and executing arbitrary code
+    with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.5.0.7"</code>
+    <p>
+    Users of the binary package should upgrade as well:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.5.0.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253">CVE-2006-4253</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340">CVE-2006-4340</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565">CVE-2006-4565</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566">CVE-2006-4566</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4567">CVE-2006-4567</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4568">CVE-2006-4568</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4569">CVE-2006-4569</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571">CVE-2006-4571</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-09-25T12:31:14Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-25T12:31:29Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200609-20.xml b/metadata/glsa/glsa-200609-20.xml
new file mode 100644
index 000000000000..d1b853bc63d5
--- /dev/null
+++ b/metadata/glsa/glsa-200609-20.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200609-20">
+  <title>DokuWiki: Shell command injection and Denial of service</title>
+  <synopsis>
+    DokuWiki is vulnerable to shell command injection and Denial of Service
+    attacks when using ImageMagick.
+  </synopsis>
+  <product type="ebuild">dokuwiki</product>
+  <announced>2006-09-28</announced>
+  <revised count="02">2006-12-13</revised>
+  <bug>149266</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/dokuwiki" auto="yes" arch="*">
+      <unaffected range="ge">20060309e</unaffected>
+      <vulnerable range="lt">20060309e</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DokuWiki is a wiki targeted at developer teams, workgroups and small
+    companies. It does not use a database backend.
+    </p>
+  </background>
+  <description>
+    <p>
+    Input validation flaws have been discovered in the image handling of
+    fetch.php if ImageMagick is used, which is not the default method.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit the flaws to execute arbitrary shell
+    commands with the rights of the web server daemon or cause a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All DokuWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/dokuwiki-20060309e"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.freelists.org/archives/dokuwiki/09-2006/msg00278.html">DokuWiki Announcement</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5098">CVE-2006-5098</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5099">CVE-2006-5099</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-27T14:05:04Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-27T14:54:15Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-28T14:27:52Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-01.xml b/metadata/glsa/glsa-200610-01.xml
new file mode 100644
index 000000000000..5fbad39c54bb
--- /dev/null
+++ b/metadata/glsa/glsa-200610-01.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-01">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    The Mozilla Foundation has reported multiple security vulnerabilities
+    related to Mozilla Thunderbird.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2006-10-04</announced>
+  <revised count="01">2006-10-04</revised>
+  <bug>147653</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.7</unaffected>
+      <vulnerable range="lt">1.5.0.7</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.7</unaffected>
+      <vulnerable range="lt">1.5.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail
+    component.
+    </p>
+  </background>
+  <description>
+    <p>
+    A number of vulnerabilities have been found and fixed in Mozilla
+    Thunderbird. For details please consult the references below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The most severe vulnerabilities might lead to the execution of
+    arbitrary code with the rights of the user running the application.
+    Other vulnerabilities include program crashes and the acceptance of
+    forged certificates.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.5.0.7"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.5.0.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253">CVE-2006-4253</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340">CVE-2006-4340</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565">CVE-2006-4565</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566">CVE-2006-4566</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4567">CVE-2006-4567</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570">CVE-2006-4570</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571">CVE-2006-4571</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-28T19:46:25Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-09-29T21:05:25Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-09-30T21:18:44Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-02.xml b/metadata/glsa/glsa-200610-02.xml
new file mode 100644
index 000000000000..1bfa11dbf70f
--- /dev/null
+++ b/metadata/glsa/glsa-200610-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-02">
+  <title>Adobe Flash Player: Arbitrary code execution</title>
+  <synopsis>
+    Multiple input validation errors have been identified that allow arbitrary
+    code execution on a user's system via the handling of malicious Flash
+    files.
+  </synopsis>
+  <product type="ebuild">Flash</product>
+  <announced>2006-10-04</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>147421</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">7.0.68</unaffected>
+      <vulnerable range="lt">7.0.68</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Adobe Flash Player is a renderer for Flash files - commonly used to
+    provide interactive websites, digital experiences and mobile content.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Adobe Flash Player contains multiple unspecified vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to view a malicious Flash file and
+    execute arbitrary code with the rights of the user running the player.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Flash Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-7.0.68"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb06-11.html">Adobe Security Bulletin</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3311">CVE-2006-3311</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3587">CVE-2006-3587</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3588">CVE-2006-3588</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-30T20:50:53Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-01T12:49:26Z">
+    plasmaroo
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-01T12:51:08Z">
+    plasmaroo
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-03.xml b/metadata/glsa/glsa-200610-03.xml
new file mode 100644
index 000000000000..f7566bf69cb8
--- /dev/null
+++ b/metadata/glsa/glsa-200610-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-03">
+  <title>ncompress: Buffer Underflow</title>
+  <synopsis>
+    A buffer underflow vulnerability has been reported in ncompress allowing
+    for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ncompress</product>
+  <announced>2006-10-06</announced>
+  <revised count="01">2006-10-06</revised>
+  <bug>141728</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/ncompress" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4.1</unaffected>
+      <vulnerable range="lt">4.2.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ncompress is a suite of utilities to create and extract
+    Lempel-Ziff-Welch (LZW) compressed archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team discovered a static buffer
+    underflow in ncompress.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could create a specially crafted LZW archive, that when
+    decompressed by a user or automated system would result in the
+    execution of arbitrary code with the permissions of the user invoking
+    the utility.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ncompress users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/ncompress-4.2.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168">CVE-2006-1168</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-29T14:20:45Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-02T10:06:04Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-06T17:50:24Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-04.xml b/metadata/glsa/glsa-200610-04.xml
new file mode 100644
index 000000000000..82a1c1c555dd
--- /dev/null
+++ b/metadata/glsa/glsa-200610-04.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-04">
+  <title>Seamonkey: Multiple vulnerabilities</title>
+  <synopsis>
+    The Seamonkey project has reported multiple security vulnerabilities in the
+    application.
+  </synopsis>
+  <product type="ebuild">seamonkey</product>
+  <announced>2006-10-16</announced>
+  <revised count="01">2006-10-16</revised>
+  <bug>147651</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The SeaMonkey project is a community effort to deliver
+    production-quality releases of code derived from the application
+    formerly known as 'Mozilla Application Suite'.
+    </p>
+  </background>
+  <description>
+    <p>
+    A number of vulnerabilities have been found and fixed in Seamonkey. For
+    details please consult the references below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The most severe vulnerability involves enticing a user to visit a
+    malicious website, crashing the application and executing arbitrary
+    code with the rights of the user running Seamonkey.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Seamonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253">CVE-2006-4253</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565">CVE-2006-4565</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566">CVE-2006-4566</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4568">CVE-2006-4568</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570">CVE-2006-4570</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571">CVE-2006-4571</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-10-11T11:17:26Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-13T13:40:59Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-05.xml b/metadata/glsa/glsa-200610-05.xml
new file mode 100644
index 000000000000..c3fc74d79abb
--- /dev/null
+++ b/metadata/glsa/glsa-200610-05.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-05">
+  <title>CAPI4Hylafax fax receiver: Execution of arbitrary code</title>
+  <synopsis>
+    CAPI4Hylafax allows remote attackers to execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">capi4hylafax</product>
+  <announced>2006-10-17</announced>
+  <revised count="01">2006-10-17</revised>
+  <bug>145982</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/capi4hylafax" auto="yes" arch="*">
+      <unaffected range="ge">01.03.00.99.300.3-r1</unaffected>
+      <vulnerable range="lt">01.03.00.99.300.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CAPI4Hylafax makes it possible to send and receive faxes via CAPI and
+    AVM Fritz!Cards.
+    </p>
+  </background>
+  <description>
+    <p>
+    Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't
+    properly sanitize TSI strings when handling incoming calls.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can send null (\0) and shell metacharacters in the
+    TSI string from an anonymous fax number, leading to the execution of
+    arbitrary code with the rights of the user running c2faxrecv.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CAPI4Hylafax users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/capi4hylafax-01.03.00.99.300.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3126">CVE-2006-3126</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-10-11T11:18:55Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-13T13:56:18Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-13T13:57:08Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-06.xml b/metadata/glsa/glsa-200610-06.xml
new file mode 100644
index 000000000000..22ff2d28f42c
--- /dev/null
+++ b/metadata/glsa/glsa-200610-06.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-06">
+  <title>Mozilla Network Security Service (NSS): RSA signature forgery</title>
+  <synopsis>
+    NSS fails to properly validate PKCS #1 v1.5 signatures.
+  </synopsis>
+  <product type="ebuild">nss</product>
+  <announced>2006-10-17</announced>
+  <revised count="01">2006-10-17</revised>
+  <bug>148283</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.11.3</unaffected>
+      <vulnerable range="lt">3.11.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Network Security Service is a library implementing security
+    features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
+    S/MIME and X.509 certificates.
+    </p>
+  </background>
+  <description>
+    <p>
+    Daniel Bleichenbacher discovered that it might be possible to forge
+    signatures signed by RSA keys with the exponent of 3. This affects a
+    number of RSA signature implementations, including Mozilla's NSS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Since several Certificate Authorities (CAs) are using an exponent of 3
+    it might be possible for an attacker to create a key with a false CA
+    signature. This impacts any software using the NSS library, like the
+    Mozilla products Firefox, Thunderbird and Seamonkey.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NSS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.11.3"</code>
+    <p>
+    Note: As usual after updating a library, you should run
+    'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure
+    that all applications linked to it are properly rebuilt.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339">CVE-2006-4339</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340">CVE-2006-4340</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-25T12:57:17Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-03T18:27:05Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-08T19:45:16Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-07.xml b/metadata/glsa/glsa-200610-07.xml
new file mode 100644
index 000000000000..638ef506865c
--- /dev/null
+++ b/metadata/glsa/glsa-200610-07.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-07">
+  <title>Python: Buffer Overflow</title>
+  <synopsis>
+    A buffer overflow in Python's "repr()" function can be exploited to cause a
+    Denial of Service and potentially allows the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2006-10-17</announced>
+  <revised count="03">2007-02-26</revised>
+  <bug>149065</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">2.4.3-r4</unaffected>
+      <unaffected range="rge">2.3.5-r3</unaffected>
+      <unaffected range="rge">2.3.6</unaffected>
+      <vulnerable range="lt">2.4.3-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented, cross-platform
+    programming language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Benjamin C. Wiley Sittler discovered a buffer overflow in Python's
+    "repr()" function when handling UTF-32/UCS-4 encoded strings.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If a Python application processes attacker-supplied data with the
+    "repr()" function, this could potentially lead to the execution of
+    arbitrary code with the privileges of the affected application or a
+    Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Python users should update to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.4.3-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980">CVE-2006-4980</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-27T19:59:22Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-13T14:44:47Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-16T09:21:34Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-08.xml b/metadata/glsa/glsa-200610-08.xml
new file mode 100644
index 000000000000..15758e92437e
--- /dev/null
+++ b/metadata/glsa/glsa-200610-08.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-08">
+  <title>Cscope: Multiple buffer overflows</title>
+  <synopsis>
+    Cscope is vulnerable to multiple buffer overflows that could lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cscope</product>
+  <announced>2006-10-20</announced>
+  <revised count="01">2006-10-20</revised>
+  <bug>144869</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/cscope" auto="yes" arch="*">
+      <unaffected range="ge">15.5.20060927</unaffected>
+      <vulnerable range="lt">15.5.20060927</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cscope is a developer's tool for browsing source code.
+    </p>
+  </background>
+  <description>
+    <p>
+    Unchecked use of strcpy() and *scanf() leads to several buffer
+    overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A user could be enticed to open a carefully crafted file which would
+    allow the attacker to execute arbitrary code with the permissions of
+    the user running Cscope.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cscope users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/cscope-15.5.20060927"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4262">CVE-2006-4262</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-10-18T20:32:19Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-18T20:33:33Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-09.xml b/metadata/glsa/glsa-200610-09.xml
new file mode 100644
index 000000000000..fa74b1c678cc
--- /dev/null
+++ b/metadata/glsa/glsa-200610-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-09">
+  <title>libmusicbrainz: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple buffer overflows have been found in libmusicbrainz, which could
+    lead to a Denial of Service or possibly the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libmusicbrainz</product>
+  <announced>2006-10-22</announced>
+  <revised count="01">2006-10-22</revised>
+  <bug>144089</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/musicbrainz" auto="yes" arch="*">
+      <unaffected range="ge">2.1.4</unaffected>
+      <vulnerable range="lt">2.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libmusicbrainz is a client library used to access MusicBrainz music
+    meta data.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma reported a possible buffer overflow in the
+    MBHttp::Download function of lib/http.cpp as well as several possible
+    buffer overflows in lib/rdfparse.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could be able to execute arbitrary code or cause
+    Denial of Service by making use of an overly long "Location" header in
+    an HTTP redirect message from a malicious server or a long URL in
+    malicious RDF feeds.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libmusicbrainz users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/musicbrainz-2.1.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4197">CVE-2006-4197</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-10-18T12:31:28Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-19T20:02:01Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-20T14:53:09Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-10.xml b/metadata/glsa/glsa-200610-10.xml
new file mode 100644
index 000000000000..4bcd8bd6e04f
--- /dev/null
+++ b/metadata/glsa/glsa-200610-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-10">
+  <title>ClamAV: Multiple Vulnerabilities</title>
+  <synopsis>
+    ClamAV is vulnerable to a heap-based buffer overflow potentially allowing
+    remote execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2006-10-24</announced>
+  <revised count="01">2006-10-24</revised>
+  <bug>151561</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.88.5</unaffected>
+      <vulnerable range="lt">0.88.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    Damian Put and an anonymous researcher reported a potential heap-based
+    buffer overflow vulnerability in rebuildpe.c responsible for the
+    rebuilding of an unpacked PE file, and a possible crash in chmunpack.c
+    in the CHM unpacker.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a malicious attachment to a mail server running ClamAV, or
+    providing a malicious file to ClamAV through any other method, a remote
+    attacker could cause a Denial of Service and potentially the execution
+    of arbitrary code with the permissions of the user running ClamAV.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.88.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/project/shownotes.php?release_id=455799">Original commit log</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182">CVE-2006-4182</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-10-16T11:34:35Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-24T14:39:53Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-11.xml b/metadata/glsa/glsa-200610-11.xml
new file mode 100644
index 000000000000..4cedffb8c1de
--- /dev/null
+++ b/metadata/glsa/glsa-200610-11.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-11">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>
+    OpenSSL contains multiple vulnerabilities including the possible remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2006-10-24</announced>
+  <revised count="01">2006-10-24</revised>
+  <bug>145510</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.8d</unaffected>
+      <unaffected range="rge">0.9.7l</unaffected>
+      <vulnerable range="lt">0.9.8d</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
+    Layer Security protocols and a general-purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy and Will Drewry, both of the Google Security Team,
+    discovered that the SSL_get_shared_ciphers() function contains a buffer
+    overflow vulnerability, and that the SSLv2 client code contains a flaw
+    leading to a crash. Additionally Dr. Stephen N. Henson found that the
+    ASN.1 handler contains two Denial of Service vulnerabilities: while
+    parsing an invalid ASN.1 structure and while handling certain types of
+    public key.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could trigger the buffer overflow vulnerability by sending
+    a malicious suite of ciphers to an application using the vulnerable
+    function, and thus execute arbitrary code with the rights of the user
+    running the application. An attacker could also consume CPU and/or
+    memory by exploiting the Denial of Service vulnerabilities. Finally a
+    malicious server could crash a SSLv2 client through the SSLv2
+    vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL 0.9.8 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8d"</code>
+    <p>
+    All OpenSSL 0.9.7 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.7l"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937">CVE-2006-2937</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940">CVE-2006-2940</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738">CVE-2006-3738</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343">CVE-2006-4343</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-09-28T15:36:31Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-13T16:05:39Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-24T10:05:56Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-12.xml b/metadata/glsa/glsa-200610-12.xml
new file mode 100644
index 000000000000..ff940103258a
--- /dev/null
+++ b/metadata/glsa/glsa-200610-12.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-12">
+  <title>Apache mod_tcl: Format string vulnerability</title>
+  <synopsis>
+    A format string vulnerabilty has been found in Apache mod_tcl, which could
+    lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mod_tcl</product>
+  <announced>2006-10-24</announced>
+  <revised count="01">2006-10-24</revised>
+  <bug>151359</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_tcl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Apache mod_tcl is a TCL interpreting module for the Apache 2.x web
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sparfell discovered format string errors in calls to the set_var
+    function in tcl_cmds.c and tcl_core.c.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit the vulnerability to execute arbitrary
+    code with the rights of the user running the Apache server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mod_tcl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_tcl-1.0.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4154">CVE-2006-4154</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-10-21T12:26:41Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-21T20:37:41Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-23T14:13:35Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-13.xml b/metadata/glsa/glsa-200610-13.xml
new file mode 100644
index 000000000000..0f744f153afc
--- /dev/null
+++ b/metadata/glsa/glsa-200610-13.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-13">
+  <title>Cheese Tracker: Buffer Overflow</title>
+  <synopsis>
+    Cheese Tracker contains a buffer overflow allowing the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">cheesetracker</product>
+  <announced>2006-10-26</announced>
+  <revised count="01">2006-10-26</revised>
+  <bug>142391</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/cheesetracker" auto="yes" arch="*">
+      <unaffected range="ge">0.9.9-r1</unaffected>
+      <vulnerable range="lt">0.9.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music
+    tracker for the CT, IT, XM and S3M file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma reported that the XM loader of Cheese Tracker contains a
+    buffer overflow vulnerability in the
+    loader_XM::load_intrument_internal() function from
+    loaders/loader_xm.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could execute arbitrary code with the rights of the user
+    running Cheese Tracker by enticing a user to load a crafted file with
+    large amount of extra data.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cheese Tracker users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/cheesetracker-0.9.9-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3814">CVE-2006-3814</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-10-20T07:43:58Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-24T14:33:27Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-24T15:18:21Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-14.xml b/metadata/glsa/glsa-200610-14.xml
new file mode 100644
index 000000000000..9d2228b58a55
--- /dev/null
+++ b/metadata/glsa/glsa-200610-14.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-14">
+  <title>PHP: Integer overflow</title>
+  <synopsis>
+    PHP is vulnerable to an integer overflow potentially allowing the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2006-10-30</announced>
+  <revised count="04">2008-03-29</revised>
+  <bug>150261</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="rge">4.4.4-r6</unaffected>
+      <unaffected range="rge">4.4.6</unaffected>
+      <unaffected range="rge">4.4.7</unaffected>
+      <unaffected range="rge">4.4.8_pre20070816</unaffected>
+      <unaffected range="ge">5.1.6-r6</unaffected>
+      <vulnerable range="lt">5.1.6-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    A flaw in the PHP memory handling routines allows an unserialize() call
+    to be executed on non-allocated memory due to a previous integer
+    overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could execute arbitrary code with the rights of the web
+    server user or the user running a vulnerable PHP script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP 5.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.1.6-r6"</code>
+    <p>
+    All PHP 4.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-4.4.4-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4812">CVE-2006-4812</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-10-18T12:42:57Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-18T18:52:45Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-24T10:10:01Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200610-15.xml b/metadata/glsa/glsa-200610-15.xml
new file mode 100644
index 000000000000..53c6726857a1
--- /dev/null
+++ b/metadata/glsa/glsa-200610-15.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200610-15">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>
+    Asterisk is vulnerable to the remote execution of arbitrary code or a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2006-10-30</announced>
+  <revised count="02">2007-01-30</revised>
+  <bug>144941</bug>
+  <bug>151881</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.13</unaffected>
+      <unaffected range="rge">1.0.12</unaffected>
+      <vulnerable range="lt">1.2.13</vulnerable>
+      <vulnerable range="lt">1.0.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Asterisk is an open source implementation of a telephone private branch
+    exchange (PBX).
+    </p>
+  </background>
+  <description>
+    <p>
+    Asterisk contains buffer overflows in channels/chan_mgcp.c from the
+    MGCP driver and in channels/chan_skinny.c from the Skinny channel
+    driver for Cisco SCCP phones. It also dangerously handles
+    client-controlled variables to determine filenames in the Record()
+    function. Finally, the SIP channel driver in channels/chan_sip.c could
+    use more resources than necessary under unspecified circumstances.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could execute arbitrary code by sending a crafted
+    audit endpoint (AUEP) response, by sending an overly large Skinny
+    packet even before authentication, or by making use of format strings
+    specifiers through the client-controlled variables. An attacker could
+    also cause a Denial of Service by resource consumption through the SIP
+    channel driver.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround for the format strings vulnerability at
+    this time. You can comment the lines in /etc/asterisk/mgcp.conf,
+    /etc/asterisk/skinny.conf and /etc/asterisk/sip.conf to deactivate the
+    three vulnerable channel drivers. Please note that the MGCP channel
+    driver is disabled by default.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Asterisk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.2.13"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345">CVE-2006-4345</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4346">CVE-2006-4346</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444">CVE-2006-5444</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5445">CVE-2006-5445</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-10-18T20:57:57Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-21T20:37:32Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-01.xml b/metadata/glsa/glsa-200611-01.xml
new file mode 100644
index 000000000000..73837c8f8fc8
--- /dev/null
+++ b/metadata/glsa/glsa-200611-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-01">
+  <title>Screen: UTF-8 character handling vulnerability</title>
+  <synopsis>
+    Screen contains an error in its UTF-8 character handling code that would
+    allow a remote Denial of Service or possibly the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">screen</product>
+  <announced>2006-11-03</announced>
+  <revised count="01">2006-11-03</revised>
+  <bug>152770</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/screen" auto="yes" arch="*">
+      <unaffected range="ge">4.0.3</unaffected>
+      <vulnerable range="lt">4.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Screen is a full-screen window manager that multiplexes a physical
+    terminal between several processes, typically interactive shells.
+    </p>
+  </background>
+  <description>
+    <p>
+    cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining
+    character handling.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The vulnerability can be exploited by writing a special string of
+    characters to a Screen window. A remote attacker could cause a Denial
+    of Service or possibly execute arbitrary code with the privileges of
+    the user running Screen through a program being run inside a Screen
+    session, such as an IRC client or a mail client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Screen users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-misc/screen-4.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573">CVE-2006-4573</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-10-27T12:01:54Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-30T11:11:00Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-02.xml b/metadata/glsa/glsa-200611-02.xml
new file mode 100644
index 000000000000..52ae018b0462
--- /dev/null
+++ b/metadata/glsa/glsa-200611-02.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-02">
+  <title>Qt: Integer overflow</title>
+  <synopsis>
+    An integer overflow flaw in the Qt pixmap handling could possibly lead to a
+    Denial of Service or the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">qt</product>
+  <announced>2006-11-06</announced>
+  <revised count="03">2009-01-09</revised>
+  <bug>151838</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/qt" auto="yes" arch="*">
+      <unaffected range="ge">4.1.4-r2</unaffected>
+      <unaffected range="rge">3.3.6-r4</unaffected>
+      <unaffected range="rge">3.3.8</unaffected>
+      <unaffected range="rge">3.3.8b</unaffected>
+      <vulnerable range="lt">4.1.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qt is a cross-platform GUI toolkit, which is used e.g. by KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    An integer overflow flaw has been found in the pixmap handling of Qt.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted pixmap image in an
+    application using Qt, e.g. Konqueror, a remote attacker could be able
+    to cause an application crash or the execution of arbitrary code with
+    the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Qt 3.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/qt-3.3.6-r4"</code>
+    <p>
+    All Qt 4.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/qt-4.1.4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811">CVE-2006-4811</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-01T16:27:07Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-02T14:09:09Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-06T11:05:20Z">
+    vorlon078
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-03.xml b/metadata/glsa/glsa-200611-03.xml
new file mode 100644
index 000000000000..44186fd585b7
--- /dev/null
+++ b/metadata/glsa/glsa-200611-03.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-03">
+  <title>NVIDIA binary graphics driver: Privilege escalation vulnerability</title>
+  <synopsis>
+    The NVIDIA binary graphics driver is vulnerable to a local privilege
+    escalation through an X session.
+  </synopsis>
+  <product type="ebuild">nvidia-drivers</product>
+  <announced>2006-11-07</announced>
+  <revised count="02">2006-11-10</revised>
+  <bug>151635</bug>
+  <access>remote, local</access>
+  <affected>
+    <package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8776</unaffected>
+      <unaffected range="lt">1.0.8762</unaffected>
+      <vulnerable range="lt">1.0.8776</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The NVIDIA binary graphics driver from NVIDIA Corporation provides the
+    kernel module and the GL modules for graphic acceleration on the NVIDIA
+    based graphic cards.
+    </p>
+  </background>
+  <description>
+    <p>
+    Rapid7 reported a boundary error in the NVIDIA binary graphics driver
+    that leads to a buffer overflow in the accelerated rendering
+    functionality.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An X client could trigger the buffer overflow with a maliciously
+    crafted series of glyphs. A remote attacker could also entice a user to
+    open a specially crafted web page, document or X client that will
+    trigger the buffer overflow. This could result in the execution of
+    arbitrary code with root privileges or at least in the crash of the X
+    server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the accelerated rendering functionality in the Device section
+    of xorg.conf :
+    </p>
+    <code>Option      "RenderAccel" "false"</code>
+  </workaround>
+  <resolution>
+    <p>
+    NVIDIA binary graphics driver users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-drivers/nvidia-drivers-1.0.8776"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5379">CVE-2006-5379</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-10-24T09:12:20Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-10-24T14:25:34Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-24T14:27:05Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-04.xml b/metadata/glsa/glsa-200611-04.xml
new file mode 100644
index 000000000000..f9202e75d2a3
--- /dev/null
+++ b/metadata/glsa/glsa-200611-04.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-04">
+  <title>Bugzilla: Multiple Vulnerabilities</title>
+  <synopsis>
+    Bugzilla is vulnerable to cross-site scripting, script injection, and
+    request forgery.
+  </synopsis>
+  <product type="ebuild">bugzilla</product>
+  <announced>2006-11-09</announced>
+  <revised count="01">2006-11-09</revised>
+  <bug>151563</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/bugzilla" auto="yes" arch="*">
+      <unaffected range="ge">2.18.6</unaffected>
+      <vulnerable range="lt">2.18.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Bugzilla is a bug tracking system used to allow developers to more
+    easily track outstanding bugs in products.
+    </p>
+  </background>
+  <description>
+    <p>
+    The vulnerabilities identified in Bugzilla are as follows:
+    </p>
+    <ul>
+    <li>Frederic Buclin and Gervase Markham discovered that input passed to
+    various fields throughout Bugzilla were not properly sanitized before
+    being sent back to users (CVE-2006-5453).</li>
+    <li>Frederic Buclin and Josh "timeless" Soref discovered a bug when
+    viewing attachments in diff mode that allows users not of the
+    "insidergroup" to read attachment descriptions. Additionally, it was
+    discovered that the "deadline" field is visible to users who do not
+    belong to the "timetrackinggroup" when bugs are exported to XML
+    (CVE-2006-5454).</li>
+    <li>Gavin Shelley reported that Bugzilla allows certain operations to
+    be performed via HTTP GET and HTTP POST requests without verifying
+    those requests properly (CVE-2006-5455).</li>
+    <li>Max Kanat-Alexander discovered that input passed to
+    showdependencygraph.cgi is not properly sanitized before being returned
+    to users (CVE-2006-5453).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could inject scripts into the content loaded by a user's
+    browser in order to have those scripts executed in a user's browser in
+    the context of the site currently being viewed. This could include
+    gaining access to privileged session information for the site being
+    viewed. Additionally, a user could forge an HTTP request in order to
+    create, modify, or delete bugs within a Bugzilla instance. Lastly, an
+    unauthorized user could view sensitive information about bugs or bug
+    attachments.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Bugzilla users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/bugzilla-2.18.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5453">CVE-2006-5453</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5454">CVE-2006-5454</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5455">CVE-2006-5455</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-04T19:51:46Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-05T14:49:56Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-07T15:44:40Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-05.xml b/metadata/glsa/glsa-200611-05.xml
new file mode 100644
index 000000000000..7666ae1469b5
--- /dev/null
+++ b/metadata/glsa/glsa-200611-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-05">
+  <title>Netkit FTP Server: Privilege escalation</title>
+  <synopsis>
+    An incorrect seteuid() call could allow an FTP user to access some files or
+    directories that would normally be inaccessible.
+  </synopsis>
+  <product type="ebuild">ftpd</product>
+  <announced>2006-11-10</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>150292</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/netkit-ftpd" auto="yes" arch="*">
+      <unaffected range="ge">0.17-r4</unaffected>
+      <vulnerable range="lt">0.17-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Paul Szabo reported that an incorrect seteuid() call after the chdir()
+    function can allow an attacker to access a normally forbidden
+    directory, in some very particular circumstances, for example when the
+    NFS-hosted targetted directory is not reachable by the client-side root
+    user. Additionally, some potentially exploitable unchecked setuid()
+    calls were also fixed.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker might craft his home directory to gain access through
+    ftpd to normally forbidden directories like /root, possibly with
+    writing permissions if seteuid() fails and if the ftpd configuration
+    allows that. The unchecked setuid() calls could also lead to a root FTP
+    login, depending on the FTP server configuration.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Netkit FTP Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/netkit-ftpd-0.17-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5778">CVE-2006-5778</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-10-24T15:02:54Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-10-24T15:03:34Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-06.xml b/metadata/glsa/glsa-200611-06.xml
new file mode 100644
index 000000000000..5f95569213bd
--- /dev/null
+++ b/metadata/glsa/glsa-200611-06.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-06">
+  <title>OpenSSH: Multiple Denial of Service vulnerabilities</title>
+  <synopsis>
+    Several Denial of Service vulnerabilities have been identified in OpenSSH.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2006-11-13</announced>
+  <revised count="01">2006-11-13</revised>
+  <bug>149502</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">4.4_p1-r5</unaffected>
+      <vulnerable range="lt">4.4_p1-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0
+    implementation and includes sftp client and server support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team has discovered a
+    pre-authentication vulnerability, causing sshd to spin until the login
+    grace time has been expired. Mark Dowd found an unsafe signal handler
+    that was vulnerable to a race condition. It has also been discovered
+    that when GSSAPI authentication is enabled, GSSAPI will in certain
+    cases incorrectly abort.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The pre-authentication and signal handler vulnerabilities can cause a
+    Denial of Service in OpenSSH. The vulnerability in the GSSAPI
+    authentication abort could be used to determine the validity of
+    usernames on some platforms.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSH users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-4.4_p1-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051">CVE-2006-5051</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052">CVE-2006-5052</uri>
+    <uri link="https://www.openssh.com/txt/release-4.4">OpenSSH Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-06T00:03:31Z">
+    vorlon078
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-06T12:18:14Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-06T19:31:09Z">
+    daxomatic
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-07.xml b/metadata/glsa/glsa-200611-07.xml
new file mode 100644
index 000000000000..833f8fba6a7d
--- /dev/null
+++ b/metadata/glsa/glsa-200611-07.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-07">
+  <title>GraphicsMagick: PALM and DCM buffer overflows</title>
+  <synopsis>
+    GraphicsMagick improperly handles PALM and DCM images, potentially
+    resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">graphicsmagick</product>
+  <announced>2006-11-13</announced>
+  <revised count="01">2006-11-13</revised>
+  <bug>152668</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphicsmagick" auto="yes" arch="*">
+      <unaffected range="ge">1.1.7-r3</unaffected>
+      <vulnerable range="lt">1.1.7-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GraphicsMagick is a collection of tools and libraries which support
+    reading, writing, and manipulating images in many major formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    M. Joonas Pihlaja has reported that a boundary error exists within the
+    ReadDCMImage() function of coders/dcm.c, causing the improper handling
+    of DCM images. Pihlaja also reported that there are several boundary
+    errors in the ReadPALMImage() function of coders/palm.c, similarly
+    causing the improper handling of PALM images.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted DCM or PALM
+    image with GraphicsMagick, and possibly execute arbitrary code with the
+    privileges of the user running GraphicsMagick.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GraphicsMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphicsmagick-1.1.7-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456">CVE-2006-5456</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-06T14:10:18Z">
+    vorlon078
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-06T23:27:19Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-07T12:33:19Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-08.xml b/metadata/glsa/glsa-200611-08.xml
new file mode 100644
index 000000000000..4605d582b05d
--- /dev/null
+++ b/metadata/glsa/glsa-200611-08.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-08">
+  <title>RPM: Buffer overflow</title>
+  <synopsis>
+    RPM is vulnerable to a buffer overflow and possibly the execution of
+    arbitrary code when opening specially crafted packages.
+  </synopsis>
+  <product type="ebuild">rpm</product>
+  <announced>2006-11-13</announced>
+  <revised count="01">2006-11-13</revised>
+  <bug>154218</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/rpm" auto="yes" arch="*">
+      <unaffected range="ge">4.4.6-r3</unaffected>
+      <vulnerable range="lt">4.4.6-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Red Hat Package Manager (RPM) is a command line driven package
+    management system capable of installing, uninstalling, verifying,
+    querying, and updating computer software packages.
+    </p>
+  </background>
+  <description>
+    <p>
+    Vladimir Mosgalin has reported that when processing certain packages,
+    RPM incorrectly allocates memory for the packages, possibly causing a
+    heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted RPM package
+    and execute code with the privileges of that user if certain locales
+    are set.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All RPM users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/rpm-4.4.6-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466">CVE-2006-5466</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-06T23:03:12Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-06T23:11:11Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-07T13:44:27Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-09.xml b/metadata/glsa/glsa-200611-09.xml
new file mode 100644
index 000000000000..1dec8d5fbb4e
--- /dev/null
+++ b/metadata/glsa/glsa-200611-09.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-09">
+  <title>libpng: Denial of service</title>
+  <synopsis>
+    A vulnerability in libpng may allow a remote attacker to crash applications
+    that handle untrusted images.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2006-11-17</announced>
+  <revised count="01">2006-11-17</revised>
+  <bug>154380</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.13</unaffected>
+      <vulnerable range="lt">1.2.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is a free ANSI C library used to process and manipulate PNG
+    images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a
+    vulnerability exists in the sPLT chunk handling code of libpng, a large
+    sPLT chunk may cause an application to attempt to read out of bounds.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft an image that when processed or viewed by
+    an application using libpng causes the application to terminate
+    abnormally.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.13"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793">CVE-2006-5793</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-11-10T11:17:04Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-16T15:07:26Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-10.xml b/metadata/glsa/glsa-200611-10.xml
new file mode 100644
index 000000000000..3053329381a2
--- /dev/null
+++ b/metadata/glsa/glsa-200611-10.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-10">
+  <title>WordPress: Multiple vulnerabilities</title>
+  <synopsis>
+    Flaws in WordPress allow a Denial of Service, the disclosure of user
+    metadata and the overwriting of restricted files.
+  </synopsis>
+  <product type="ebuild">wordpress</product>
+  <announced>2006-11-17</announced>
+  <revised count="01">2006-11-17</revised>
+  <bug>153303</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <unaffected range="ge">2.0.5</unaffected>
+      <vulnerable range="lt">2.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a PHP and MySQL based multiuser blogging system.
+    </p>
+  </background>
+  <description>
+    <p>
+    "random" discovered that users can enter serialized objects as strings
+    in their profiles that will be harmful when unserialized. "adapter"
+    found out that user-edit.php fails to effectively deny non-permitted
+    users access to other user's metadata. Additionally, a directory
+    traversal vulnerability in the wp-db-backup module was discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By entering specially crafted strings in his profile, an attacker can
+    crash PHP or even the web server running WordPress. Additionally, by
+    crafting a simple URL, an attacker can read metadata of any other user,
+    regardless of their own permissions. A user with the permission to use
+    the database backup plugin can possibly overwrite files he otherwise
+    has no access to.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WordPress users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-2.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5705">CVE-2006-5705</uri>
+    <uri link="https://trac.wordpress.org/ticket/3142">WordPress Ticket 3142</uri>
+    <uri link="https://trac.wordpress.org/ticket/2591">WordPress Ticket 2591</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-11-08T12:56:04Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-09T06:33:42Z">
+    frilled
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-11.xml b/metadata/glsa/glsa-200611-11.xml
new file mode 100644
index 000000000000..4bf80d2947c1
--- /dev/null
+++ b/metadata/glsa/glsa-200611-11.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-11">
+  <title>TikiWiki: Multiple vulnerabilities</title>
+  <synopsis>
+    TikiWiki allows for the disclosure of MySQL database authentication
+    credentials and for cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2006-11-20</announced>
+  <revised count="01">2006-11-20</revised>
+  <bug>153820</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.9.6</unaffected>
+      <vulnerable range="lt">1.9.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is an open source content management system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    In numerous files TikiWiki provides an empty sort_mode parameter,
+    causing TikiWiki to display additional information, including database
+    authentication credentials, in certain error messages. TikiWiki also
+    improperly sanitizes the "url" request variable sent to
+    tiki-featured_link.php.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could cause a database error in various pages of a TikiWiki
+    instance by providing an empty sort_mode request variable, and gain
+    unauthorized access to credentials of the MySQL databases used by
+    TikiWiki. An attacker could also entice a user to browse to a specially
+    crafted URL that could run scripts in the scope of the user's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.9.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5702">CVE-2006-5702</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5703">CVE-2006-5703</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-10T17:34:20Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-10T18:20:06Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-13T22:24:46Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-12.xml b/metadata/glsa/glsa-200611-12.xml
new file mode 100644
index 000000000000..716fbb593a36
--- /dev/null
+++ b/metadata/glsa/glsa-200611-12.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-12">
+  <title>Ruby: Denial of Service vulnerability</title>
+  <synopsis>
+    The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2006-11-20</announced>
+  <revised count="02">2009-06-11</revised>
+  <bug>153497</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5-r3</unaffected>
+      <vulnerable range="lt">1.8.5-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is a dynamic, open source programming language with a focus on
+    simplicity and productivity.
+    </p>
+  </background>
+  <description>
+    <p>
+    Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported
+    that the CGI library shipped with Ruby is vulnerable to a remote Denial
+    of Service by an unauthenticated user.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The vulnerability can be exploited by sending the cgi.rb library an
+    HTTP request with multipart MIME encoding that contains a malformed
+    MIME boundary specifier beginning with "-" instead of "--". Successful
+    exploitation of the vulnerability causes the library to go into an
+    infinite loop waiting for additional nonexistent input.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.5-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467">CVE-2006-5467</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-11-10T13:03:41Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-15T21:17:28Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-13.xml b/metadata/glsa/glsa-200611-13.xml
new file mode 100644
index 000000000000..41370ec5889e
--- /dev/null
+++ b/metadata/glsa/glsa-200611-13.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-13">
+  <title>Avahi: "netlink" message vulnerability</title>
+  <synopsis>
+    Avahi fails to verify the origin of netlink messages, which could allow
+    local users to spoof network changes.
+  </synopsis>
+  <product type="ebuild">avahi</product>
+  <announced>2006-11-20</announced>
+  <revised count="01">2006-11-20</revised>
+  <bug>154322</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dns/avahi" auto="yes" arch="*">
+      <unaffected range="ge">0.6.15</unaffected>
+      <vulnerable range="lt">0.6.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Avahi is a system that facilitates service discovery on a local
+    network.
+    </p>
+  </background>
+  <description>
+    <p>
+    Avahi does not check that the netlink messages come from the kernel
+    instead of a user-space process.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability by crafting malicious
+    netlink messages and trick Avahi to react to fake network changes. This
+    could lead users to connect to untrusted services without knowing.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Avahi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/avahi-0.6.15"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5461">CVE-2006-5461</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-16T11:46:25Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-16T11:47:51Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-20T08:40:32Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-14.xml b/metadata/glsa/glsa-200611-14.xml
new file mode 100644
index 000000000000..657a82a6e588
--- /dev/null
+++ b/metadata/glsa/glsa-200611-14.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-14">
+  <title>TORQUE: Insecure temporary file creation</title>
+  <synopsis>
+    TORQUE creates temporary files in an insecure manner which could lead to
+    the execution of arbitrary code with elevated privileges.
+  </synopsis>
+  <product type="ebuild">torque</product>
+  <announced>2006-11-20</announced>
+  <revised count="03">2006-11-24</revised>
+  <bug>152104</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-cluster/torque" auto="yes" arch="*">
+      <unaffected range="ge">2.1.6</unaffected>
+      <vulnerable range="lt">2.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TORQUE is a resource manager providing control over batch jobs and
+    distributed compute nodes.
+    </p>
+  </background>
+  <description>
+    <p>
+    TORQUE creates temporary files with predictable names. Please note that
+    the TORQUE package shipped in Gentoo Portage is not vulnerable in the
+    default configuration. Only systems with more permissive access rights
+    to the spool directory are vulnerable.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could create links in the temporary file directory,
+    pointing to a valid file somewhere on the filesystem. This could lead
+    to the execution of arbitrary code with elevated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Ensure that untrusted users don't have write access to the spool
+    directory.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TORQUE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-cluster/torque-2.1.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5677">CVE-2006-5677</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-15T20:45:04Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-16T11:48:29Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-20T08:31:55Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-15.xml b/metadata/glsa/glsa-200611-15.xml
new file mode 100644
index 000000000000..8c9e724b4fcb
--- /dev/null
+++ b/metadata/glsa/glsa-200611-15.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-15">
+  <title>qmailAdmin: Buffer overflow</title>
+  <synopsis>
+    qmailAdmin is vulnerable to a buffer overflow that could lead to the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">qmailadmin</product>
+  <announced>2006-11-21</announced>
+  <revised count="01">2006-11-21</revised>
+  <bug>153896</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/qmailadmin" auto="yes" arch="*">
+      <unaffected range="ge">1.2.10</unaffected>
+      <vulnerable range="lt">1.2.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    qmailAdmin is a free software package that provides a web interface for
+    managing a qmail system with virtual domains.
+    </p>
+  </background>
+  <description>
+    <p>
+    qmailAdmin fails to properly handle the "PATH_INFO" variable in
+    qmailadmin.c. The PATH_INFO is a standard CGI environment variable
+    filled with user supplied data.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability by sending
+    qmailAdmin a maliciously crafted URL that could lead to the execution
+    of arbitrary code with the permissions of the user running qmailAdmin.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All qmailAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/qmailadmin-1.2.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1141">CVE-2006-1141</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-15T21:38:39Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-15T21:39:01Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-20T08:53:09Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-16.xml b/metadata/glsa/glsa-200611-16.xml
new file mode 100644
index 000000000000..5468c5dc2e69
--- /dev/null
+++ b/metadata/glsa/glsa-200611-16.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-16">
+  <title>Texinfo: Buffer overflow</title>
+  <synopsis>
+    Texinfo is vulnerable to a buffer overflow that could lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">texinfo</product>
+  <announced>2006-11-21</announced>
+  <revised count="01">2006-11-21</revised>
+  <bug>154316</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/texinfo" auto="yes" arch="*">
+      <unaffected range="ge">4.8-r5</unaffected>
+      <vulnerable range="lt">4.8-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Texinfo is the official documentation system of the GNU project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Miloslav Trmac from Red Hat discovered a buffer overflow in the
+    "readline()" function of texindex.c. The "readline()" function is
+    called by the texi2dvi and texindex commands.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted Texinfo file, an
+    attacker could execute arbitrary code with the rights of the user
+    running Texinfo.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Texinfo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/texinfo-4.8-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810">CVE-2006-4810</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-15T21:23:53Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-15T21:39:27Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-16T14:40:00Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-17.xml b/metadata/glsa/glsa-200611-17.xml
new file mode 100644
index 000000000000..d2c310d382f6
--- /dev/null
+++ b/metadata/glsa/glsa-200611-17.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-17">
+  <title>fvwm: fvwm-menu-directory fvwm command injection</title>
+  <synopsis>
+    A flaw in fvwm-menu-directory may permit a local attacker to execute
+    arbitrary commands with the privileges of another user.
+  </synopsis>
+  <product type="ebuild">fvwm</product>
+  <announced>2006-11-23</announced>
+  <revised count="01">2006-11-23</revised>
+  <bug>155078</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-wm/fvwm" auto="yes" arch="*">
+      <unaffected range="ge">2.5.18-r1</unaffected>
+      <vulnerable range="lt">2.5.18-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    fvwm is a highly configurable virtual window manager for X11 desktops.
+    fvwm-menu-directory allows fvwm users to browse directories from within
+    fvwm.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that
+    fvwm-menu-directory does not sufficiently sanitise directory names
+    prior to generating menus.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker who can convince an fvwm-menu-directory user to browse
+    a directory they control could cause fvwm commands to be executed with
+    the privileges of the fvwm user. Fvwm commands can be used to execute
+    arbitrary shell commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All fvwm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-wm/fvwm-2.5.18-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5969">CVE-2006-5969</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-21T05:59:03Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-21T05:59:31Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-21T11:10:22Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-18.xml b/metadata/glsa/glsa-200611-18.xml
new file mode 100644
index 000000000000..7024399647fb
--- /dev/null
+++ b/metadata/glsa/glsa-200611-18.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-18">
+  <title>TIN: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple buffer overflows have been reported in TIN, possibly leading to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tin</product>
+  <announced>2006-11-24</announced>
+  <revised count="01">2006-11-24</revised>
+  <bug>150229</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nntp/tin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.2</unaffected>
+      <vulnerable range="lt">1.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TIN is a threaded NNTP and spool based UseNet newsreader for a variety
+    of platforms.
+    </p>
+  </background>
+  <description>
+    <p>
+    Urs Janssen and Aleksey Salow have reported multiple buffer overflows
+    in TIN. Additionally, the OpenPKG project has reported an allocation
+    off-by-one flaw which can lead to a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a TIN user to read a specially crafted news
+    article, and execute arbitrary code with the rights of the user running
+    TIN.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TIN users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-nntp/tin-1.8.2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.005-tin.html">OpenPKG Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0804">CVE-2006-0804</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-21T07:44:01Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-21T07:44:13Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-21T14:05:36Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-19.xml b/metadata/glsa/glsa-200611-19.xml
new file mode 100644
index 000000000000..14cde616d4cc
--- /dev/null
+++ b/metadata/glsa/glsa-200611-19.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-19">
+  <title>ImageMagick: PALM and DCM buffer overflows</title>
+  <synopsis>
+    ImageMagick improperly handles PALM and DCM images, potentially resulting
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2006-11-24</announced>
+  <revised count="01">2006-11-24</revised>
+  <bug>152672</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.3.0.5</unaffected>
+      <vulnerable range="lt">6.3.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a software suite to create, edit, and compose bitmap
+    images, that can also read, write, and convert images in many other
+    formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    M. Joonas Pihlaja has reported that a boundary error exists within the
+    ReadDCMImage() function of coders/dcm.c, causing the improper handling
+    of DCM images. Pihlaja also reported that there are several boundary
+    errors in the ReadPALMImage() function of coders/palm.c, similarly
+    causing the improper handling of PALM images.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted DCM or PALM
+    image with ImageMagick, and possibly execute arbitrary code with the
+    privileges of the user running ImageMagick.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.3.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456">CVE-2006-5456</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-21T07:20:25Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-22T15:07:36Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-24T19:28:35Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-20.xml b/metadata/glsa/glsa-200611-20.xml
new file mode 100644
index 000000000000..8608e9e0bd03
--- /dev/null
+++ b/metadata/glsa/glsa-200611-20.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-20">
+  <title>GNU gv: Stack overflow</title>
+  <synopsis>
+    GNU gv improperly handles user-supplied data possibly allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gv</product>
+  <announced>2006-11-24</announced>
+  <revised count="01">2006-11-24</revised>
+  <bug>154573</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/gv" auto="yes" arch="*">
+      <unaffected range="ge">3.6.2-r1</unaffected>
+      <vulnerable range="lt">3.6.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU gv is a viewer for PostScript and PDF documents.
+    </p>
+  </background>
+  <description>
+    <p>
+    GNU gv does not properly boundary check user-supplied data before
+    copying it into process buffers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted document
+    with GNU gv and execute arbitrary code with the rights of the user on
+    the system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gv users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/gv-3.6.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864">CVE-2006-5864</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-21T06:07:37Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-21T14:27:05Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-24T20:18:52Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-21.xml b/metadata/glsa/glsa-200611-21.xml
new file mode 100644
index 000000000000..e7301ff126db
--- /dev/null
+++ b/metadata/glsa/glsa-200611-21.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-21">
+  <title>Kile: Incorrect backup file permission</title>
+  <synopsis>
+    Kile uses default permissions for backup files, potentially leading to
+    information disclosure.
+  </synopsis>
+  <product type="ebuild">kile</product>
+  <announced>2006-11-27</announced>
+  <revised count="01">2006-11-27</revised>
+  <bug>155613</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-editors/kile" auto="yes" arch="*">
+      <unaffected range="ge">1.9.2-r1</unaffected>
+      <vulnerable range="lt">1.9.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Kile is a TeX/LaTeX editor for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kile fails to set the same permissions on backup files as on the
+    original file. This is similar to CVE-2005-1920.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A kile user may inadvertently grant access to sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Kile users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/kile-1.9.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920">CVE-2005-1920</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-11-24T10:25:19Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-27T07:49:07Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-22.xml b/metadata/glsa/glsa-200611-22.xml
new file mode 100644
index 000000000000..90fcf2bb2b71
--- /dev/null
+++ b/metadata/glsa/glsa-200611-22.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-22">
+  <title>Ingo H3: Folder name shell command injection</title>
+  <synopsis>
+    Ingo H3 is vulnerable to arbitrary shell command execution when handling
+    procmail rules.
+  </synopsis>
+  <product type="ebuild">horde-ingo</product>
+  <announced>2006-11-27</announced>
+  <revised count="01">2006-11-27</revised>
+  <bug>153927</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde-ingo" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2</unaffected>
+      <vulnerable range="lt">1.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and
+    IMAP filter rules.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ingo H3 fails to properly escape shell metacharacters in procmail
+    rules.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote authenticated attacker could craft a malicious rule which
+    could lead to the execution of arbitrary shell commands on the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Don't use procmail with Ingo H3.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ingo H3 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-ingo-1.1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5449">CVE-2006-5449</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-21T06:42:39Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-24T19:04:29Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-24T19:46:46Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-23.xml b/metadata/glsa/glsa-200611-23.xml
new file mode 100644
index 000000000000..3cdb3c7705da
--- /dev/null
+++ b/metadata/glsa/glsa-200611-23.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-23">
+  <title>Mono: Insecure temporary file creation</title>
+  <synopsis>
+    Mono is vulnerable to linking attacks, potentially allowing a local user to
+    overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">mono</product>
+  <announced>2006-11-28</announced>
+  <revised count="01">2006-11-28</revised>
+  <bug>150264</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/mono" auto="yes" arch="*">
+      <unaffected range="ge">1.1.13.8.1</unaffected>
+      <vulnerable range="lt">1.1.13.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mono provides the necessary software to develop and run .NET client and
+    server applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer of the SuSE Security Team discovered that the
+    System.CodeDom.Compiler classes of Mono create temporary files with
+    insecure permissions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create links in the temporary file directory,
+    pointing to a valid file somewhere on the filesystem. When an affected
+    class is called, this could result in the file being overwritten with
+    the rights of the user running the script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mono users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/mono-1.1.13.8.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5072">CVE-2006-5072</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-24T09:48:51Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-27T17:16:01Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-28T12:13:57Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-24.xml b/metadata/glsa/glsa-200611-24.xml
new file mode 100644
index 000000000000..7bca1ae33ab6
--- /dev/null
+++ b/metadata/glsa/glsa-200611-24.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-24">
+  <title>LHa: Multiple vulnerabilities</title>
+  <synopsis>
+    LHa is affected by several vulnerabilities including the remote execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">lha</product>
+  <announced>2006-11-28</announced>
+  <revised count="01">2006-11-28</revised>
+  <bug>151252</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/lha" auto="yes" arch="*">
+      <unaffected range="ge">114i-r6</unaffected>
+      <vulnerable range="lt">114i-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LHa is a console-based program for packing and unpacking LHarc
+    archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team discovered several
+    vulnerabilities in the LZH decompression component used by LHa. The
+    make_table function of unlzh.c contains an array index error and a
+    buffer overflow vulnerability. The build_tree function of unpack.c
+    contains a buffer underflow vulnerability. Additionally, unlzh.c
+    contains a code that could run in an infinite loop.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to uncompress a specially crafted archive, a remote
+    attacker could cause a Denial of Service by CPU consumption or execute
+    arbitrary code with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LHa users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/lha-114i-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335">CVE-2006-4335</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336">CVE-2006-4336</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337">CVE-2006-4337</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338">CVE-2006-4338</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-24T21:52:23Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-27T17:02:28Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-27T17:07:24Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-25.xml b/metadata/glsa/glsa-200611-25.xml
new file mode 100644
index 000000000000..e21bc91784f8
--- /dev/null
+++ b/metadata/glsa/glsa-200611-25.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-25">
+  <title>OpenLDAP: Denial of Service vulnerability</title>
+  <synopsis>
+    A flaw in OpenLDAP allows remote unauthenticated attackers to cause a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">openldap</product>
+  <announced>2006-11-28</announced>
+  <revised count="01">2006-11-28</revised>
+  <bug>154349</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nds/openldap" auto="yes" arch="*">
+      <unaffected range="ge">2.3.27-r3</unaffected>
+      <unaffected range="rge">2.2.28-r5</unaffected>
+      <unaffected range="rge">2.1.30-r8</unaffected>
+      <vulnerable range="lt">2.3.27-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenLDAP is a suite of LDAP-related applications and development tools.
+    </p>
+  </background>
+  <description>
+    <p>
+    Evgeny Legerov has discovered that the truncation of an incoming
+    authcid longer than 255 characters and ending with a space as the 255th
+    character will lead to an improperly computed name length. This will
+    trigger an assert in the libldap code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a BIND request with a specially crafted authcid parameter to
+    an OpenLDAP service, a remote attacker can cause the service to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenLDAP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "net-nds/openldap"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779">CVE-2006-5779</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-27T13:22:56Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-27T16:35:57Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-27T16:37:27Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200611-26.xml b/metadata/glsa/glsa-200611-26.xml
new file mode 100644
index 000000000000..047527372740
--- /dev/null
+++ b/metadata/glsa/glsa-200611-26.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200611-26">
+  <title>ProFTPD: Remote execution of arbitrary code</title>
+  <synopsis>
+    ProFTPD is affected by mutiple vulnerabilities allowing for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2006-11-30</announced>
+  <revised count="01">2006-11-30</revised>
+  <bug>154650</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0a</unaffected>
+      <vulnerable range="lt">1.3.0a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ProFTPD is a highly-configurable FTP server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Evgeny Legerov discovered a stack-based buffer overflow in the
+    s_replace() function in support.c, as well as a buffer overflow in in
+    the mod_tls module. Additionally, an off-by-two error related to the
+    CommandBufferSize configuration directive was reported.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An authenticated attacker could exploit the s_replace() vulnerability
+    by uploading a crafted .message file or sending specially crafted
+    commands to the server, possibly resulting in the execution of
+    arbitrary code with the rights of the user running ProFTPD. An
+    unauthenticated attacker could send specially crafted data to the
+    server with mod_tls enabled which could result in the execution of
+    arbitrary code with the rights of the user running ProFTPD. Finally,
+    the off-by-two error related to the CommandBufferSize configuration
+    directive was fixed - exploitability of this error is disputed. Note
+    that the default configuration on Gentoo is to run ProFTPD as an
+    unprivileged user, and has mod_tls disabled.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ProFTPD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.3.0a"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815">CVE-2006-5815</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170">CVE-2006-6170</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171">CVE-2006-6171 (disputed)</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-28T20:50:41Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-29T12:52:56Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-30T22:38:58Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-01.xml b/metadata/glsa/glsa-200612-01.xml
new file mode 100644
index 000000000000..fe8bf5c37517
--- /dev/null
+++ b/metadata/glsa/glsa-200612-01.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-01">
+  <title>wv library: Multiple integer overflows</title>
+  <synopsis>
+    The wv library is vulnerable to multiple integer overflows which could lead
+    to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">wv library</product>
+  <announced>2006-12-07</announced>
+  <revised count="01">2006-12-07</revised>
+  <bug>153800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/wv" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3-r1</unaffected>
+      <vulnerable range="lt">1.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    wv is a library for conversion of MS Word DOC and RTF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    The wv library fails to do proper arithmetic checks in multiple places,
+    possibly leading to integer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could craft a malicious file that, when handled with the wv
+    library, could lead to the execution of arbitrary code with the
+    permissions of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All wv library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/wv-1.2.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513">CVE-2006-4513</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-11-24T19:24:02Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-24T19:46:34Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-02.xml b/metadata/glsa/glsa-200612-02.xml
new file mode 100644
index 000000000000..fd956d6aa690
--- /dev/null
+++ b/metadata/glsa/glsa-200612-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-02">
+  <title>xine-lib: Buffer overflow</title>
+  <synopsis>
+    xine-lib is vulnerable to a buffer overflow in the Real Media input plugin,
+    which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2006-12-09</announced>
+  <revised count="01">2006-12-09</revised>
+  <bug>156645</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2-r3</unaffected>
+      <vulnerable range="lt">1.1.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine is a portable and reusable multimedia playback engine. xine-lib is
+    xine's core engine.
+    </p>
+  </background>
+  <description>
+    <p>
+    A possible buffer overflow has been reported in the Real Media input
+    plugin.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this vulnerability by enticing a user into
+    loading a specially crafted stream with xine or an application using
+    xine-lib. This can lead to a Denial of Service and possibly the
+    execution of arbitrary code with the rights of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.2-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172">CVE-2006-6172</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-03T14:51:06Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-07T10:43:19Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-09T07:44:10Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-03.xml b/metadata/glsa/glsa-200612-03.xml
new file mode 100644
index 000000000000..cbae18e200cd
--- /dev/null
+++ b/metadata/glsa/glsa-200612-03.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-03">
+  <title>GnuPG: Multiple vulnerabilities</title>
+  <synopsis>
+    GnuPG is vulnerable to a buffer overflow and an erroneous function pointer
+    dereference that can result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gnupg</product>
+  <announced>2006-12-10</announced>
+  <revised count="02">2006-12-10</revised>
+  <bug>156476</bug>
+  <bug>156947</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">1.4.6</unaffected>
+      <vulnerable range="lt">1.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite
+    of cryptographic software.
+    </p>
+  </background>
+  <description>
+    <p>
+    Hugh Warrington has reported a boundary error in GnuPG, in the
+    "ask_outfile_name()" function from openfile.c: the
+    make_printable_string() function could return a string longer than
+    expected. Additionally, Tavis Ormandy of the Gentoo Security Team
+    reported a design error in which a function pointer can be incorrectly
+    dereferenced.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to interactively use GnuPG on a
+    crafted file and trigger the boundary error, which will result in a
+    buffer overflow. They could also entice a user to process a signed or
+    encrypted file with gpg or gpgv, possibly called through another
+    application like a mail client, to trigger the dereference error. Both
+    of these vulnerabilities would result in the execution of arbitrary
+    code with the permissions of the user running GnuPG. gpg-agent, gpgsm
+    and other tools are not affected.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuPG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169">CVE-2006-6169</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235">CVE-2006-6235</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-07T11:29:58Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-08T11:06:22Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-09T21:41:04Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-04.xml b/metadata/glsa/glsa-200612-04.xml
new file mode 100644
index 000000000000..37dd894034c2
--- /dev/null
+++ b/metadata/glsa/glsa-200612-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-04">
+  <title>ModPlug: Multiple buffer overflows</title>
+  <synopsis>
+    ModPlug contains several boundary errors that could lead to buffer
+    overflows resulting in the possible execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libmodplug</product>
+  <announced>2006-12-10</announced>
+  <revised count="01">2006-12-10</revised>
+  <bug>143404</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libmodplug" auto="yes" arch="*">
+      <unaffected range="ge">0.8-r1</unaffected>
+      <vulnerable range="lt">0.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ModPlug is a library for playing MOD-like music.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma has reported various boundary errors in load_it.cpp and
+    a boundary error in the "CSoundFile::ReadSample()" function in
+    sndfile.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can entice a user to read crafted modules or ITP
+    files, which may trigger a buffer overflow resulting in the execution
+    of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ModPlug users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libmodplug-0.8-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4192">CVE-2006-4192</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-05T19:55:31Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-07T10:06:27Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-08T13:57:46Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-05.xml b/metadata/glsa/glsa-200612-05.xml
new file mode 100644
index 000000000000..011b529fea76
--- /dev/null
+++ b/metadata/glsa/glsa-200612-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-05">
+  <title>KOffice shared libraries: Heap corruption</title>
+  <synopsis>
+    An integer overflow in koffice-libs allows for a Denial of Service and
+    possibly the execution of arbitrary code when viewing malicious PowerPoint
+    files.
+  </synopsis>
+  <product type="ebuild">koffice-libs</product>
+  <announced>2006-12-10</announced>
+  <revised count="01">2006-12-10</revised>
+  <bug>155914</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/koffice-libs" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0</unaffected>
+      <vulnerable range="lt">1.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KOffice is an integrated office suite for KDE. koffice-libs is a
+    package containing shared librares used by KOffice programs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot()' in
+    klaola.cc fills 'num_of_bbd_blocks' while reading a .ppt (PowerPoint)
+    file without proper sanitizing, resulting in an integer overflow
+    subsequently overwriting the heap with parts of the file being read.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted PowerPoint file, an
+    attacker could crash the application and possibly execute arbitrary
+    code with the rights of the user running KOffice.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All koffice-libs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/koffice-libs-1.5.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6120">CVE-2006-6120</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-01T20:55:38Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-01T21:30:45Z">
+    frilled
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-10T13:39:48Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-06.xml b/metadata/glsa/glsa-200612-06.xml
new file mode 100644
index 000000000000..512f5e6a1e86
--- /dev/null
+++ b/metadata/glsa/glsa-200612-06.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-06">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified in Mozilla Thunderbird.
+  </synopsis>
+  <product type="ebuild">mozilla-thunderbird</product>
+  <announced>2006-12-10</announced>
+  <revised count="01">2006-12-10</revised>
+  <bug>154448</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.8</unaffected>
+      <vulnerable range="lt">1.5.0.8</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.8</unaffected>
+      <vulnerable range="lt">1.5.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Thunderbird is a popular open-source email client from the
+    Mozilla Project.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been identified that Mozilla Thunderbird improperly handles
+    Script objects while they are being executed, allowing them to be
+    modified during execution. JavaScript is disabled in Mozilla
+    Thunderbird by default. Mozilla Thunderbird has also been found to be
+    vulnerable to various potential buffer overflows. Lastly, the binary
+    release of Mozilla Thunderbird is vulnerable to a low exponent RSA
+    signature forgery issue because it is bundled with a vulnerable version
+    of NSS.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could entice a user to view a specially crafted email that
+    causes a buffer overflow and again executes arbitrary code or causes a
+    Denial of Service. An attacker could also entice a user to view an
+    email containing specially crafted JavaScript and execute arbitrary
+    code with the rights of the user running Mozilla Thunderbird. It is
+    important to note that JavaScript is off by default in Mozilla
+    Thunderbird, and enabling it is strongly discouraged. It is also
+    possible for an attacker to create SSL/TLS or email certificates that
+    would not be detected as invalid by the binary release of Mozilla
+    Thunderbird, raising the possibility for Man-in-the-Middle attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users upgrading to the following releases of Mozilla Thunderbird should
+    note that this version of Mozilla Thunderbird has been found to not
+    display certain messages in some cases.
+    </p>
+    <p>
+    <br/>
+    <br/> All Mozilla Thunderbird users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.5.0.8"</code>
+    <p>
+    All Mozilla Thunderbird binary release users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.5.0.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462">CVE-2006-5462</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463">CVE-2006-5463</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464">CVE-2006-5464</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747">CVE-2006-5747</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748">CVE-2006-5748</uri>
+    <uri link="https://bugzilla.mozilla.org/show_bug.cgi?id=360409">Mozilla Thunderbird Email Loss Bug</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-21T06:10:05Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-21T06:10:22Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-21T13:53:32Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-07.xml b/metadata/glsa/glsa-200612-07.xml
new file mode 100644
index 000000000000..2c4311d7e2fe
--- /dev/null
+++ b/metadata/glsa/glsa-200612-07.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-07">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Firefox.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox</product>
+  <announced>2006-12-10</announced>
+  <revised count="01">2006-12-10</revised>
+  <bug>154434</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.8</unaffected>
+      <vulnerable range="lt">1.5.0.8</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.8</unaffected>
+      <vulnerable range="lt">1.5.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is a popular open-source web browser from the Mozilla
+    Project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mozilla Firefox improperly handles Script objects while they are being
+    executed. Mozilla Firefox has also been found to be vulnerable to
+    various possible buffer overflows. Lastly, the binary release of
+    Mozilla Firefox is vulnerable to a low exponent RSA signature forgery
+    issue because it is bundled with a vulnerable version of NSS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to view specially crafted JavaScript
+    and execute arbitrary code with the rights of the user running Mozilla
+    Firefox. An attacker could also entice a user to view a specially
+    crafted web page that causes a buffer overflow and again executes
+    arbitrary code. It is also possible for an attacker to make up SSL/TLS
+    certificates that would not be detected as invalid by the binary
+    release of Mozilla Firefox, raising the possibility for
+    Man-in-the-Middle attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.5.0.8"</code>
+    <p>
+    All Mozilla Firefox binary release users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.5.0.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462">CVE-2006-5462</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463">CVE-2006-5463</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464">CVE-2006-5464</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747">CVE-2006-5747</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748">CVE-2006-5748</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-21T06:11:10Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-11-21T06:11:37Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-21T13:30:11Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-08.xml b/metadata/glsa/glsa-200612-08.xml
new file mode 100644
index 000000000000..b7faa865535c
--- /dev/null
+++ b/metadata/glsa/glsa-200612-08.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-08">
+  <title>SeaMonkey: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified in the SeaMonkey project.
+  </synopsis>
+  <product type="ebuild">seamonkey</product>
+  <announced>2006-12-10</announced>
+  <revised count="01">2006-12-10</revised>
+  <bug>154449</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6</unaffected>
+      <vulnerable range="lt">1.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The SeaMonkey project is a community effort to deliver
+    production-quality releases of code derived from the application
+    formerly known as 'Mozilla Application Suite'.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode
+    execution and arbitrary code execution.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could entice a user to load malicious JavaScript or a
+    malicious web page with a SeaMonkey application and execute arbitrary
+    code with the rights of the user running those products. It is
+    important to note that in the SeaMonkey email client, JavaScript is
+    disabled by default.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SeaMonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.0.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462">CVE-2006-5462</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463">CVE-2006-5463</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464">CVE-2006-5464</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747">CVE-2006-5747</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748">CVE-2006-5748</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-11-21T06:08:42Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-11-21T13:46:12Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-10T19:01:27Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-09.xml b/metadata/glsa/glsa-200612-09.xml
new file mode 100644
index 000000000000..5431c0049ef2
--- /dev/null
+++ b/metadata/glsa/glsa-200612-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-09">
+  <title>MadWifi: Kernel driver buffer overflow</title>
+  <synopsis>
+    MadWifi is vulnerable to a buffer overflow that could potentially lead to
+    the remote execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">madwifi-ng</product>
+  <announced>2006-12-10</announced>
+  <revised count="01">2006-12-10</revised>
+  <bug>157449</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/madwifi-ng" auto="yes" arch="*">
+      <unaffected range="ge">0.9.2.1</unaffected>
+      <vulnerable range="lt">0.9.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MadWifi (Multiband Atheros Driver for Wireless Fidelity) provides a
+    Linux kernel device driver for Atheros-based Wireless LAN devices.
+    </p>
+  </background>
+  <description>
+    <p>
+    Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer
+    overflow in the encode_ie() and the giwscan_cb() functions from
+    ieee80211_wireless.c.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted wireless WPA packets
+    containing malicious RSN Information Headers (IE) that could
+    potentially lead to the remote execution of arbitrary code as the root
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MadWifi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/madwifi-ng-0.9.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332">CVE-2006-6332</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-07T19:16:43Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-07T22:47:16Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-10T21:00:26Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-10.xml b/metadata/glsa/glsa-200612-10.xml
new file mode 100644
index 000000000000..1f46e427a3d4
--- /dev/null
+++ b/metadata/glsa/glsa-200612-10.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-10">
+  <title>Tar: Directory traversal vulnerability</title>
+  <synopsis>
+    Tar is vulnerable to directory traversal possibly allowing for the
+    overwriting of arbitrary files.
+  </synopsis>
+  <product type="ebuild">tar</product>
+  <announced>2006-12-11</announced>
+  <revised count="01">2006-12-11</revised>
+  <bug>155901</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/tar" auto="yes" arch="*">
+      <unaffected range="ge">1.16-r2</unaffected>
+      <vulnerable range="lt">1.16-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Tar program provides the ability to create and manipulate tar
+    archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tar does not properly extract archive elements using the GNUTYPE_NAMES
+    record name, allowing files to be created at arbitrary locations using
+    symlinks. Once a symlink is extracted, files after the symlink in the
+    archive will be extracted to the destination of the symlink.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to extract a specially crafted tar
+    archive, possibly allowing for the overwriting of arbitrary files on
+    the system extracting the archive.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tar users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/tar-1.16-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097">CVE-2006-6097</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-07T10:14:08Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-10T20:35:35Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-11T17:59:09Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-11.xml b/metadata/glsa/glsa-200612-11.xml
new file mode 100644
index 000000000000..621333922a16
--- /dev/null
+++ b/metadata/glsa/glsa-200612-11.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-11">
+  <title>AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities</title>
+  <synopsis>
+    OpenSSL contains multiple vulnerabilities including the possible execution
+    of remote arbitrary code.
+  </synopsis>
+  <product type="ebuild">emul-linux-x86-baselibs</product>
+  <announced>2006-12-11</announced>
+  <revised count="01">2006-12-11</revised>
+  <bug>152640</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="amd64">
+      <unaffected range="ge">2.5.5</unaffected>
+      <vulnerable range="lt">2.5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
+    Layer Security protocols and a general-purpose cryptography library.
+    The x86 emulation base libraries for AMD64 contain a vulnerable version
+    of OpenSSL.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy and Will Drewry, both of the Google Security Team,
+    discovered that the SSL_get_shared_ciphers() function contains a buffer
+    overflow vulnerability, and that the SSLv2 client code contains a flaw
+    leading to a crash. Additionally, Dr. Stephen N. Henson found that the
+    ASN.1 handler contains two Denial of Service vulnerabilities: while
+    parsing an invalid ASN.1 structure and while handling certain types of
+    public key.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could trigger the buffer overflow by sending a malicious
+    suite of ciphers to an application using the vulnerable function, and
+    thus execute arbitrary code with the rights of the user running the
+    application. An attacker could also consume CPU and/or memory by
+    exploiting the Denial of Service vulnerabilities. Finally, a malicious
+    server could crash a SSLv2 client through the SSLv2 vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AMD64 x86 emulation base libraries users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-baselibs-2.5.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937">CVE-2006-2937</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940">CVE-2006-2940</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738">CVE-2006-3738</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343">CVE-2006-4343</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-10-24T10:04:50Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-11T23:29:14Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-12.xml b/metadata/glsa/glsa-200612-12.xml
new file mode 100644
index 000000000000..869a9631740d
--- /dev/null
+++ b/metadata/glsa/glsa-200612-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-12">
+  <title>F-PROT Antivirus: Multiple vulnerabilities</title>
+  <synopsis>
+    F-Prot Antivirus contains a buffer overflow and other unspecified
+    vulnerabilities, possibly allowing the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">f-prot</product>
+  <announced>2006-12-12</announced>
+  <revised count="01">2006-12-12</revised>
+  <bug>157612</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/f-prot" auto="yes" arch="*">
+      <unaffected range="ge">4.6.7</unaffected>
+      <vulnerable range="lt">4.6.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    F-Prot Antivirus is a FRISK Software antivirus program that can used
+    with procmail.
+    </p>
+  </background>
+  <description>
+    <p>
+    F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an
+    infinite loop, and other unspecified vulnerabilities.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Among other weaker impacts, a remote attacker could send an e-mail
+    containing a malicious file that would trigger the buffer overflow
+    vulnerability and execute arbitrary code with the privileges of the
+    user running F-Prot, which may be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All F-Prot users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/f-prot-4.6.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6293">CVE-2006-6293</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6294">CVE-2006-6294</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6352">CVE-2006-6352</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-11T17:16:15Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-11T20:51:14Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-11T23:24:00Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-13.xml b/metadata/glsa/glsa-200612-13.xml
new file mode 100644
index 000000000000..20fc22478cda
--- /dev/null
+++ b/metadata/glsa/glsa-200612-13.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-13">
+  <title>libgsf: Buffer overflow</title>
+  <synopsis>
+    libgsf improperly allocates memory allowing for a heap overflow and
+    possibly the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libgsf</product>
+  <announced>2006-12-12</announced>
+  <revised count="01">2006-12-12</revised>
+  <bug>156693</bug>
+  <access>remote</access>
+  <affected>
+    <package name="gnome-extra/libgsf" auto="yes" arch="*">
+      <unaffected range="ge">1.14.2</unaffected>
+      <vulnerable range="lt">1.14.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNOME Structured File Library is an I/O library that can read and
+    write common file types and handle structured formats that provide
+    file-system-in-a-file semantics.
+    </p>
+  </background>
+  <description>
+    <p>
+    "infamous41md" has discovered that the "ole_init_info" function may
+    allocate too little memory for storing the contents of an OLE document,
+    resulting in a heap buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted OLE
+    document, and possibly execute arbitrary code with the rights of the
+    user opening the document.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libgsf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=gnome-extra/libgsf-1.14.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4514">CVE-2006-4514</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-10T19:48:29Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-10T20:34:33Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-11T18:08:22Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-14.xml b/metadata/glsa/glsa-200612-14.xml
new file mode 100644
index 000000000000..07f08c83be0e
--- /dev/null
+++ b/metadata/glsa/glsa-200612-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-14">
+  <title>Trac: Cross-site request forgery</title>
+  <synopsis>
+    Trac allows remote attackers to execute unauthorized actions as other
+    users.
+  </synopsis>
+  <product type="ebuild">trac</product>
+  <announced>2006-12-12</announced>
+  <revised count="01">2006-12-12</revised>
+  <bug>154574</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/trac" auto="yes" arch="*">
+      <unaffected range="ge">0.10.1</unaffected>
+      <vulnerable range="lt">0.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Trac is a wiki and issue tracking system for software development
+    projects.
+    </p>
+  </background>
+  <description>
+    <p>
+    Trac allows users to perform certain tasks via HTTP requests without
+    performing correct validation on those requests.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could entice an authenticated user to browse to a specially
+    crafted URL, allowing the attacker to execute actions in the Trac
+    instance as if they were the user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Trac users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/trac-0.10.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5848">CVE-2006-5848</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5878">CVE-2006-5878</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-06T06:01:31Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-07T10:06:43Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-11T18:17:55Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-15.xml b/metadata/glsa/glsa-200612-15.xml
new file mode 100644
index 000000000000..a7acf9409a81
--- /dev/null
+++ b/metadata/glsa/glsa-200612-15.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-15">
+  <title>McAfee VirusScan: Insecure DT_RPATH</title>
+  <synopsis>
+    McAfee VirusScan for Linux is distributed with an insecure DT_RPATH,
+    potentially allowing a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlnx</product>
+  <announced>2006-12-14</announced>
+  <revised count="01">2006-12-14</revised>
+  <bug>156989</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/vlnx" auto="yes" arch="*">
+      <vulnerable range="le">4510e</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    McAfee VirusScan for Linux is a commercial antivirus solution for
+    Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was
+    distributed with an insecure DT_RPATH which included the current
+    working directory, rather than $ORIGIN which was probably intended.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could entice a VirusScan user to scan an arbitrary file and
+    execute arbitrary code with the privileges of the VirusScan user by
+    tricking the dynamic loader into loading an untrusted ELF DSO. An
+    automated system, such as a mail scanner, may be subverted to execute
+    arbitrary code with the privileges of the process invoking VirusScan.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not scan files or execute VirusScan from an untrusted working
+    directory.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    As VirusScan verifies that it has not been modified before executing,
+    it is not possible to correct the DT_RPATH. Furthermore, this would
+    violate the license that VirusScan is distributed under. For this
+    reason, the package has been masked in Portage pending the resolution
+    of this issue.
+    </p>
+    <code>
+    # emerge --ask --verbose --unmerge "app-antivirus/vlnx"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6474">CVE-2006-6474</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-12-11T18:55:04Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-11T21:23:39Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-16.xml b/metadata/glsa/glsa-200612-16.xml
new file mode 100644
index 000000000000..9c7a98540a33
--- /dev/null
+++ b/metadata/glsa/glsa-200612-16.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-16">
+  <title>Links: Arbitrary Samba command execution</title>
+  <synopsis>
+    Links does not properly validate "smb://" URLs, making it vulnerable to the
+    execution of arbitrary Samba commands.
+  </synopsis>
+  <product type="ebuild">links</product>
+  <announced>2006-12-14</announced>
+  <revised count="01">2006-12-14</revised>
+  <bug>157028</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/links" auto="yes" arch="*">
+      <unaffected range="ge">2.1_pre26</unaffected>
+      <vulnerable range="lt">2.1_pre26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Links is a web browser running in both graphics and text modes.
+    </p>
+  </background>
+  <description>
+    <p>
+    Teemu Salmela discovered that Links does not properly validate "smb://"
+    URLs when it runs smbclient commands.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to browse to a specially crafted
+    "smb://" URL and execute arbitrary Samba commands, which would allow
+    the overwriting of arbitrary local files or the upload or the download
+    of arbitrary files. This vulnerability can be exploited only if
+    "smbclient" is installed on the victim's computer, which is provided by
+    the "samba" Gentoo package.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Links users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/links-2.1_pre26"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5925">CVE-2006-5925</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-10T21:05:34Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-12T00:14:43Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-13T14:10:35Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-17.xml b/metadata/glsa/glsa-200612-17.xml
new file mode 100644
index 000000000000..51128a8e5df0
--- /dev/null
+++ b/metadata/glsa/glsa-200612-17.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-17">
+  <title>GNU Radius: Format string vulnerability</title>
+  <synopsis>
+    A format string vulnerabilty has been found in GNU Radius, which could lead
+    to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gnuradius</product>
+  <announced>2006-12-14</announced>
+  <revised count="01">2006-12-14</revised>
+  <bug>156376</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/gnuradius" auto="yes" arch="*">
+      <unaffected range="ge">1.4</unaffected>
+      <vulnerable range="lt">1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Radius is a GNU version of Radius, a server for remote user
+    authentication and accounting.
+    </p>
+  </background>
+  <description>
+    <p>
+    A format string vulnerability was found in the sqllog function from the
+    SQL accounting code for radiusd. That function is only used if one or
+    more of the "postgresql", "mysql" or "odbc" USE flags are enabled,
+    which is not the default, except for the "server" 2006.1 and 2007.0
+    profiles which enable the "mysql" USE flag.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An unauthenticated remote attacker could execute arbitrary code with
+    the privileges of the user running radiusd, which may be the root user.
+    It is important to note that there is no default GNU Radius user for
+    Gentoo systems because no init script is provided with the package.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Radius users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dialup/gnuradius-1.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4181">CVE-2006-4181</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-11T16:15:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-11T20:51:18Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-11T22:14:11Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-18.xml b/metadata/glsa/glsa-200612-18.xml
new file mode 100644
index 000000000000..5ed634ad43aa
--- /dev/null
+++ b/metadata/glsa/glsa-200612-18.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-18">
+  <title>ClamAV: Denial of service</title>
+  <synopsis>
+    ClamAV is vulnerable to Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2006-12-18</announced>
+  <revised count="01">2006-12-18</revised>
+  <bug>157698</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.88.7</unaffected>
+      <vulnerable range="lt">0.88.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    Hendrik Weimer discovered that ClamAV fails to properly handle deeply
+    nested MIME multipart/mixed content.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By sending a specially crafted email with deeply nested MIME
+    multipart/mixed content an attacker could cause ClamAV to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.88.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481">CVE-2006-6481</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-12-16T18:27:28Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-18T19:01:42Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-19.xml b/metadata/glsa/glsa-200612-19.xml
new file mode 100644
index 000000000000..b7ae18ae2f92
--- /dev/null
+++ b/metadata/glsa/glsa-200612-19.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-19">
+  <title>pam_ldap: Authentication bypass vulnerability</title>
+  <synopsis>
+    pam_ldap contains a vulnerability that may allow a remote user with a
+    locked account to gain unauthorized system access.
+  </synopsis>
+  <product type="ebuild">pam_ldap</product>
+  <announced>2006-12-20</announced>
+  <revised count="01">2006-12-20</revised>
+  <bug>153916</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-auth/pam_ldap" auto="yes" arch="*">
+      <unaffected range="ge">183</unaffected>
+      <vulnerable range="lt">183</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pam_ldap is a Pluggable Authentication Module which allows
+    authentication against LDAP directories.
+    </p>
+  </background>
+  <description>
+    <p>
+    Steve Rigler discovered that pam_ldap does not correctly handle
+    "PasswordPolicyResponse" control responses from an LDAP directory. This
+    causes the pam_authenticate() function to always succeed, even if the
+    previous authentication failed.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A locked user may exploit this vulnerability to bypass the LDAP
+    authentication mechanism, possibly gaining unauthorized access to the
+    system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pam_ldap users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-auth/pam_ldap-183"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170">CVE-2006-5170</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-12-19T16:57:27Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-19T16:58:04Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-20.xml b/metadata/glsa/glsa-200612-20.xml
new file mode 100644
index 000000000000..d64edb5742ee
--- /dev/null
+++ b/metadata/glsa/glsa-200612-20.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-20">
+  <title>imlib2: Multiple vulnerabilities</title>
+  <synopsis>
+    imlib2 contains several vulnerabilities that could lead to the remote
+    execution of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">imlib2</product>
+  <announced>2006-12-20</announced>
+  <revised count="01">2006-12-20</revised>
+  <bug>154216</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/imlib2" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0</unaffected>
+      <vulnerable range="lt">1.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    imlib2 is an advanced replacement for image manipulation libraries such
+    as libXpm. It is utilized by numerous programs, including gkrellm and
+    several window managers, to display images.
+    </p>
+  </background>
+  <description>
+    <p>
+    M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c,
+    loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c,
+    loader_pnm.c and an out-of-bounds memory read access in loader_tga.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can entice a user to process a specially crafted JPG, ARGB,
+    PNG, LBM, PNM, TIFF, or TGA image with an "imlib2*" binary or another
+    application using the imlib2 libraries. Successful exploitation of the
+    buffer overflows causes the execution of arbitrary code with the
+    permissions of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All imlib2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/imlib2-1.3.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4806">CVE-2006-4806</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4807">CVE-2006-4807</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4808">CVE-2006-4808</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4809">CVE-2006-4809</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-15T16:10:27Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-18T20:15:32Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-19T16:42:29Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200612-21.xml b/metadata/glsa/glsa-200612-21.xml
new file mode 100644
index 000000000000..4f6c5a997d6f
--- /dev/null
+++ b/metadata/glsa/glsa-200612-21.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200612-21">
+  <title>Ruby: Denial of Service vulnerability</title>
+  <synopsis>
+    The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2006-12-20</announced>
+  <revised count="01">2006-12-20</revised>
+  <bug>157048</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5_p2</unaffected>
+      <vulnerable range="lt">1.8.5_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is a dynamic, open source programming language with a focus on
+    simplicity and productivity.
+    </p>
+  </background>
+  <description>
+    <p>
+    The read_multipart function of the CGI library shipped with Ruby
+    (cgi.rb) does not properly check boundaries in MIME multipart content.
+    This is a different issue than GLSA 200611-12.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    The vulnerability can be exploited by sending the cgi.rb library a
+    crafted HTTP request with multipart MIME encoding that contains a
+    malformed MIME boundary specifier. Successful exploitation of the
+    vulnerability causes the library to go into an infinite loop.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.5_p2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303">CVE-2006-6303</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-12-19T16:20:14Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-19T16:20:29Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-01.xml b/metadata/glsa/glsa-200701-01.xml
new file mode 100644
index 000000000000..2671dcd8090a
--- /dev/null
+++ b/metadata/glsa/glsa-200701-01.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-01">
+  <title>DenyHosts: Denial of service</title>
+  <synopsis>
+    DenyHosts does not correctly parse log entries, potentially causing a
+    remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">denyhosts</product>
+  <announced>2007-01-03</announced>
+  <revised count="01">2007-01-03</revised>
+  <bug>157163</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/denyhosts" auto="yes" arch="*">
+      <unaffected range="ge">2.6</unaffected>
+      <vulnerable range="lt">2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DenyHosts is designed to monitor SSH servers for repeated failed login
+    attempts.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that
+    DenyHosts used an incomplete regular expression to parse failed login
+    attempts.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote unauthenticated attacker can add arbitrary hosts to the
+    blacklist by attempting to login with a specially crafted username. An
+    attacker may use this to prevent legitimate users from accessing a host
+    remotely.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All DenyHosts users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/denyhosts-2.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6301">CVE-2006-6301</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-12-18T22:34:37Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-01T14:18:29Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-02.xml b/metadata/glsa/glsa-200701-02.xml
new file mode 100644
index 000000000000..f9cfc8e010b9
--- /dev/null
+++ b/metadata/glsa/glsa-200701-02.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-02">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Firefox, some of
+    which may allow the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox</product>
+  <announced>2007-01-04</announced>
+  <revised count="01">2007-01-04</revised>
+  <bug>156023</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.9</unaffected>
+      <vulnerable range="lt">1.5.0.9</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.9</unaffected>
+      <vulnerable range="lt">1.5.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is a popular open-source web browser from the Mozilla
+    Project.
+    </p>
+  </background>
+  <description>
+    <p>
+    An anonymous researcher found evidence of memory corruption in the way
+    Mozilla Firefox handles certain types of SVG comment DOM nodes.
+    Additionally, Frederik Reiss discovered a heap-based buffer overflow in
+    the conversion of a CSS cursor. Other issues with memory corruption
+    were also fixed. Mozilla Firefox also contains less severe
+    vulnerabilities involving JavaScript and Java.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to view a specially crafted web page
+    that will trigger one of the vulnerabilities, possibly leading to the
+    execution of arbitrary code. It is also possible for an attacker to
+    perform cross-site scripting attacks, leading to the exposure of
+    sensitive information, like user credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.5.0.9"</code>
+    <p>
+    All Mozilla Firefox binary release users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.5.0.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497">CVE-2006-6497</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498">CVE-2006-6498</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499">CVE-2006-6499</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500">CVE-2006-6500</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501">CVE-2006-6501</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502">CVE-2006-6502</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503">CVE-2006-6503</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504">CVE-2006-6504</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6506">CVE-2006-6506</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6507">CVE-2006-6507</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-12-28T15:30:23Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-28T16:10:02Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-03.xml b/metadata/glsa/glsa-200701-03.xml
new file mode 100644
index 000000000000..4655c01d49a4
--- /dev/null
+++ b/metadata/glsa/glsa-200701-03.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-03">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of
+    which may allow the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla-thunderbird</product>
+  <announced>2007-01-04</announced>
+  <revised count="01">2007-01-04</revised>
+  <bug>158571</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.9</unaffected>
+      <vulnerable range="lt">1.5.0.9</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.9</unaffected>
+      <vulnerable range="lt">1.5.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Thunderbird is a popular open-source email client from the
+    Mozilla Project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Georgi Guninski and David Bienvenu discovered buffer overflows in the
+    processing of long "Content-Type:" and long non-ASCII MIME headers.
+    Additionally, Frederik Reiss discovered a heap-based buffer overflow in
+    the conversion of a CSS cursor. Different vulnerabilities involving
+    memory corruption in the browser engine were also fixed. Mozilla
+    Thunderbird also contains less severe vulnerabilities involving
+    JavaScript and Java.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could entice a user to view a specially crafted email that
+    will trigger one of these vulnerabilities, possibly leading to the
+    execution of arbitrary code. An attacker could also perform cross-site
+    scripting attacks, leading to the exposure of sensitive information,
+    like user credentials. Note that the execution of JavaScript or Java
+    applets is disabled by default and enabling it is strongly discouraged.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.5.0.9"</code>
+    <p>
+    All Mozilla Thunderbird binary release users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.5.0.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497">CVE-2006-6497</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500">CVE-2006-6500</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501">CVE-2006-6501</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502">CVE-2006-6502</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503">CVE-2006-6503</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6505">CVE-2006-6505</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-12-28T15:51:07Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2006-12-28T16:10:06Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-04.xml b/metadata/glsa/glsa-200701-04.xml
new file mode 100644
index 000000000000..956a384ea05a
--- /dev/null
+++ b/metadata/glsa/glsa-200701-04.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-04">
+  <title>SeaMonkey: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in the SeaMonkey project, some
+    of which may allow the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">seamonkey</product>
+  <announced>2007-01-10</announced>
+  <revised count="01">2007-01-10</revised>
+  <bug>158576</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.0.7</unaffected>
+      <vulnerable range="lt">1.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The SeaMonkey project is a community effort to deliver
+    production-quality releases of code derived from the application
+    formerly known as the 'Mozilla Application Suite'.
+    </p>
+  </background>
+  <description>
+    <p>
+    An anonymous researcher found evidence of memory corruption in the way
+    SeaMonkey handles certain types of SVG comment DOM nodes. Georgi
+    Guninski and David Bienvenu discovered buffer overflows in the
+    processing of long "Content-Type:" and long non-ASCII MIME email
+    headers. Additionally, Frederik Reiss discovered a heap-based buffer
+    overflow in the conversion of a CSS cursor. Several other issues with
+    memory corruption were also fixed. SeaMonkey also contains less severe
+    vulnerabilities involving JavaScript and Java.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could entice a user to load malicious JavaScript or a
+    malicious web page with a SeaMonkey application, possibly leading to
+    the execution of arbitrary code with the rights of the user running
+    those products. An attacker could also perform cross-site scripting
+    attacks, leading to the exposure of sensitive information, like user
+    credentials. Note that the execution of JavaScript or Java applets is
+    disabled by default in the SeaMonkey email client, and enabling it is
+    strongly discouraged.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There are no known workarounds for all the issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SeaMonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.0.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497">CVE-2006-6497</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498">CVE-2006-6498</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499">CVE-2006-6499</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500">CVE-2006-6500</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501">CVE-2006-6501</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502">CVE-2006-6502</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503">CVE-2006-6503</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504">CVE-2006-6504</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6505">CVE-2006-6505</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2006-12-28T16:02:48Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-10T21:26:08Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-05.xml b/metadata/glsa/glsa-200701-05.xml
new file mode 100644
index 000000000000..37c4f19e0402
--- /dev/null
+++ b/metadata/glsa/glsa-200701-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-05">
+  <title>KDE kfile JPEG info plugin: Denial of service</title>
+  <synopsis>
+    The KDE kfile JPEG info plugin of kdegraphics could enter an endless loop
+    leading to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">kdegraphics-kfile-plugins</product>
+  <announced>2007-01-12</announced>
+  <revised count="01">2007-01-12</revised>
+  <bug>155949</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdegraphics-kfile-plugins" auto="yes" arch="*">
+      <unaffected range="ge">3.5.5-r1</unaffected>
+      <vulnerable range="lt">3.5.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The KDE kfile-info JPEG plugin provides meta-information about JPEG
+    files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Marcus Meissner of the SUSE security team discovered a stack overflow
+    vulnerability in the code processing EXIF information in the kfile JPEG
+    info plugin.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a specially crafted JPEG
+    image with a KDE application like Konqueror or digiKam, leading to a
+    Denial of Service by an infinite recursion.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KDE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdegraphics-kfile-plugins-3.5.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6297">CVE-2006-6297</uri>
+  </references>
+  <metadata tag="requester" timestamp="2006-12-22T08:45:31Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2006-12-28T16:52:12Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-12T13:14:10Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-06.xml b/metadata/glsa/glsa-200701-06.xml
new file mode 100644
index 000000000000..0cc6e9d0786f
--- /dev/null
+++ b/metadata/glsa/glsa-200701-06.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-06">
+  <title>w3m: Format string vulnerability</title>
+  <synopsis>
+    w3m does not correctly handle format string specifiers in SSL certificates.
+  </synopsis>
+  <product type="ebuild">w3m</product>
+  <announced>2007-01-12</announced>
+  <revised count="01">2007-01-12</revised>
+  <bug>159145</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/w3m" auto="yes" arch="*">
+      <unaffected range="ge">0.5.1-r4</unaffected>
+      <vulnerable range="lt">0.5.1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    w3m is a multi-platform text-based web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    w3m in -dump or -backend mode does not correctly handle printf() format
+    string specifiers in the Common Name (CN) field of an X.509 SSL
+    certificate.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to visit a malicious website that would
+    load a specially crafted X.509 SSL certificate containing "%n" or other
+    format string specifiers, possibly resulting in the execution of
+    arbitrary code with the rights of the user running w3m.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All w3m users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/w3m-0.5.1-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6772">CVE-2006-6772</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-01-11T00:57:23Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-11T11:00:25Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-07.xml b/metadata/glsa/glsa-200701-07.xml
new file mode 100644
index 000000000000..9b8e955d8e41
--- /dev/null
+++ b/metadata/glsa/glsa-200701-07.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-07">
+  <title>OpenOffice.org: EMF/WMF file handling vulnerabilities</title>
+  <synopsis>
+    A truncation error and integer overflows in the EMF/WMF file handling of
+    OpenOffice.org could be exploited to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">openoffice</product>
+  <announced>2007-01-12</announced>
+  <revised count="01">2007-01-12</revised>
+  <bug>159951</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.1.0</unaffected>
+      <vulnerable range="lt">2.1.0</vulnerable>
+    </package>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4</unaffected>
+      <vulnerable range="lt">2.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    John Heasman of NGSSoftware has discovered integer overflows in the
+    EMR_POLYPOLYGON and EMR_POLYPOLYGON16 processing and an error within
+    the handling of META_ESCAPE records.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to cause heap overflows
+    and potentially execute arbitrary code with the privileges of the user
+    running OpenOffice.org by enticing the user to open a document
+    containing a malicious WMF/EMF file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround known at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org binary users should update to version 2.1.0 or
+    later:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-2.1.0"</code>
+    <p>
+    All OpenOffice.org users should update to version 2.0.4 or later:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5870">CVE-2006-5870</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-09T18:48:36Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-09T19:06:14Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-12T12:16:11Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-08.xml b/metadata/glsa/glsa-200701-08.xml
new file mode 100644
index 000000000000..e9141c4501eb
--- /dev/null
+++ b/metadata/glsa/glsa-200701-08.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-08">
+  <title>Opera: Two remote code execution vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities may allow the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2007-01-12</announced>
+  <revised count="01">2007-01-12</revised>
+  <bug>160369</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.10</unaffected>
+      <vulnerable range="lt">9.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Christoph Deal discovered that JPEG files with a specially crafted DHT
+    marker can be exploited to cause a heap overflow. Furthermore, an
+    anonymous person discovered that Opera does not correctly handle
+    objects passed to the "createSVGTransformFromMatrix()" function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could potentially exploit the vulnerabilities to execute
+    arbitrary code with the privileges of the user running Opera by
+    enticing a victim to open a specially crafted JPEG file or a website
+    containing malicious JavaScript code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The vendor recommends disabling JavaScript to avoid the
+    "createSVGTransformFromMatrix" vulnerability. There is no known
+    workaround for the other vulnerability.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should update to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.opera.com/support/search/supsearch.dml?index=851">Opera Advisory (createSVGTransformFromMatrix)</uri>
+    <uri link="https://www.opera.com/support/search/supsearch.dml?index=852">Opera Advisory (JPEG)</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0126">CVE-2007-0126</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0127">CVE-2007-0127</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-09T12:37:33Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-09T12:37:44Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-09T18:43:10Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-09.xml b/metadata/glsa/glsa-200701-09.xml
new file mode 100644
index 000000000000..c2c0ae1fe2c8
--- /dev/null
+++ b/metadata/glsa/glsa-200701-09.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-09">
+  <title>oftpd: Denial of service</title>
+  <synopsis>
+    An assertion in oftpd could lead to a denial of service vulnerability.
+  </synopsis>
+  <product type="ebuild">oftpd</product>
+  <announced>2007-01-15</announced>
+  <revised count="01">2007-01-15</revised>
+  <bug>159178</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/oftpd" auto="yes" arch="*">
+      <unaffected range="ge">0.3.7-r3</unaffected>
+      <vulnerable range="lt">0.3.7-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    oftpd is a small, anonymous only ftp daemon.
+    </p>
+  </background>
+  <description>
+    <p>
+    By specifying an unsupported address family in the arguments to a LPRT
+    or LPASV command, an assertion in oftpd will cause the daemon to abort.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote, unauthenticated attackers may be able to terminate any oftpd
+    process, denying service to legitimate users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All oftpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/oftpd-0.3.7-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6767">CVE-2006-6767</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-01-14T22:33:02Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-14T23:05:10Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-10.xml b/metadata/glsa/glsa-200701-10.xml
new file mode 100644
index 000000000000..d62e603d20f7
--- /dev/null
+++ b/metadata/glsa/glsa-200701-10.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-10">
+  <title>WordPress: Multiple vulnerabilities</title>
+  <synopsis>
+    WordPress is vulnerable to SQL injection, information disclosure, and
+    cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">wordpress</product>
+  <announced>2007-01-15</announced>
+  <revised count="01">2007-01-15</revised>
+  <bug>159229</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <unaffected range="ge">2.0.6</unaffected>
+      <vulnerable range="lt">2.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a popular personal publishing platform with a web
+    interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    When decoding trackbacks with alternate character sets, WordPress does
+    not correctly sanitize the entries before further modifying a SQL
+    query. WordPress also displays different error messages in wp-login.php
+    based upon whether or not a user exists. David Kierznowski has
+    discovered that WordPress fails to properly sanitize recent file
+    information in /wp-admin/templates.php before sending that information
+    to a browser.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could inject arbitrary SQL into WordPress database queries.
+    An attacker could also determine if a WordPress user existed by trying
+    to login as that user, better facilitating brute force attacks. Lastly,
+    an attacker authenticated to view the administrative section of a
+    WordPress instance could try to edit a file with a malicious filename;
+    this may cause arbitrary HTML or JavaScript to be executed in users'
+    browsers viewing /wp-admin/templates.php.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WordPress users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-2.0.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6808">CVE-2006-6808</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0107">CVE-2007-0107</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0109">CVE-2007-0109</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-08T10:45:23Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-09T13:32:54Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-12T13:12:39Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-11.xml b/metadata/glsa/glsa-200701-11.xml
new file mode 100644
index 000000000000..dd07261bb187
--- /dev/null
+++ b/metadata/glsa/glsa-200701-11.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-11">
+  <title>Kronolith: Local file inclusion</title>
+  <synopsis>
+    Kronolith contains a flaw that could allow the execution of arbitrary
+    files.
+  </synopsis>
+  <product type="ebuild">horde-kronolith</product>
+  <announced>2007-01-16</announced>
+  <revised count="01">2007-01-16</revised>
+  <bug>156627</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde-kronolith" auto="yes" arch="*">
+      <unaffected range="ge">2.1.4</unaffected>
+      <vulnerable range="lt">2.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Kronolith is a web-based calendar which relies on the Horde Framework
+    for integration with other applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
+    string is used instead of a sanitized string to view local files.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An authenticated attacker could craft an HTTP GET request that uses
+    directory traversal techniques to execute any file on the web server as
+    PHP code, which could allow information disclosure or arbitrary code
+    execution with the rights of the user running the PHP application
+    (usually the webserver user).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All horde-kronolith users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-kronolith-2.1.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6175">CVE-2006-6175</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-14T17:58:37Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-14T21:54:17Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-15T12:41:09Z">
+    aetius
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-12.xml b/metadata/glsa/glsa-200701-12.xml
new file mode 100644
index 000000000000..c817a168cb36
--- /dev/null
+++ b/metadata/glsa/glsa-200701-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-12">
+  <title>Mono: Information disclosure</title>
+  <synopsis>
+    Mono does not properly sanitize pathnames allowing unauthorized information
+    disclosure.
+  </synopsis>
+  <product type="ebuild">mono</product>
+  <announced>2007-01-16</announced>
+  <revised count="02">2007-01-17</revised>
+  <bug>159886</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/mono" auto="yes" arch="*">
+      <unaffected range="ge">1.2.2.1</unaffected>
+      <vulnerable range="lt">1.2.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mono provides the necessary software to develop and run .NET client and
+    server applications on various platforms.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jose Ramon Palanco has discovered that the System.Web class in the XSP
+    for the ASP.NET server 1.1 through 2.0 in Mono does not properly
+    validate or sanitize local pathnames which could allow server-side file
+    content disclosure.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could append a space character to a URI and obtain
+    unauthorized access to the source code of server-side files. An
+    attacker could also read credentials by requesting Web.Config%20 from a
+    Mono server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mono users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/mono-1.2.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6104">CVE-2006-6104</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-14T18:42:16Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-14T21:54:13Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-15T00:17:42Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-13.xml b/metadata/glsa/glsa-200701-13.xml
new file mode 100644
index 000000000000..780cab1e1024
--- /dev/null
+++ b/metadata/glsa/glsa-200701-13.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-13">
+  <title>Fetchmail: Denial of Service and password disclosure</title>
+  <synopsis>
+    Fetchmail has been found to have numerous vulnerabilities allowing for
+    Denial of Service and password disclosure.
+  </synopsis>
+  <product type="ebuild">fetchmail</product>
+  <announced>2007-01-22</announced>
+  <revised count="01">2007-01-22</revised>
+  <bug>160463</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/fetchmail" auto="yes" arch="*">
+      <unaffected range="ge">6.3.6</unaffected>
+      <vulnerable range="lt">6.3.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Fetchmail is a remote mail retrieval and forwarding utility.
+    </p>
+  </background>
+  <description>
+    <p>
+    Neil Hoggarth has discovered that when delivering messages to a message
+    delivery agent by means of the "mda" option, Fetchmail passes a NULL
+    pointer to the ferror() and fflush() functions when refusing a message.
+    Isaac Wilcox has discovered numerous means of plain-text password
+    disclosure due to errors in secure connection establishment.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could deliver a message via Fetchmail to a message delivery
+    agent configured to refuse the message, and crash the Fetchmail
+    process. SMTP and LMTP delivery modes are not affected by this
+    vulnerability. An attacker could also perform a Man-in-the-Middle
+    attack, and obtain plain-text authentication credentials of users
+    connecting to a Fetchmail process.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All fetchmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/fetchmail-6.3.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867">CVE-2006-5867</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974">CVE-2006-5974</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-15T23:33:39Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-16T17:08:58Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-18T02:05:45Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-14.xml b/metadata/glsa/glsa-200701-14.xml
new file mode 100644
index 000000000000..8fc60c481f9d
--- /dev/null
+++ b/metadata/glsa/glsa-200701-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-14">
+  <title>Mod_auth_kerb: Denial of service</title>
+  <synopsis>
+    Mod_auth_kerb is vulnerable to a buffer overflow possibly allowing a Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">mod_auth_kerb</product>
+  <announced>2007-01-22</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>155782</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_auth_kerb" auto="yes" arch="*">
+      <unaffected range="ge">5.0_rc7-r1</unaffected>
+      <vulnerable range="lt">5.0_rc7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mod_auth_kerb is an Apache authentication module using Kerberos.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mod_auth_kerb improperly handles component byte encoding in the
+    der_get_oid() function, allowing for a buffer overflow to occur if
+    there are no components which require more than one byte for encoding.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could try to access a Kerberos protected resource on an
+    Apache server with an incorrectly configured service principal and
+    crash the server process. It is important to note that this buffer
+    overflow is not known to allow for the execution of code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mod_auth_kerb users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_auth_kerb-5.0_rc7-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5989">CVE-2006-5989</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-17T22:33:24Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-17T22:40:53Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-18T01:47:32Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-15.xml b/metadata/glsa/glsa-200701-15.xml
new file mode 100644
index 000000000000..10849847af74
--- /dev/null
+++ b/metadata/glsa/glsa-200701-15.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-15">
+  <title>Sun JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple unspecified vulnerabilities have been identified in Sun Java
+    Development Kit (JDK) and Java Runtime Environment (JRE).
+  </synopsis>
+  <product type="ebuild">java</product>
+  <announced>2007-01-22</announced>
+  <revised count="04">2008-07-16</revised>
+  <bug>158659</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.09</unaffected>
+      <unaffected range="rge">1.4.2.18</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.4.2.15</unaffected>
+      <unaffected range="rge">1.4.2.14</unaffected>
+      <unaffected range="rge">1.4.2.13</unaffected>
+      <vulnerable range="lt">1.5.0.09</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.09</unaffected>
+      <unaffected range="rge">1.4.2.18</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.4.2.15</unaffected>
+      <unaffected range="rge">1.4.2.14</unaffected>
+      <unaffected range="rge">1.4.2.13</unaffected>
+      <vulnerable range="lt">1.5.0.09</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
+    (JRE) provide the Sun Java platform.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun
+    JRE possibly related to various AWT or font layout functions. Tom
+    Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun
+    JRE relating to unintended applet data access. He has also discovered
+    multiple other unspecified vulnerabilities in Sun JDK and Sun JRE
+    allowing unintended Java applet or application resource acquisition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to run a specially crafted Java applet
+    or application that could read, write, or execute local files with the
+    privileges of the user running the JVM; access data maintained in other
+    Java applets; or escalate the privileges of the currently running Java
+    applet or application allowing for unauthorized access to system
+    resources.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun Java Development Kit users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-java/sun-jdk"</code>
+    <p>
+    All Sun Java Runtime Environment users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-java/sun-jre-bin"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731">CVE-2006-6731</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736">CVE-2006-6736</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737">CVE-2006-6737</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745">CVE-2006-6745</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-12T22:36:56Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-14T21:54:21Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-15T01:12:01Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-16.xml b/metadata/glsa/glsa-200701-16.xml
new file mode 100644
index 000000000000..afc0c10c66dc
--- /dev/null
+++ b/metadata/glsa/glsa-200701-16.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-16">
+  <title>Adobe Acrobat Reader: Multiple vulnerabilities</title>
+  <synopsis>
+    Adobe Acrobat Reader is vulnerable to remote code execution, Denial of
+    Service, and cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2007-01-22</announced>
+  <revised count="01">2007-01-22</revised>
+  <bug>159874</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">7.0.9</unaffected>
+      <vulnerable range="lt">7.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Acrobat Reader is a PDF reader released by Adobe.
+    </p>
+  </background>
+  <description>
+    <p>
+    Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code
+    execution via heap corruption when loading a specially crafted PDF
+    file.
+    </p>
+    <p>
+    The browser plugin released with Adobe Acrobat Reader (nppdf.so) does
+    not properly handle URLs, and crashes if given a URL that is too long.
+    The plugin does not correctly handle JavaScript, and executes
+    JavaScript that is given as a GET variable to the URL of a PDF file.
+    Lastly, the plugin does not properly handle the FDF, xml, xfdf AJAX
+    request parameters following the # character in a URL, allowing for
+    multiple cross-site scripting vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted PDF file
+    and execute arbitrary code with the rights of the user running Adobe
+    Acrobat Reader. An attacker could also entice a user to browse to a
+    specially crafted URL and either crash the Adobe Acrobat Reader browser
+    plugin, execute arbitrary JavaScript in the context of the user's
+    browser, or inject arbitrary HTML or JavaScript into the document being
+    viewed by the user. Note that users who have emerged Adobe Acrobat
+    Reader with the "nsplugin" USE flag disabled are not vulnerable to
+    issues with the Adobe Acrobat Reader browser plugin.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Acrobat Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-7.0.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5857">CVE-2006-5857</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0044">CVE-2007-0044</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045">CVE-2007-0045</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0046">CVE-2007-0046</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048">CVE-2007-0048</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-14T12:10:48Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-15T00:45:48Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-22T12:38:29Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-17.xml b/metadata/glsa/glsa-200701-17.xml
new file mode 100644
index 000000000000..42f6ec785885
--- /dev/null
+++ b/metadata/glsa/glsa-200701-17.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-17">
+  <title>libgtop: Privilege escalation</title>
+  <synopsis>
+    libgtop improperly handles filenames, possibly allowing for the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libgtop</product>
+  <announced>2007-01-23</announced>
+  <revised count="01">2007-01-23</revised>
+  <bug>162169</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/libgtop" auto="yes" arch="*">
+      <unaffected range="ge">2.14.6</unaffected>
+      <vulnerable range="lt">2.14.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libgtop facilitates the libgtop_daemon, which is used by GNOME to
+    obtain information about remote systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Liu Qishuai discovered that glibtop_get_proc_map_s() in
+    sysdeps/linux/procmap.c does not properly allocate memory for storing a
+    filename, allowing certain filenames to cause the buffer to overflow on
+    the stack.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By tricking a victim into executing an application that uses the
+    libgtop library (e.g. libgtop_daemon or gnome-system-monitor), a local
+    attacker could specify a specially crafted filename to be used by
+    libgtop causing a buffer overflow and possibly execute arbitrary code
+    with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libgtop users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=gnome-base/libgtop-2.14.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0235">CVE-2007-0235</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-17T22:40:30Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-18T17:24:28Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-22T12:14:40Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-18.xml b/metadata/glsa/glsa-200701-18.xml
new file mode 100644
index 000000000000..2107b30cd2d8
--- /dev/null
+++ b/metadata/glsa/glsa-200701-18.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-18">
+  <title>xine-ui: Format string vulnerabilities</title>
+  <synopsis>
+    xine-ui improperly handles format strings, possibly allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-ui</product>
+  <announced>2007-01-23</announced>
+  <revised count="01">2007-01-23</revised>
+  <bug>161558</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/xine-ui" auto="yes" arch="*">
+      <unaffected range="ge">0.99.5_pre20060716</unaffected>
+      <vulnerable range="lt">0.99.5_pre20060716</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-ui is a skin-based user interface for xine. xine is a free
+    multimedia player. It plays CDs, DVDs, and VCDs, and can also decode
+    other common multimedia formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Due to the improper handling and use of format strings, the
+    errors_create_window() function in errors.c does not safely write data
+    to memory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted media file
+    with xine-ui, and possibly execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-ui users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/xine-ui-0.99.5_pre20060716"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0254">CVE-2007-0254</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-17T22:36:36Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-17T22:40:52Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-18T01:55:17Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-19.xml b/metadata/glsa/glsa-200701-19.xml
new file mode 100644
index 000000000000..3d187f1d3062
--- /dev/null
+++ b/metadata/glsa/glsa-200701-19.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-19">
+  <title>OpenLDAP: Insecure usage of /tmp during installation</title>
+  <synopsis>
+    A shell script commonly released with OpenLDAP makes insecure usage of
+    files in /tmp during the emerge process.
+  </synopsis>
+  <product type="ebuild">openldap</product>
+  <announced>2007-01-23</announced>
+  <revised count="02">2007-03-11</revised>
+  <bug>159508</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-nds/openldap" auto="yes" arch="*">
+      <unaffected range="ge">2.1.30-r10</unaffected>
+      <unaffected range="ge">2.2.28-r7</unaffected>
+      <unaffected range="ge">2.3.30-r2</unaffected>
+      <vulnerable range="lt">2.1.30-r10</vulnerable>
+      <vulnerable range="lt">2.2.28-r7</vulnerable>
+      <vulnerable range="lt">2.3.30-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenLDAP Software is an open source implementation of the Lightweight
+    Directory Access Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Team has discovered that the
+    file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does
+    not exit upon the existence of a directory in /tmp during installation
+    allowing for directory traversal.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local attacker could create a symbolic link in /tmp and potentially
+    overwrite arbitrary system files upon a privileged user emerging
+    OpenLDAP.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenLDAP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "net-nds/openldap"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0476">CVE-2007-0476</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-13T21:20:49Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-14T21:54:19Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-15T00:28:23Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-20.xml b/metadata/glsa/glsa-200701-20.xml
new file mode 100644
index 000000000000..d928f5a64803
--- /dev/null
+++ b/metadata/glsa/glsa-200701-20.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-20">
+  <title>Centericq: Remote buffer overflow in LiveJournal handling</title>
+  <synopsis>
+    Centericq does not properly handle communications with the LiveJournal
+    service, allowing for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">centericq</product>
+  <announced>2007-01-24</announced>
+  <revised count="01">2007-01-24</revised>
+  <bug>160793</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/centericq" auto="yes" arch="*">
+      <vulnerable range="le">4.21.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Centericq is a text mode menu-driven and window-driven instant
+    messaging interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    When interfacing with the LiveJournal service, Centericq does not
+    appropriately allocate memory for incoming data, in some cases creating
+    a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to connect to an unofficial LiveJournal
+    server causing Centericq to read specially crafted data from the
+    server, which could lead to the execution of arbitrary code with the
+    rights of the user running Centericq.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Currently, Centericq is unmaintained. As such, Centericq has been
+    masked in Portage until it is again maintained.
+    </p>
+    <code>
+    # emerge --ask --verbose --unmerge "net-im/centericq"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0160">CVE-2007-0160</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-14T18:03:01Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-14T21:54:11Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-18T02:19:00Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-21.xml b/metadata/glsa/glsa-200701-21.xml
new file mode 100644
index 000000000000..07a486a4cba3
--- /dev/null
+++ b/metadata/glsa/glsa-200701-21.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-21">
+  <title>MIT Kerberos 5: Arbitrary Remote Code Execution</title>
+  <synopsis>
+    Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2007-01-24</announced>
+  <revised count="01">2007-01-24</revised>
+  <bug>158810</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.5.2</unaffected>
+      <vulnerable range="lt">1.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT Kerberos 5 is a suite of applications that implement the Kerberos
+    network protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Kerberos administration daemon, and possibly other applications
+    using the GSS-API or RPC libraries, could potentially call a function
+    pointer in a freed heap buffer, or attempt to free an uninitialized
+    pointer.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker may be able to crash an affected application, or
+    potentially execute arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT Kerberos 5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.5.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143">CVE-2006-6143</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6144">CVE-2006-6144</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-12T22:46:59Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-14T23:13:19Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-22T12:38:46Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-22.xml b/metadata/glsa/glsa-200701-22.xml
new file mode 100644
index 000000000000..4cb7a6579d35
--- /dev/null
+++ b/metadata/glsa/glsa-200701-22.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-22">
+  <title>Squid: Multiple Denial of Service vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities have been found in Squid which make it susceptible to
+    Denial of Service attacks.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2007-01-25</announced>
+  <revised count="01">2007-01-25</revised>
+  <bug>162364</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7</unaffected>
+      <vulnerable range="lt">2.6.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a multi-protocol proxy server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Squid fails to correctly handle ftp:// URI's. There is also an error in
+    the external_acl queue which can cause an infinite looping condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could attempt to retrieve a specially crafted URI via a
+    Squid server causing the service to crash. If an attacker could
+    generate a sufficiently high load on the Squid services, they could
+    cause a Denial of Service by forcing Squid into an infinite loop.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-2.6.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0247">CVE-2007-0247</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0248">CVE-2007-0248</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-22T16:59:17Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-23T10:26:06Z">
+    hyakuhei
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-24T12:52:50Z">
+    hyakuhei
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-23.xml b/metadata/glsa/glsa-200701-23.xml
new file mode 100644
index 000000000000..2c776a4cd8bf
--- /dev/null
+++ b/metadata/glsa/glsa-200701-23.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-23">
+  <title>Cacti: Command execution and SQL injection</title>
+  <synopsis>
+    Cacti has three vulnerabilities that could allow shell command execution or
+    SQL injection.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2007-01-26</announced>
+  <revised count="01">2007-01-26</revised>
+  <bug>159278</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6i-r1</unaffected>
+      <vulnerable range="lt">0.8.6i-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cacti is a web-based network graphing and reporting tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    rgod discovered that the Cacti cmd.php and copy_cacti_user.php scripts
+    do not properly control access to the command shell, and are remotely
+    accessible by unauthenticated users. This allows SQL injection via
+    cmd.php and copy_cacti_user.php URLs. Further, the results from the
+    injected SQL query are not properly sanitized before being passed to a
+    command shell. The vulnerabilities require that the
+    "register_argc_argv" option is enabled, which is the Gentoo default.
+    Also, a number of similar problems in other scripts were reported.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    These vulnerabilties can result in the execution of arbitrary shell
+    commands or information disclosure via crafted SQL queries.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cacti users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-0.8.6i-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6799">CVE-2006-6799</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-12T22:58:24Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-16T02:39:11Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-17T22:17:59Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-24.xml b/metadata/glsa/glsa-200701-24.xml
new file mode 100644
index 000000000000..ea23aed3170a
--- /dev/null
+++ b/metadata/glsa/glsa-200701-24.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-24">
+  <title>VLC media player: Format string vulnerability</title>
+  <synopsis>
+    VLC media player improperly handles format strings, allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2007-01-26</announced>
+  <revised count="01">2007-01-26</revised>
+  <bug>159845</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6-r1</unaffected>
+      <vulnerable range="lt">0.8.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VLC media player is a multimedia player for various audio and video
+    formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kevin Finisterre has discovered that when handling media locations,
+    various functions throughout VLC media player make improper use of
+    format strings.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted media
+    location or M3U file with VLC media player, and execute arbitrary code
+    on the system with the rights of the user running VLC media player.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VLC media player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-0.8.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0017">CVE-2007-0017</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-15T23:30:46Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-16T17:08:55Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-18T02:10:51Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-25.xml b/metadata/glsa/glsa-200701-25.xml
new file mode 100644
index 000000000000..4a39a49f7efe
--- /dev/null
+++ b/metadata/glsa/glsa-200701-25.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-25">
+  <title>X.Org X server: Multiple vulnerabilities</title>
+  <synopsis>
+    Sean Larsson from iDefense Labs has found multiple vulnerabilities in the
+    DBE and Render extensions.
+  </synopsis>
+  <product type="ebuild">X.Org</product>
+  <announced>2007-01-27</announced>
+  <revised count="02">2007-02-26</revised>
+  <bug>157421</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1-r4</unaffected>
+      <vulnerable range="lt">1.1.1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The X Window System is a graphical windowing system based on a
+    client/server model.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple memory corruption vulnerabilities have been found in the
+    ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE
+    extension, and ProcRenderAddGlyphs() in the Render extension.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could execute arbitrary code with the privileges of
+    the user running the X server, typically root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the DBE extension by removing the "Load dbe" directive in the
+    Module section of xorg.conf, and explicitly disable the Render
+    extension with ' Option "RENDER" "disable" ' in the Extensions section.
+    </p>
+    <p>
+    Note: This could affect the functionality of some applications.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.Org X server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.1.1-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101">CVE-2006-6101</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102">CVE-2006-6102</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103">CVE-2006-6103</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-01-23T12:31:17Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-24T15:54:52Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-26.xml b/metadata/glsa/glsa-200701-26.xml
new file mode 100644
index 000000000000..57dd80f4cdb3
--- /dev/null
+++ b/metadata/glsa/glsa-200701-26.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-26">
+  <title>KSirc: Denial of Service vulnerability</title>
+  <synopsis>
+    KSirc is vulnerable to a Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">ksirc</product>
+  <announced>2007-01-29</announced>
+  <revised count="01">2007-01-30</revised>
+  <bug>159658</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/ksirc" auto="yes" arch="*">
+      <unaffected range="ge">3.5.5-r1</unaffected>
+      <vulnerable range="lt">3.5.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KSirc is the default KDE IRC client.
+    </p>
+  </background>
+  <description>
+    <p>
+    KSirc fails to check the size of an incoming PRIVMSG string sent from
+    an IRC server during the connection process.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious IRC server could send a long PRIVMSG string to the KSirc
+    client causing an assertion failure and the dereferencing of a null
+    pointer, resulting in a crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KSirc users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/ksirc-3.5.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6811">CVE-2006-6811</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-24T20:03:08Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-24T20:03:22Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-25T11:44:16Z">
+    hyakuhei
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-27.xml b/metadata/glsa/glsa-200701-27.xml
new file mode 100644
index 000000000000..f973d0777a66
--- /dev/null
+++ b/metadata/glsa/glsa-200701-27.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-27">
+  <title>ELinks: Arbitrary Samba command execution</title>
+  <synopsis>
+    ELinks does not properly validate "smb://" URLs, making it vulnerable to
+    the execution of arbitrary Samba commands.
+  </synopsis>
+  <product type="ebuild">elinks</product>
+  <announced>2007-01-30</announced>
+  <revised count="01">2007-01-30</revised>
+  <bug>155358</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/elinks" auto="yes" arch="*">
+      <unaffected range="ge">0.11.2</unaffected>
+      <vulnerable range="lt">0.11.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ELinks is a text mode web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Teemu Salmela discovered an error in the validation code of "smb://"
+    URLs used by ELinks, the same issue as reported in GLSA 200612-16
+    concerning Links.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to browse to a specially crafted
+    "smb://" URL and execute arbitrary Samba commands, which would allow
+    the overwriting of arbitrary local files or the upload or download of
+    arbitrary files. This vulnerability can be exploited only if
+    "smbclient" is installed on the victim's computer, which is provided by
+    the "samba" Gentoo package.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ELinks users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/elinks-0.11.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5925">CVE-2006-5925</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-01-30T10:52:21Z">
+    hyakuhei
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-30T11:02:26Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200701-28.xml b/metadata/glsa/glsa-200701-28.xml
new file mode 100644
index 000000000000..f68fd6a741e2
--- /dev/null
+++ b/metadata/glsa/glsa-200701-28.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200701-28">
+  <title>thttpd: Unauthenticated remote file access</title>
+  <synopsis>
+    The default configuration of the Gentoo thttpd package potentially allows
+    unauthenticated access to system files when used with newer versions of
+    baselayout.
+  </synopsis>
+  <product type="ebuild">thttpd</product>
+  <announced>2007-01-31</announced>
+  <revised count="02">2007-03-11</revised>
+  <bug>142047</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/thttpd" auto="yes" arch="*">
+      <unaffected range="ge">2.25b-r6</unaffected>
+      <vulnerable range="lt">2.25b-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    thttpd is a webserver designed to be simple, small, and fast.
+    </p>
+  </background>
+  <description>
+    <p>
+    thttpd is vulnerable to an underlying change made to the
+    start-stop-daemon command in the current stable Gentoo baselayout
+    package (version 1.12.6). In the new version, the start-stop-daemon
+    command performs a "chdir /" command just before starting the thttpd
+    process. In the Gentoo default configuration, this causes thttpd to
+    start with the document root set to "/", the sytem root directory.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    When thttpd starts with the document root set to the system root
+    directory, all files on the system that are readable by the thttpd
+    process can be remotely accessed by unauthenticated users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Alter the THTTPD_OPTS variable in /etc/conf.d/thttpd to include the
+    "-d" option to specify the document root. Alternatively, modify the
+    THTTPD_OPTS variable in /etc/conf.d/thttpd to specify a thttpd.conf
+    file using the "-C" option, and then configure the "dir=" directive in
+    that thttpd.conf file.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All thttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/thttpd-2.25b-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0664">CVE-2007-0664</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-01-26T12:41:44Z">
+    shellsage
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-01-27T17:49:26Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-01-31T21:45:13Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-01.xml b/metadata/glsa/glsa-200702-01.xml
new file mode 100644
index 000000000000..97a84e2102b0
--- /dev/null
+++ b/metadata/glsa/glsa-200702-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-01">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple flaws exist in the Samba suite of programs, the most serious of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2007-02-13</announced>
+  <revised count="01">2007-02-13</revised>
+  <bug>165549</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.24</unaffected>
+      <vulnerable range="lt">3.0.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a suite of SMB and CIFS client/server programs for UNIX.
+    </p>
+  </background>
+  <description>
+    <p>
+    A format string vulnerability exists in the VFS module when handling
+    AFS file systems and an infinite loop has been discovered when handling
+    file rename operations.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A user with permission to write to a shared AFS file system may be able
+    to compromise the smbd process and execute arbitrary code with the
+    permissions of the daemon. The infinite loop could be abused to consume
+    excessive resources on the smbd host, denying service to legitimate
+    users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.24"</code>
+  </resolution>
+  <references>
+    <uri link="https://samba.org/samba/security/CVE-2007-0452.html">CVE-2007-0452</uri>
+    <uri link="https://samba.org/samba/security/CVE-2007-0454.html">CVE-2007-0454</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-09T15:08:23Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-10T23:53:19Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-12T23:21:02Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-02.xml b/metadata/glsa/glsa-200702-02.xml
new file mode 100644
index 000000000000..f773406fc57e
--- /dev/null
+++ b/metadata/glsa/glsa-200702-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-02">
+  <title>ProFTPD: Local privilege escalation</title>
+  <synopsis>
+    A flaw in ProFTPD may allow a local attacker to obtain root privileges.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2007-02-13</announced>
+  <revised count="01">2007-02-13</revised>
+  <bug>158122</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1_rc1</unaffected>
+      <vulnerable range="lt">1.3.1_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ProFTPD is a powerful, configurable, and free FTP daemon.
+    </p>
+  </background>
+  <description>
+    <p>
+    A flaw exists in the mod_ctrls module of ProFTPD, normally used to
+    allow FTP server administrators to configure the daemon at runtime.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An FTP server administrator permitted to interact with mod_ctrls could
+    potentially compromise the ProFTPD process and execute arbitrary code
+    with the privileges of the FTP Daemon, which is normally the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable mod_ctrls, or ensure only trusted users can access this
+    feature.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ProFTPD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.3.1_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6563">CVE-2006-6563</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-10T19:05:16Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-10T23:53:16Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-12T23:07:04Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-03.xml b/metadata/glsa/glsa-200702-03.xml
new file mode 100644
index 000000000000..11a93ad71602
--- /dev/null
+++ b/metadata/glsa/glsa-200702-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-03">
+  <title>Snort: Denial of service</title>
+  <synopsis>
+    Snort contains a vulnerability in the rule matching algorithm that could
+    result in a Denial of Service.
+  </synopsis>
+  <product type="ebuild">snort</product>
+  <announced>2007-02-13</announced>
+  <revised count="01">2007-02-13</revised>
+  <bug>161632</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/snort" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1.2</unaffected>
+      <vulnerable range="lt">2.6.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Snort is a widely deployed intrusion detection program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Randy Smith, Christian Estan and Somesh Jha discovered that the rule
+    matching algorithm of Snort can be exploited in a way known as a
+    "backtracking attack" to perform numerous time-consuming operations.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted network packets, which
+    would result in the cessation of the detections and the consumption of
+    the CPU resources.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Snort users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/snort-2.6.1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6931">CVE-2006-6931</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-10T19:01:49Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-12T22:41:30Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-12T23:29:42Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-04.xml b/metadata/glsa/glsa-200702-04.xml
new file mode 100644
index 000000000000..fd81245e0d8e
--- /dev/null
+++ b/metadata/glsa/glsa-200702-04.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-04">
+  <title>RAR, UnRAR: Buffer overflow</title>
+  <synopsis>
+    RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">rar, unrar</product>
+  <announced>2007-02-13</announced>
+  <revised count="02">2007-02-14</revised>
+  <bug>166440</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/rar" auto="yes" arch="*">
+      <unaffected range="ge">3.7.0_beta1</unaffected>
+      <vulnerable range="lt">3.7.0_beta1</vulnerable>
+    </package>
+    <package name="app-arch/unrar" auto="yes" arch="*">
+      <unaffected range="ge">3.7.3</unaffected>
+      <vulnerable range="lt">3.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    RAR and UnRAR provide command line interfaces for compressing and
+    decompressing RAR files.
+    </p>
+  </background>
+  <description>
+    <p>
+    RAR and UnRAR contain a boundary error when processing
+    password-protected archives that could result in a stack-based buffer
+    overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process a specially crafted
+    password-protected archive and execute arbitrary code with the rights
+    of the user uncompressing the archive.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All UnRAR users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/unrar-3.7.3"</code>
+    <p>
+    All RAR users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/rar-3.7.0_beta1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0855">CVE-2007-0855</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-12T15:25:34Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-12T23:14:14Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-13T23:24:39Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-05.xml b/metadata/glsa/glsa-200702-05.xml
new file mode 100644
index 000000000000..98d513b6fd6a
--- /dev/null
+++ b/metadata/glsa/glsa-200702-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-05">
+  <title>Fail2ban: Denial of service</title>
+  <synopsis>
+    A flaw in Fail2ban may allow remote attackers to deny access to arbitrary
+    hosts.
+  </synopsis>
+  <product type="ebuild">fail2ban</product>
+  <announced>2007-02-16</announced>
+  <revised count="01">2007-02-16</revised>
+  <bug>157166</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/fail2ban" auto="yes" arch="*">
+      <unaffected range="ge">0.6.2</unaffected>
+      <vulnerable range="lt">0.6.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Fail2ban monitors log files for failed authentication attempts and can
+    block hosts responsible for repeated attacks.
+    </p>
+  </background>
+  <description>
+    <p>
+    A flaw in the method used to parse log entries allows remote,
+    unauthenticated attackers to forge authentication attempts from other
+    hosts.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can add arbitrary hosts to the block list, denying
+    legitimate users access to a resource.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Fail2ban users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/fail2ban-0.6.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6302">CVE-2006-6302</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-12T22:35:11Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-12T22:42:08Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-12T22:56:35Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-06.xml b/metadata/glsa/glsa-200702-06.xml
new file mode 100644
index 000000000000..1f3c0b9369f7
--- /dev/null
+++ b/metadata/glsa/glsa-200702-06.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-06">
+  <title>BIND: Denial of service</title>
+  <synopsis>
+    ISC BIND contains two vulnerabilities allowing a Denial of Service under
+    certain conditions.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2007-02-17</announced>
+  <revised count="01">2007-02-17</revised>
+  <bug>163692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.3.4</unaffected>
+      <unaffected range="rge">9.2.8</unaffected>
+      <vulnerable range="lt">9.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC BIND is the Internet Systems Consortium implementation of the
+    Domain Name System (DNS) protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    An unspecified improper usage of an already freed context has been
+    reported. Additionally, an assertion error could be triggered in the
+    DNSSEC validation of some responses to type ANY queries with multiple
+    RRsets.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could crash the server through unspecified vectors
+    or, if DNSSEC validation is enabled, by sending certain crafted ANY
+    queries.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for the first issue. The
+    DNSSEC validation Denial of Service can be prevented by disabling
+    DNSSEC validation until the upgrade to a fixed version. Note that
+    DNSSEC validation is disabled on a default configuration.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ISC BIND 9.3 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.3.4"</code>
+    <p>
+    All ISC BIND 9.2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.2.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493">CVE-2007-0493</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494">CVE-2007-0494</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-16T09:07:21Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-16T17:39:52Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-17T15:53:00Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-07.xml b/metadata/glsa/glsa-200702-07.xml
new file mode 100644
index 000000000000..8d800eba2a7a
--- /dev/null
+++ b/metadata/glsa/glsa-200702-07.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-07">
+  <title>Sun JDK/JRE: Execution of arbitrary code</title>
+  <synopsis>
+    Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) contain a
+    memory corruption flaw that allows the applets to gain elevated privileges
+    potentially leading to the execute of arbitrary code.
+  </synopsis>
+  <product type="ebuild">java</product>
+  <announced>2007-02-17</announced>
+  <revised count="05">2008-07-16</revised>
+  <bug>162511</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.10</unaffected>
+      <unaffected range="rge">1.4.2.18</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.4.2.15</unaffected>
+      <unaffected range="rge">1.4.2.14</unaffected>
+      <unaffected range="rge">1.4.2.13</unaffected>
+      <vulnerable range="lt">1.5.0.10</vulnerable>
+      <vulnerable range="lt">1.4.2.13</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.10</unaffected>
+      <unaffected range="rge">1.4.2.18</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.4.2.15</unaffected>
+      <unaffected range="rge">1.4.2.14</unaffected>
+      <unaffected range="rge">1.4.2.13</unaffected>
+      <vulnerable range="lt">1.5.0.10</vulnerable>
+      <vulnerable range="lt">1.4.2.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
+    (JRE) provide the Sun Java platform.
+    </p>
+  </background>
+  <description>
+    <p>
+    A anonymous researcher discovered that an error in the handling of a
+    GIF image with a zero width field block leads to a memory corruption
+    flaw.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to run a specially crafted Java applet
+    or application that would load a crafted GIF image, which could result
+    in escalation of privileges and unauthorized access to system
+    resources.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun Java Development Kit 1.5 users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.5.0.10"</code>
+    <p>
+    All Sun Java Development Kit 1.4 users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=dev-java/sun-jdk-1.4.2*"</code>
+    <p>
+    All Sun Java Runtime Environment 1.5 users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.5.0.10"</code>
+    <p>
+    All Sun Java Runtime Environment 1.4 users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=dev-java/sun-jre-bin-1.4.2*"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243">CVE-2007-0243</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-10T19:27:14Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-10T23:53:12Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-12T23:55:24Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-08.xml b/metadata/glsa/glsa-200702-08.xml
new file mode 100644
index 000000000000..00fbceb0e429
--- /dev/null
+++ b/metadata/glsa/glsa-200702-08.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-08">
+  <title>AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple unspecified vulnerabilities have been identified in Sun Java
+    Development Kit (JDK) and Sun Java Runtime Environment (JRE).
+  </synopsis>
+  <product type="ebuild">java</product>
+  <announced>2007-02-17</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>159547</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="amd64">
+      <unaffected range="ge">1.5.0.10</unaffected>
+      <unaffected range="rge">1.4.2.19</unaffected>
+      <vulnerable range="lt">1.5.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
+    (JRE) provide the Sun Java platform. The x86 emulation Sun's J2SE
+    Development Kit for AMD64 contains a vulnerable version of Sun's JDK.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun
+    JRE possibly related to various AWT or font layout functions. Tom
+    Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun
+    JRE relating to unintended applet data access. He has also discovered
+    multiple other unspecified vulnerabilities in Sun JDK and Sun JRE
+    allowing unintended Java applet or application resource acquisition.
+    Additionally, a memory corruption error has been found in the handling
+    of GIF images with zero width field blocks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to run a specially crafted Java applet
+    or application that could read, write, or execute local files with the
+    privileges of the user running the JVM, access data maintained in other
+    Java applets, or escalate the privileges of the currently running Java
+    applet or application allowing for unauthorized access to system
+    resources.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AMD64 x86 emulation Sun's J2SE Development Kit users should upgrade
+    to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-java-1.5.0.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731">CVE-2006-6731</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736">CVE-2006-6736</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737">CVE-2006-6737</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745">CVE-2006-6745</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243">CVE-2007-0243</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-12T22:34:40Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-12T22:42:06Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-12T22:57:40Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-09.xml b/metadata/glsa/glsa-200702-09.xml
new file mode 100644
index 000000000000..cbaeb473789b
--- /dev/null
+++ b/metadata/glsa/glsa-200702-09.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-09">
+  <title>Nexuiz: Multiple vulnerabilities</title>
+  <synopsis>
+    Two separate vulnerabilities have been found in Nexuiz allowing the remote
+    execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">nexuiz</product>
+  <announced>2007-02-25</announced>
+  <revised count="01">2007-02-25</revised>
+  <bug>166044</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-fps/nexuiz" auto="yes" arch="*">
+      <unaffected range="ge">2.2.1</unaffected>
+      <vulnerable range="lt">2.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Nexuiz is a multi-player FPS game which uses a modified version of the
+    Quake 1 engine.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nexuiz fails to correctly validate input within "clientcommands". There
+    is also a failure to correctly handle connection attempts from remote
+    hosts.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Using a specially crafted "clientcommand" a remote attacker can cause a
+    buffer overflow in Nexuiz which could result in the execution of
+    arbitrary code. Additionally, there is a Denial of Service
+    vulnerability in Nexuiz allowing an attacker to cause Nexuiz to crash
+    or to run out of resources by overloading it with specially crafted
+    connection requests.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Nexuiz users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-fps/nexuiz-2.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6609">CVE-2006-6609</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6610">CVE-2006-6610</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-10T22:20:41Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-10T23:53:08Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-15T16:20:20Z">
+    hyakuhei
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-10.xml b/metadata/glsa/glsa-200702-10.xml
new file mode 100644
index 000000000000..46c2bca6d951
--- /dev/null
+++ b/metadata/glsa/glsa-200702-10.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-10">
+  <title>UFO2000: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in the network components of
+    UFO2000 that could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ufo2000</product>
+  <announced>2007-02-25</announced>
+  <revised count="01">2007-02-25</revised>
+  <bug>142392</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-strategy/ufo2000" auto="yes" arch="*">
+      <unaffected range="ge">0.7.1062</unaffected>
+      <vulnerable range="lt">0.7.1062</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    UFO2000 is a multi-player, turn-based tactical simulation.
+    </p>
+  </background>
+  <description>
+    <p>
+    Five vulnerabilities were found: a buffer overflow in recv_add_unit();
+    a problem with improperly trusting user-supplied string information in
+    decode_stringmap(); several issues with array manipulation via various
+    commands during play; an SQL injection in server_protocol.cpp; and
+    finally, a second buffer overflow in recv_map_data().
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could send crafted network traffic as part of a
+    multi-player game that could result in remote code execution on the
+    remote opponent or the server. A remote attacker could also run
+    arbitrary SQL queries against the server account database, and perform
+    a Denial of Service on a remote opponent by causing the game to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    UFO2000 currently depends on the dumb-0.9.2 library, which has been
+    removed from portage due to security problems (GLSA 200608-14) .
+    Because of this, UFO2000 has been masked, and we recommend unmerging
+    the package until the next beta release can remove the dependency on
+    dumb.
+    </p>
+    <code>
+    # emerge --ask --verbose --unmerge ufo2000</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3788">CVE-2006-3788</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3789">CVE-2006-3789</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3790">CVE-2006-3790</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3791">CVE-2006-3791</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3792">CVE-2006-3792</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200608-14.xml">GLSA 200608-14</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-10T19:42:06Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-14T03:39:23Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-19T21:24:04Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-11.xml b/metadata/glsa/glsa-200702-11.xml
new file mode 100644
index 000000000000..8811f90d62e1
--- /dev/null
+++ b/metadata/glsa/glsa-200702-11.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-11">
+  <title>MPlayer: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow was found in MPlayer's RTSP plugin that could lead to a
+    Denial of Service or arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">MPlayer</product>
+  <announced>2007-02-27</announced>
+  <revised count="01">2007-02-27</revised>
+  <bug>159727</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_rc1-r2</unaffected>
+      <vulnerable range="lt">1.0_rc1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player capable of playing multiple media formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    When checking for matching asm rules in the asmrp.c code, the results
+    are stored in a fixed-size array without boundary checks which may
+    allow a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can entice a user to connect to a manipulated RTSP server
+    resulting in a Denial of Service and possibly execution of arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0_rc1-r2"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.mplayerhq.hu/design7/news.html#vuln14">Original Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172">CVE-2006-6172</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-12T12:10:45Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-13T11:54:03Z">
+    daxomatic
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-13T12:06:52Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200702-12.xml b/metadata/glsa/glsa-200702-12.xml
new file mode 100644
index 000000000000..17a1a2a3f45a
--- /dev/null
+++ b/metadata/glsa/glsa-200702-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200702-12">
+  <title>CHMlib: User-assisted remote execution of arbitrary code</title>
+  <synopsis>
+    A memory corruption vulnerability in CHMlib could lead to the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">CHMlib</product>
+  <announced>2007-02-27</announced>
+  <revised count="02">2008-05-20</revised>
+  <bug>163989</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/chmlib" auto="yes" arch="*">
+      <unaffected range="ge">0.39</unaffected>
+      <vulnerable range="lt">0.39</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CHMlib is a library for the MS CHM (Compressed HTML) file format plus
+    extracting and HTTP server utils.
+    </p>
+  </background>
+  <description>
+    <p>
+    When certain CHM files that contain tables and objects stored in pages
+    are parsed by CHMlib, an unsanitized value is passed to the alloca()
+    function resulting in a shift of the stack pointer to arbitrary memory
+    locations.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted CHM file,
+    resulting in the execution of arbitrary code with the permissions of
+    the user viewing the file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CHMlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/chmlib-0.39"</code>
+  </resolution>
+  <references>
+    <uri link="http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468">Original Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0619">CVE-2007-0619</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-10T21:22:08Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-10T23:53:10Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-13T11:35:38Z">
+    daxomatic
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-01.xml b/metadata/glsa/glsa-200703-01.xml
new file mode 100644
index 000000000000..26bc2e24a717
--- /dev/null
+++ b/metadata/glsa/glsa-200703-01.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-01">
+  <title>Snort: Remote execution of arbitrary code</title>
+  <synopsis>
+    The Snort DCE/RPC preprocessor contains a buffer overflow that could result
+    in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">snort</product>
+  <announced>2007-02-23</announced>
+  <revised count="02">2007-03-02</revised>
+  <bug>167730</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/snort" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1.3</unaffected>
+      <vulnerable range="lt">2.6.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Snort is a widely deployed intrusion detection program.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Snort DCE/RPC preprocessor does not properly reassemble certain
+    types of fragmented SMB and DCE/RPC packets.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted fragmented SMB or
+    DCE/RPC packets, without the need to finish the TCP handshake, that
+    would trigger a stack-based buffer overflow while being reassembled.
+    This could lead to the execution of arbitrary code with the permissions
+    of the user running the Snort preprocessor.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the DCE/RPC processor by commenting the 'preprocessor dcerpc'
+    section in /etc/snort/snort.conf .
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Snort users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/snort-2.6.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276">CVE-2006-5276</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-23T17:25:01Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-27T18:06:20Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-02.xml b/metadata/glsa/glsa-200703-02.xml
new file mode 100644
index 000000000000..7c75cc5b2b0f
--- /dev/null
+++ b/metadata/glsa/glsa-200703-02.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-02">
+  <title>SpamAssassin: Long URI Denial of service</title>
+  <synopsis>
+    SpamAssassin is vulnerable to a Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">spamassassin</product>
+  <announced>2007-03-02</announced>
+  <revised count="01">2007-03-02</revised>
+  <bug>166969</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/spamassassin" auto="yes" arch="*">
+      <unaffected range="ge">3.1.8</unaffected>
+      <vulnerable range="lt">3.1.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SpamAssassin is an extensible email filter used to identify junk email.
+    </p>
+  </background>
+  <description>
+    <p>
+    SpamAssassin does not correctly handle very long URIs when scanning
+    emails.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could cause SpamAssassin to consume large amounts of CPU
+    and memory resources by sending one or more emails containing very long
+    URIs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SpamAssassin users should upgrade to the latest version.
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-filter/spamassassin-3.1.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451">CVE-2007-0451</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-25T19:43:02Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-25T19:46:27Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-26T18:49:30Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-03.xml b/metadata/glsa/glsa-200703-03.xml
new file mode 100644
index 000000000000..408b8fb5cf27
--- /dev/null
+++ b/metadata/glsa/glsa-200703-03.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-03">
+  <title>ClamAV: Denial of service</title>
+  <synopsis>
+    ClamAV contains two vulnerabilities allowing a Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2007-03-02</announced>
+  <revised count="01">2007-03-02</revised>
+  <bug>167201</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.90</unaffected>
+      <vulnerable range="lt">0.90</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    An anonymous researcher discovered a file descriptor leak error in the
+    processing of CAB archives and a lack of validation of the "id"
+    parameter string used to create local files when parsing MIME headers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can send several crafted CAB archives with a
+    zero-length record header that will fill the available file descriptors
+    until no other is available, which will prevent ClamAV from scanning
+    most archives. An attacker can also send an email with specially
+    crafted MIME headers to overwrite local files with the permissions of
+    the user running ClamAV, such as the virus database file, which could
+    prevent ClamAV from detecting any virus.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The first vulnerability can be prevented by refusing any file of type
+    CAB, but there is no known workaround for the second issue.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.90"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897">CVE-2007-0897</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0898">CVE-2007-0898</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-26T22:43:01Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-27T13:49:10Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-02T00:24:54Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-04.xml b/metadata/glsa/glsa-200703-04.xml
new file mode 100644
index 000000000000..86ded2230ec7
--- /dev/null
+++ b/metadata/glsa/glsa-200703-04.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-04">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Firefox, some of
+    which may allow user-assisted arbitrary remote code execution.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox</product>
+  <announced>2007-03-02</announced>
+  <revised count="01">2007-03-02</revised>
+  <bug>165555</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="rge">1.5.0.10</unaffected>
+      <unaffected range="ge">2.0.0.2</unaffected>
+      <vulnerable range="lt">2.0.0.2</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="rge">1.5.0.10</unaffected>
+      <unaffected range="ge">2.0.0.2</unaffected>
+      <vulnerable range="lt">2.0.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is a popular open-source web browser from the Mozilla
+    Project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tom Ferris reported a heap-based buffer overflow involving wide SVG
+    stroke widths that affects Mozilla Firefox 2 only. Various researchers
+    reported some errors in the JavaScript engine potentially leading to
+    memory corruption. Mozilla Firefox also contains minor vulnerabilities
+    involving cache collision and unsafe pop-up restrictions, filtering or
+    CSS rendering under certain conditions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to view a specially crafted web page
+    that will trigger one of the vulnerabilities, possibly leading to the
+    execution of arbitrary code. It is also possible for an attacker to
+    spoof the address bar, steal information through cache collision,
+    bypass the local files protection mechanism with pop-ups, or perform
+    cross-site scripting attacks, leading to the exposure of sensitive
+    information, like user credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for all of these issues, but
+    most of them can be avoided by disabling JavaScript.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users upgrading to the following releases of Mozilla Firefox should
+    note that this upgrade has been found to lose the saved passwords file
+    in some cases. The saved passwords are encrypted and stored in the
+    'signons.txt' file of ~/.mozilla/ and we advise our users to save that
+    file before performing the upgrade.
+    </p>
+    <p>
+    All Mozilla Firefox 1.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.5.0.10"</code>
+    <p>
+    All Mozilla Firefox 1.5 binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.5.0.10"</code>
+    <p>
+    All Mozilla Firefox 2.0 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-2.0.0.2"</code>
+    <p>
+    All Mozilla Firefox 2.0 binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-2.0.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077">CVE-2006-6077</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775">CVE-2007-0775</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776">CVE-2007-0776</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777">CVE-2007-0777</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778">CVE-2007-0778</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779">CVE-2007-0779</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780">CVE-2007-0780</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800">CVE-2007-0800</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0801">CVE-2007-0801</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981">CVE-2007-0981</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995">CVE-2007-0995</uri>
+    <uri link="https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366">Mozilla password loss bug</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-27T18:38:44Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-01T15:14:03Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-01T15:15:57Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-05.xml b/metadata/glsa/glsa-200703-05.xml
new file mode 100644
index 000000000000..5ca7d95b6a8e
--- /dev/null
+++ b/metadata/glsa/glsa-200703-05.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-05">
+  <title>Mozilla Suite: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities exist in the Mozilla Suite, which is no longer
+    supported by the Mozilla project.
+  </synopsis>
+  <product type="ebuild">mozilla</product>
+  <announced>2007-03-03</announced>
+  <revised count="01">2007-03-03</revised>
+  <bug>135257</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla" auto="yes" arch="*">
+      <vulnerable range="le">1.7.13</vulnerable>
+    </package>
+    <package name="www-client/mozilla-bin" auto="yes" arch="*">
+      <vulnerable range="le">1.7.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Suite is a popular all-in-one web browser that includes a
+    mail and news reader.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities ranging from code execution with elevated
+    privileges to information leaks affect the Mozilla Suite.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to browse to a specially crafted
+    website or open a specially crafted mail that could trigger some of the
+    vulnerabilities, potentially allowing execution of arbitrary code,
+    denials of service, information leaks, or cross-site scripting attacks
+    leading to the robbery of cookies of authentication credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Most of the issues, but not all of them, can be prevented by disabling
+    the HTML rendering in the mail client and JavaScript on every
+    application.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    The Mozilla Suite is no longer supported and has been masked after some
+    necessary changes on all the other ebuilds which used to depend on it.
+    Mozilla Suite users should unmerge www-client/mozilla or
+    www-client/mozilla-bin, and switch to a supported product, like
+    SeaMonkey, Thunderbird or Firefox.
+    </p>
+    <code>
+    
+    # emerge --unmerge "www-client/mozilla"
+    
+    # emerge --unmerge "www-client/mozilla-bin"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla">Official Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-23T17:38:03Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-27T15:55:16Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-27T15:58:20Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-06.xml b/metadata/glsa/glsa-200703-06.xml
new file mode 100644
index 000000000000..646f40548c54
--- /dev/null
+++ b/metadata/glsa/glsa-200703-06.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-06">
+  <title>AMD64 x86 emulation Qt library: Integer overflow</title>
+  <synopsis>
+    The AMD64 x86 emulation Qt library makes use of an insecure version of the
+    Qt library, potentially allowing for the remote execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">emul-linux-x86-qtlibs</product>
+  <announced>2007-03-04</announced>
+  <revised count="01">2007-03-04</revised>
+  <bug>153704</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/emul-linux-x86-qtlibs" auto="yes" arch="*">
+      <unaffected range="ge">10.0</unaffected>
+      <vulnerable range="lt">10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The AMD64 x86 emulation Qt library for AMD64 emulates the x86 (32-bit)
+    Qt library on the AMD64 (64-bit) architecture.
+    </p>
+  </background>
+  <description>
+    <p>
+    An integer overflow flaw has been found in the pixmap handling of Qt,
+    making the AMD64 x86 emulation Qt library vulnerable as well.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted pixmap image in an
+    application using the AMD64 x86 emulation Qt library, a remote attacker
+    could cause an application crash or the remote execution of arbitrary
+    code with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AMD64 x86 emulation Qt library users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-qtlibs-10.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200611-02.xml">GLSA 200611-02</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811">CVE-2006-4811</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-17T23:37:01Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-18T00:18:57Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-27T16:14:33Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-07.xml b/metadata/glsa/glsa-200703-07.xml
new file mode 100644
index 000000000000..349ae1f570f9
--- /dev/null
+++ b/metadata/glsa/glsa-200703-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-07">
+  <title>STLport: Possible remote execution of arbitrary code</title>
+  <synopsis>
+    Two buffer overflows have been discovered in STLport possibly leading to
+    the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">STLport</product>
+  <announced>2007-03-06</announced>
+  <revised count="01">2007-03-06</revised>
+  <bug>165837</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/STLport" auto="yes" arch="*">
+      <unaffected range="ge">5.0.3</unaffected>
+      <vulnerable range="lt">5.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    STLport is a multi-platform C++ Standard Library implementation.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two buffer overflows have been discovered, one in "print floats" and
+    one in the rope constructor.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Both of the buffer overflows could result in the remote execution of
+    arbitrary code. Please note that the exploitability of the
+    vulnerabilities depends on how the library is used by other software
+    programs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All STLport users should upgrade to the latest version.
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/STLport-5.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0803">CVE-2007-0803</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-12T07:45:45Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-18T12:07:38Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-18T22:45:11Z">
+    aetius
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-08.xml b/metadata/glsa/glsa-200703-08.xml
new file mode 100644
index 000000000000..36f4353f3709
--- /dev/null
+++ b/metadata/glsa/glsa-200703-08.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-08">
+  <title>SeaMonkey: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in SeaMonkey, some of which may
+    allow user-assisted arbitrary remote code execution.
+  </synopsis>
+  <product type="ebuild">seamonkey</product>
+  <announced>2007-03-09</announced>
+  <revised count="01">2007-03-09</revised>
+  <bug>165555</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1</unaffected>
+      <vulnerable range="lt">1.1.1</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1</unaffected>
+      <vulnerable range="lt">1.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The SeaMonkey project is a community effort to deliver
+    production-quality releases of code derived from the application
+    formerly known as the 'Mozilla Application Suite'.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tom Ferris reported a heap-based buffer overflow involving wide SVG
+    stroke widths that affects SeaMonkey. Various researchers reported some
+    errors in the JavaScript engine potentially leading to memory
+    corruption. SeaMonkey also contains minor vulnerabilities involving
+    cache collision and unsafe pop-up restrictions, filtering or CSS
+    rendering under certain conditions. All those vulnerabilities are the
+    same as in GLSA 200703-04 affecting Mozilla Firefox.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to view a specially crafted web page or
+    to read a specially crafted email that will trigger one of the
+    vulnerabilities, possibly leading to the execution of arbitrary code.
+    It is also possible for an attacker to spoof the address bar, steal
+    information through cache collision, bypass the local file protection
+    mechanism with pop-ups, or perform cross-site scripting attacks,
+    leading to the exposure of sensitive information, such as user
+    credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for all of these issues, but
+    most of them can be avoided by disabling JavaScript. Note that the
+    execution of JavaScript is disabled by default in the SeaMonkey email
+    client, and enabling it is strongly discouraged.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Users upgrading to the following release of SeaMonkey should note that
+    the corresponding Mozilla Firefox upgrade has been found to lose the
+    saved passwords file in some cases. The saved passwords are encrypted
+    and stored in the 'signons.txt' file of ~/.mozilla/ and we advise our
+    users to save that file before performing the upgrade.
+    </p>
+    <p>
+    All SeaMonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.1.1"</code>
+    <p>
+    All SeaMonkey binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-1.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077">CVE-2006-6077</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775">CVE-2007-0775</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776">CVE-2007-0776</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777">CVE-2007-0777</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778">CVE-2007-0778</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779">CVE-2007-0779</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780">CVE-2007-0780</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800">CVE-2007-0800</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0801">CVE-2007-0801</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981">CVE-2007-0981</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995">CVE-2007-0995</uri>
+    <uri link="https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366">Mozilla Password Loss Bug</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-03-04T00:05:48Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-09T22:48:00Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-09.xml b/metadata/glsa/glsa-200703-09.xml
new file mode 100644
index 000000000000..2ae01345f9a5
--- /dev/null
+++ b/metadata/glsa/glsa-200703-09.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-09">
+  <title>Smb4K: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified in Smb4K.
+  </synopsis>
+  <product type="ebuild">smb4k</product>
+  <announced>2007-03-09</announced>
+  <revised count="01">2007-03-09</revised>
+  <bug>156152</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/smb4k" auto="yes" arch="*">
+      <unaffected range="ge">0.6.10a</unaffected>
+      <vulnerable range="lt">0.6.10a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Smb4K is a SMB/CIFS (Windows) share browser for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kees Cook of the Ubuntu Security Team has identified multiple
+    vulnerabilities in Smb4K.
+    </p>
+    <ul><li>The writeFile() function of
+    smb4k/core/smb4kfileio.cpp makes insecure usage of temporary
+    files.</li>
+    <li>The writeFile() function also stores the contents of
+    the sudoers file with incorrect permissions, allowing for the file's
+    contents to be world-readable.</li>
+    <li>The createLockFile() and
+    removeLockFile() functions improperly handle lock files, possibly
+    allowing for a race condition in file handling.</li>
+    <li>The smb4k_kill
+    utility distributed with Smb4K allows any user in the sudoers group to
+    kill any process on the system.</li>
+    <li>Lastly, there is the potential
+    for multiple stack overflows when any Smb4K utility is used with the
+    sudo command.</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could gain unauthorized access to arbitrary files via
+    numerous attack vectors. In some cases to obtain this unauthorized
+    access, an attacker would have to be a member of the sudoers list.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Smb4K users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/smb4k-0.6.10a"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0472">CVE-2007-0472</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0473">CVE-2007-0473</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0474">CVE-2007-0474</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0475">CVE-2007-0475</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-12T22:36:28Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-12T22:42:10Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-27T15:26:26Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-10.xml b/metadata/glsa/glsa-200703-10.xml
new file mode 100644
index 000000000000..bb23537e5cb3
--- /dev/null
+++ b/metadata/glsa/glsa-200703-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-10">
+  <title>KHTML: Cross-site scripting (XSS) vulnerability</title>
+  <synopsis>
+    The KHTML component shipped with the KDE libraries is prone to a cross-site
+    scripting (XSS) vulnerability.
+  </synopsis>
+  <product type="ebuild">kdelibs</product>
+  <announced>2007-03-10</announced>
+  <revised count="01">2007-03-10</revised>
+  <bug>165606</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">3.5.5-r8</unaffected>
+      <vulnerable range="lt">3.5.5-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like Operating Systems. KHTML is the HTML interpreter used in
+    Konqueror and other parts of KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    The KHTML code allows for the execution of JavaScript code located
+    inside the "Title" HTML element, a related issue to the Safari error
+    found by Jose Avila.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    When viewing a HTML page that renders unsanitized attacker-supplied
+    input in the page title, Konqueror and other parts of KDE will execute
+    arbitrary JavaScript code contained in the page title, allowing for the
+    theft of browser session data or cookies.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KDElibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdelibs-3.5.5-r8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537">CVE-2007-0537</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478">CVE-2007-0478</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-02-27T16:04:07Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-27T16:19:36Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-11.xml b/metadata/glsa/glsa-200703-11.xml
new file mode 100644
index 000000000000..a2819eb1d418
--- /dev/null
+++ b/metadata/glsa/glsa-200703-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-11">
+  <title>Amarok: User-assisted remote execution of arbitrary code</title>
+  <synopsis>
+    The Magnatune component shipped with Amarok is vulnerable to the injection
+    of arbitrary shell code from a malicious Magnatune server.
+  </synopsis>
+  <product type="ebuild">amarok</product>
+  <announced>2007-03-13</announced>
+  <revised count="01">2007-03-13</revised>
+  <bug>166901</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/amarok" auto="yes" arch="*">
+      <unaffected range="ge">1.4.5-r1</unaffected>
+      <vulnerable range="lt">1.4.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Amarok is an advanced music player.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Magnatune downloader doesn't quote the "m_currentAlbumFileName"
+    parameter while calling the "unzip" shell command.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A compromised or malicious Magnatune server can remotely execute
+    arbitrary shell code with the rights of the user running Amarok on a
+    client that have previously registered for buying music.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not use the Magnatune component of Amarok.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Amarok users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/amarok-1.4.5-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/24159">SA24159</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-23T17:45:23Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-27T13:56:19Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-27T14:11:31Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-12.xml b/metadata/glsa/glsa-200703-12.xml
new file mode 100644
index 000000000000..c6ed3db7e650
--- /dev/null
+++ b/metadata/glsa/glsa-200703-12.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-12">
+  <title>SILC Server: Denial of service</title>
+  <synopsis>
+    SILC Server is affected by a Denial of Service vulnerability.
+  </synopsis>
+  <product type="ebuild">silc-server</product>
+  <announced>2007-03-14</announced>
+  <revised count="01">2007-03-14</revised>
+  <bug>169599</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/silc-server" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2-r1</unaffected>
+      <vulnerable range="lt">1.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SILC Server is a server for the Secure Internet Live Conferencing
+    (SILC) protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Frank Benkstein discovered a possible NULL pointer dereference in
+    apps/silcd/command.c if a new channel is created without specifying a
+    valid hmac or cipher algorithm name.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause the server to crash, resulting in a
+    Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SILC Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/silc-server-1.0.2-r1"</code>
+  </resolution>
+  <references/>
+  <metadata tag="requester" timestamp="2007-03-07T14:35:02Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-07T14:57:46Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-07T15:20:03Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-13.xml b/metadata/glsa/glsa-200703-13.xml
new file mode 100644
index 000000000000..2a6a3a8c0109
--- /dev/null
+++ b/metadata/glsa/glsa-200703-13.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-13">
+  <title>SSH Communications Security's Secure Shell Server: SFTP privilege escalation</title>
+  <synopsis>
+    The SSH Secure Shell Server SFTP function is vulnerable to privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">net-misc/ssh</product>
+  <announced>2007-03-14</announced>
+  <revised count="01">2007-03-14</revised>
+  <bug>168584</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ssh" auto="yes" arch="*">
+      <vulnerable range="lt">4.3.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The SSH Secure Shell Server from SSH Communications Security
+    (www.ssh.com) is a commercial SSH implementation available free for
+    non-commercial use.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SSH Secure Shell Server contains a format string vulnerability in
+    the SFTP code that handles file transfers (scp2 and sftp2). In some
+    situations, this code passes the accessed filename to the system log.
+    During this operation, an unspecified error could allow uncontrolled
+    stack access.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An authenticated system user may be able to exploit this vulnerability
+    to bypass command restrictions, or run commands as another user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    This package is currently masked, there is no upgrade path for the
+    3.2.x version, and a license must be purchased in order to update to a
+    non-vulnerable version. Because of this, we recommend unmerging this
+    package:
+    </p>
+    <code>
+    # emerge --ask --verbose --unmerge net-misc/ssh</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0705">CVE-2006-0705</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-05T21:03:07Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-07T14:57:32Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-09T13:16:30Z">
+    aetius
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-14.xml b/metadata/glsa/glsa-200703-14.xml
new file mode 100644
index 000000000000..49cc182ad3a4
--- /dev/null
+++ b/metadata/glsa/glsa-200703-14.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-14">
+  <title>Asterisk: SIP Denial of service</title>
+  <synopsis>
+    Asterisk is vulnerable to Denial of Service in the SIP channel.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2007-03-16</announced>
+  <revised count="01">2007-03-16</revised>
+  <bug>169616</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.14-r1</unaffected>
+      <unaffected range="rge">1.0.12-r1</unaffected>
+      <vulnerable range="lt">1.2.14-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Asterisk is an open source implementation of a telephone private branch
+    exchange (PBX).
+    </p>
+  </background>
+  <description>
+    <p>
+    The MU Security Research Team discovered that Asterisk contains a
+    NULL-pointer dereferencing error in the SIP channel when handling
+    request messages.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause an Asterisk server listening for SIP
+    messages to crash by sending a specially crafted SIP request message.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Asterisk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-misc/asterisk</code>
+    <p>
+    Note: Asterisk 1.0.x is no longer supported upstream so users should
+    consider upgrading to Asterisk 1.2.x.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1306">CVE-2007-1306</uri>
+    <uri link="http://labs.musecurity.com/advisories/MU-200703-01.txt">MU-200703-01</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-03-16T07:59:58Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-16T10:36:56Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-15.xml b/metadata/glsa/glsa-200703-15.xml
new file mode 100644
index 000000000000..7b34f98ba02c
--- /dev/null
+++ b/metadata/glsa/glsa-200703-15.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-15">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>
+    PostgreSQL contains two vulnerabilities that could result in a Denial of
+    Service or unauthorized access to certain information.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2007-03-16</announced>
+  <revised count="04">2009-05-28</revised>
+  <bug>165482</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge">8.0.11</unaffected>
+      <unaffected range="rge">7.4.17</unaffected>
+      <unaffected range="rge">7.4.16</unaffected>
+      <unaffected range="rge">7.3.19</unaffected>
+      <unaffected range="rge">7.3.13</unaffected>
+      <unaffected range="rge">7.3.21</unaffected>
+      <unaffected range="rge">7.4.19</unaffected>
+      <vulnerable range="lt">8.0.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PostgreSQL is an open source object-relational database management
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    PostgreSQL does not correctly check the data types of the SQL function
+    arguments under unspecified circumstances nor the format of the
+    provided tables in the query planner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote authenticated attacker could send specially crafted queries to
+    the server that could result in a server crash and possibly the
+    unauthorized reading of some database content or arbitrary memory.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PostgreSQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-db/postgresql"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555">CVE-2007-0555</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556">CVE-2007-0556</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-09T22:33:46Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-12T16:09:31Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-13T19:55:02Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-16.xml b/metadata/glsa/glsa-200703-16.xml
new file mode 100644
index 000000000000..cc45d9918e33
--- /dev/null
+++ b/metadata/glsa/glsa-200703-16.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-16">
+  <title>Apache JK Tomcat Connector: Remote execution of arbitrary code</title>
+  <synopsis>
+    The Apache Tomcat Connector (mod_jk) contains a buffer overflow
+    vulnerability that could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mod_jk</product>
+  <announced>2007-03-16</announced>
+  <revised count="01">2007-03-16</revised>
+  <bug>169433</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_jk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.21-r1</unaffected>
+      <vulnerable range="lt">1.2.21-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is a very widely used web server. mod_jk
+    provides the JK module for connecting Tomcat and Apache using the ajp13
+    protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    ZDI reported an unsafe memory copy in mod_jk that was discovered by an
+    anonymous researcher in the map_uri_to_worker function of
+    native/common/jk_uri_worker_map.c .
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker can send a long URL request to an Apache server using
+    Tomcat. That can trigger the vulnerability and lead to a stack-based
+    buffer overflow, which could result in the execution of arbitrary code
+    with the permissions of the Apache user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache Tomcat users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_jk-1.2.21-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774">CVE-2007-0774</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-06T16:08:28Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-14T00:11:00Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-14T20:16:09Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-17.xml b/metadata/glsa/glsa-200703-17.xml
new file mode 100644
index 000000000000..2c29d1972a50
--- /dev/null
+++ b/metadata/glsa/glsa-200703-17.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-17">
+  <title>ulogd: Remote execution of arbitrary code</title>
+  <synopsis>
+    ulogd contains a possible buffer overflow potentially allowing for the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ulogd</product>
+  <announced>2007-03-18</announced>
+  <revised count="01">2007-03-18</revised>
+  <bug>161882</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/ulogd" auto="yes" arch="*">
+      <unaffected range="ge">1.23-r1</unaffected>
+      <vulnerable range="lt">1.23-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ulogd is a userspace daemon for netfilter related logging.
+    </p>
+  </background>
+  <description>
+    <p>
+    SUSE reported unspecified buffer overflows in ulogd involving the
+    calculation of string lengths.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could trigger a possible buffer overflow through
+    unspecified vectors, potentially leading to the remote execution of
+    arbitrary code with the rights of the user running the ulogd daemon, or
+    more probably leading to the crash of the daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ulogd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/ulogd-1.23-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0460">CVE-2007-0460</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-14T07:34:19Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-16T12:57:18Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-18T21:32:10Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-18.xml b/metadata/glsa/glsa-200703-18.xml
new file mode 100644
index 000000000000..f8d3fb700295
--- /dev/null
+++ b/metadata/glsa/glsa-200703-18.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-18">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of
+    which may allow user-assisted arbitrary remote code execution.
+  </synopsis>
+  <product type="ebuild">mozilla-thunderbird</product>
+  <announced>2007-03-18</announced>
+  <revised count="01">2007-03-18</revised>
+  <bug>165555</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.10</unaffected>
+      <vulnerable range="lt">1.5.0.10</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.10</unaffected>
+      <vulnerable range="lt">1.5.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Thunderbird is a popular open-source email client from the
+    Mozilla Project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Georgi Guninski reported a possible integer overflow in the code
+    handling text/enhanced or text/richtext MIME emails. Additionally,
+    various researchers reported errors in the JavaScript engine
+    potentially leading to memory corruption. Additionally, the binary
+    version of Mozilla Thunderbird includes a vulnerable NSS library which
+    contains two possible buffer overflows involving the SSLv2 protocol.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to read a specially crafted email that
+    could trigger one of the vulnerabilities, some of them being related to
+    Mozilla Thunderbird's handling of JavaScript, possibly leading to the
+    execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for all of these issues, but
+    some of them can be avoided by disabling JavaScript. Note that the
+    execution of JavaScript is disabled by default and enabling it is
+    strongly discouraged.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-1.5.0.10"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-1.5.0.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008">CVE-2007-0008</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009">CVE-2007-0009</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775">CVE-2007-0775</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776">CVE-2007-0776</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777">CVE-2007-0777</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1282">CVE-2007-1282</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-03-13T23:29:16Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-14T00:11:26Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-19.xml b/metadata/glsa/glsa-200703-19.xml
new file mode 100644
index 000000000000..2b69f7a4f44b
--- /dev/null
+++ b/metadata/glsa/glsa-200703-19.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-19">
+  <title>LTSP: Authentication bypass in included LibVNCServer code</title>
+  <synopsis>
+    LTSP includes a version of libVNCServer that is vulnerable to an
+    authentication bypass.
+  </synopsis>
+  <product type="ebuild">ltsp</product>
+  <announced>2007-03-18</announced>
+  <revised count="01">2007-03-18</revised>
+  <bug>142661</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ltsp" auto="yes" arch="*">
+      <unaffected range="ge">4.2-r1</unaffected>
+      <vulnerable range="lt">4.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux Terminal Server Project adds thin-client support to Linux
+    servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    The LTSP server includes vulnerable LibVNCServer code, which fails to
+    properly validate protocol types effectively letting users decide what
+    protocol to use, such as "Type 1 - None" (GLSA-200608-05). The LTSP VNC
+    server will accept this security type, even if it is not offered by the
+    server.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this vulnerability to gain unauthorized
+    access with the privileges of the user running the VNC server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LTSP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/ltsp-4.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450">CVE-2006-2450</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200608-05.xml">GLSA 200608-05</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-02-10T19:11:34Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-02-10T23:53:14Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-02-27T02:25:26Z">
+    aetius
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-20.xml b/metadata/glsa/glsa-200703-20.xml
new file mode 100644
index 000000000000..23e59d5b878a
--- /dev/null
+++ b/metadata/glsa/glsa-200703-20.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-20">
+  <title>LSAT: Insecure temporary file creation</title>
+  <synopsis>
+    LSAT insecurely creates temporary files which can lead to symlink attacks
+    allowing a local user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">lsat</product>
+  <announced>2007-03-18</announced>
+  <revised count="02">2007-05-11</revised>
+  <bug>159542</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/lsat" auto="yes" arch="*">
+      <unaffected range="ge">0.9.5</unaffected>
+      <vulnerable range="lt">0.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux Security Auditing Tool (LSAT) is a post install security
+    auditor which checks many system configurations and local network
+    settings on the system for common security or configuration errors and
+    for packages that are not needed.
+    </p>
+  </background>
+  <description>
+    <p>
+    LSAT insecurely writes in /tmp with a predictable filename.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    the LSAT script is executed, this would result in the file being
+    overwritten with the rights of the user running the software, which
+    could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All lsat users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/lsat-0.9.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1500">CVE-2007-1500</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-15T22:15:51Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-16T10:34:49Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-16T11:42:45Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-21.xml b/metadata/glsa/glsa-200703-21.xml
new file mode 100644
index 000000000000..e924f9b84f01
--- /dev/null
+++ b/metadata/glsa/glsa-200703-21.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-21">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    PHP contains several vulnerabilities including a heap buffer overflow,
+    potentially leading to the remote execution of arbitrary code under certain
+    conditions.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2007-03-20</announced>
+  <revised count="03">2008-03-29</revised>
+  <bug>153911</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.2.1-r3</unaffected>
+      <unaffected range="rge">5.1.6-r11</unaffected>
+      <unaffected range="rge">4.4.6</unaffected>
+      <unaffected range="rge">4.4.7</unaffected>
+      <unaffected range="rge">4.4.8_pre20070816</unaffected>
+      <vulnerable range="lt">5.2.1-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found in PHP by the Hardened-PHP Project
+    and other researchers. These vulnerabilities include a heap-based
+    buffer overflow in htmlentities() and htmlspecialchars() if called with
+    UTF-8 parameters, and an off-by-one error in str_ireplace(). Other
+    vulnerabilities were also found in the PHP4 branch, including possible
+    overflows, stack corruptions and a format string vulnerability in the
+    *print() functions on 64 bit systems.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Remote attackers might be able to exploit these issues in PHP
+    applications making use of the affected functions, potentially
+    resulting in the execution of arbitrary code, Denial of Service,
+    execution of scripted contents in the context of the affected site,
+    security bypass or information leak.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-lang/php"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465">CVE-2006-5465</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906">CVE-2007-0906</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907">CVE-2007-0907</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908">CVE-2007-0908</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909">CVE-2007-0909</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910">CVE-2007-0910</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0911">CVE-2007-0911</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988">CVE-2007-0988</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286">CVE-2007-1286</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1375">CVE-2007-1375</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1376">CVE-2007-1376</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1380">CVE-2007-1380</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1383">CVE-2007-1383</uri>
+    <uri link="https://www.php.net/releases/4_4_5.php">PHP 4.4.5 Release Announcement</uri>
+    <uri link="https://www.php.net/releases/5_2_1.php">PHP 5.2.1 Release Announcement</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-14T13:36:33Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-16T10:54:22Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-16T11:47:58Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-22.xml b/metadata/glsa/glsa-200703-22.xml
new file mode 100644
index 000000000000..ec19c2a69a16
--- /dev/null
+++ b/metadata/glsa/glsa-200703-22.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-22">
+  <title>Mozilla Network Security Service: Remote execution of arbitrary code</title>
+  <synopsis>
+    The Mozilla Network Security Services libraries are vulnerable to two
+    buffer overflows that could result in the remote execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">nss</product>
+  <announced>2007-03-20</announced>
+  <revised count="01">2007-03-20</revised>
+  <bug>165555</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.11.5</unaffected>
+      <vulnerable range="lt">3.11.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Mozilla Network Security Service is a library implementing security
+    features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
+    S/MIME and X.509 certificates.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense has reported two potential buffer overflow vulnerabilities
+    found by researcher "regenrecht" in the code implementing the SSLv2
+    protocol.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted SSL master key to a
+    server using NSS for the SSLv2 protocol, or entice a user to connect to
+    a malicious server with a client-side application using NSS like one of
+    the Mozilla products. This could trigger the vulnerabilities and result
+    in the possible execution of arbitrary code with the rights of the
+    vulnerable application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the SSLv2 protocol in the applications using NSS.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NSS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.11.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008">CVE-2007-0008</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009">CVE-2007-0009</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-03-13T23:41:07Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-16T11:51:35Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-23.xml b/metadata/glsa/glsa-200703-23.xml
new file mode 100644
index 000000000000..e409fce1c03e
--- /dev/null
+++ b/metadata/glsa/glsa-200703-23.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-23">
+  <title>WordPress: Multiple vulnerabilities</title>
+  <synopsis>
+    Wordpress contains several cross-site scripting, cross-site request forgery
+    and information leak vulnerabilities.
+  </synopsis>
+  <product type="ebuild">wordpress</product>
+  <announced>2007-03-20</announced>
+  <revised count="01">2007-03-20</revised>
+  <bug>168529</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/wordpress" auto="yes" arch="*">
+      <vulnerable range="le">2.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordPress is a popular personal publishing platform with a web
+    interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    WordPress contains cross-site scripting or cross-site scripting forgery
+    vulnerabilities reported by:
+    </p>
+    <ul><li>g30rg3_x in the "year"
+    parameter of the wp_title() function</li>
+    <li>Alexander Concha in the
+    "demo" parameter of wp-admin/admin.php</li>
+    <li>Samenspender and Stefan
+    Friedli in the "post" parameter of wp-admin/post.php and
+    wp-admin/page.php, in the "cat_ID" parameter of wp-admin/categories.php
+    and in the "c" parameter of wp-admin/comment.php</li>
+    <li>PsychoGun in
+    the "file" parameter of wp-admin/templates.php</li>
+    </ul> <p>
+    </p>
+    <p>
+    Additionally, WordPress prints the full PHP script paths in some error
+    messages.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    The cross-site scripting vulnerabilities can be triggered to steal
+    browser session data or cookies. A remote attacker can entice a user to
+    browse to a specially crafted web page that can trigger the cross-site
+    request forgery vulnerability and perform arbitrary WordPress actions
+    with the permissions of the user. Additionally, the path disclosure
+    vulnerability could help an attacker to perform other attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for all these
+    vulnerabilities.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Due to the numerous recently discovered vulnerabilities in WordPress,
+    this package has been masked in the portage tree. All WordPress users
+    are advised to unmerge it.
+    </p>
+    <code>
+    
+    # emerge --unmerge "www-apps/wordpress"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1049">CVE-2007-1049</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1230">CVE-2007-1230</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1244">CVE-2007-1244</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1409">CVE-2007-1409</uri>
+    <uri link="https://secunia.com/advisories/24430/">SA 24430</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-09T22:36:03Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-17T15:44:31Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-20T11:36:10Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-24.xml b/metadata/glsa/glsa-200703-24.xml
new file mode 100644
index 000000000000..bd49a9fc43e4
--- /dev/null
+++ b/metadata/glsa/glsa-200703-24.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-24">
+  <title>mgv: Stack overflow in included gv code</title>
+  <synopsis>
+    mgv improperly handles user-supplied data possibly allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mgv</product>
+  <announced>2007-03-26</announced>
+  <revised count="01">2007-03-26</revised>
+  <bug>154645</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/mgv" auto="yes" arch="*">
+      <vulnerable range="le">3.1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mgv is a Postscript viewer with a Motif interface, based on Ghostview
+    and GNU gv.
+    </p>
+  </background>
+  <description>
+    <p>
+    mgv includes code from gv that does not properly boundary check
+    user-supplied data before copying it into process buffers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted Postscript
+    document with mgv and possibly execute arbitrary code with the rights
+    of the user running mgv.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    mgv is currently unmaintained, and the mgv website no longer exists. As
+    such, the mgv package has been masked in Portage. We recommend that
+    users select an alternate Postscript viewer such as ghostview or
+    GSview, and unmerge mgv:
+    </p>
+    <code>
+    # emerge --unmerge "app-text/mgv"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864">CVE-2006-5864</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200611-20.xml">GLSA 200611-20</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-14T07:32:05Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-20T02:27:18Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-26T19:59:57Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-25.xml b/metadata/glsa/glsa-200703-25.xml
new file mode 100644
index 000000000000..dc526fe8b872
--- /dev/null
+++ b/metadata/glsa/glsa-200703-25.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-25">
+  <title>Ekiga: Format string vulnerability</title>
+  <synopsis>
+    A format string vulnerability in Ekiga may allow the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">ekiga</product>
+  <announced>2007-03-29</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>167643</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-voip/ekiga" auto="yes" arch="*">
+      <unaffected range="ge">2.0.7</unaffected>
+      <vulnerable range="lt">2.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ekiga is an open source VoIP and video conferencing application.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mu Security has discovered that Ekiga fails to implement formatted
+    printing correctly.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this vulnerability to crash Ekiga and
+    potentially execute arbitrary code by sending a specially crafted Q.931
+    SETUP packet to a victim.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ekiga users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-voip/ekiga-2.0.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006">CVE-2007-1006</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-05T17:17:52Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-05T18:05:22Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-29T21:26:33Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-26.xml b/metadata/glsa/glsa-200703-26.xml
new file mode 100644
index 000000000000..762595033c05
--- /dev/null
+++ b/metadata/glsa/glsa-200703-26.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-26">
+  <title>file: Integer underflow</title>
+  <synopsis>
+    A buffer underflow vulnerability has been reported in file allowing for the
+    user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2007-03-30</announced>
+  <revised count="01">2007-03-30</revised>
+  <bug>171452</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">4.20</unaffected>
+      <vulnerable range="lt">4.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    file is a utility that guesses a file format by scanning binary data
+    for patterns.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jean-Sebastien Guay-Leroux reported an integer underflow in
+    file_printf function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could entice a user to run the "file" program on a
+    specially crafted file that would trigger a heap-based buffer overflow
+    possibly leading to the execution of arbitrary code with the rights of
+    the user running "file". Note that this vulnerability could be also
+    triggered through an automatic file scanner like amavisd-new.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Since file is a system package, all Gentoo users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-4.20"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536">CVE-2007-1536</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-24T17:59:07Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-26T20:27:32Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-29T21:14:57Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-27.xml b/metadata/glsa/glsa-200703-27.xml
new file mode 100644
index 000000000000..5d1bddf411ee
--- /dev/null
+++ b/metadata/glsa/glsa-200703-27.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-27">
+  <title>Squid: Denial of service</title>
+  <synopsis>
+    Squid is affected by a Denial of Service vulnerability.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2007-03-31</announced>
+  <revised count="01">2007-03-31</revised>
+  <bug>171681</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.6.12</unaffected>
+      <vulnerable range="lt">2.6.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a multi-protocol proxy server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Squid incorrectly handles TRACE requests that contain a "Max-Forwards"
+    header field with value "0" in the clientProcessRequest() function.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker can send specially crafted TRACE HTTP requests that
+    will terminate the child process. A quickly repeated attack will lead
+    to a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-2.6.12"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560">CVE-2007-1560</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-24T22:35:04Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-26T20:36:04Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-29T21:14:51Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200703-28.xml b/metadata/glsa/glsa-200703-28.xml
new file mode 100644
index 000000000000..5e2265c33171
--- /dev/null
+++ b/metadata/glsa/glsa-200703-28.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200703-28">
+  <title>CUPS: Denial of service</title>
+  <synopsis>
+    CUPS incorrectly handles partially-negotiated SSL connections allowing for
+    a Denial of Service.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2007-03-31</announced>
+  <revised count="01">2007-03-31</revised>
+  <bug>170881</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.2.9</unaffected>
+      <vulnerable range="lt">1.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CUPS provides a portable printing layer for UNIX-based operating
+    systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    CUPS does not properly handle partially-negotiated SSL connections.
+    Upon receiving a partially-negotiated SSL connection, CUPS no longer
+    accepts further incoming connections, as the initial connection never
+    times out.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could partially negotiate an SSL connection with a CUPS
+    server, and cause future connections to that server to fail, resulting
+    in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.2.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720">CVE-2007-0720</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-29T14:48:39Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-29T20:55:23Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-29T20:58:50Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-01.xml b/metadata/glsa/glsa-200704-01.xml
new file mode 100644
index 000000000000..0221de69081a
--- /dev/null
+++ b/metadata/glsa/glsa-200704-01.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-01">
+  <title>Asterisk: Two SIP Denial of Service vulnerabilities</title>
+  <synopsis>
+    Asterisk is vulnerable to two Denial of Service issues in the SIP channel.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2007-04-02</announced>
+  <revised count="01">2007-04-02</revised>
+  <bug>171467</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.14-r2</unaffected>
+      <unaffected range="rge">1.0.12-r2</unaffected>
+      <vulnerable range="lt">1.2.14-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Asterisk is an open source implementation of a telephone private branch
+    exchange (PBX).
+    </p>
+  </background>
+  <description>
+    <p>
+    The Madynes research team at INRIA has discovered that Asterisk
+    contains a null pointer dereferencing error in the SIP channel when
+    handling INVITE messages. Furthermore qwerty1979 discovered that
+    Asterisk 1.2.x fails to properly handle SIP responses with return code
+    0.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause an Asterisk server listening for SIP
+    messages to crash by sending a specially crafted SIP message or
+    answering with a 0 return code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Asterisk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose net-misc/asterisk</code>
+    <p>
+    Note: Asterisk 1.0.x is no longer supported upstream so users should
+    consider upgrading to Asterisk 1.2.x.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561">CVE-2007-1561</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1594">CVE-2007-1594</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-03-20T20:55:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-02T16:33:39Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-02.xml b/metadata/glsa/glsa-200704-02.xml
new file mode 100644
index 000000000000..27573438818b
--- /dev/null
+++ b/metadata/glsa/glsa-200704-02.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-02">
+  <title>MIT Kerberos 5: Arbitrary remote code execution</title>
+  <synopsis>
+    Multiple vulnerabilities in MIT Kerberos 5 could potentially result in
+    unauthenticated remote root code execution.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2007-04-03</announced>
+  <revised count="01">2007-04-03</revised>
+  <bug>171889</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.5.2-r1</unaffected>
+      <vulnerable range="lt">1.5.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT Kerberos 5 is a suite of applications that implement the Kerberos
+    network protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Kerberos telnet daemon fails to properly handle usernames allowing
+    unauthorized access to any account (CVE-2007-0956). The Kerberos
+    administration daemon, the KDC and possibly other applications using
+    the MIT Kerberos libraries are vulnerable to the following issues. The
+    krb5_klog_syslog function from the kadm5 library fails to properly
+    validate input leading to a stack overflow (CVE-2007-0957). The GSS-API
+    library is vulnerable to a double-free attack (CVE-2007-1216).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By exploiting the telnet vulnerability a remote attacker may obtain
+    access with root privileges. The remaining vulnerabilities may allow an
+    authenticated remote attacker to execute arbitrary code with root
+    privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT Kerberos 5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.5.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956">CVE-2007-0956</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957">CVE-2007-0957</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216">CVE-2007-1216</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-04-02T16:29:27Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-03T20:30:58Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-03.xml b/metadata/glsa/glsa-200704-03.xml
new file mode 100644
index 000000000000..c554c15d364c
--- /dev/null
+++ b/metadata/glsa/glsa-200704-03.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-03">
+  <title>OpenAFS: Privilege escalation</title>
+  <synopsis>
+    OpenAFS is subject to a design flaw that could allow privilege escalation
+    on the client.
+  </synopsis>
+  <product type="ebuild">openafs</product>
+  <announced>2007-04-03</announced>
+  <revised count="01">2007-04-03</revised>
+  <bug>171662</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/openafs" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4</unaffected>
+      <vulnerable range="lt">1.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenAFS is a distributed network filesystem.
+    </p>
+  </background>
+  <description>
+    <p>
+    Benjamin Bennett discovered that the OpenAFS client contains a design
+    flaw where cache managers do not use authenticated server connections
+    when performing actions not requested by a user.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    If setuid is enabled on the client cells, an attacker can supply a fake
+    FetchStatus reply that sets setuid and root ownership of a file being
+    executed. This could provide root access on the client. Remote attacks
+    may be possible if an attacker can entice a user to execute a known
+    file. Note that setuid is enabled by default in versions of OpenAFS
+    prior to 1.4.4.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the setuid functionality on all client cells. This is now the
+    default configuration in OpenAFS.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenAFS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/openafs-1.4.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1507">CVE-2007-1507</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-25T06:35:01Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-28T13:53:51Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-03T22:29:30Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-04.xml b/metadata/glsa/glsa-200704-04.xml
new file mode 100644
index 000000000000..9d7093b796f7
--- /dev/null
+++ b/metadata/glsa/glsa-200704-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-04">
+  <title>OpenPBS: Multiple vulnerabilities</title>
+  <synopsis>
+    OpenPBS contains unspecified vulnerabilities which may allow for the remote
+    execution of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">openpbs</product>
+  <announced>2007-04-03</announced>
+  <revised count="01">2007-04-03</revised>
+  <bug>153495</bug>
+  <access>remote, local</access>
+  <affected>
+    <package name="sys-cluster/openpbs" auto="yes" arch="*">
+      <vulnerable range="le">2.3.16-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenPBS is the original version of the Portable Batch System. It is a
+    flexible batch queueing system developed for NASA in the early to
+    mid-1990s.
+    </p>
+  </background>
+  <description>
+    <p>
+    SUSE reported vulnerabilities due to unspecified errors in OpenPBS.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By unspecified attack vectors an attacker might be able execute
+    arbitrary code with the privileges of the user running openpbs, which
+    might be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    OpenPBS has been masked in the Portage tree for replacement by Torque.
+    All OpenPBS users should unmerge OpenPBS and switch to Torque.
+    </p>
+    <code>
+    
+    # emerge --ask --unmerge sys-cluster/openpbs
+    # emerge --sync
+    # emerge --ask --verbose sys-cluster/torque</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5616">CVE-2006-5616</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-26T23:17:18Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-27T16:50:56Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-29T21:14:48Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-05.xml b/metadata/glsa/glsa-200704-05.xml
new file mode 100644
index 000000000000..6cf527fb1137
--- /dev/null
+++ b/metadata/glsa/glsa-200704-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-05">
+  <title>zziplib: Buffer Overflow</title>
+  <synopsis>
+    The zziplib library contains a buffer overflow vulnerability that could
+    lead to user-assisted remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">zziplib</product>
+  <announced>2007-04-03</announced>
+  <revised count="01">2007-04-03</revised>
+  <bug>171441</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/zziplib" auto="yes" arch="*">
+      <unaffected range="ge">0.13.49</unaffected>
+      <vulnerable range="lt">0.13.49</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The zziplib library is a lightweight library for extracting data from
+    files archived in a single zip file.
+    </p>
+  </background>
+  <description>
+    <p>
+    dmcox dmcox discovered a boundary error in the zzip_open_shared_io()
+    function from zzip/file.c .
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run a zziplib function with an
+    overly long string as an argument which would trigger the buffer
+    overflow and may lead to the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All zziplib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/zziplib-0.13.49"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1614">CVE-2007-1614</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-24T20:39:36Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-03-26T21:59:00Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-03-29T21:14:54Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-06.xml b/metadata/glsa/glsa-200704-06.xml
new file mode 100644
index 000000000000..6395c66c53c9
--- /dev/null
+++ b/metadata/glsa/glsa-200704-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-06">
+  <title>Evince: Stack overflow in included gv code</title>
+  <synopsis>
+    Evince improperly handles user-supplied data possibly allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">evince</product>
+  <announced>2007-04-06</announced>
+  <revised count="01">2007-04-06</revised>
+  <bug>156573</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/evince" auto="yes" arch="*">
+      <unaffected range="ge">0.6.1-r3</unaffected>
+      <vulnerable range="lt">0.6.1-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Evince is a document viewer for multiple document formats, including
+    PostScript.
+    </p>
+  </background>
+  <description>
+    <p>
+    Evince includes code from GNU gv that does not properly boundary check
+    user-supplied data before copying it into process buffers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted PostScript
+    document with Evince and possibly execute arbitrary code with the
+    rights of the user running Evince.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Evince users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/evince-0.6.1-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864">CVE-2006-5864</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200611-20.xml">GLSA-200611-20</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-29T16:08:33Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-02T13:26:04Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-03T22:29:26Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-07.xml b/metadata/glsa/glsa-200704-07.xml
new file mode 100644
index 000000000000..d709571c3b3e
--- /dev/null
+++ b/metadata/glsa/glsa-200704-07.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-07">
+  <title>libwpd: Multiple vulnerabilities</title>
+  <synopsis>
+    libwpd is vulnerable to several heap overflows and an integer overflow.
+  </synopsis>
+  <product type="ebuild">libwpd</product>
+  <announced>2007-04-06</announced>
+  <revised count="01">2007-04-06</revised>
+  <bug>169675</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/libwpd" auto="yes" arch="*">
+      <unaffected range="ge">0.8.9</unaffected>
+      <vulnerable range="lt">0.8.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libwpd is a library used to convert Wordperfect documents into other
+    formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    libwpd contains heap-based overflows in two functions that convert
+    WordPerfect document tables. In addition, it contains an integer
+    overflow in a text-conversion function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to convert a specially crafted
+    WordPerfect file, resulting in a crash or possibly the execution of
+    arbitrary code with the rights of the user running libwpd.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libwpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/libwpd-0.8.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002">CVE-2007-0002</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1466">CVE-2007-1466</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-02T22:18:42Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-03T12:29:29Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-03T22:29:58Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-08.xml b/metadata/glsa/glsa-200704-08.xml
new file mode 100644
index 000000000000..522267322a04
--- /dev/null
+++ b/metadata/glsa/glsa-200704-08.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-08">
+  <title>DokuWiki: Cross-site scripting vulnerability</title>
+  <synopsis>
+    DokuWiki is vulnerable to a cross-site scripting attack.
+  </synopsis>
+  <product type="ebuild">dokuwiki</product>
+  <announced>2007-04-12</announced>
+  <revised count="01">2007-04-12</revised>
+  <bug>163781</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/dokuwiki" auto="yes" arch="*">
+      <unaffected range="ge">20061106</unaffected>
+      <vulnerable range="lt">20061106</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DokuWiki is a simple to use wiki aimed at creating documentation.
+    </p>
+  </background>
+  <description>
+    <p>
+    DokuWiki does not sanitize user input to the GET variable 'media' in
+    the fetch.php file.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could entice a user to click a specially crafted link and
+    inject CRLF characters into the variable. This would allow the creation
+    of new lines or fields in the returned HTTP Response header, which
+    would permit the attacker to execute arbitrary scripts in the context
+    of the user's browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Replace the following line in lib/exe/fetch.php:
+    </p>
+    <code>$MEDIA = getID('media',false); // no cleaning - maybe external</code>
+    <p>
+    with
+    </p>
+    <code>$MEDIA = preg_replace('/[\x00-\x1F]+/s','',getID('media',false));</code>
+  </workaround>
+  <resolution>
+    <p>
+    All DokuWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/dokuwiki-20061106"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6965">CVE-2006-6965</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-02T22:16:33Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-03T13:45:23Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-03T22:29:45Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-09.xml b/metadata/glsa/glsa-200704-09.xml
new file mode 100644
index 000000000000..91fc2913f30f
--- /dev/null
+++ b/metadata/glsa/glsa-200704-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-09">
+  <title>xine-lib: Heap-based buffer overflow</title>
+  <synopsis>
+    xine-lib is vulnerable to a heap-based buffer overflow.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2007-04-14</announced>
+  <revised count="01">2007-04-14</revised>
+  <bug>170208</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="x86">
+      <unaffected range="ge">1.1.4-r2</unaffected>
+      <vulnerable range="lt">1.1.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is the core library package for the xine media player.
+    </p>
+  </background>
+  <description>
+    <p>
+    xine-lib does not check boundaries on data being read into buffers from
+    DMO video files in code that is shared with MPlayer
+    (DMO_VideoDecoder.c).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to play a specially crafted DMO video
+    file with a player using xine-lib, potentially resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    player.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users on the x86 platform should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246">CVE-2007-1246</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-22T17:27:51Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-02T15:54:20Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-03T22:28:59Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-10.xml b/metadata/glsa/glsa-200704-10.xml
new file mode 100644
index 000000000000..df1f53ba6c04
--- /dev/null
+++ b/metadata/glsa/glsa-200704-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-10">
+  <title>Inkscape: Two format string vulnerabilities</title>
+  <synopsis>
+    Two format string vulnerabilities have been discovered in Inkscape,
+    allowing for user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Inkscape</product>
+  <announced>2007-04-16</announced>
+  <revised count="01">2007-04-16</revised>
+  <bug>171799</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/inkscape" auto="yes" arch="*">
+      <unaffected range="ge">0.45.1</unaffected>
+      <vulnerable range="lt">0.45.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Inkscape is a vector graphics editor, using Scalable Vector Graphics
+    (SVG) Format.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kees Cook has discovered two vulnerabilities in Inkscape. The
+    application does not properly handle format string specifiers in some
+    dialog boxes. Inkscape is also vulnerable to another format string
+    error in its Jabber whiteboard protocol.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted URI,
+    possibly leading to execution of arbitrary code with the privileges of
+    the user running Inkscape.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Inkscape users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/inkscape-0.45.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1463">CVE-2007-1463</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1464">CVE-2007-1464</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-04-09T20:15:01Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-11T18:16:25Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-11.xml b/metadata/glsa/glsa-200704-11.xml
new file mode 100644
index 000000000000..c8ff587f0f63
--- /dev/null
+++ b/metadata/glsa/glsa-200704-11.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-11">
+  <title>Vixie Cron: Denial of service</title>
+  <synopsis>
+    The Gentoo implementation of Vixie Cron is vulnerable to a local Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">vixie-cron</product>
+  <announced>2007-04-16</announced>
+  <revised count="01">2007-04-16</revised>
+  <bug>164466</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-process/vixie-cron" auto="yes" arch="*">
+      <unaffected range="ge">4.1-r10</unaffected>
+      <vulnerable range="lt">4.1-r10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Vixie Cron is a command scheduler with extended syntax over cron.
+    </p>
+  </background>
+  <description>
+    <p>
+    During an internal audit, Raphael Marichez of the Gentoo Linux Security
+    Team found that Vixie Cron has weak permissions set on Gentoo, allowing
+    for a local user to create hard links to system and users cron files,
+    while a st_nlink check in database.c will generate a superfluous error.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Depending on the partitioning scheme and the "cron" group membership, a
+    malicious local user can create hard links to system or users cron
+    files that will trigger the st_link safety check and prevent the
+    targeted cron file from being run from the next restart or database
+    reload.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Vixie Cron users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-process/vixie-cron-4.1-r10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1856">CVE-2007-1856</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-13T15:58:28Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-13T21:36:24Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-16T18:10:18Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-12.xml b/metadata/glsa/glsa-200704-12.xml
new file mode 100644
index 000000000000..08a7ca0691dd
--- /dev/null
+++ b/metadata/glsa/glsa-200704-12.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-12">
+  <title>OpenOffice.org: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in OpenOffice.org, allowing
+    for remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">OpenOffice.org</product>
+  <announced>2007-04-16</announced>
+  <revised count="01">2007-04-16</revised>
+  <bug>170828</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.1.0-r1</unaffected>
+      <vulnerable range="lt">2.1.0-r1</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.2.0</unaffected>
+      <vulnerable range="lt">2.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    John Heasman of NGSSoftware has discovered a stack-based buffer
+    overflow in the StarCalc parser and an input validation error when
+    processing metacharacters in a link. Also OpenOffice.Org includes code
+    from libwpd making it vulnerable to heap-based overflows when
+    converting WordPerfect document tables (GLSA 200704-07).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, possibly leading to execution of arbitrary code with the
+    rights of the user running OpenOffice.org.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.1.0-r1"</code>
+    <p>
+    All OpenOffice.org binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-2.2.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002">CVE-2007-0002</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238">CVE-2007-0238</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239">CVE-2007-0239</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200704-07.xml">GLSA-200704-07</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-11T10:02:01Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-11T18:10:31Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-11T18:15:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-13.xml b/metadata/glsa/glsa-200704-13.xml
new file mode 100644
index 000000000000..28ebd44ba71a
--- /dev/null
+++ b/metadata/glsa/glsa-200704-13.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-13">
+  <title>File: Denial of service</title>
+  <synopsis>
+    A vulnerability has been discovered in file allowing for a denial of
+    service.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2007-04-17</announced>
+  <revised count="02">2007-09-17</revised>
+  <bug>174217</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">4.21-r1</unaffected>
+      <vulnerable range="eq">4.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    file is a utility that identifies a file format by scanning binary data
+    for patterns.
+    </p>
+  </background>
+  <description>
+    <p>
+    Conor Edberg discovered an error in the way file processes a specific
+    regular expression.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted file,
+    using excessive CPU ressources and possibly leading to a Denial of
+    Service. Note that this vulnerability could be also triggered through
+    an automatic file scanner like amavisd-new.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All file users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-4.20-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2026">CVE-2007-2026</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-11T22:06:47Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-12T13:54:28Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-13T12:18:04Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-14.xml b/metadata/glsa/glsa-200704-14.xml
new file mode 100644
index 000000000000..5c7ec666f40c
--- /dev/null
+++ b/metadata/glsa/glsa-200704-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-14">
+  <title>FreeRADIUS: Denial of service</title>
+  <synopsis>
+    A memory leak has been discovered in FreeRADIUS, possibly allowing for a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">FreeRADIUS</product>
+  <announced>2007-04-17</announced>
+  <revised count="01">2007-04-17</revised>
+  <bug>174292</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">1.1.6</unaffected>
+      <vulnerable range="lt">1.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeRADIUS is an open source RADIUS authentication server
+    implementation.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Coverity Scan project has discovered a memory leak within the
+    handling of certain malformed Diameter format values inside an EAP-TTLS
+    tunnel.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a large amount of specially crafted
+    packets to a FreeRADIUS server using EAP-TTLS authentication and
+    exhaust all memory, possibly resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeRADIUS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dialup/freeradius-1.1.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2028">CVE-2007-2028</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-13T07:08:42Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-13T11:53:35Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-13T12:22:49Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-15.xml b/metadata/glsa/glsa-200704-15.xml
new file mode 100644
index 000000000000..6fbde33a8dcd
--- /dev/null
+++ b/metadata/glsa/glsa-200704-15.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-15">
+  <title>MadWifi: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in the MadWifi driver,
+    possibly leading to a Denial of Service and information disclosure.
+  </synopsis>
+  <product type="ebuild">Madwifi-ng</product>
+  <announced>2007-04-17</announced>
+  <revised count="02">2007-04-21</revised>
+  <bug>173434</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/madwifi-ng" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3</unaffected>
+      <vulnerable range="lt">0.9.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The MadWifi driver provides support for Atheros based IEEE 802.11
+    Wireless Lan cards.
+    </p>
+  </background>
+  <description>
+    <p>
+    The driver does not properly process Channel Switch Announcement
+    Information Elements, allowing for an abnormal channel change. The
+    ieee80211_input() function does not properly handle AUTH frames and the
+    driver sends unencrypted packets before WPA authentication succeeds.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted AUTH frames to the
+    vulnerable host, resulting in a Denial of Service by crashing the
+    kernel. A remote attacker could gain access to sensitive information
+    about network architecture by sniffing unencrypted packets. A remote
+    attacker could also send a Channel Switch Count less than or equal to
+    one to trigger a channel change, resulting in a communication loss and
+    a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MadWifi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/madwifi-ng-0.9.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7178">CVE-2006-7178</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7179">CVE-2006-7179</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7180">CVE-2006-7180</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-04-11T12:32:14Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-11T18:16:05Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-16.xml b/metadata/glsa/glsa-200704-16.xml
new file mode 100644
index 000000000000..777d784c5f0a
--- /dev/null
+++ b/metadata/glsa/glsa-200704-16.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-16">
+  <title>Aircrack-ng: Remote execution of arbitrary code</title>
+  <synopsis>
+    Aircrack-ng contains a buffer overflow that could lead to the remote
+    execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">aircrack-ng</product>
+  <announced>2007-04-22</announced>
+  <revised count="01">2007-04-22</revised>
+  <bug>174340</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/aircrack-ng" auto="yes" arch="*">
+      <unaffected range="ge">0.7-r2</unaffected>
+      <vulnerable range="lt">0.7-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can
+    recover keys once enough data packets have been captured.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jonathan So reported that the airodump-ng module does not correctly
+    check the size of 802.11 authentication packets before copying them
+    into a buffer.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could trigger a stack-based buffer overflow by
+    sending a specially crafted 802.11 authentication packet to a user
+    running airodump-ng with the -w (--write) option. This could lead to
+    the remote execution of arbitrary code with the permissions of the user
+    running airodump-ng, which is typically the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Aircrack-ng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/aircrack-ng-0.7-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2057">CVE-2007-2057</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-13T21:21:54Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-13T21:24:05Z">
+    shellsage
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-14T22:00:25Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-17.xml b/metadata/glsa/glsa-200704-17.xml
new file mode 100644
index 000000000000..3e014bc3b683
--- /dev/null
+++ b/metadata/glsa/glsa-200704-17.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-17">
+  <title>3proxy: Buffer overflow</title>
+  <synopsis>
+    A vulnerability has been discovered in 3proxy allowing for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">3proxy</product>
+  <announced>2007-04-22</announced>
+  <revised count="01">2007-04-22</revised>
+  <bug>174429</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/3proxy" auto="yes" arch="*">
+      <unaffected range="ge">0.5.3h</unaffected>
+      <vulnerable range="lt">0.5.3h</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    3proxy is a multi-protocol proxy, including HTTP/HTTPS/FTP and SOCKS
+    support.
+    </p>
+  </background>
+  <description>
+    <p>
+    The 3proxy development team reported a buffer overflow in the logurl()
+    function when processing overly long requests.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted transparent request to
+    the proxy, resulting in the execution of arbitrary code with privileges
+    of the user running 3proxy.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All 3proxy users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/3proxy-0.5.3h"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2031">CVE-2007-2031</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-18T05:09:29Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-18T08:45:40Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-18T20:45:40Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-18.xml b/metadata/glsa/glsa-200704-18.xml
new file mode 100644
index 000000000000..fb169036c4bd
--- /dev/null
+++ b/metadata/glsa/glsa-200704-18.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-18">
+  <title>Courier-IMAP: Remote execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability has been discovered in Courier-IMAP allowing for remote
+    code execution with root privileges.
+  </synopsis>
+  <product type="ebuild">courier-imap</product>
+  <announced>2007-04-22</announced>
+  <revised count="02">2007-04-23</revised>
+  <bug>168196</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/courier-imap" auto="yes" arch="*">
+      <unaffected range="ge">4.0.6-r2</unaffected>
+      <unaffected range="lt">4.0.0</unaffected>
+      <vulnerable range="lt">4.0.6-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Courier-IMAP is an IMAP server which is part of the Courier mail
+    system. It provides access only to maildirs.
+    </p>
+  </background>
+  <description>
+    <p>
+    CJ Kucera has discovered that some Courier-IMAP scripts don't properly
+    handle the XMAILDIR variable, allowing for shell command injection.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted login credentials to a
+    Courier-IMAP server instance, possibly leading to remote code execution
+    with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Courier-IMAP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/courier-imap-4.0.6-r2"</code>
+  </resolution>
+  <references/>
+  <metadata tag="requester" timestamp="2007-04-12T14:15:03Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-12T14:15:17Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-16T21:50:11Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-19.xml b/metadata/glsa/glsa-200704-19.xml
new file mode 100644
index 000000000000..a853e05000bb
--- /dev/null
+++ b/metadata/glsa/glsa-200704-19.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-19">
+  <title>Blender: User-assisted remote execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability has been discovered in Blender allowing for user-assisted
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">Blender</product>
+  <announced>2007-04-23</announced>
+  <revised count="01">2007-04-23</revised>
+  <bug>168907</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/blender" auto="yes" arch="*">
+      <unaffected range="ge">2.43</unaffected>
+      <vulnerable range="lt">2.43</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Blender is a 3D creation, animation and publishing program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Cornelius of Secunia Research discovered an insecure use of the
+    "eval()" function in kmz_ImportWithMesh.py.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    Blender file (.kmz or .kml), resulting in the execution of arbitrary
+    Python code with the privileges of the user running Blender.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Blender users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/blender-2.43"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253">CVE-2007-1253</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-17T18:07:32Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-18T09:36:27Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-18T20:46:11Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-20.xml b/metadata/glsa/glsa-200704-20.xml
new file mode 100644
index 000000000000..9f4e701302f6
--- /dev/null
+++ b/metadata/glsa/glsa-200704-20.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-20">
+  <title>NAS: Multiple vulnerabilities</title>
+  <synopsis>
+    The Network Audio System is vulnerable to a buffer overflow that could
+    result in the execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">NAS</product>
+  <announced>2007-04-23</announced>
+  <revised count="01">2007-04-23</revised>
+  <bug>171428</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/nas" auto="yes" arch="*">
+      <unaffected range="ge">1.8b</unaffected>
+      <vulnerable range="lt">1.8b</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NAS is a network transparent, client/server audio transport system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of
+    which include a buffer overflow in the function accept_att_local(), an
+    integer overflow in the function ProcAuWriteElement(), and a null
+    pointer error in the function ReadRequestFromClient().
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker having access to the NAS daemon could send an overly long
+    slave name to the server, leading to the execution of arbitrary code
+    with root privileges. A remote attacker could also send a specially
+    crafted packet containing an invalid client ID, which would crash the
+    server and result in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NAS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/nas-1.8b"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1543">CVE-2007-1543</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1544">CVE-2007-1544</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1545">CVE-2007-1545</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1546">CVE-2007-1546</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1547">CVE-2007-1547</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-02T13:48:29Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-02T15:19:59Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-12T14:16:06Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-21.xml b/metadata/glsa/glsa-200704-21.xml
new file mode 100644
index 000000000000..d65b5436eae4
--- /dev/null
+++ b/metadata/glsa/glsa-200704-21.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-21">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in ClamAV allowing for the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ClamAV</product>
+  <announced>2007-04-24</announced>
+  <revised count="01">2007-04-24</revised>
+  <bug>174375</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.90.2</unaffected>
+      <vulnerable range="lt">0.90.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense Labs have reported a stack-based buffer overflow in the
+    cab_unstore() function when processing negative values in .cab files.
+    Multiple file descriptor leaks have also been reported in chmunpack.c,
+    pdf.c and dblock.c when processing .chm files.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted CHM file to the
+    scanner, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running ClamAV.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.90.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745">CVE-2007-1745</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997">CVE-2007-1997</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-14T22:33:19Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-19T10:34:20Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-22T20:58:42Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-22.xml b/metadata/glsa/glsa-200704-22.xml
new file mode 100644
index 000000000000..3a176a3c6fb7
--- /dev/null
+++ b/metadata/glsa/glsa-200704-22.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-22">
+  <title>BEAST: Denial of service</title>
+  <synopsis>
+    A vulnerability has been discovered in BEAST allowing for a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">BEAST</product>
+  <announced>2007-04-27</announced>
+  <revised count="01">2007-04-27</revised>
+  <bug>163146</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/beast" auto="yes" arch="*">
+      <unaffected range="ge">0.7.1</unaffected>
+      <vulnerable range="lt">0.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BEdevilled Audio SysTem is an audio compositor, supporting a wide range
+    of audio formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    BEAST, which is installed as setuid root, fails to properly check
+    whether it can drop privileges accordingly if seteuid() fails due to a
+    user exceeding assigned resource limits.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local user could exceed his resource limit in order to prevent the
+    seteuid() call from succeeding. This may lead BEAST to keep running
+    with root privileges. Then, the local user could use the "save as"
+    dialog box to overwrite any file on the vulnerable system, potentially
+    leading to a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BEAST users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/beast-0.7.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916">CVE-2006-2916</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447">CVE-2006-4447</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-04T08:02:22Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-04T18:26:01Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-06T18:26:41Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200704-23.xml b/metadata/glsa/glsa-200704-23.xml
new file mode 100644
index 000000000000..f0f233f5a336
--- /dev/null
+++ b/metadata/glsa/glsa-200704-23.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200704-23">
+  <title>capi4k-utils: Buffer overflow</title>
+  <synopsis>
+    capi4k-utils is vulnerable to a buffer overflow in the bufprint() function.
+  </synopsis>
+  <product type="ebuild">capi4k-utils</product>
+  <announced>2007-04-27</announced>
+  <revised count="01">2007-04-27</revised>
+  <bug>170870</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dialup/capi4k-utils" auto="yes" arch="*">
+      <unaffected range="ge">20050718-r3</unaffected>
+      <vulnerable range="lt">20050718-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    capi4k-utils is a set of utilities for accessing COMMON-ISDN-API
+    software interfaces for ISDN devices.
+    </p>
+  </background>
+  <description>
+    <p>
+    The bufprint() function in capi4k-utils fails to properly check
+    boundaries of data coming from CAPI packets.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could possibly escalate privileges or cause a Denial
+    of Service by sending a crafted CAPI packet.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All capi4k-utils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dialup/capi4k-utils-20050718-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1217">CVE-2007-1217</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-03-24T12:42:52Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-02T14:51:21Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-03T22:29:34Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-01.xml b/metadata/glsa/glsa-200705-01.xml
new file mode 100644
index 000000000000..f2880c2b9649
--- /dev/null
+++ b/metadata/glsa/glsa-200705-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-01">
+  <title>Ktorrent: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Ktorrent allowing for the
+    remote execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">ktorrent</product>
+  <announced>2007-05-01</announced>
+  <revised count="01">2007-05-01</revised>
+  <bug>170303</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/ktorrent" auto="yes" arch="*">
+      <unaffected range="ge">2.1.3</unaffected>
+      <vulnerable range="lt">2.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ktorrent is a Bittorrent client for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Bryan Burns of Juniper Networks discovered a vulnerability in
+    chunkcounter.cpp when processing large or negative idx values, and a
+    directory traversal vulnerability in torrent.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to download a specially crafted
+    torrent file, possibly resulting in the remote execution of arbitrary
+    code with the privileges of the user running Ktorrent.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ktorrent users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-p2p/ktorrent-2.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384">CVE-2007-1384</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385">CVE-2007-1385</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1799">CVE-2007-1799</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-24T19:42:10Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-26T07:58:35Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-26T07:59:01Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-02.xml b/metadata/glsa/glsa-200705-02.xml
new file mode 100644
index 000000000000..dcc4fe6c9c40
--- /dev/null
+++ b/metadata/glsa/glsa-200705-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-02">
+  <title>FreeType: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability has been discovered in FreeType allowing for user-assisted
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2007-05-01</announced>
+  <revised count="02">2007-05-27</revised>
+  <bug>172577</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.1.10-r3</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.1.10-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeType is a True Type Font rendering library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Greg MacManus of iDefense Labs has discovered an integer overflow in
+    the function bdfReadCharacters() when parsing BDF fonts.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to use a specially crafted BDF
+    font, possibly resulting in a heap-based buffer overflow and the remote
+    execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeType users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.1.10-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351">CVE-2007-1351</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-12T09:19:23Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-12T09:19:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-26T08:55:44Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-03.xml b/metadata/glsa/glsa-200705-03.xml
new file mode 100644
index 000000000000..a788f86a2b40
--- /dev/null
+++ b/metadata/glsa/glsa-200705-03.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-03">
+  <title>Tomcat: Information disclosure</title>
+  <synopsis>
+    A vulnerability has been discovered in Tomcat that allows for the
+    disclosure of sensitive information.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2007-05-01</announced>
+  <revised count="01">2007-05-01</revised>
+  <bug>173122</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge">5.5.22</unaffected>
+      <vulnerable range="lt">5.5.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tomcat is the Apache Jakarta Project's official implementation of Java
+    Servlets and Java Server Pages.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tomcat allows special characters like slash, backslash or URL-encoded
+    backslash as a separator, while Apache does not.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could send a specially crafted URL to the vulnerable
+    Tomcat server, possibly resulting in a directory traversal and read
+    access to arbitrary files with the privileges of the user running
+    Tomcat. Note that this vulnerability can only be exploited when using
+    apache proxy modules like mod_proxy, mod_rewrite or mod_jk.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tomcat users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-5.5.22"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">CVE-2007-0450</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-24T19:49:54Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-25T20:54:19Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-25T20:54:45Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-04.xml b/metadata/glsa/glsa-200705-04.xml
new file mode 100644
index 000000000000..30a453228359
--- /dev/null
+++ b/metadata/glsa/glsa-200705-04.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-04">
+  <title>Apache mod_perl: Denial of service</title>
+  <synopsis>
+    The mod_perl Apache module is vulnerable to a Denial of Service when
+    processing regular expressions.
+  </synopsis>
+  <product type="ebuild">mod_perl</product>
+  <announced>2007-05-02</announced>
+  <revised count="02">2007-05-02</revised>
+  <bug>172676</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_perl" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3-r1</unaffected>
+      <unaffected range="rge">1.30</unaffected>
+      <vulnerable range="lt">2.0.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mod_perl is an Apache module that embeds the Perl interpreter within
+    the server, allowing Perl-based web-applications to be created.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alex Solvey discovered that the "path_info" variable used in file
+    RegistryCooker.pm (mod_perl 2.x) or file PerlRun.pm (mod_perl 1.x), is
+    not properly escaped before being processed.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted URL to the vulnerable
+    server, possibly resulting in a massive resource consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mod_perl 1.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_perl-1.30"</code>
+    <p>
+    All mod_perl 2.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_perl-2.0.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349">CVE-2007-1349</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-23T19:53:36Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-24T15:28:21Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-25T21:05:17Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-05.xml b/metadata/glsa/glsa-200705-05.xml
new file mode 100644
index 000000000000..18bccf17f9d3
--- /dev/null
+++ b/metadata/glsa/glsa-200705-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-05">
+  <title>Quagga: Denial of service</title>
+  <synopsis>
+    A vulnerability has been discovered in Quagga allowing for a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">quagga</product>
+  <announced>2007-05-02</announced>
+  <revised count="01">2007-05-02</revised>
+  <bug>174206</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/quagga" auto="yes" arch="*">
+      <unaffected range="ge">0.98.6-r2</unaffected>
+      <vulnerable range="lt">0.98.6-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Quagga is a free routing daemon, supporting RIP, OSPF and BGP
+    protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Quagga development team reported a vulnerability in the BGP routing
+    deamon when processing NLRI attributes inside UPDATE messages.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious peer inside a BGP area could send a specially crafted
+    packet to a Quagga instance, possibly resulting in a crash of the
+    Quagga daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Quagga users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-0.98.6-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995">CVE-2007-1995</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-23T20:01:28Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-25T21:27:10Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-30T08:45:01Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-06.xml b/metadata/glsa/glsa-200705-06.xml
new file mode 100644
index 000000000000..76ced2a3d6cd
--- /dev/null
+++ b/metadata/glsa/glsa-200705-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-06">
+  <title>X.Org X11 library: Multiple integer overflows</title>
+  <synopsis>
+    The X.Org X11 library contains multiple integer overflows, which could lead
+    to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libx11</product>
+  <announced>2007-05-05</announced>
+  <revised count="01">2007-05-05</revised>
+  <bug>172752</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/libX11" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3-r2</unaffected>
+      <vulnerable range="lt">1.0.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    X.Org is an implementation of the X Window System. The X.Org X11
+    library provides the X11 protocol library files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple integer overflows have been reported in the XGetPixel()
+    function of the X.Org X11 library.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    By enticing a user to open a specially crafted image, an attacker could
+    cause a Denial of Service or an integer overflow, potentially resulting
+    in the execution of arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.Org X11 library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/libX11-1.0.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667">CVE-2007-1667</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-18T14:52:56Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-20T16:53:31Z">
+    dizzutch
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-23T12:10:37Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-07.xml b/metadata/glsa/glsa-200705-07.xml
new file mode 100644
index 000000000000..09239968960c
--- /dev/null
+++ b/metadata/glsa/glsa-200705-07.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-07">
+  <title>Lighttpd: Two Denials of Service</title>
+  <synopsis>
+    Two vulnerabilities have been discovered in Lighttpd, each allowing for a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2007-05-07</announced>
+  <revised count="01">2007-05-07</revised>
+  <bug>174043</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.14</unaffected>
+      <vulnerable range="lt">1.4.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Lighttpd is a lightweight HTTP web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Robert Jakabosky discovered an infinite loop triggered by a connection
+    abort when Lighttpd processes carriage return and line feed sequences.
+    Marcus Rueckert discovered a NULL pointer dereference when a server
+    running Lighttpd tries to access a file with a mtime of 0.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could upload a specially crafted file to the server
+    or send a specially crafted request and then abort the connection,
+    possibly resulting in a crash or a Denial of Service by CPU
+    consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Lighttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.4.14"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1869">CVE-2007-1869</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1870">CVE-2007-1870</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-30T09:09:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-01T19:04:44Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-06T21:36:16Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-08.xml b/metadata/glsa/glsa-200705-08.xml
new file mode 100644
index 000000000000..9384c97d5c94
--- /dev/null
+++ b/metadata/glsa/glsa-200705-08.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-08">
+  <title>GIMP: Buffer overflow</title>
+  <synopsis>
+    GIMP is vulnerable to a buffer overflow which may lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">gimp</product>
+  <announced>2007-05-07</announced>
+  <revised count="01">2007-05-07</revised>
+  <bug>176226</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gimp" auto="yes" arch="*">
+      <unaffected range="ge">2.2.14</unaffected>
+      <vulnerable range="lt">2.2.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GIMP is the GNU Image Manipulation Program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Marsu discovered that the "set_color_table()" function in the SUNRAS
+    plugin is vulnerable to a stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open a specially crafted .RAS file,
+    possibly leading to the execution of arbitrary code with the privileges
+    of the user running GIMP.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GIMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/gimp-2.2.14"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356">CVE-2007-2356</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-05-06T21:00:37Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-06T21:03:26Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-09.xml b/metadata/glsa/glsa-200705-09.xml
new file mode 100644
index 000000000000..65861b5fe67e
--- /dev/null
+++ b/metadata/glsa/glsa-200705-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-09">
+  <title>IPsec-Tools: Denial of service</title>
+  <synopsis>
+    IPsec-Tools contains a vulnerability that allows a remote attacker to crash
+    the IPsec tunnel.
+  </synopsis>
+  <product type="ebuild">ipsec-tools</product>
+  <announced>2007-05-08</announced>
+  <revised count="01">2007-05-08</revised>
+  <bug>173219</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-firewall/ipsec-tools" auto="yes" arch="*">
+      <unaffected range="ge">0.6.7</unaffected>
+      <vulnerable range="lt">0.6.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    IPsec-Tools is a port of KAME's implementation of the IPsec utilities.
+    It contains a collection of network monitoring tools, including racoon,
+    ping, and ping6.
+    </p>
+  </background>
+  <description>
+    <p>
+    The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not
+    always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N)
+    packets are encrypted.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted IPsec message to one
+    of the two peers during the beginning of phase 1, resulting in the
+    termination of the IPsec exchange.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IPsec-Tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-firewall/ipsec-tools-0.6.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841">CVE-2007-1841</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-03T18:53:19Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-06T12:07:13Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-07T19:54:14Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-10.xml b/metadata/glsa/glsa-200705-10.xml
new file mode 100644
index 000000000000..fd421d9c8821
--- /dev/null
+++ b/metadata/glsa/glsa-200705-10.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-10">
+  <title>LibXfont, TightVNC: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in libXfont and TightVNC,
+    allowing for the execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">tightvnc, libxfont</product>
+  <announced>2007-05-08</announced>
+  <revised count="01">2007-05-08</revised>
+  <bug>172575</bug>
+  <bug>174200</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/tightvnc" auto="yes" arch="*">
+      <unaffected range="ge">1.2.9-r4</unaffected>
+      <vulnerable range="lt">1.2.9-r4</vulnerable>
+    </package>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.2.7-r1</unaffected>
+      <vulnerable range="lt">1.2.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LibXfont is the X.Org font library. TightVNC is a VNC client/server for
+    X displays.
+    </p>
+  </background>
+  <description>
+    <p>
+    The libXfont code is prone to several integer overflows, in functions
+    ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable().
+    TightVNC contains a local copy of this code and is also affected.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could use a specially crafted BDF Font to gain root
+    privileges on the vulnerable host.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libXfont users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.2.7-r1"</code>
+    <p>
+    All TightVNC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/tightvnc-1.2.9-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003">CVE-2007-1003</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351">CVE-2007-1351</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352">CVE-2007-1352</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-17T09:12:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-23T12:11:04Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-26T19:02:32Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-11.xml b/metadata/glsa/glsa-200705-11.xml
new file mode 100644
index 000000000000..7afbc763b1d0
--- /dev/null
+++ b/metadata/glsa/glsa-200705-11.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-11">
+  <title>MySQL: Two Denial of Service vulnerabilities</title>
+  <synopsis>
+    Two Denial of Service vulnerabilities have been discovered in MySQL.
+  </synopsis>
+  <product type="ebuild">MySQL</product>
+  <announced>2007-05-08</announced>
+  <revised count="01">2007-05-08</revised>
+  <bug>170126</bug>
+  <bug>171934</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.0.38</unaffected>
+      <unaffected range="lt">5.0</unaffected>
+      <vulnerable range="lt">5.0.38</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular multi-threaded, multi-user SQL server.
+    </p>
+  </background>
+  <description>
+    <p>
+    mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when
+    processing certain types of SQL requests. Sec Consult also discovered
+    another NULL pointer dereference when sorting certain types of queries
+    on the database metadata.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    In both cases, a remote attacker could send a specially crafted SQL
+    request to the server, possibly resulting in a server crash. Note that
+    the attacker needs the ability to execute SELECT queries.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.0.38"</code>
+  </resolution>
+  <references>
+    <uri link="https://bugs.mysql.com/bug.php?id=27513">Original Report</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420">CVE-2007-1420</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-24T19:47:08Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-04-25T21:17:16Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-04-25T21:17:35Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-12.xml b/metadata/glsa/glsa-200705-12.xml
new file mode 100644
index 000000000000..921589883beb
--- /dev/null
+++ b/metadata/glsa/glsa-200705-12.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-12">
+  <title>PostgreSQL: Privilege escalation</title>
+  <synopsis>
+    PostgreSQL contains a vulnerability that could result in SQL privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2007-05-10</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>175791</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge">8.0.13</unaffected>
+      <unaffected range="rge">7.4.17</unaffected>
+      <unaffected range="rge">7.3.19</unaffected>
+      <unaffected range="rge">7.3.21</unaffected>
+      <unaffected range="rge">7.4.19</unaffected>
+      <vulnerable range="lt">8.0.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PostgreSQL is an open source object-relational database management
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    An error involving insecure search_path settings in the SECURITY
+    DEFINER functions has been reported in PostgreSQL.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If allowed to call a SECURITY DEFINER function, an attacker could gain
+    the SQL privileges of the owner of the called function.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PostgreSQL users should upgrade to the latest version and fix their
+    SECURITY DEFINER functions:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-db/postgresql"</code>
+    <p>
+    In order to fix the SECURITY DEFINER functions, PostgreSQL users are
+    advised to refer to the PostgreSQL documentation: <uri link="http://www.postgresql.org/docs/techdocs.77">http://www.postgresql
+    .org/docs/techdocs.77</uri>
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138">CVE-2007-2138</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-03T18:37:29Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-06T22:14:19Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-08T06:08:11Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-13.xml b/metadata/glsa/glsa-200705-13.xml
new file mode 100644
index 000000000000..95f1a64fa4c6
--- /dev/null
+++ b/metadata/glsa/glsa-200705-13.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-13">
+  <title>ImageMagick: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple integer overflows have been discovered in ImageMagick allowing for
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2007-05-10</announced>
+  <revised count="02">2007-06-07</revised>
+  <bug>152672</bug>
+  <bug>159567</bug>
+  <bug>173186</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.3.3</unaffected>
+      <vulnerable range="lt">6.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a collection of tools allowing various manipulations on
+    image files.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense Labs has discovered multiple integer overflows in ImageMagick
+    in the functions ReadDCMImage() and ReadXWDImage(), that are used to
+    process DCM and XWD files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open specially crafted XWD or DCM
+    file, resulting in heap-based buffer overflows and possibly the
+    execution of arbitrary code with the privileges of the user running
+    ImageMagick. Note that this user may be httpd or any other account used
+    by applications relying on the ImageMagick tools to automatically
+    process images.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.3.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797">CVE-2007-1797</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-04-30T13:08:15Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-01T19:04:55Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-06T21:19:41Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-14.xml b/metadata/glsa/glsa-200705-14.xml
new file mode 100644
index 000000000000..4cc3b446211b
--- /dev/null
+++ b/metadata/glsa/glsa-200705-14.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-14">
+  <title>XScreenSaver: Privilege escalation</title>
+  <synopsis>
+    XScreenSaver allows local users to bypass authentication under certain
+    configurations.
+  </synopsis>
+  <product type="ebuild">xscreensaver</product>
+  <announced>2007-05-13</announced>
+  <revised count="01">2007-05-13</revised>
+  <bug>176584</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-misc/xscreensaver" auto="yes" arch="*">
+      <unaffected range="ge">5.02</unaffected>
+      <vulnerable range="lt">5.02</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XScreenSaver is a widely used screen saver collection shipped on
+    systems running the X11 Window System.
+    </p>
+  </background>
+  <description>
+    <p>
+    XScreenSaver incorrectly handles the results of the getpwuid() function
+    in drivers/lock.c when using directory servers during a network outage.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local user can crash XScreenSaver by preventing network connectivity
+    if the system uses a remote directory service for credentials such as
+    NIS or LDAP, which will unlock the screen.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All XScreenSaver users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-misc/xscreensaver-5.02"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1859">CVE-2007-1859</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-08T10:52:36Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-08T15:43:15Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-13T21:32:41Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-15.xml b/metadata/glsa/glsa-200705-15.xml
new file mode 100644
index 000000000000..dfff4bfec1ee
--- /dev/null
+++ b/metadata/glsa/glsa-200705-15.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-15">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>
+    Samba contains multiple vulnerabilities potentially resulting in the
+    execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2007-05-15</announced>
+  <revised count="01">2007-05-15</revised>
+  <bug>177029</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.24-r2</unaffected>
+      <vulnerable range="lt">3.0.24-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a suite of SMB and CIFS client/server programs for UNIX.
+    </p>
+  </background>
+  <description>
+    <p>
+    Samba contains a logical error in the smbd daemon when translating
+    local SID to user names (CVE-2007-2444). Furthermore, Samba contains
+    several bugs when parsing NDR encoded RPC parameters (CVE-2007-2446).
+    Lastly, Samba fails to properly sanitize remote procedure input
+    provided via Microsoft Remote Procedure Calls (CVE-2007-2447).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to gain root
+    privileges via various vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.24-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-05-14T17:44:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-15T12:42:21Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-16.xml b/metadata/glsa/glsa-200705-16.xml
new file mode 100644
index 000000000000..c5b0c8ffed07
--- /dev/null
+++ b/metadata/glsa/glsa-200705-16.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-16">
+  <title>PhpWiki: Remote execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability has been discovered in PhpWiki allowing for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">phpwiki</product>
+  <announced>2007-05-17</announced>
+  <revised count="01">2007-05-17</revised>
+  <bug>174451</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.3.10-r3</unaffected>
+      <vulnerable range="lt">1.3.10-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PhpWiki is an open source content management system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Harold Hallikainen has reported that the Upload page fails to properly
+    check the extension of a file.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could upload a specially crafted PHP file to the
+    vulnerable server, resulting in the execution of arbitrary PHP code
+    with the privileges of the user running PhpWiki.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PhpWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpwiki-1.3.10-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2024">CVE-2007-2024</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2025">CVE-2007-2025</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-10T13:26:06Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-11T14:10:41Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-14T18:47:51Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-17.xml b/metadata/glsa/glsa-200705-17.xml
new file mode 100644
index 000000000000..e600c5a0877b
--- /dev/null
+++ b/metadata/glsa/glsa-200705-17.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-17">
+  <title>Apache mod_security: Rule bypass</title>
+  <synopsis>
+    A vulnerability has been discovered in mod_security, allowing a remote
+    attacker to bypass rules.
+  </synopsis>
+  <product type="ebuild">mod_security</product>
+  <announced>2007-05-17</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>169778</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_security" auto="yes" arch="*">
+      <unaffected range="ge">2.1.1</unaffected>
+      <vulnerable range="lt">2.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mod_security is an Apache module designed for enhancing the security of
+    the Apache web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser discovered that mod_security processes NULL characters as
+    terminators in POST requests using the
+    application/x-www-form-urlencoded encoding type, while other parsers
+    used in web applications do not.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could send a specially crafted POST request, possibly
+    bypassing the module ruleset and leading to the execution of arbitrary
+    code in the scope of the web server with the rights of the user running
+    the web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mod_security users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_security-2.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1359">CVE-2007-1359</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-11T23:14:33Z">
+    shellsage
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-13T04:49:45Z">
+    shellsage
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-13T13:46:57Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-18.xml b/metadata/glsa/glsa-200705-18.xml
new file mode 100644
index 000000000000..f9d4751caa0c
--- /dev/null
+++ b/metadata/glsa/glsa-200705-18.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-18">
+  <title>PPTPD: Denial of Service attack</title>
+  <synopsis>
+    A vulnerability has been reported in PPTPD which could lead to a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">pptpd</product>
+  <announced>2007-05-20</announced>
+  <revised count="01">2007-05-20</revised>
+  <bug>176936</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/pptpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.4</unaffected>
+      <vulnerable range="lt">1.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Cameron from HP has reported a vulnerability in PPTPD caused by
+    malformed GRE packets.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability to cause a Denial of
+    Service on the PPTPD connection.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PPTPD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dialup/pptpd-1.3.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0244">CVE-2007-0244</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-11T07:06:10Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-11T07:14:40Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-14T17:58:13Z">
+    dizzutch
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-19.xml b/metadata/glsa/glsa-200705-19.xml
new file mode 100644
index 000000000000..a3229ab50396
--- /dev/null
+++ b/metadata/glsa/glsa-200705-19.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-19">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    PHP contains several vulnerabilities including buffer and integer overflows
+    which could under certain conditions lead to the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2007-05-26</announced>
+  <revised count="02">2008-03-29</revised>
+  <bug>169372</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="rge">4.4.7</unaffected>
+      <unaffected range="rge">4.4.8_pre20070816</unaffected>
+      <unaffected range="ge">5.2.2</unaffected>
+      <vulnerable range="lt">5.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found in PHP, most of them during the
+    Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these
+    vulnerabilities are integer overflows in wbmp.c from the GD library
+    (CVE-2007-1001) and in the substr_compare() PHP 5 function
+    (CVE-2007-1375). Ilia Alshanetsky also reported a buffer overflow in
+    the make_http_soap_request() and in the user_filter_factory_create()
+    functions (CVE-2007-2510, CVE-2007-2511), and Stanislav Malyshev
+    discovered another buffer overflow in the bundled XMLRPC library
+    (CVE-2007-1864). Additionally, the session_regenerate_id() and the
+    array_user_key_compare() functions contain a double-free vulnerability
+    (CVE-2007-1484, CVE-2007-1521). Finally, there exist implementation
+    errors in the Zend engine, in the mb_parse_str(), the unserialize() and
+    the mail() functions and other elements.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Remote attackers might be able to exploit these issues in PHP
+    applications making use of the affected functions, potentially
+    resulting in the execution of arbitrary code, Denial of Service,
+    execution of scripted contents in the context of the affected site,
+    security bypass or information leak.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP 5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.2.2"</code>
+    <p>
+    All PHP 4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-4.4.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001">CVE-2007-1001</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285">CVE-2007-1285</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286">CVE-2007-1286</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1484">CVE-2007-1484</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521">CVE-2007-1521</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583">CVE-2007-1583</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700">CVE-2007-1700</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1701">CVE-2007-1701</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711">CVE-2007-1711</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1717">CVE-2007-1717</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718">CVE-2007-1718</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864">CVE-2007-1864</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900">CVE-2007-1900</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509">CVE-2007-2509</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510">CVE-2007-2510</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2511">CVE-2007-2511</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-20T07:27:54Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-20T07:28:08Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-21T21:15:17Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-20.xml b/metadata/glsa/glsa-200705-20.xml
new file mode 100644
index 000000000000..7a53667d3b2b
--- /dev/null
+++ b/metadata/glsa/glsa-200705-20.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-20">
+  <title>Blackdown Java: Applet privilege escalation</title>
+  <synopsis>
+    The Blackdown JDK and the Blackdown JRE suffer from the multiple
+    unspecified vulnerabilities that already affected the Sun JDK and JRE.
+  </synopsis>
+  <product type="ebuild">blackdown-jdk,blackdown-jre</product>
+  <announced>2007-05-26</announced>
+  <revised count="01">2007-05-26</revised>
+  <bug>161835</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/blackdown-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.03-r14</unaffected>
+      <vulnerable range="lt">1.4.2.03-r14</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jre" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2.03-r14</unaffected>
+      <vulnerable range="lt">1.4.2.03-r14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Blackdown provides implementations of the Java Development Kit (JDK)
+    and the Java Runtime Environment (JRE).
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans has discovered multiple buffer overflows in the Sun JDK and
+    the Sun JRE possibly related to various AWT and font layout functions.
+    Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK
+    and the Sun JRE relating to unintended applet data access. He has also
+    discovered multiple other unspecified vulnerabilities in the Sun JDK
+    and the Sun JRE allowing unintended Java applet or application resource
+    acquisition. Additionally, a memory corruption error has been found in
+    the handling of GIF images with zero width field blocks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to run a specially crafted Java applet
+    or application that could read, write, or execute local files with the
+    privileges of the user running the JVM, access data maintained in other
+    Java applets, or escalate the privileges of the currently running Java
+    applet or application allowing for unauthorized access to system
+    resources.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the "nsplugin" USE flag in order to prevent web applets from
+    being run.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Since there is no fixed update from Blackdown and since the flaw only
+    occurs in the applets, the "nsplugin" USE flag has been masked in the
+    portage tree. Emerge the ebuild again in order to fix the
+    vulnerability. Another solution is to switch to another Java
+    implementation such as the Sun implementation (dev-java/sun-jdk and
+    dev-java/sun-jre-bin).
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-java/blackdown-jdk"
+    # emerge --ask --oneshot --verbose "dev-java/blackdown-jre"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731">CVE-2006-6731</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736">CVE-2006-6736</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737">CVE-2006-6737</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745">CVE-2006-6745</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-03T18:56:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-06T22:34:22Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-21T21:16:03Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-21.xml b/metadata/glsa/glsa-200705-21.xml
new file mode 100644
index 000000000000..147cc8dde0fb
--- /dev/null
+++ b/metadata/glsa/glsa-200705-21.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-21">
+  <title>MPlayer: Two buffer overflows</title>
+  <synopsis>
+    Two vulnerabilities have been discovered in MPlayer, each one could lead to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mplayer</product>
+  <announced>2007-05-30</announced>
+  <revised count="02">2007-10-12</revised>
+  <bug>168917</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0.20070321</unaffected>
+      <unaffected range="lt">1.0</unaffected>
+      <vulnerable range="lt">1.0.20070321</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player incuding support for a wide range of audio
+    and video formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow has been reported in the DMO_VideoDecoder_Open()
+    function in file loader/dmo/DMO_VideoDecoder.c. Another buffer overflow
+    has been reported in the DS_VideoDecoder_Open() function in file
+    loader/dshow/DS_VideoDecoder.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted video
+    file, potentially resulting in the execution of arbitrary code with the
+    privileges of the user running MPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0.20070321"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246">CVE-2007-1246</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387">CVE-2007-1387</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200704-09.xml">GLSA 200704-09</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-20T07:29:09Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-20T07:29:20Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-21T13:01:40Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-22.xml b/metadata/glsa/glsa-200705-22.xml
new file mode 100644
index 000000000000..d530d1e9101a
--- /dev/null
+++ b/metadata/glsa/glsa-200705-22.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-22">
+  <title>FreeType: Buffer overflow</title>
+  <synopsis>
+    A vulnerability has been discovered in FreeType allowing for the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2007-05-30</announced>
+  <revised count="01">2007-05-30</revised>
+  <bug>179161</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.3.4-r2</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.3.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeType is a True Type Font rendering library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Victor Stinner discovered a heap-based buffer overflow in the function
+    Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with
+    a negative n_points attribute.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted TTF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running FreeType.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeType users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.3.4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754">CVE-2007-2754</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-22T15:08:56Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-22T15:38:03Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-27T16:46:08Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-23.xml b/metadata/glsa/glsa-200705-23.xml
new file mode 100644
index 000000000000..043dfcd10e2d
--- /dev/null
+++ b/metadata/glsa/glsa-200705-23.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-23">
+  <title>Sun JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified in Sun Java Development Kit
+    (JDK) and Java Runtime Environment (JRE).
+  </synopsis>
+  <product type="ebuild">sun-jdk,sun-jre-bin</product>
+  <announced>2007-05-31</announced>
+  <revised count="05">2009-05-28</revised>
+  <bug>176675</bug>
+  <bug>178851</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.11</unaffected>
+      <unaffected range="rge">1.4.2.14</unaffected>
+      <unaffected range="rge">1.4.2.15</unaffected>
+      <unaffected range="rge">1.4.2.19</unaffected>
+      <vulnerable range="lt">1.5.0.11</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0.01</unaffected>
+      <unaffected range="rge">1.5.0.16</unaffected>
+      <unaffected range="rge">1.5.0.15</unaffected>
+      <unaffected range="rge">1.5.0.12</unaffected>
+      <unaffected range="rge">1.5.0.11</unaffected>
+      <unaffected range="rge">1.4.2.18</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.4.2.15</unaffected>
+      <unaffected range="rge">1.4.2.14</unaffected>
+      <unaffected range="rge">1.4.2.19</unaffected>
+      <unaffected range="rge">1.5.0.17</unaffected>
+      <unaffected range="rge">1.5.0.18</unaffected>
+      <vulnerable range="lt">1.6.0.01</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
+    (JRE) provide the Sun Java platform.
+    </p>
+  </background>
+  <description>
+    <p>
+    An unspecified vulnerability involving an "incorrect use of system
+    classes" was reported by the Fujitsu security team. Additionally, Chris
+    Evans from the Google Security Team reported an integer overflow
+    resulting in a buffer overflow in the ICC parser used with JPG or BMP
+    files, and an incorrect open() call to /dev/tty when processing certain
+    BMP files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run a specially crafted Java
+    class or applet that will trigger one of the vulnerabilities. This
+    could lead to the execution of arbitrary code outside of the Java
+    sandbox and of the Java security restrictions, or crash the Java
+    application or the browser.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun Java Development Kit users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-java/sun-jdk"</code>
+    <p>
+    All Sun Java Runtime Environment users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-java/sun-jre-bin"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435">CVE-2007-2435</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788">CVE-2007-2788</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789">CVE-2007-2789</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-21T03:51:23Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-27T22:03:03Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-31T08:44:39Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-24.xml b/metadata/glsa/glsa-200705-24.xml
new file mode 100644
index 000000000000..de581b3b95c7
--- /dev/null
+++ b/metadata/glsa/glsa-200705-24.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-24">
+  <title>libpng: Denial of service</title>
+  <synopsis>
+    A vulnerability in libpng may allow a remote attacker to crash applications
+    that handle untrusted images.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2007-05-31</announced>
+  <revised count="01">2007-05-31</revised>
+  <bug>178004</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.17</unaffected>
+      <vulnerable range="lt">1.2.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is a free ANSI C library used to process and manipulate PNG
+    images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mats Palmgren fixed an error in file pngrutil.c in which the trans[]
+    array might be not allocated because of images with a bad tRNS chunk
+    CRC value.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft an image that when processed or viewed by
+    an application using libpng causes the application to terminate
+    abnormally.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Please note that due to separate bugs in libpng 1.2.17, Gentoo does not
+    provide libpng-1.2.17 but libpng-1.2.18. All libpng users should
+    upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.18"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445">CVE-2007-2445</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-05-27T07:35:26Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-05-27T13:49:05Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-31T08:41:58Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200705-25.xml b/metadata/glsa/glsa-200705-25.xml
new file mode 100644
index 000000000000..8ea29f453793
--- /dev/null
+++ b/metadata/glsa/glsa-200705-25.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200705-25">
+  <title>file: Integer overflow</title>
+  <synopsis>
+    An integer overflow vulnerability has been reported in file allowing for
+    the user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2007-05-31</announced>
+  <revised count="02">2007-06-01</revised>
+  <bug>179583</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="x86 ppc hppa">
+      <unaffected range="ge">4.21</unaffected>
+      <vulnerable range="lt">4.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    file is a utility that guesses a file format by scanning binary data
+    for patterns.
+    </p>
+  </background>
+  <description>
+    <p>
+    Colin Percival from FreeBSD reported that the previous fix for the
+    file_printf() buffer overflow introduced a new integer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could entice a user to run the file program on an
+    overly large file (more than 1Gb) that would trigger an integer
+    overflow on 32-bit systems, possibly leading to the execution of
+    arbitrary code with the rights of the user running file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Since file is a system package, all Gentoo users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-4.21"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799">CVE-2007-2799</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-05-28T10:04:58Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-05-31T06:59:45Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-01.xml b/metadata/glsa/glsa-200706-01.xml
new file mode 100644
index 000000000000..815eae70d1cd
--- /dev/null
+++ b/metadata/glsa/glsa-200706-01.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-01">
+  <title>libexif: Integer overflow vulnerability</title>
+  <synopsis>
+    libexif fails to handle Exif (EXchangeable Image File) data inputs, making
+    it vulnerable to an integer overflow.
+  </synopsis>
+  <product type="ebuild">libexif</product>
+  <announced>2007-06-05</announced>
+  <revised count="01">2007-06-05</revised>
+  <bug>178081</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libexif" auto="yes" arch="*">
+      <unaffected range="ge">0.6.15</unaffected>
+      <vulnerable range="lt">0.6.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libexif is a library for parsing, editing and saving Exif data.
+    </p>
+  </background>
+  <description>
+    <p>
+    Victor Stinner reported an integer overflow in the
+    exif_data_load_data_entry() function from file exif-data.c while
+    handling Exif data.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to process a file with specially
+    crafted Exif extensions with an application making use of libexif,
+    which will trigger the integer overflow and potentially execute
+    arbitrary code or crash the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libexif users should upgrade to the latest version. Please note
+    that users upgrading from "&lt;=media-libs/libexif-0.6.13" should also run
+    revdep-rebuild after their upgrade.
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libexif-0.6.15"
+    # revdep-rebuild --library=/usr/lib/libexif.so</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645">CVE-2007-2645</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-06-05T18:50:35Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-03T06:19:11Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-02.xml b/metadata/glsa/glsa-200706-02.xml
new file mode 100644
index 000000000000..2d5a1419cfcc
--- /dev/null
+++ b/metadata/glsa/glsa-200706-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-02">
+  <title>Evolution: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability has been discovered in Evolution allowing for the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">evolution</product>
+  <announced>2007-06-06</announced>
+  <revised count="01">2007-06-06</revised>
+  <bug>170879</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/evolution" auto="yes" arch="*">
+      <unaffected range="ge">2.8.3-r2</unaffected>
+      <vulnerable range="lt">2.8.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Evolution is the mail client of the GNOME desktop environment.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar from Secunia Research has discovered a format string
+    error in the write_html() function in the file
+    calendar/gui/e-cal-component-memo-preview.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    shared memo, possibly resulting in the execution of arbitrary code with
+    the privileges of the user running Evolution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Evolution users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/evolution-2.8.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002">CVE-2007-1002</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-02T07:29:21Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-03T18:06:03Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-06T20:42:46Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-03.xml b/metadata/glsa/glsa-200706-03.xml
new file mode 100644
index 000000000000..5ca58ca29cc3
--- /dev/null
+++ b/metadata/glsa/glsa-200706-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-03">
+  <title>ELinks: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability has been discovered in ELinks allowing for the
+    user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">elinks</product>
+  <announced>2007-06-06</announced>
+  <revised count="01">2007-06-06</revised>
+  <bug>177512</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-client/elinks" auto="yes" arch="*">
+      <unaffected range="ge">0.11.2-r1</unaffected>
+      <vulnerable range="lt">0.11.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ELinks is a text-mode web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Arnaud Giersch discovered that the "add_filename_to_string()" function
+    in file intl/gettext/loadmsgcat.c uses an untrusted relative path,
+    allowing for a format string attack with a malicious .po file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to run ELinks in a specially
+    crafted directory environment containing a malicious ".po" file,
+    possibly resulting in the execution of arbitrary code with the
+    privileges of the user running ELinks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ELinks users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/elinks-0.11.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027">CVE-2007-2027</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-03T06:18:54Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-03T06:19:11Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-03T17:56:00Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-04.xml b/metadata/glsa/glsa-200706-04.xml
new file mode 100644
index 000000000000..7a60d7192bad
--- /dev/null
+++ b/metadata/glsa/glsa-200706-04.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-04">
+  <title>MadWifi: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in MadWifi, possibly allowing
+    for the execution of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">madwifi-ng</product>
+  <announced>2007-06-11</announced>
+  <revised count="01">2007-06-11</revised>
+  <bug>179532</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/madwifi-ng" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3.1</unaffected>
+      <vulnerable range="lt">0.9.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The MadWifi driver provides support for Atheros based IEEE 802.11
+    Wireless Lan cards.
+    </p>
+  </background>
+  <description>
+    <p>
+    Md Sohail Ahmad from AirTight Networks has discovered a divison by zero
+    in the ath_beacon_config() function (CVE-2007-2830). The vendor has
+    corrected an input validation error in the
+    ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams()
+    functions(CVE-207-2831), and an input sanitization error when parsing
+    nested 802.3 Ethernet frame lengths (CVE-2007-2829).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could send specially crafted packets to a vulnerable host
+    to exploit one of these vulnerabilities, possibly resulting in the
+    execution of arbitrary code with root privileges, or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MadWifi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/madwifi-ng-0.9.3.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2829">CVE-2007-2829</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2830">CVE-2007-2830</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2831">CVE-2007-2831</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-08T06:19:00Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-10T14:16:00Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-10T14:16:10Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-05.xml b/metadata/glsa/glsa-200706-05.xml
new file mode 100644
index 000000000000..37bfbe68112a
--- /dev/null
+++ b/metadata/glsa/glsa-200706-05.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-05">
+  <title>ClamAV: Multiple Denials of Service</title>
+  <synopsis>
+    ClamAV contains several vulnerabilities leading to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2007-06-15</announced>
+  <revised count="01">2007-06-15</revised>
+  <bug>178082</bug>
+  <access>remote, local</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.90.3</unaffected>
+      <vulnerable range="lt">0.90.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were discovered in ClamAV by various
+    researchers:
+    </p>
+    <ul><li>Victor Stinner (INL) discovered that the OLE2
+    parser may enter in an infinite loop (CVE-2007-2650).</li>
+    <li>A
+    boundary error was also reported by an anonymous researcher in the file
+    unsp.c, which might lead to a buffer overflow (CVE-2007-3023).</li>
+    <li>The file unrar.c contains a heap-based buffer overflow via a
+    modified vm_codesize value from a RAR file (CVE-2007-3123).</li>
+    <li>The RAR parsing engine can be bypassed via a RAR file with a header
+    flag value of 10 (CVE-2007-3122).</li>
+    <li>The cli_gentempstream()
+    function from clamdscan creates temporary files with insecure
+    permissions (CVE-2007-3024).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted file to the scanner,
+    possibly triggering one of the vulnerabilities. The two buffer
+    overflows are reported to only cause Denial of Service. This would lead
+    to a Denial of Service by CPU consumption or a crash of the scanner.
+    The insecure temporary file creation vulnerability could be used by a
+    local user to access sensitive data.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.90.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650">CVE-2007-2650</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3023">CVE-2007-3023</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3024">CVE-2007-3024</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3122">CVE-2007-3122</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3123">CVE-2007-3123</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-08T06:17:07Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-10T18:13:18Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-10T18:15:09Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-06.xml b/metadata/glsa/glsa-200706-06.xml
new file mode 100644
index 000000000000..ae0606e8ce51
--- /dev/null
+++ b/metadata/glsa/glsa-200706-06.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-06">
+  <title>Mozilla products: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Firefox,
+    Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted
+    arbitrary remote code execution.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox,mozilla-thunderbird,mozilla-firefox-bin,mozilla-thunderbird-bin,seamonkey,seamonkey-bin,xulrunner</product>
+  <announced>2007-06-19</announced>
+  <revised count="01">2007-06-19</revised>
+  <bug>180436</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.4</unaffected>
+      <vulnerable range="lt">2.0.0.4</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.4</unaffected>
+      <vulnerable range="lt">2.0.0.4</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.4</unaffected>
+      <unaffected range="rge">1.5.0.12</unaffected>
+      <vulnerable range="lt">2.0.0.4</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.4</unaffected>
+      <unaffected range="rge">1.5.0.12</unaffected>
+      <vulnerable range="lt">2.0.0.4</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2</unaffected>
+      <vulnerable range="lt">1.1.2</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2</unaffected>
+      <vulnerable range="lt">1.1.2</vulnerable>
+    </package>
+    <package name="net-libs/xulrunner" auto="yes" arch="*">
+      <unaffected range="ge">1.8.1.4</unaffected>
+      <vulnerable range="lt">1.8.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is an open-source web browser from the Mozilla Project,
+    and Mozilla Thunderbird an email client. The SeaMonkey project is a
+    community effort to deliver production-quality releases of code derived
+    from the application formerly known as the 'Mozilla Application Suite'.
+    XULRunner is a Mozilla runtime package that can be used to bootstrap
+    XUL+XPCOM applications like Firefox and Thunderbird.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mozilla developers fixed several bugs involving memory corruption
+    through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally,
+    several errors leading to crash, memory exhaustion or CPU consumption
+    were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to
+    the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and
+    spoofing prevention (CVE-2007-2871) were fixed.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a specially crafted web
+    page that will trigger one of the vulnerabilities, possibly leading to
+    the execution of arbitrary code or a Denial of Service. It is also
+    possible for an attacker to spoof the address bar or other browser
+    elements, obtain sensitive APOP information, or perform cross-site
+    scripting attacks, leading to the exposure of sensitive information,
+    like user credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-2.0.0.4"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-2.0.0.4"</code>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-2.0.0.4"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-2.0.0.4"</code>
+    <p>
+    All SeaMonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.1.2"</code>
+    <p>
+    All SeaMonkey binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-1.1.2"</code>
+    <p>
+    All XULRunner users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/xulrunner-1.8.1.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362">CVE-2007-1362</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867">CVE-2007-2867</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868">CVE-2007-2868</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869">CVE-2007-2869</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870">CVE-2007-2870</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871">CVE-2007-2871</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-07T21:58:45Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-11T22:03:24Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-19T21:03:22Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-07.xml b/metadata/glsa/glsa-200706-07.xml
new file mode 100644
index 000000000000..6dc31ff6a2f2
--- /dev/null
+++ b/metadata/glsa/glsa-200706-07.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-07">
+  <title>PHProjekt: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in PHProjekt, allowing for
+    the execution of arbitrary PHP and SQL code, and cross-site scripting
+    attacks.
+  </synopsis>
+  <product type="ebuild">phprojekt</product>
+  <announced>2007-06-19</announced>
+  <revised count="01">2007-06-19</revised>
+  <bug>170905</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phprojekt" auto="yes" arch="*">
+      <unaffected range="ge">5.2.1</unaffected>
+      <vulnerable range="lt">5.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHProjekt is a project management and coordination tool written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in
+    PHProjekt, including the execution of arbitrary SQL commands using
+    unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code
+    using an unrestricted file upload (CVE-2007-1639), cross-site request
+    forgeries using different modules (CVE-2007-1638), and a cross-site
+    scripting attack using unkown vectors (CVE-2007-1576).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An authenticated user could elevate their privileges by exploiting the
+    vulnerabilities described above. Note that the magic_quotes_gpc PHP
+    configuration setting must be set to "off" to exploit these
+    vulnerabilities.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHProjekt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phprojekt-5.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1575">CVE-2007-1575</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1576">CVE-2007-1576</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1638">CVE-2007-1638</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1639">CVE-2007-1639</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-07T21:18:57Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-10T13:59:19Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-10T13:59:28Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-08.xml b/metadata/glsa/glsa-200706-08.xml
new file mode 100644
index 000000000000..ebc98ba52a44
--- /dev/null
+++ b/metadata/glsa/glsa-200706-08.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-08">
+  <title>emul-linux-x86-java: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in emul-linux-x86-java,
+    possibly resulting in the execution of arbitrary code or a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">emul-linux-x86-java</product>
+  <announced>2007-06-26</announced>
+  <revised count="03">2009-05-28</revised>
+  <bug>178962</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.11</unaffected>
+      <unaffected range="rge">1.4.2.16</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.4.2.19</unaffected>
+      <vulnerable range="lt">1.5.0.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development
+    Kit.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans of the Google Security Team has discovered an integer
+    overflow in the ICC parser, and another vulnerability in the BMP
+    parser. An unspecified vulnerability involving an "incorrect use of
+    system classes" was reported by the Fujitsu security team.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    image, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running Emul-linux-x86-java. They also could
+    entice a user to open a specially crafted BMP image, resulting in a
+    Denial of Service. Note that these vulnerabilities may also be
+    triggered by a tool processing image files automatically.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Emul-linux-x86-java users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-java-1.5.0.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435">CVE-2007-2435</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788">CVE-2007-2788</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789">CVE-2007-2789</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-07T21:24:22Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-10T14:32:58Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-10T14:33:07Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200706-09.xml b/metadata/glsa/glsa-200706-09.xml
new file mode 100644
index 000000000000..e2a2b0864d52
--- /dev/null
+++ b/metadata/glsa/glsa-200706-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200706-09">
+  <title>libexif: Buffer overflow</title>
+  <synopsis>
+    libexif does not properly handle image EXIF information, possibly allowing
+    for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libexif</product>
+  <announced>2007-06-26</announced>
+  <revised count="01">2007-06-26</revised>
+  <bug>181922</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libexif" auto="yes" arch="*">
+      <unaffected range="ge">0.6.16</unaffected>
+      <vulnerable range="lt">0.6.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libexif is a library for parsing, editing and saving EXIF metadata from
+    images.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense Labs have discovered that the exif_data_load_data_entry()
+    function in libexif/exif-data.c improperly handles integer data while
+    working with an image with many EXIF components, allowing an integer
+    overflow possibly leading to a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user of an application making use of a
+    vulnerable version of libexif to load a specially crafted image file,
+    possibly resulting in a crash of the application or the execution of
+    arbitrary code with the rights of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libexif users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libexif-0.6.16"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168">CVE-2006-4168</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-16T06:17:21Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-16T06:17:44Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-19T02:58:18Z">
+    shellsage
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-01.xml b/metadata/glsa/glsa-200707-01.xml
new file mode 100644
index 000000000000..61537f6a52dc
--- /dev/null
+++ b/metadata/glsa/glsa-200707-01.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-01">
+  <title>Firebird: Buffer overflow</title>
+  <synopsis>
+    A vulnerability has been discovered in Firebird, allowing for the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firebird</product>
+  <announced>2007-07-01</announced>
+  <revised count="01">2007-07-01</revised>
+  <bug>181811</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/firebird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.1</unaffected>
+      <vulnerable range="lt">2.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Firebird is an open source relational database that runs on Linux,
+    Windows, and various UNIX systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow
+    when processing "connect" requests with an overly large "p_cnct_count"
+    value.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An unauthenticated remote attacker could send a specially crafted
+    request to a vulnerable server, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running Firebird.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Firebird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/firebird-2.0.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3181">CVE-2007-3181</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-06-25T19:06:37Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-26T18:04:58Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-02.xml b/metadata/glsa/glsa-200707-02.xml
new file mode 100644
index 000000000000..d079b21efa27
--- /dev/null
+++ b/metadata/glsa/glsa-200707-02.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-02">
+  <title>OpenOffice.org: Two buffer overflows</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in OpenOffice.org, allowing
+    for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openoffice</product>
+  <announced>2007-07-02</announced>
+  <revised count="01">2007-07-02</revised>
+  <bug>181773</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.2.1</unaffected>
+      <vulnerable range="lt">2.2.1</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.2.1</unaffected>
+      <vulnerable range="lt">2.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    John Heasman of NGSSoftware has discovered a heap-based buffer overflow
+    when parsing the "prdata" tag in RTF files where the first token is
+    smaller than the second one (CVE-2007-0245). Additionally, the
+    OpenOffice binary program is shipped with a version of FreeType that
+    contains an integer signedness error in the n_points variable in file
+    truetype/ttgload.c, which was covered by GLSA 200705-22
+    (CVE-2007-2754).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, possibly leading to execution of arbitrary code with the
+    rights of the user running OpenOffice.org.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.2.1"</code>
+    <p>
+    All OpenOffice.org binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-2.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0245">CVE-2007-0245</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754">CVE-2007-2754</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-22.xml">GLSA 200705-22</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-06-25T15:57:23Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-25T15:57:59Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-03.xml b/metadata/glsa/glsa-200707-03.xml
new file mode 100644
index 000000000000..22d8b3409471
--- /dev/null
+++ b/metadata/glsa/glsa-200707-03.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-03">
+  <title>Evolution: User-assisted remote execution of arbitrary code</title>
+  <synopsis>
+    The IMAP client of Evolution contains a vulnerability potentially leading
+    to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">evolution-data-server</product>
+  <announced>2007-07-02</announced>
+  <revised count="01">2007-07-02</revised>
+  <bug>182011</bug>
+  <access>remote</access>
+  <affected>
+    <package name="gnome-extra/evolution-data-server" auto="yes" arch="*">
+      <unaffected range="ge">1.8.3-r5</unaffected>
+      <unaffected range="rge">1.6.2-r1</unaffected>
+      <vulnerable range="lt">1.8.3-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Evolution is the mail client of the GNOME desktop environment. Camel is
+    the Evolution Data Server module that handles mail functions.
+    </p>
+  </background>
+  <description>
+    <p>
+    The imap_rescan() function of the file camel-imap-folder.c does not
+    properly sanitize the "SEQUENCE" response sent by an IMAP server before
+    being used to index arrays.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious or compromised IMAP server could trigger the vulnerability
+    and execute arbitrary code with the permissions of the user running
+    Evolution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Evolution users should upgrade evolution-data-server to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "gnome-extra/evolution-data-server"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257">CVE-2007-3257</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-06-20T15:13:37Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-06-25T16:19:12Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-25T16:19:36Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-04.xml b/metadata/glsa/glsa-200707-04.xml
new file mode 100644
index 000000000000..c8f4d116dae0
--- /dev/null
+++ b/metadata/glsa/glsa-200707-04.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-04">
+  <title>GNU C Library: Integer overflow</title>
+  <synopsis>
+    An integer overflow in the dynamic loader, ld.so, could result in the
+    execution of arbitrary code with escalated privileges.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2007-07-03</announced>
+  <revised count="01">2007-07-03</revised>
+  <bug>183844</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="x86">
+      <unaffected range="ge">2.5-r4</unaffected>
+      <vulnerable range="lt">2.5-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU C library is the standard C library used by Gentoo Linux
+    systems. It provides programs with basic facilities and interfaces to
+    system calls. ld.so is the dynamic linker which prepares dynamically
+    linked programs for execution by resolving runtime dependencies and
+    related functions.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in
+    the handling of the hardware capabilities mask by the dynamic loader.
+    If a mask is specified with a high population count, an integer
+    overflow could occur when allocating memory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    As the hardware capabilities mask is honored by the dynamic loader
+    during the execution of suid and sgid programs, in theory this
+    vulnerability could result in the execution of arbitrary code with root
+    privileges. This update is provided as a precaution against currently
+    unknown attack vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.5-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3508">CVE-2007-3508</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-07-01T18:20:09Z">
+    taviso
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-03T13:34:58Z">
+    taviso
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-05.xml b/metadata/glsa/glsa-200707-05.xml
new file mode 100644
index 000000000000..313b0c56d494
--- /dev/null
+++ b/metadata/glsa/glsa-200707-05.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-05">
+  <title>Webmin, Usermin: Cross-site scripting vulnerabilities</title>
+  <synopsis>
+    Webmin and Usermin are vulnerable to cross-site scripting vulnerabilities
+    (XSS).
+  </synopsis>
+  <product type="ebuild">webmin/usermin</product>
+  <announced>2007-07-05</announced>
+  <revised count="01">2007-07-05</revised>
+  <bug>181385</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/webmin" auto="yes" arch="*">
+      <unaffected range="ge">1.350</unaffected>
+      <vulnerable range="lt">1.350</vulnerable>
+    </package>
+    <package name="app-admin/usermin" auto="yes" arch="*">
+      <unaffected range="ge">1.280</unaffected>
+      <vulnerable range="lt">1.280</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Webmin is a web-based administrative interface for Unix-like systems.
+    Usermin is a simplified version of Webmin designed for use by normal
+    users rather than system administrators.
+    </p>
+  </background>
+  <description>
+    <p>
+    The pam_login.cgi file does not properly sanitize user input before
+    sending it back as output to the user.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An unauthenticated attacker could entice a user to browse a specially
+    crafted URL, allowing for the execution of script code in the context
+    of the user's browser and for the theft of browser credentials. This
+    may permit the attacker to login to Webmin or Usermin with the user's
+    permissions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Webmin users should update to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --verbose --oneshot "&gt;=app-admin/webmin-1.350"</code>
+    <p>
+    All Usermin users should update to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --verbose --oneshot "&gt;=app-admin/usermin-1.280"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3156">CVE-2007-3156</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-06-25T19:12:36Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-06-29T13:33:55Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-06.xml b/metadata/glsa/glsa-200707-06.xml
new file mode 100644
index 000000000000..18bb38e8f8f6
--- /dev/null
+++ b/metadata/glsa/glsa-200707-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-06">
+  <title>XnView: Stack-based buffer overflow</title>
+  <synopsis>
+    XnView is vulnerable to a stack-based buffer overflow and possible remote
+    code execution when handling XPM image files.
+  </synopsis>
+  <product type="ebuild">xnview</product>
+  <announced>2007-07-11</announced>
+  <revised count="01">2007-07-11</revised>
+  <bug>175670</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-misc/xnview" auto="yes" arch="x86">
+      <vulnerable range="lt">1.70</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XnView is software to view and convert graphics files. XPixMap (XPM) is
+    a simple ascii-based graphics format.
+    </p>
+  </background>
+  <description>
+    <p>
+    XnView is vulnerable to a stack-based buffer overflow while processing
+    an XPM file with an overly long section string (greater than 1024
+    bytes).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to view a specially crafted XPM file
+    with XnView that could trigger the vulnerability and possibly execute
+    arbitrary code with the rights of the user running XnView.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    No update appears to be forthcoming from the XnView developer and
+    XnView is proprietary, so the XnView package has been masked in
+    Portage. We recommend that users select an alternate graphics viewer
+    and conversion utility, and unmerge XnView:
+    </p>
+    <code>
+    # emerge --unmerge xnview</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2194">CVE-2007-2194</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-01T10:38:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-02T18:12:51Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-11T19:39:42Z">
+    DerCorny
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-07.xml b/metadata/glsa/glsa-200707-07.xml
new file mode 100644
index 000000000000..75a959ca9f2c
--- /dev/null
+++ b/metadata/glsa/glsa-200707-07.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-07">
+  <title>MPlayer: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in MPlayer, possibly allowing
+    for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mplayer</product>
+  <announced>2007-07-24</announced>
+  <revised count="03">2007-10-12</revised>
+  <bug>181097</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0.20070622</unaffected>
+      <unaffected range="lt">1.0</unaffected>
+      <vulnerable range="lt">1.0.20070622</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player incuding support for a wide range of audio
+    and video formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Cornelius and Reimar Doffinger of Secunia Research discovered
+    several boundary errors in the functions cddb_query_parse(),
+    cddb_parse_matches_list() and cddb_read_parse(), each allowing for a
+    stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted file
+    with malicious CDDB entries, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running MPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0.20070622"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2948">CVE-2007-2948</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-15T07:30:30Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-17T18:47:22Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-17T18:48:15Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-08.xml b/metadata/glsa/glsa-200707-08.xml
new file mode 100644
index 000000000000..adcf4097617e
--- /dev/null
+++ b/metadata/glsa/glsa-200707-08.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-08">
+  <title>NVClock: Insecure file usage</title>
+  <synopsis>
+    A vulnerability has been discovered in NVClock, allowing for the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nvclock</product>
+  <announced>2007-07-24</announced>
+  <revised count="01">2007-07-24</revised>
+  <bug>184071</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-video/nvclock" auto="yes" arch="*">
+      <unaffected range="ge">0.7-r2</unaffected>
+      <vulnerable range="lt">0.7-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NVClock is an utility for changing NVidia graphic chipsets internal
+    frequency.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock
+    makes usage of an insecure temporary file in the /tmp directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create a specially crafted temporary file in
+    /tmp to execute arbitrary code with the privileges of the user running
+    NVCLock.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NVClock users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/nvclock-0.7-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3531">CVE-2007-3531</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-15T09:48:09Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-17T18:59:19Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-17T18:59:32Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-09.xml b/metadata/glsa/glsa-200707-09.xml
new file mode 100644
index 000000000000..6d1dde724211
--- /dev/null
+++ b/metadata/glsa/glsa-200707-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-09">
+  <title>GIMP: Multiple integer overflows</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in GIMP, allowing for the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gimp</product>
+  <announced>2007-07-25</announced>
+  <revised count="01">2007-07-25</revised>
+  <bug>182047</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gimp" auto="yes" arch="*">
+      <unaffected range="ge">2.2.16</unaffected>
+      <vulnerable range="lt">2.2.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GIMP is the GNU Image Manipulation Program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sean Larsson from iDefense Labs discovered multiple integer overflows
+    in various GIMP plugins (CVE-2006-4519). Stefan Cornelius from Secunia
+    Research discovered an integer overflow in the
+    seek_to_and_unpack_pixeldata() function when processing PSD files
+    (CVE-2007-2949).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted image
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running GIMP.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GIMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/gimp-2.2.16"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4519">CVE-2006-4519</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949">CVE-2007-2949</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-11T20:14:16Z">
+    DerCorny
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-15T18:21:17Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-15T18:21:44Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-10.xml b/metadata/glsa/glsa-200707-10.xml
new file mode 100644
index 000000000000..b75ad9446c7d
--- /dev/null
+++ b/metadata/glsa/glsa-200707-10.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-10">
+  <title>Festival: Privilege elevation</title>
+  <synopsis>
+    A vulnerability has been discovered in Festival, allowing for a local
+    privilege escalation.
+  </synopsis>
+  <product type="ebuild">festival</product>
+  <announced>2007-07-25</announced>
+  <revised count="01">2007-07-25</revised>
+  <bug>170477</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-accessibility/festival" auto="yes" arch="*">
+      <unaffected range="ge">1.95_beta-r4</unaffected>
+      <vulnerable range="lt">1.95_beta-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Festival is a text-to-speech accessibility program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Konstantine Shirow reported a vulnerability in default Gentoo
+    configurations of Festival. The daemon is configured to run with root
+    privileges and to listen on localhost, without requiring a password.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could gain root privileges by connecting to the daemon
+    and execute arbitrary commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Set a password in the configuration file /etc/festival/server.scm by
+    adding the line: (set! server_passwd password)
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Festival users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-accessibility/festival-1.95_beta-r4"</code>
+  </resolution>
+  <references/>
+  <metadata tag="submitter" timestamp="2007-07-25T09:41:45Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-25T21:25:25Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-11.xml b/metadata/glsa/glsa-200707-11.xml
new file mode 100644
index 000000000000..fc4c263429fc
--- /dev/null
+++ b/metadata/glsa/glsa-200707-11.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-11">
+  <title>MIT Kerberos 5: Arbitrary remote code execution</title>
+  <synopsis>
+    Multiple vulnerabilities in MIT Kerberos 5 could potentially result in
+    remote code execution with root privileges by unauthenticated users.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2007-07-25</announced>
+  <revised count="01">2007-07-25</revised>
+  <bug>183338</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.5.2-r3</unaffected>
+      <vulnerable range="lt">1.5.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT Kerberos 5 is a suite of applications that implement the Kerberos
+    network protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    kadmind is affected by multiple vulnerabilities in the RPC library
+    shipped with MIT Kerberos 5. It fails to properly handle zero-length
+    RPC credentials (CVE-2007-2442) and the RPC library can write past the
+    end of the stack buffer (CVE-2007-2443). Furthermore kadmind fails to
+    do proper bounds checking (CVE-2007-2798).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote unauthenticated attacker could exploit these vulnerabilities
+    to execute arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT Kerberos 5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.5.2-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442">CVE-2007-2442</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443">CVE-2007-2443</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798">CVE-2007-2798</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-15T07:39:18Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-16T20:11:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-17T17:56:29Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-12.xml b/metadata/glsa/glsa-200707-12.xml
new file mode 100644
index 000000000000..3efa35a823e1
--- /dev/null
+++ b/metadata/glsa/glsa-200707-12.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-12">
+  <title>VLC media player: Format string vulnerabilities</title>
+  <synopsis>
+    A vulnerability has been discovered in VLC media player, allowing for the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2007-07-28</announced>
+  <revised count="01">2007-07-28</revised>
+  <bug>182389</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6c</unaffected>
+      <vulnerable range="lt">0.8.6c</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VLC media player is a multimedia player for various audio and video
+    formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    David Thiel from iSEC Partners Inc. discovered format string errors in
+    various plugins when parsing data. The affected plugins include Vorbis,
+    Theora, CDDA and SAP.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted media
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running VLC media player.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VLC media player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-0.8.6c"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3316">CVE-2007-3316</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-14T21:42:20Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-15T18:31:02Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-15T18:31:47Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-13.xml b/metadata/glsa/glsa-200707-13.xml
new file mode 100644
index 000000000000..b45386622549
--- /dev/null
+++ b/metadata/glsa/glsa-200707-13.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-13">
+  <title>Fail2ban: Denial of service</title>
+  <synopsis>
+    Fail2ban is vulnerable to a Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">fail2ban</product>
+  <announced>2007-07-28</announced>
+  <revised count="02">2008-01-09</revised>
+  <bug>181214</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/fail2ban" auto="yes" arch="*">
+      <unaffected range="ge">0.8.0-r1</unaffected>
+      <vulnerable range="lt">0.8.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Fail2ban is a tool for parsing log files and banning IP addresses which
+    make too many password failures.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been discovered in Fail2ban when parsing log files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted SSH login banners to the
+    vulnerable host, which would prevent any ssh connection to the host and
+    result in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Fail2ban users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/fail2ban-0.8.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4321">CVE-2007-4321</uri>
+    <uri link="http://www.ossec.net/en/attacking-loganalysis.html#fail2ban">Original advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-03T22:02:25Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-15T18:12:05Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-15T18:13:27Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200707-14.xml b/metadata/glsa/glsa-200707-14.xml
new file mode 100644
index 000000000000..63a44c72fc4e
--- /dev/null
+++ b/metadata/glsa/glsa-200707-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200707-14">
+  <title>tcpdump: Integer overflow</title>
+  <synopsis>
+    A vulnerability has been discovered in tcpdump, allowing for the execution
+    of arbitrary code, possibly with root privileges.
+  </synopsis>
+  <product type="ebuild">tcpdump</product>
+  <announced>2007-07-28</announced>
+  <revised count="01">2007-07-28</revised>
+  <bug>184815</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/tcpdump" auto="yes" arch="*">
+      <unaffected range="ge">3.9.5-r3</unaffected>
+      <vulnerable range="lt">3.9.5-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    tcpdump is a tool for capturing and inspecting network traffic.
+    </p>
+  </background>
+  <description>
+    <p>
+    mu-b from Digital Labs discovered that the return value of a snprintf()
+    call is not properly checked before being used. This could lead to an
+    integer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted BGP packets on a network
+    being monitored with tcpdump, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running tcpdump, which
+    is usually root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All tcpdump users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tcpdump-3.9.5-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798">CVE-2007-3798</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-14T22:01:53Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-17T18:00:19Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-17T18:48:59Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-01.xml b/metadata/glsa/glsa-200708-01.xml
new file mode 100644
index 000000000000..4a54d45567b3
--- /dev/null
+++ b/metadata/glsa/glsa-200708-01.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-01">
+  <title>Macromedia Flash Player: Remote arbitrary code execution</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Macromedia Flash Player,
+    allowing for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2007-08-08</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>185141</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">9.0.48.0</unaffected>
+      <vulnerable range="lt">9.0.48.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Macromedia Flash Player is a renderer for the popular SWF file type
+    which is commonly used to provide interactive websites, digital
+    experiences and mobile content.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mark Hills discovered some errors when interacting with a browser for
+    keystrokes handling (CVE-2007-2022). Stefano Di Paola and Giorgio Fedon
+    from Minded Security discovered a boundary error when processing FLV
+    files (CVE-2007-3456). An input validation error when processing HTTP
+    referrers has also been reported (CVE-2007-3457).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted file,
+    possibly leading to the execution of arbitrary code with the privileges
+    of the user running the Macromedia Flash Player, or sensitive data
+    access.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Macromedia Flash Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-9.0.48.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022">CVE-2007-2022</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456">CVE-2007-3456</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457">CVE-2007-3457</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-15T10:35:19Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-24T09:40:21Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-24T09:40:28Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-02.xml b/metadata/glsa/glsa-200708-02.xml
new file mode 100644
index 000000000000..59381bd4cf24
--- /dev/null
+++ b/metadata/glsa/glsa-200708-02.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-02">
+  <title>Xvid: Array indexing vulnerabilities</title>
+  <synopsis>
+    Several array indexing vulnerabilities were discovered in Xvid, possibly
+    allowing for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xvid</product>
+  <announced>2007-08-08</announced>
+  <revised count="01">2007-08-08</revised>
+  <bug>183145</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xvid" auto="yes" arch="*">
+      <unaffected range="ge">1.1.3</unaffected>
+      <vulnerable range="lt">1.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xvid is a popular open source video codec licensed under the GPL.
+    </p>
+  </background>
+  <description>
+    <p>
+    Trixter Jack discovered an array indexing error in the
+    get_intra_block() function in the file src/bitstream/mbcoding.c. The
+    get_inter_block_h263() and get_inter_block_mpeg() functions in the same
+    file were also reported as vulnerable.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to execute arbitrary
+    code by tricking a user or automated system into processing a malicious
+    video file with an application that makes use of the Xvid library.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xvid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xvid-1.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3329">CVE-2007-3329</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-14T21:54:33Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-15T18:56:27Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-16T07:58:51Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-03.xml b/metadata/glsa/glsa-200708-03.xml
new file mode 100644
index 000000000000..fd7efb7f0b4c
--- /dev/null
+++ b/metadata/glsa/glsa-200708-03.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-03">
+  <title>libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in libarchive (formerly named as
+    app-archive/bsdtar), possibly allowing for the execution of arbitrary code
+    or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libarchive</product>
+  <announced>2007-08-08</announced>
+  <revised count="02">2007-08-08</revised>
+  <bug>184984</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/libarchive" auto="yes" arch="*">
+      <unaffected range="ge">2.2.4</unaffected>
+      <vulnerable range="lt">2.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libarchive is a library for manipulating different streaming archive
+    formats, including certain tar variants, several cpio formats, and both
+    BSD and GNU ar variants.
+    </p>
+  </background>
+  <description>
+    <p>
+    CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer
+    overflow (CVE-2007-3641), an infinite loop (CVE-2007-3644), and a NULL
+    pointer dereference (CVE-2007-3645) within the processing of archives
+    having corrupted PaX extension headers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker can trick a user or automated system to process an archive
+    with malformed PaX extension headers into execute arbitrary code, crash
+    an application using the library, or cause a high CPU load.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libarchive or bsdtar users should upgrade to the latest libarchive
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/libarchive-2.2.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3641">CVE-2007-3641</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3644">CVE-2007-3644</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3645">CVE-2007-3645</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-15T10:30:41Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-15T19:19:38Z">
+    DerCorny
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-17T17:56:39Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-04.xml b/metadata/glsa/glsa-200708-04.xml
new file mode 100644
index 000000000000..6dfe88cabe89
--- /dev/null
+++ b/metadata/glsa/glsa-200708-04.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-04">
+  <title>ClamAV: Denial of service</title>
+  <synopsis>
+    A vulnerability has been discovered in ClamAV, allowing for a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2007-08-09</announced>
+  <revised count="01">2007-08-09</revised>
+  <bug>185013</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.91</unaffected>
+      <vulnerable range="lt">0.91</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ClamAV is a GPL virus scanner.
+    </p>
+  </background>
+  <description>
+    <p>
+    Metaeye Security Group reported a NULL pointer dereference in ClamAV
+    when processing RAR archives.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted RAR archive to the
+    clamd daemon, resulting in a crash and a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.91"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725">CVE-2007-3725</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-29T22:16:39Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-04T17:18:26Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-04T17:18:43Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-05.xml b/metadata/glsa/glsa-200708-05.xml
new file mode 100644
index 000000000000..e758ed8d60ee
--- /dev/null
+++ b/metadata/glsa/glsa-200708-05.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-05">
+  <title>GD: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in GD, allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gd</product>
+  <announced>2007-08-09</announced>
+  <revised count="01">2007-08-09</revised>
+  <bug>179154</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gd" auto="yes" arch="*">
+      <unaffected range="ge">2.0.35</unaffected>
+      <vulnerable range="lt">2.0.35</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GD is a graphic library for fast image creation.
+    </p>
+  </background>
+  <description>
+    <p>
+    Xavier Roche discovered an infinite loop in the gdPngReadData()
+    function when processing a truncated PNG file (CVE-2007-2756). An
+    integer overflow has been discovered in the gdImageCreateTrueColor()
+    function (CVE-2007-3472). An error has been discovered in the function
+    gdImageCreateXbm() function (CVE-2007-3473). Unspecified
+    vulnerabilities have been discovered in the GIF reader (CVE-2007-3474).
+    An error has been discovered when processing a GIF image that has no
+    global color map (CVE-2007-3475). An array index error has been
+    discovered in the file gd_gif_in.c when processing images with an
+    invalid color index (CVE-2007-3476). An error has been discovered in
+    the imagearc() and imagefilledarc() functions when processing overly
+    large angle values (CVE-2007-3477). A race condition has been
+    discovered in the gdImageStringFTEx() function (CVE-2007-3478).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit one of these vulnerabilities to cause a
+    Denial of Service or possibly execute arbitrary code with the
+    privileges of the user running GD.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/gd-2.0.35"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756">CVE-2007-2756</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472">CVE-2007-3472</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473">CVE-2007-3473</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474">CVE-2007-3474</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475">CVE-2007-3475</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476">CVE-2007-3476</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477">CVE-2007-3477</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478">CVE-2007-3478</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-20T21:01:20Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-31T09:13:14Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-31T09:13:30Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-06.xml b/metadata/glsa/glsa-200708-06.xml
new file mode 100644
index 000000000000..73f83d218aa4
--- /dev/null
+++ b/metadata/glsa/glsa-200708-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-06">
+  <title>Net::DNS: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in the Net::DNS Perl module,
+    allowing for a Denial of Service and a cache poisoning attack.
+  </synopsis>
+  <product type="ebuild">net-dns</product>
+  <announced>2007-08-11</announced>
+  <revised count="01">2007-08-11</revised>
+  <bug>184029</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/Net-DNS" auto="yes" arch="*">
+      <unaffected range="ge">0.60</unaffected>
+      <vulnerable range="lt">0.60</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Net::DNS is a Perl implementation of a DNS resolver.
+    </p>
+  </background>
+  <description>
+    <p>
+    hjp discovered an error when handling DNS query IDs which make them
+    partially predictable. Steffen Ullrich discovered an error in the
+    dn_expand() function which could lead to an endless loop.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted DNS request to the
+    server which could result in a Denial of Service with an infinite
+    recursion, or perform a cache poisoning attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Net::DNS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-perl/Net-DNS-0.60"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3377">CVE-2007-3377</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409">CVE-2007-3409</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-16T13:12:37Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-25T05:32:52Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-30T09:51:53Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-07.xml b/metadata/glsa/glsa-200708-07.xml
new file mode 100644
index 000000000000..a33d5abea1b7
--- /dev/null
+++ b/metadata/glsa/glsa-200708-07.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-07">
+  <title>Xfce Terminal: Remote arbitrary code execution</title>
+  <synopsis>
+    A vulnerability has been discovered in the Xfce Terminal program, allowing
+    for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">terminal</product>
+  <announced>2007-08-11</announced>
+  <revised count="02">2008-07-12</revised>
+  <bug>184886</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-terms/terminal" auto="yes" arch="*">
+      <unaffected range="ge">0.2.6_p25931</unaffected>
+      <vulnerable range="lt">0.2.6_p25931</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xfce Terminal is a console tool for the Xfce desktop environment.
+    </p>
+  </background>
+  <description>
+    <p>
+    Lasse Karkkainen discovered that the function terminal_helper_execute()
+    in file terminal-helper.c does not properly escape the URIs before
+    processing.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted link,
+    possibly leading to the remote execution of arbitrary code with the
+    privileges of the user running Xfce Terminal. Note that the exploit
+    code depends on the browser used to open the crafted link.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xfce Terminal users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/terminal-0.2.6_p25931"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3770">CVE-2007-3770</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-28T07:40:26Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-28T07:40:36Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-31T08:48:45Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-08.xml b/metadata/glsa/glsa-200708-08.xml
new file mode 100644
index 000000000000..484601c41241
--- /dev/null
+++ b/metadata/glsa/glsa-200708-08.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-08">
+  <title>SquirrelMail G/PGP plugin: Arbitrary code execution</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in SquirrelMail, allowing for
+    the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">squirrelmail</product>
+  <announced>2007-08-11</announced>
+  <revised count="01">2007-08-11</revised>
+  <bug>185010</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <unaffected range="ge">1.4.10a-r2</unaffected>
+      <vulnerable range="lt">1.4.10a-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SquirrelMail is a webmail package written in PHP. It supports IMAP and
+    SMTP protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    The functions deletekey(), gpg_check_sign_pgp_mime() and gpg_recv_key()
+    used in the SquirrelMail G/PGP encryption plugin do not properly escape
+    user-supplied data.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An authenticated user could use the plugin to execute arbitrary code on
+    the server, or a remote attacker could send a specially crafted e-mail
+    to a SquirrelMail user, possibly leading to the execution of arbitrary
+    code with the privileges of the user running the underlying web server.
+    Note that the G/PGP plugin is disabled by default.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Enter the SquirrelMail configuration directory
+    (/usr/share/webapps/squirrelmail/version/htdocs/config), then execute
+    the conf.pl script. Select the plugins menu, then select the gpg plugin
+    item number in the "Installed Plugins" list to disable it. Press S to
+    save your changes, then Q to quit.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SquirrelMail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/squirrelmail-1.4.10a-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1924">CVE-2005-1924</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4169">CVE-2006-4169</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-20T20:59:21Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-07-23T13:21:57Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-23T13:22:43Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-09.xml b/metadata/glsa/glsa-200708-09.xml
new file mode 100644
index 000000000000..37b4fcf456d9
--- /dev/null
+++ b/metadata/glsa/glsa-200708-09.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-09">
+  <title>Mozilla products: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Firefox,
+    Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted
+    arbitrary remote code execution.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox,mozilla-firefox-bin,seamonkey,seamonkey-bin,mozilla-thunderbird,mozilla-thunderbird-bin,xulrunner</product>
+  <announced>2007-08-14</announced>
+  <revised count="01">2007-08-14</revised>
+  <bug>185737</bug>
+  <bug>187205</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.6</unaffected>
+      <vulnerable range="lt">2.0.0.6</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.6</unaffected>
+      <vulnerable range="lt">2.0.0.6</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.6</unaffected>
+      <vulnerable range="lt">2.0.0.6</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.6</unaffected>
+      <vulnerable range="lt">2.0.0.6</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4</unaffected>
+      <vulnerable range="lt">1.1.4</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4</unaffected>
+      <vulnerable range="lt">1.1.4</vulnerable>
+    </package>
+    <package name="net-libs/xulrunner" auto="yes" arch="*">
+      <unaffected range="ge">1.8.1.6</unaffected>
+      <vulnerable range="lt">1.8.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is an open-source web browser from the Mozilla Project,
+    and Mozilla Thunderbird an email client. The SeaMonkey project is a
+    community effort to deliver production-quality releases of code derived
+    from the application formerly known as the 'Mozilla Application Suite'.
+    XULRunner is a Mozilla runtime package that can be used to bootstrap
+    XUL+XPCOM applications like Firefox and Thunderbird.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mozilla developers fixed several bugs, including an issue with
+    modifying XPCNativeWrappers (CVE-2007-3738), a problem with event
+    handlers executing elements outside of the document (CVE-2007-3737),
+    and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They
+    also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and
+    an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302
+    redirects (CVE-2007-3656). Denials of Service involving corrupted
+    memory were fixed in the browser engine (CVE-2007-3734) and the
+    JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability
+    caused by a regression in the CVE-2007-3089 patch was fixed
+    (CVE-2007-3844).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a specially crafted web
+    page that will trigger one of the vulnerabilities, possibly leading to
+    the execution of arbitrary code or a Denial of Service. It is also
+    possible for an attacker to perform cross-site scripting attacks, which
+    could result in the exposure of sensitive information such as login
+    credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-2.0.0.6"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-2.0.0.6"</code>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-2.0.0.6"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-2.0.0.6"</code>
+    <p>
+    All SeaMonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.1.4"</code>
+    <p>
+    All SeaMonkey binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-1.1.4"</code>
+    <p>
+    All XULRunner users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/xulrunner-1.8.1.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089">CVE-2007-3089</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656">CVE-2007-3656</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734">CVE-2007-3734</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735">CVE-2007-3735</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736">CVE-2007-3736</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737">CVE-2007-3737</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738">CVE-2007-3738</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844">CVE-2007-3844</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-05T10:45:13Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-05T10:48:05Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-14T16:40:39Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-10.xml b/metadata/glsa/glsa-200708-10.xml
new file mode 100644
index 000000000000..20c300f7613e
--- /dev/null
+++ b/metadata/glsa/glsa-200708-10.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-10">
+  <title>MySQL: Denial of Service and information leakage</title>
+  <synopsis>
+    A Denial of Service vulnerability and a table structure information leakage
+    vulnerability were found in MySQL.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2007-08-16</announced>
+  <revised count="01">2007-08-16</revised>
+  <bug>185333</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.0.44</unaffected>
+      <vulnerable range="lt">5.0.44</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular multi-threaded, multi-user SQL server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dormando reported a vulnerability within the handling of password
+    packets in the connection protocol (CVE-2007-3780). Andrei Elkin also
+    found that the "CREATE TABLE LIKE" command didn't require SELECT
+    privileges on the source table (CVE-2007-3781).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote unauthenticated attacker could use the first vulnerability to
+    make the server crash. The second vulnerability can be used by
+    authenticated users to obtain information on tables they are not
+    normally able to access.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.0.44"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780">CVE-2007-3780</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781">CVE-2007-3781</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-29T22:18:26Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-12T20:12:02Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-12T20:13:00Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-11.xml b/metadata/glsa/glsa-200708-11.xml
new file mode 100644
index 000000000000..323c7d49d0a0
--- /dev/null
+++ b/metadata/glsa/glsa-200708-11.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-11">
+  <title>Lighttpd: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities were reported in Lighttpd, most of them allowing a
+    Denial of Service and potentially the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2007-08-16</announced>
+  <revised count="01">2007-08-16</revised>
+  <bug>185442</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.16</unaffected>
+      <vulnerable range="lt">1.4.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Lighttpd is a lightweight HTTP web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser discovered errors with evidence of memory corruption in
+    the code parsing the headers. Several independent researchers also
+    reported errors involving the handling of HTTP headers, the mod_auth
+    and mod_scgi modules, and the limitation of active connections.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can trigger any of these vulnerabilities by sending
+    malicious data to the server, which may lead to a crash or memory
+    exhaustion, and potentially the execution of arbitrary code.
+    Additionally, access-deny settings can be evaded by appending a final /
+    to a URL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Lighttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.4.16"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3946">CVE-2007-3946</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3947">CVE-2007-3947</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3948">CVE-2007-3948</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3949">CVE-2007-3949</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3950">CVE-2007-3950</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-17T18:07:17Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-12T21:28:06Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-15T05:43:43Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-12.xml b/metadata/glsa/glsa-200708-12.xml
new file mode 100644
index 000000000000..3d315ad80184
--- /dev/null
+++ b/metadata/glsa/glsa-200708-12.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-12">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Wireshark, allowing for
+    the remote execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2007-08-16</announced>
+  <revised count="01">2007-08-16</revised>
+  <bug>183520</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">0.99.6</unaffected>
+      <vulnerable range="lt">0.99.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a network protocol analyzer with a graphical front-end.
+    </p>
+  </background>
+  <description>
+    <p>
+    Wireshark doesn't properly handle chunked encoding in HTTP responses
+    (CVE-2007-3389), iSeries capture files (CVE-2007-3390), certain types
+    of DCP ETSI packets (CVE-2007-3391), and SSL or MMS packets
+    (CVE-2007-3392). An off-by-one error has been discovered in the
+    DHCP/BOOTP dissector when handling DHCP-over-DOCSIS packets
+    (CVE-2007-3393).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted packets on a network
+    being monitored with Wireshark, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running Wireshark which
+    might be the root user, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    In order to prevent root compromise, take network captures with tcpdump
+    and analyze them running Wireshark as a least privileged user.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-0.99.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3389">CVE-2007-3389</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3390">CVE-2007-3390</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3391">CVE-2007-3391</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3392">CVE-2007-3392</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3393">CVE-2007-3393</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-24T10:55:17Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-25T05:32:32Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-12T20:22:11Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-13.xml b/metadata/glsa/glsa-200708-13.xml
new file mode 100644
index 000000000000..58dea67083cd
--- /dev/null
+++ b/metadata/glsa/glsa-200708-13.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-13">
+  <title>BIND: Weak random number generation</title>
+  <synopsis>
+    The ISC BIND random number generator uses a weak algorithm, making it
+    easier to guess the next query ID and perform a DNS cache poisoning attack.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2007-08-18</announced>
+  <revised count="01">2007-08-18</revised>
+  <bug>186556</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.4.1_p1</unaffected>
+      <vulnerable range="lt">9.4.1_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC BIND is the Internet Systems Consortium implementation of the
+    Domain Name System (DNS) protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Amit Klein from Trusteer reported that the random number generator of
+    ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs
+    in the resolver routine or in zone transfer queries (CVE-2007-2926).
+    Additionally, the default configuration file has been strengthen with
+    respect to the allow-recursion{} and the allow-query{} options
+    (CVE-2007-2925).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can use this weakness by sending queries for a domain
+    he handles to a resolver (directly to a recursive server, or through
+    another process like an email processing) and then observing the
+    resulting IDs of the iterative queries. The attacker will half the time
+    be able to guess the next query ID, then perform cache poisoning by
+    answering with those guessed IDs, while spoofing the UDP source address
+    of the reply. Furthermore, with empty allow-recursion{} and
+    allow-query{} options, the default configuration allowed anybody to
+    make recursive queries and query the cache.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for the random generator
+    weakness. The allow-recursion{} and allow-query{} options should be set
+    to trusted hosts only in /etc/bind/named.conf, thus preventing several
+    security risks.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ISC BIND users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.4.1_p1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925">CVE-2007-2925</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926">CVE-2007-2926</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-05T10:40:49Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-13T23:06:16Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-14T23:00:40Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-14.xml b/metadata/glsa/glsa-200708-14.xml
new file mode 100644
index 000000000000..99f8ebbbac13
--- /dev/null
+++ b/metadata/glsa/glsa-200708-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-14">
+  <title>NVIDIA drivers: Denial of service</title>
+  <synopsis>
+    A vulnerability has been discovered in the NVIDIA graphic drivers, allowing
+    for a Denial of Service.
+  </synopsis>
+  <product type="ebuild">nvidia-drivers</product>
+  <announced>2007-08-19</announced>
+  <revised count="03">2007-10-11</revised>
+  <bug>183567</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
+      <unaffected range="ge">71.86.01</unaffected>
+      <unaffected range="rge">1.0.7185</unaffected>
+      <unaffected range="rge">1.0.9639</unaffected>
+      <vulnerable range="eq">100.14.06</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The NVIDIA drivers provide support for NVIDIA graphic boards.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gregory Shikhman discovered that the default Gentoo setup of NVIDIA
+    drivers creates the /dev/nvidia* with insecure file permissions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could send arbitrary values into the devices, possibly
+    resulting in hardware damage on the graphic board or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NVIDIA drivers users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3532">CVE-2007-3532</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-28T07:38:56Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-28T07:39:35Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-12T20:41:51Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-15.xml b/metadata/glsa/glsa-200708-15.xml
new file mode 100644
index 000000000000..fbea03cc130e
--- /dev/null
+++ b/metadata/glsa/glsa-200708-15.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-15">
+  <title>Apache mod_jk: Directory traversal</title>
+  <synopsis>
+    A directory traversal vulnerability has been discovered in Apache mod_jk.
+  </synopsis>
+  <product type="ebuild">mod_jk</product>
+  <announced>2007-08-19</announced>
+  <revised count="01">2007-08-19</revised>
+  <bug>186218</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_jk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.23</unaffected>
+      <vulnerable range="lt">1.2.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Apache mod_jk is a connector for the Tomcat web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Apache mod_jk decodes the URL within Apache before passing them to
+    Tomcat, which decodes them a second time.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could browse a specially crafted URL on an Apache
+    server running mod_jk, possibly gaining access to restricted resources.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache mod_jk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_jk-1.2.23"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860">CVE-2007-1860</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-29T22:06:43Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-29T22:08:30Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-12T21:01:34Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-16.xml b/metadata/glsa/glsa-200708-16.xml
new file mode 100644
index 000000000000..a3b9a35bea1e
--- /dev/null
+++ b/metadata/glsa/glsa-200708-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-16">
+  <title>Qt: Multiple format string vulnerabilities</title>
+  <synopsis>
+    Format string vulnerabilities in Qt 3 may lead to the remote execution of
+    arbitrary code in some Qt applications.
+  </synopsis>
+  <product type="ebuild">qt</product>
+  <announced>2007-08-22</announced>
+  <revised count="01">2007-08-22</revised>
+  <bug>185446</bug>
+  <access>remote, local</access>
+  <affected>
+    <package name="x11-libs/qt" auto="yes" arch="*">
+      <unaffected range="ge">3.3.8-r3</unaffected>
+      <vulnerable range="lt">3.3.8-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qt is a cross-platform GUI framework, which is used e.g. by KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE
+    reported multiple format string errors in qWarning() calls in files
+    qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp,
+    qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could trigger one of the vulnerabilities by causing a Qt
+    application to parse specially crafted text, which may lead to the
+    execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Qt 3 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=x11-libs/qt-3*"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388">CVE-2007-3388</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-15T17:25:28Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-15T17:25:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-19T22:38:33Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200708-17.xml b/metadata/glsa/glsa-200708-17.xml
new file mode 100644
index 000000000000..2a78c7a69a8a
--- /dev/null
+++ b/metadata/glsa/glsa-200708-17.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200708-17">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>
+    Opera contain several vulnerabilities, some of which may allow the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2007-08-22</announced>
+  <revised count="01">2007-08-22</revised>
+  <bug>185497</bug>
+  <bug>188987</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.23</unaffected>
+      <vulnerable range="lt">9.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    An error known as "a virtual function call on an invalid pointer" has
+    been discovered in the JavaScript engine (CVE-2007-4367). Furthermore,
+    iDefense Labs reported that an already-freed pointer may be still used
+    under unspecified circumstances in the BitTorrent support
+    (CVE-2007-3929). At last, minor other errors have been discovered,
+    relative to memory read protection (Opera Advisory 861) and URI
+    displays (CVE-2007-3142, CVE-2007-3819).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could trigger the BitTorrent vulnerability by
+    enticing a user into starting a malicious BitTorrent download, and
+    execute arbitrary code through unspecified vectors. Additionally, a
+    specially crafted JavaScript may trigger the "virtual function"
+    vulnerability. The JavaScript engine can also access previously freed
+    but uncleaned memory. Finally, a user can be fooled with a too long
+    HTTP server name that does not fit the dialog box, or a URI containing
+    whitespaces.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for all these
+    vulnerabilities.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.23"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3142">CVE-2007-3142</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3819">CVE-2007-3819</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3929">CVE-2007-3929</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4367">CVE-2007-4367</uri>
+    <uri link="https://www.opera.com/support/search/view/861/">Opera Advisory 861</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-29T20:48:46Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-29T20:48:57Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-20T09:59:22Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-01.xml b/metadata/glsa/glsa-200709-01.xml
new file mode 100644
index 000000000000..ad5c9a2aad37
--- /dev/null
+++ b/metadata/glsa/glsa-200709-01.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-01">
+  <title>MIT Kerberos 5: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities have been found in MIT Kerberos 5, which could allow a
+    remote unauthenticated user to execute arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2007-09-11</announced>
+  <revised count="01">2007-09-11</revised>
+  <bug>191301</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.5.3-r1</unaffected>
+      <vulnerable range="lt">1.5.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT Kerberos 5 is a suite of applications that implement the Kerberos
+    network protocol. kadmind is the MIT Kerberos 5 administration daemon.
+    </p>
+  </background>
+  <description>
+    <p>
+    A stack buffer overflow (CVE-2007-3999) has been reported in
+    svcauth_gss_validate() of the RPC library of kadmind. Another
+    vulnerability (CVE-2007-4000) has been found in
+    kadm5_modify_policy_internal(), which does not check the return values
+    of krb5_db_get_policy() correctly.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The RPC related vulnerability can be exploited by a remote
+    unauthenticated attacker to execute arbitrary code with root privileges
+    on the host running kadmind. The second vulnerability requires the
+    remote attacker to be authenticated and to have "modify policy"
+    privileges. It could then also allow for the remote execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT Kerberos 5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.5.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999">CVE-2007-3999</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000">CVE-2007-4000</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-08T22:29:04Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-09T19:22:20Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-10T18:34:17Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-02.xml b/metadata/glsa/glsa-200709-02.xml
new file mode 100644
index 000000000000..a19c79e8dad2
--- /dev/null
+++ b/metadata/glsa/glsa-200709-02.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-02">
+  <title>KVIrc: Remote arbitrary code execution</title>
+  <synopsis>
+    A vulnerability has been discovered in KVIrc, allowing for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">kvirc</product>
+  <announced>2007-09-13</announced>
+  <revised count="01">2007-09-13</revised>
+  <bug>183174</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/kvirc" auto="yes" arch="*">
+      <unaffected range="ge">3.2.6_pre20070714</unaffected>
+      <vulnerable range="lt">3.2.6_pre20070714</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KVIrc is a free portable IRC client based on Qt.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Cornelius from Secunia Research discovered that the
+    "parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
+    not properly sanitise parts of the URI when building the command for
+    KVIrc's internal script system.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    irc:// URI, possibly leading to the remote execution of arbitrary code
+    with the privileges of the user running KVIrc. Successful exploitation
+    requires that KVIrc is registered as the default handler for irc:// or
+    similar URIs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KVIrc users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/kvirc-3.2.6_pre20070714"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951">CVE-2007-2951</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-06T14:12:16Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-19T18:59:16Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-20T11:26:17Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-03.xml b/metadata/glsa/glsa-200709-03.xml
new file mode 100644
index 000000000000..9c49e3ef2843
--- /dev/null
+++ b/metadata/glsa/glsa-200709-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-03">
+  <title>Streamripper: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in Streamripper,
+    allowing for user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">streamripper</product>
+  <announced>2007-09-13</announced>
+  <revised count="01">2007-09-13</revised>
+  <bug>188698</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/streamripper" auto="yes" arch="*">
+      <unaffected range="ge">1.62.2</unaffected>
+      <vulnerable range="lt">1.62.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Streamripper is a tool for extracting and recording mp3 files from a
+    Shoutcast stream.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Rohlf discovered several boundary errors in the
+    httplib_parse_sc_header() function when processing HTTP headers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious
+    streaming server, resulting in the execution of arbitrary code with the
+    privileges of the user running Streamripper.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Streamripper users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/streamripper-1.62.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4337">CVE-2007-4337</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-24T09:30:52Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-24T09:31:49Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-08T15:35:27Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-04.xml b/metadata/glsa/glsa-200709-04.xml
new file mode 100644
index 000000000000..dddd6ead8ad8
--- /dev/null
+++ b/metadata/glsa/glsa-200709-04.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-04">
+  <title>po4a: Insecure temporary file creation</title>
+  <synopsis>
+    A vulnerability has been discovered in po4a, allowing for a symlink attack.
+  </synopsis>
+  <product type="ebuild">po4a</product>
+  <announced>2007-09-13</announced>
+  <revised count="01">2007-09-13</revised>
+  <bug>189440</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/po4a" auto="yes" arch="*">
+      <unaffected range="ge">0.32-r1</unaffected>
+      <vulnerable range="lt">0.32-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    po4a is a set of tools for helping with the translation of
+    documentation.
+    </p>
+  </background>
+  <description>
+    <p>
+    The po4a development team reported a race condition in the gettextize()
+    function when creating the file "/tmp/gettextization.failed.po".
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform a symlink attack, possibly overwriting
+    files with the permissions of the user running po4a.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All po4a users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/po4a-0.32-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4462">CVE-2007-4462</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-28T20:28:00Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-28T20:28:12Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-08T16:20:41Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-05.xml b/metadata/glsa/glsa-200709-05.xml
new file mode 100644
index 000000000000..e86526cd4926
--- /dev/null
+++ b/metadata/glsa/glsa-200709-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-05">
+  <title>RealPlayer: Buffer overflow</title>
+  <synopsis>
+    RealPlayer is vulnerable to a buffer overflow allowing for execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">realplayer</product>
+  <announced>2007-09-14</announced>
+  <revised count="01">2007-09-14</revised>
+  <bug>183421</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/realplayer" auto="yes" arch="*">
+      <unaffected range="ge">10.0.9</unaffected>
+      <vulnerable range="lt">10.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    RealPlayer is a multimedia player capable of handling multiple
+    multimedia file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    A stack-based buffer overflow vulnerability has been reported in the
+    SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when
+    handling HH:mm:ss.f type time formats.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted SMIL (Synchronized
+    Multimedia Integration Language) file, an attacker could be able to
+    execute arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All RealPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/realplayer-10.0.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410">CVE-2007-3410</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-29T10:19:49Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-29T10:19:58Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-09T20:21:51Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-06.xml b/metadata/glsa/glsa-200709-06.xml
new file mode 100644
index 000000000000..ffcb8678160e
--- /dev/null
+++ b/metadata/glsa/glsa-200709-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-06">
+  <title>flac123: Buffer overflow</title>
+  <synopsis>
+    flac123 is affected by a buffer overflow vulnerability, which could allow
+    for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">flac123</product>
+  <announced>2007-09-14</announced>
+  <revised count="01">2007-09-14</revised>
+  <bug>186220</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/flac123" auto="yes" arch="*">
+      <unaffected range="ge">0.0.11</unaffected>
+      <vulnerable range="lt">0.0.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    flac123 is a command-line application for playing FLAC audio files.
+    </p>
+  </background>
+  <description>
+    <p>
+    A possible buffer overflow vulnerability has been reported in the
+    local__vcentry_parse_value() function in vorbiscomment.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to play a specially crafted audio file,
+    which could lead to the execution of arbitrary code with the privileges
+    of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All flac123 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/flac123-0.0.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3507">CVE-2007-3507</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-29T10:21:26Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-29T11:36:53Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-11T15:39:45Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-07.xml b/metadata/glsa/glsa-200709-07.xml
new file mode 100644
index 000000000000..1915eeb42437
--- /dev/null
+++ b/metadata/glsa/glsa-200709-07.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-07">
+  <title>Eggdrop: Buffer overflow</title>
+  <synopsis>
+    A remote stack-based buffer overflow has been discovered in Eggdrop.
+  </synopsis>
+  <product type="ebuild">eggdrop</product>
+  <announced>2007-09-15</announced>
+  <revised count="02">2007-09-26</revised>
+  <bug>179354</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/eggdrop" auto="yes" arch="*">
+      <unaffected range="ge">1.6.18-r3</unaffected>
+      <vulnerable range="lt">1.6.18-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Eggdrop is an IRC bot extensible with C or Tcl.
+    </p>
+  </background>
+  <description>
+    <p>
+    Bow Sineath discovered a boundary error in the file
+    mod/server.mod/servrmsg.c when processing overly long private messages
+    sent by an IRC server.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice an Eggdrop user to connect the bot to a
+    malicious server, possibly resulting in the execution of arbitrary code
+    on the host running Eggdrop.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Eggdrop users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/eggdrop-1.6.18-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2807">CVE-2007-2807</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-23T09:04:09Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-23T09:04:22Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-07T09:43:27Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-08.xml b/metadata/glsa/glsa-200709-08.xml
new file mode 100644
index 000000000000..d5ce42bb1aad
--- /dev/null
+++ b/metadata/glsa/glsa-200709-08.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-08">
+  <title>id3lib: Insecure temporary file creation</title>
+  <synopsis>
+    A vulnerability has been discovered in id3lib allowing local users to
+    overwrite arbitrary files via a symlink attack.
+  </synopsis>
+  <product type="ebuild">id3lib</product>
+  <announced>2007-09-15</announced>
+  <revised count="01">2007-09-15</revised>
+  <bug>189610</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-libs/id3lib" auto="yes" arch="*">
+      <unaffected range="ge">3.8.3-r6</unaffected>
+      <vulnerable range="lt">3.8.3-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    id3lib is an open-source, cross-platform software development library
+    for reading, writing, and manipulating ID3v1 and ID3v2 tags.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nikolaus Schulz discovered that the function RenderV2ToFile() in file
+    src/tag_file.cpp creates temporary files in an insecure manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability via a symlink attack
+    to overwrite arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All id3lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/id3lib-3.8.3-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4460">CVE-2007-4460</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-09-13T20:50:09Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-14T08:35:20Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-09.xml b/metadata/glsa/glsa-200709-09.xml
new file mode 100644
index 000000000000..5900b3a0ec34
--- /dev/null
+++ b/metadata/glsa/glsa-200709-09.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-09">
+  <title>GNU Tar: Directory traversal vulnerability</title>
+  <synopsis>
+    A directory traversal vulnerability has been discovered in GNU Tar.
+  </synopsis>
+  <product type="ebuild">tar</product>
+  <announced>2007-09-15</announced>
+  <revised count="01">2007-09-15</revised>
+  <bug>189682</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/tar" auto="yes" arch="*">
+      <unaffected range="ge">1.18-r2</unaffected>
+      <vulnerable range="lt">1.18-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU Tar program provides the ability to create tar archives, as
+    well as various other kinds of manipulation.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry V. Levin discovered a directory traversal vulnerability in the
+    contains_dot_dot() function in file src/names.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to extract a specially crafted tar archive, a remote
+    attacker could extract files to arbitrary locations outside of the
+    specified directory with the permissions of the user running GNU Tar.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Tar users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/tar-1.18-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131">CVE-2007-4131</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-09-13T18:11:35Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-13T18:49:13Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-10.xml b/metadata/glsa/glsa-200709-10.xml
new file mode 100644
index 000000000000..25ae6a755eeb
--- /dev/null
+++ b/metadata/glsa/glsa-200709-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-10">
+  <title>PhpWiki: Authentication bypass</title>
+  <synopsis>
+    A vulnerability has been discovered in PhpWiki authentication mechanism.
+  </synopsis>
+  <product type="ebuild">phpwiki</product>
+  <announced>2007-09-18</announced>
+  <revised count="01">2007-09-18</revised>
+  <bug>181692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.3.14</unaffected>
+      <vulnerable range="lt">1.3.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PhpWiki is an application that creates a web site where anyone can edit
+    the pages through HTML forms.
+    </p>
+  </background>
+  <description>
+    <p>
+    The PhpWiki development team reported an authentication error within
+    the file lib/WikiUser/LDAP.php when binding to an LDAP server with an
+    empty password.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could provide an empty password when authenticating.
+    Depending on the LDAP implementation used, this could bypass the
+    PhpWiki authentication mechanism and grant the attacker access to the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PhpWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/phpwiki-1.3.14"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3193">CVE-2007-3193</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-04T23:41:27Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-08T16:22:11Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-15T20:54:32Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-11.xml b/metadata/glsa/glsa-200709-11.xml
new file mode 100644
index 000000000000..9eafab06f7b3
--- /dev/null
+++ b/metadata/glsa/glsa-200709-11.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-11">
+  <title>GDM: Local Denial of service</title>
+  <synopsis>
+    GDM can be crashed by a local user, preventing it from managing future
+    displays.
+  </synopsis>
+  <product type="ebuild">gdm</product>
+  <announced>2007-09-18</announced>
+  <revised count="01">2007-09-18</revised>
+  <bug>187919</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/gdm" auto="yes" arch="*">
+      <unaffected range="ge">2.18.4</unaffected>
+      <unaffected range="rge">2.16.7</unaffected>
+      <vulnerable range="lt">2.18.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GDM is the GNOME display manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    The result of a g_strsplit() call is incorrectly parsed in the files
+    daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and
+    gui/gdmflexiserver.c, allowing for a null pointer dereference.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local user could send a crafted message to /tmp/.gdm_socket that
+    would trigger the null pointer dereference and crash GDM, thus
+    preventing it from managing future displays.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Restrict the write permissions on /tmp/.gdm_socket to trusted users
+    only after each GDM restart.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GDM users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "gnome-base/gdm"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3381">CVE-2007-3381</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-15T05:40:23Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-15T05:40:36Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-08-20T09:31:53Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-12.xml b/metadata/glsa/glsa-200709-12.xml
new file mode 100644
index 000000000000..0afdfaea0874
--- /dev/null
+++ b/metadata/glsa/glsa-200709-12.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-12">
+  <title>Poppler: Two buffer overflow vulnerabilities</title>
+  <synopsis>
+    Poppler is vulnerable to an integer overflow and a stack overflow.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2007-09-19</announced>
+  <revised count="01">2007-09-19</revised>
+  <bug>188863</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.5.4-r2</unaffected>
+      <vulnerable range="lt">0.5.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Poppler is a cross-platform PDF rendering library originally based on
+    Xpdf.
+    </p>
+  </background>
+  <description>
+    <p>
+    Poppler and Xpdf are vulnerable to an integer overflow in the
+    StreamPredictor::StreamPredictor function, and a stack overflow in the
+    StreamPredictor::getNextLine function. The original vulnerability was
+    discovered by Maurycy Prodeus. Note: Gentoo's version of Xpdf is
+    patched to use the Poppler library, so the update to Poppler will also
+    fix Xpdf.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to view a specially crafted program with a
+    Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, a
+    remote attacker could cause an overflow, potentially resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Poppler users should upgrade to the latest version of Poppler:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.5.4-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387">CVE-2007-3387</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-29T12:44:56Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-29T12:45:03Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-01T13:10:32Z">
+    aetius
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-13.xml b/metadata/glsa/glsa-200709-13.xml
new file mode 100644
index 000000000000..bfc5a7c462a5
--- /dev/null
+++ b/metadata/glsa/glsa-200709-13.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-13">
+  <title>rsync: Two buffer overflows</title>
+  <synopsis>
+    Two user-assisted buffer overflow vulnerabilities have been discovered in
+    rsync.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2007-09-20</announced>
+  <revised count="01">2007-09-20</revised>
+  <bug>189132</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">2.6.9-r3</unaffected>
+      <vulnerable range="lt">2.6.9-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rsync is a file transfer program to keep remote directories
+    synchronized.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer from the SUSE Security Team discovered two off-by-one
+    errors in the function "f_name()" in file sender.c when processing
+    overly long directory names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to synchronize a repository
+    containing specially crafted directories, leading to the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All rsync users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-2.6.9-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091">CVE-2007-4091</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-08T22:30:02Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-09T00:00:07Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-15T16:04:37Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-14.xml b/metadata/glsa/glsa-200709-14.xml
new file mode 100644
index 000000000000..dace12ffa451
--- /dev/null
+++ b/metadata/glsa/glsa-200709-14.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-14">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>
+    Vulnerabilities have been discovered in ClamAV allowing remote execution of
+    arbitrary code and Denial of Service attacks.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2007-09-20</announced>
+  <revised count="01">2007-09-20</revised>
+  <bug>189912</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.91.2</unaffected>
+      <vulnerable range="lt">0.91.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
+    designed especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nikolaos Rangos discovered a vulnerability in ClamAV which exists
+    because the recipient address extracted from email messages is not
+    properly sanitized before being used in a call to "popen()" when
+    executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference
+    errors exist within the "cli_scanrtf()" function in libclamav/rtf.c and
+    Stefanos Stamatis discovered a NULL-pointer dereference vulnerability
+    within the "cli_html_normalise()" function in libclamav/htmlnorm.c
+    (CVE-2007-4510).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The unsanitized recipient address can be exploited to execute arbitrary
+    code with the privileges of the clamav-milter process by sending an
+    email with a specially crafted recipient address to the affected
+    system. Also, the NULL-pointer dereference errors can be exploited to
+    crash ClamAV. Successful exploitation of the latter vulnerability
+    requires that clamav-milter is started with the "black hole" mode
+    activated, which is not enabled by default.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.91.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510">CVE-2007-4510</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560">CVE-2007-4560</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-09-14T22:57:24Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-15T12:07:22Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-15.xml b/metadata/glsa/glsa-200709-15.xml
new file mode 100644
index 000000000000..959a6cf7d044
--- /dev/null
+++ b/metadata/glsa/glsa-200709-15.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-15">
+  <title>BEA JRockit: Multiple vulnerabilities</title>
+  <synopsis>
+    BEA JRockit contains several vulnerabilities, some of which may allow the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">jrockit-jdk-bin</product>
+  <announced>2007-09-23</announced>
+  <revised count="01">2007-09-23</revised>
+  <bug>190686</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/jrockit-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.11_p1</unaffected>
+      <vulnerable range="lt">1.5.0.11_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BEA JRockit provides tools, utilities, and a complete runtime
+    environment for developing and running applications using the Java
+    programming language.
+    </p>
+  </background>
+  <description>
+    <p>
+    An integer overflow vulnerability exists in the embedded ICC profile
+    image parser (CVE-2007-2788), an unspecified vulnerability exists in
+    the font parsing implementation (CVE-2007-4381), and an error exists
+    when processing XSLT stylesheets contained in XSLT Transforms in XML
+    signatures (CVE-2007-3716), among other vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could trigger the integer overflow to execute
+    arbitrary code or crash the JVM through a specially crafted file. Also,
+    an attacker could perform unauthorized actions via an applet that
+    grants certain privileges to itself because of the font parsing
+    vulnerability. The error when processing XSLT stylesheets can be
+    exploited to execute arbitrary code. Other vulnerabilities could lead
+    to establishing restricted network connections to certain services,
+    Cross Site Scripting and Denial of Service attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for all these
+    vulnerabilities.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BEA JRockit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/jrockit-jdk-bin-1.5.0.11_p1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788">CVE-2007-2788</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789">CVE-2007-2789</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004">CVE-2007-3004</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3005">CVE-2007-3005</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3503">CVE-2007-3503</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698">CVE-2007-3698</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3716">CVE-2007-3716</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3922">CVE-2007-3922</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4381">CVE-2007-4381</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-09-15T21:57:11Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-17T12:51:05Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-16.xml b/metadata/glsa/glsa-200709-16.xml
new file mode 100644
index 000000000000..50649b3f95eb
--- /dev/null
+++ b/metadata/glsa/glsa-200709-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-16">
+  <title>Lighttpd: Buffer overflow</title>
+  <synopsis>
+    Lighttpd is vulnerable to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2007-09-27</announced>
+  <revised count="01">2007-09-27</revised>
+  <bug>191912</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.18</unaffected>
+      <vulnerable range="lt">1.4.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Lighttpd is a lightweight HTTP web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mattias Bengtsson and Philip Olausson have discovered a buffer overflow
+    vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c
+    when processing overly long HTTP headers.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted request to the
+    vulnerable Lighttpd server, resulting in the remote execution of
+    arbitrary code with privileges of the user running the web server. Note
+    that mod_fastcgi is disabled in Gentoo's default configuration.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Edit the file /etc/lighttpd/lighttpd.conf and comment the following
+    line: "include mod_fastcgi.conf"
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Lighttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.4.18"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727">CVE-2007-4727</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-20T21:10:23Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-20T21:10:32Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-22T16:06:46Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-17.xml b/metadata/glsa/glsa-200709-17.xml
new file mode 100644
index 000000000000..15782e5d7ab7
--- /dev/null
+++ b/metadata/glsa/glsa-200709-17.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-17">
+  <title>teTeX: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in teTeX, allowing for
+    user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tetex</product>
+  <announced>2007-09-27</announced>
+  <revised count="01">2007-09-27</revised>
+  <bug>170861</bug>
+  <bug>182055</bug>
+  <bug>188172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/tetex" auto="yes" arch="*">
+      <unaffected range="ge">3.0_p1-r4</unaffected>
+      <vulnerable range="lt">3.0_p1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    teTeX is a complete TeX distribution for editing documents.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mark Richters discovered a buffer overflow in the open_sty() function
+    in file mkind.c. Other vulnerabilities have also been discovered in the
+    same file but might not be exploitable (CVE-2007-0650). Tetex also
+    includes vulnerable code from GD library (GLSA 200708-05), and from
+    Xpdf (CVE-2007-3387).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process a specially crafted
+    PNG, GIF or PDF file, or to execute "makeindex" on an overly long
+    filename. In both cases, this could lead to the remote execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All teTeX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/tetex-3.0_p1-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0650">CVE-2007-0650</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387">CVE-2007-3387</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200708-05.xml">GLSA-200708-05</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-08T15:34:16Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-22T14:17:49Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-27T21:28:55Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200709-18.xml b/metadata/glsa/glsa-200709-18.xml
new file mode 100644
index 000000000000..96399958d878
--- /dev/null
+++ b/metadata/glsa/glsa-200709-18.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200709-18">
+  <title>Bugzilla: Multiple vulnerabilities</title>
+  <synopsis>
+    Bugzilla contains several vulnerabilities, some of them possibly leading to
+    the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">bugzilla</product>
+  <announced>2007-09-30</announced>
+  <revised count="03">2009-05-28</revised>
+  <bug>190112</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/bugzilla" auto="yes" arch="*">
+      <unaffected range="rge">2.20.5</unaffected>
+      <unaffected range="rge">2.22.3</unaffected>
+      <unaffected range="ge">3.0.1</unaffected>
+      <unaffected range="rge">2.22.5</unaffected>
+      <unaffected range="rge">2.20.6</unaffected>
+      <vulnerable range="lt">3.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Bugzilla is a web application designed to help with managing software
+    development.
+    </p>
+  </background>
+  <description>
+    <p>
+    Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not
+    properly sanitize the content of the "buildid" parameter when filing
+    bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla
+    2.23.3 or later, hence the stable Gentoo Portage tree does not contain
+    these two vulnerabilities: Loic Minier reported that the
+    "Email::Send::Sendmail()" function does not properly sanitise "from"
+    email information before sending it to the "-f" parameter of
+    /usr/sbin/sendmail (CVE-2007-4538), and Frederic Buclin discovered that
+    the XML-RPC interface does not correctly check permissions in the
+    time-tracking fields (CVE-2007-4539).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could trigger the "buildid" vulnerability by sending
+    a specially crafted form to Bugzilla, leading to a persistent XSS, thus
+    allowing for theft of credentials. With Bugzilla 2.23.3 or later, an
+    attacker could also execute arbitrary code with the permissions of the
+    web server by injecting a specially crafted "from" email address and
+    gain access to normally restricted time-tracking information through
+    the XML-RPC service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Bugzilla users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose www-apps/bugzilla</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4538">CVE-2007-4538</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4539">CVE-2007-4539</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4543">CVE-2007-4543</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-12T09:19:32Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-13T16:25:04Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-14T08:36:10Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-01.xml b/metadata/glsa/glsa-200710-01.xml
new file mode 100644
index 000000000000..df1554a5569a
--- /dev/null
+++ b/metadata/glsa/glsa-200710-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-01">
+  <title>RPCSEC_GSS library: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in librpcsecgss.
+  </synopsis>
+  <product type="ebuild">librcpsecgss</product>
+  <announced>2007-10-04</announced>
+  <revised count="01">2007-10-04</revised>
+  <bug>191479</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/librpcsecgss" auto="yes" arch="*">
+      <unaffected range="ge">0.16</unaffected>
+      <vulnerable range="lt">0.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    librpcsecgss is an implementation of RPCSEC_GSS for secure RPC
+    communications.
+    </p>
+  </background>
+  <description>
+    <p>
+    A stack based buffer overflow has been discovered in the
+    svcauth_gss_validate() function in file lib/rpc/svc_auth_gss.c when
+    processing an overly long string in a RPC message.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted RPC request to an
+    application relying on this library, e.g NFSv4 or Kerberos
+    (GLSA-200709-01), resulting in the execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All librpcsecgss users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/librpcsecgss-0.16"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999">CVE-2007-3999</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200709-01.xml">GLSA-200709-01</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-09T19:27:24Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-09T19:29:01Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-29T15:36:52Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-02.xml b/metadata/glsa/glsa-200710-02.xml
new file mode 100644
index 000000000000..f69bc75137e1
--- /dev/null
+++ b/metadata/glsa/glsa-200710-02.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-02">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    PHP contains several vulnerabilities including buffer and integer overflows
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2007-10-07</announced>
+  <revised count="01">2007-10-07</revised>
+  <bug>179158</bug>
+  <bug>180556</bug>
+  <bug>191034</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.2.4_p20070914-r2</unaffected>
+      <vulnerable range="lt">5.2.4_p20070914-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip
+    Olausson reported integer overflows in the gdImageCreate() and
+    gdImageCreateTrueColor() functions of the GD library which can cause
+    heap-based buffer overflows (CVE-2007-3996). Gerhard Wagner discovered
+    an integer overflow in the chunk_split() function that can lead to a
+    heap-based buffer overflow (CVE-2007-2872). Its incomplete fix caused
+    incorrect buffer size calculation due to precision loss, also resulting
+    in a possible heap-based buffer overflow (CVE-2007-4661 and
+    CVE-2007-4660). A buffer overflow in the sqlite_decode_binary() of the
+    SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1
+    was not fixed correctly (CVE-2007-1887).
+    </p>
+    <p>
+    Stefan Esser discovered an error in the zend_alter_ini_entry() function
+    handling a memory_limit violation (CVE-2007-4659). Stefan Esser also
+    discovered a flaw when handling interruptions with userspace error
+    handlers that can be exploited to read arbitrary heap memory
+    (CVE-2007-1883). Disclosure of sensitive memory can also be triggered
+    due to insufficient boundary checks in the strspn() and strcspn()
+    functions, an issue discovered by Mattias Bengtsson and Philip Olausson
+    (CVE-2007-4657)
+    </p>
+    <p>
+    Stefan Esser reported incorrect validation in the FILTER_VALIDATE_EMAIL
+    filter of the Filter extension allowing arbitrary email header
+    injection (CVE-2007-1900). NOTE: This CVE was referenced, but not fixed
+    in GLSA 200705-19.
+    </p>
+    <p>
+    Stanislav Malyshev found an error with unknown impact in the
+    money_format() function when processing "%i" and "%n" tokens
+    (CVE-2007-4658). zatanzlatan reported a buffer overflow in the
+    php_openssl_make_REQ() function with unknown impact when providing a
+    manipulated SSL configuration file (CVE-2007-4662). Possible memory
+    corruption when trying to read EXIF data in exif_read_data() and
+    exif_thumbnail() occurred with unknown impact.
+    </p>
+    <p>
+    Several vulnerabilities that allow bypassing of open_basedir and other
+    restrictions were reported, including the glob() function
+    (CVE-2007-4663), the session_save_path(), ini_set(), and error_log()
+    functions which can allow local command execution (CVE-2007-3378),
+    involving the readfile() function (CVE-2007-3007), via the Session
+    extension (CVE-2007-4652), via the MySQL extension (CVE-2007-3997) and
+    in the dl() function which allows loading extensions outside of the
+    specified directory (CVE-2007-4825).
+    </p>
+    <p>
+    Multiple Denial of Service vulnerabilities were discovered, including a
+    long "library" parameter in the dl() function (CVE-2007-4887), in
+    several iconv and xmlrpc functions (CVE-2007-4840 and CVE-2007-4783),
+    in the setlocale() function (CVE-2007-4784), in the glob() and
+    fnmatch() function (CVE-2007-4782 and CVE-2007-3806), a floating point
+    exception in the wordwrap() function (CVE-2007-3998), a stack
+    exhaustion via deeply nested arrays (CVE-2007-4670), an infinite loop
+    caused by a specially crafted PNG image in the png_read_info() function
+    of libpng (CVE-2007-2756) and several issues related to array
+    conversion.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Remote attackers might be able to exploit these issues in PHP
+    applications making use of the affected functions, potentially
+    resulting in the execution of arbitrary code, Denial of Service,
+    execution of scripted contents in the context of the affected site,
+    security bypass or information leak.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.2.4_p20070914-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1883">CVE-2007-1883</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1887">CVE-2007-1887</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900">CVE-2007-1900</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756">CVE-2007-2756</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872">CVE-2007-2872</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3007">CVE-2007-3007</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378">CVE-2007-3378</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3806">CVE-2007-3806</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996">CVE-2007-3996</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3997">CVE-2007-3997</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998">CVE-2007-3998</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4652">CVE-2007-4652</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4657">CVE-2007-4657</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658">CVE-2007-4658</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4659">CVE-2007-4659</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4660">CVE-2007-4660</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4661">CVE-2007-4661</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4662">CVE-2007-4662</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4663">CVE-2007-4663</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670">CVE-2007-4670</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727">CVE-2007-4727</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782">CVE-2007-4782</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783">CVE-2007-4783</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4784">CVE-2007-4784</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4825">CVE-2007-4825</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840">CVE-2007-4840</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887">CVE-2007-4887</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-19.xml">GLSA 200705-19</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-08-19T18:58:47Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-08-19T18:58:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-27T00:18:38Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-03.xml b/metadata/glsa/glsa-200710-03.xml
new file mode 100644
index 000000000000..551985836d71
--- /dev/null
+++ b/metadata/glsa/glsa-200710-03.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-03">
+  <title>libvorbis: Multiple vulnerabilities</title>
+  <synopsis>
+    A buffer overflow vulnerability and several memory corruptions have been
+    discovered in libvorbis.
+  </synopsis>
+  <product type="ebuild">libvorbis</product>
+  <announced>2007-10-07</announced>
+  <revised count="01">2007-10-07</revised>
+  <bug>186716</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libvorbis" auto="yes" arch="*">
+      <unaffected range="ge">1.2.0</unaffected>
+      <vulnerable range="lt">1.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libvorbis is the reference implementation of the Xiph.org Ogg Vorbis
+    audio file format. It is used by many applications for playback of Ogg
+    Vorbis files.
+    </p>
+  </background>
+  <description>
+    <p>
+    David Thiel of iSEC Partners discovered a heap-based buffer overflow in
+    the _01inverse() function in res0.c and a boundary checking error in
+    the vorbis_info_clear() function in info.c (CVE-2007-3106 and
+    CVE-2007-4029). libvorbis is also prone to several Denial of Service
+    vulnerabilities in form of infinite loops and invalid memory access
+    with unknown impact (CVE-2007-4065 and CVE-2007-4066).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by enticing a
+    user to open a specially crafted Ogg Vorbis file or network stream with
+    an application using libvorbis. This might lead to the execution of
+    arbitrary code with privileges of the user playing the file or a Denial
+    of Service by a crash or CPU consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libvorbis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libvorbis-1.2.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106">CVE-2007-3106</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029">CVE-2007-4029</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4065">CVE-2007-4065</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066">CVE-2007-4066</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-04T23:57:53Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-08T16:21:39Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-02T15:39:27Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-04.xml b/metadata/glsa/glsa-200710-04.xml
new file mode 100644
index 000000000000..9594bf8b90ff
--- /dev/null
+++ b/metadata/glsa/glsa-200710-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-04">
+  <title>libsndfile: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in libsndfile.
+  </synopsis>
+  <product type="ebuild">libsndfile</product>
+  <announced>2007-10-07</announced>
+  <revised count="01">2007-10-07</revised>
+  <bug>192834</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsndfile" auto="yes" arch="*">
+      <unaffected range="ge">1.0.17-r1</unaffected>
+      <vulnerable range="lt">1.0.17-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libsndfile is a library for reading and writing various formats of
+    audio files including WAV and FLAC.
+    </p>
+  </background>
+  <description>
+    <p>
+    Robert Buchholz of the Gentoo Security team discovered that the
+    flac_buffer_copy() function does not correctly handle FLAC streams with
+    variable block sizes which leads to a heap-based buffer overflow
+    (CVE-2007-4974).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability by enticing a user
+    to open a specially crafted FLAC file or network stream with an
+    application using libsndfile. This might lead to the execution of
+    arbitrary code with privileges of the user playing the file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libsndfile users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libsndfile-1.0.17-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4974">CVE-2007-4974</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-06T23:14:31Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T18:26:17Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-07T19:16:11Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-05.xml b/metadata/glsa/glsa-200710-05.xml
new file mode 100644
index 000000000000..362b57b6ad22
--- /dev/null
+++ b/metadata/glsa/glsa-200710-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-05">
+  <title>QGit: Insecure temporary file creation</title>
+  <synopsis>
+    A vulnerability has been discovered in QGit allowing local users to
+    overwrite arbitrary files and execute arbitrary code with another user's
+    rights.
+  </synopsis>
+  <product type="ebuild">qgit</product>
+  <announced>2007-10-07</announced>
+  <revised count="01">2007-10-07</revised>
+  <bug>190697</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-util/qgit" auto="yes" arch="*">
+      <unaffected range="ge">1.5.7</unaffected>
+      <vulnerable range="lt">1.5.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    QGit is a graphical interface to git repositories that allows you to
+    browse revisions history, view patch content and changed files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Raphael Marichez discovered that the DataLoader::doStart() method
+    creates temporary files in an insecure manner and executes them.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform a symlink attack, possibly overwriting
+    files or executing arbitrary code with the rights of the user running
+    QGit.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All QGit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/qgit-1.5.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4631">CVE-2007-4631</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-24T08:55:56Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-24T08:56:46Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T18:55:10Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-06.xml b/metadata/glsa/glsa-200710-06.xml
new file mode 100644
index 000000000000..8ccebac8652e
--- /dev/null
+++ b/metadata/glsa/glsa-200710-06.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-06">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>
+    A buffer underflow vulnerability and an information disclosure
+    vulnerability have been discovered in OpenSSL.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2007-10-07</announced>
+  <revised count="01">2007-10-07</revised>
+  <bug>188799</bug>
+  <bug>194039</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.8e-r3</unaffected>
+      <vulnerable range="lt">0.9.8e-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is an implementation of the Secure Socket Layer and Transport
+    Layer Security protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Moritz Jodeit reported an off-by-one error in the
+    SSL_get_shared_ciphers() function, resulting from an incomplete fix of
+    CVE-2006-3738. A flaw has also been reported in the
+    BN_from_montgomery() function in crypto/bn/bn_mont.c when performing
+    Montgomery multiplication.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker sending a specially crafted packet to an application
+    relying on OpenSSL could possibly execute arbitrary code with the
+    privileges of the user running the application. A local attacker could
+    perform a side channel attack to retrieve the RSA private keys.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8e-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738">CVE-2006-3738</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108">CVE-2007-3108</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135">CVE-2007-5135</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-10T06:24:11Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-10T06:24:24Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-06T13:14:06Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-07.xml b/metadata/glsa/glsa-200710-07.xml
new file mode 100644
index 000000000000..68b89f3396c2
--- /dev/null
+++ b/metadata/glsa/glsa-200710-07.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-07">
+  <title>Tk: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in Tk.
+  </synopsis>
+  <product type="ebuild">tk</product>
+  <announced>2007-10-07</announced>
+  <revised count="01">2007-10-07</revised>
+  <bug>192539</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/tk" auto="yes" arch="*">
+      <unaffected range="ge">8.4.15-r1</unaffected>
+      <vulnerable range="lt">8.4.15-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tk is a toolkit for creating graphical user interfaces.
+    </p>
+  </background>
+  <description>
+    <p>
+    Reinhard Max discovered a boundary error in Tk when processing an
+    interlaced GIF with two frames where the second is smaller than the
+    first one.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted GIF
+    image with a Tk-based software, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/tk-8.4.15-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4851">CVE-2007-4851</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-25T09:49:33Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-25T09:49:45Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-02T20:07:14Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-08.xml b/metadata/glsa/glsa-200710-08.xml
new file mode 100644
index 000000000000..aee47e37a3cb
--- /dev/null
+++ b/metadata/glsa/glsa-200710-08.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-08">
+  <title>KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow</title>
+  <synopsis>
+    KPDF includes code from xpdf that is vulnerable to a stack-based buffer
+    overflow.
+  </synopsis>
+  <product type="ebuild">koffice, kword, kdegraphics, kpdf</product>
+  <announced>2007-10-09</announced>
+  <revised count="01">2007-10-09</revised>
+  <bug>187139</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/koffice" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r1</unaffected>
+      <vulnerable range="lt">1.6.3-r1</vulnerable>
+    </package>
+    <package name="app-office/kword" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r1</unaffected>
+      <vulnerable range="lt">1.6.3-r1</vulnerable>
+    </package>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="ge">3.5.7-r1</unaffected>
+      <vulnerable range="lt">3.5.7-r1</vulnerable>
+    </package>
+    <package name="kde-base/kpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.5.7-r1</unaffected>
+      <vulnerable range="lt">3.5.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KOffice is an integrated office suite for KDE. KWord is the KOffice
+    word processor. KPDF is a KDE-based PDF viewer included in the
+    kdegraphics package.
+    </p>
+  </background>
+  <description>
+    <p>
+    KPDF includes code from xpdf that is vulnerable to an integer overflow
+    in the StreamPredictor::StreamPredictor() function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted PDF
+    file in KWord or KPDF that would exploit the integer overflow to cause
+    a stack-based buffer overflow in the StreamPredictor::getNextLine()
+    function, possibly resulting in the execution of arbitrary code with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KOffice users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/koffice-1.6.3-r1"</code>
+    <p>
+    All KWord users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/kword-1.6.3-r1"</code>
+    <p>
+    All KDE Graphics Libraries users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdegraphics-3.5.7-r1"</code>
+    <p>
+    All KPDF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kpdf-3.5.7-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387">CVE-2007-3387</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-08T22:26:21Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-08T23:59:58Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T16:13:55Z">
+    aetius
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-09.xml b/metadata/glsa/glsa-200710-09.xml
new file mode 100644
index 000000000000..e47ad9db4a2b
--- /dev/null
+++ b/metadata/glsa/glsa-200710-09.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-09">
+  <title>NX 2.1: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    NX in the 2.1 series uses XFree86 4.3 code which is prone to an integer
+    overflow vulnerability.
+  </synopsis>
+  <product type="ebuild">nx, nxnode</product>
+  <announced>2007-10-09</announced>
+  <revised count="01">2007-10-09</revised>
+  <bug>192712</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/nx" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0</unaffected>
+      <vulnerable range="lt">3.0.0</vulnerable>
+    </package>
+    <package name="net-misc/nxnode" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0-r3</unaffected>
+      <vulnerable range="lt">3.0.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NoMachine's NX establishes remote connections to X11 desktops over
+    small bandwidth links. NX and NX Node are the compression core
+    libraries, whereas NX is used by FreeNX and NX Node by the binary-only
+    NX servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans reported an integer overflow within the FreeType PCF font
+    file parser (CVE-2006-1861). NX and NX Node are vulnerable to this due
+    to shipping XFree86 4.3.0, which includes the vulnerable FreeType code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these integer overflows by enticing a
+    user to load a specially crafted PCF font file which might lead to the
+    execution of arbitrary code with the privileges of the user on the
+    machine running the NX server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/nx-3.0.0"</code>
+    <p>
+    All NX Node users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/nxnode-3.0.0-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861">CVE-2006-1861</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200607-02.xml">GLSA 200607-02</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-20T13:00:55Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-20T13:01:53Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-02T16:18:36Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-10.xml b/metadata/glsa/glsa-200710-10.xml
new file mode 100644
index 000000000000..c2b81298e6bb
--- /dev/null
+++ b/metadata/glsa/glsa-200710-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-10">
+  <title>SKK Tools: Insecure temporary file creation</title>
+  <synopsis>
+    SKK insecurely creates temporary files.
+  </synopsis>
+  <product type="ebuild">skktools</product>
+  <announced>2007-10-12</announced>
+  <revised count="01">2007-10-12</revised>
+  <bug>193121</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-i18n/skktools" auto="yes" arch="*">
+      <unaffected range="ge">1.2-r1</unaffected>
+      <vulnerable range="lt">1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SKK is a Japanese input method for Emacs.
+    </p>
+  </background>
+  <description>
+    <p>
+    skkdic-expr.c insecurely writes temporary files to a location in the
+    form $TMPDIR/skkdic$PID.{pag,dir,db}, where $PID is the process ID.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the directory where the
+    temporary files are written, pointing to a valid file somewhere on the
+    filesystem that is writable by the user running the SKK software. When
+    SKK writes the temporary file, the target valid file would then be
+    overwritten with the contents of the SKK temporary file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SKK Tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-i18n/skktools-1.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3916">CVE-2007-3916</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-20T19:17:24Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-20T19:18:40Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T20:45:18Z">
+    aetius
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-11.xml b/metadata/glsa/glsa-200710-11.xml
new file mode 100644
index 000000000000..372be97a23e4
--- /dev/null
+++ b/metadata/glsa/glsa-200710-11.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-11">
+  <title>X Font Server: Multiple Vulnerabilities</title>
+  <synopsis>
+    Three vulnerabilities have been discovered in the X Font Server possibly
+    allowing local attackers to gain elevated privileges.
+  </synopsis>
+  <product type="ebuild">xfs</product>
+  <announced>2007-10-12</announced>
+  <revised count="01">2007-10-12</revised>
+  <bug>185660</bug>
+  <bug>194606</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-apps/xfs" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The X.Org X11 X Font Server provides a standard mechanism for an X
+    server to communicate with a font renderer.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense reported that the xfs init script does not correctly handle a
+    race condition when setting permissions of a temporary file
+    (CVE-2007-3103). Sean Larsson discovered an integer overflow
+    vulnerability in the build_range() function possibly leading to a
+    heap-based buffer overflow when handling "QueryXBitmaps" and
+    "QueryXExtents" protocol requests (CVE-2007-4568). Sean Larsson also
+    discovered an error in the swap_char2b() function possibly leading to a
+    heap corruption when handling the same protocol requests
+    (CVE-2007-4990).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The first issue would allow a local attacker to change permissions of
+    arbitrary files to be world-writable by performing a symlink attack.
+    The second and third issues would allow a local attacker to execute
+    arbitrary code with privileges of the user running the X Font Server,
+    usually xfs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X Font Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-apps/xfs-1.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3103">CVE-2007-3103</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568">CVE-2007-4568</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990">CVE-2007-4990</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-11T20:30:03Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-11T21:39:17Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-11T21:39:34Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-12.xml b/metadata/glsa/glsa-200710-12.xml
new file mode 100644
index 000000000000..0f19076b59d9
--- /dev/null
+++ b/metadata/glsa/glsa-200710-12.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-12">
+  <title>T1Lib: Buffer overflow</title>
+  <synopsis>
+    T1Lib is vulnerable to a buffer overflow allowing for the user-assisted
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">t1lib</product>
+  <announced>2007-10-12</announced>
+  <revised count="01">2007-10-12</revised>
+  <bug>193437</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/t1lib" auto="yes" arch="*">
+      <unaffected range="ge">5.0.2-r1</unaffected>
+      <vulnerable range="lt">5.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts.
+    </p>
+  </background>
+  <description>
+    <p>
+    Hamid Ebadi discovered a boundary error in the
+    intT1_EnvGetCompletePath() function which can lead to a buffer overflow
+    when processing an overly long filename.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a font file with a
+    specially crafted filename, possibly leading to the execution of
+    arbitrary code with the privileges of the user running the application
+    using T1Lib.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All T1Lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/t1lib-5.0.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033">CVE-2007-4033</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-26T12:38:38Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-26T12:39:08Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-08T00:05:38Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-13.xml b/metadata/glsa/glsa-200710-13.xml
new file mode 100644
index 000000000000..de63e3eb08d9
--- /dev/null
+++ b/metadata/glsa/glsa-200710-13.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-13">
+  <title>Ampache: Multiple vulnerabilities</title>
+  <synopsis>
+    An SQL injection vulnerability and a possible identity theft have been
+    discovered in Ampache.
+  </synopsis>
+  <product type="ebuild">ampache</product>
+  <announced>2007-10-13</announced>
+  <revised count="01">2007-10-13</revised>
+  <bug>189607</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/ampache" auto="yes" arch="*">
+      <unaffected range="ge">3.3.3.5</unaffected>
+      <vulnerable range="lt">3.3.3.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ampache is a PHP-based tool for managing, updating and playing audio
+    files via a web interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    LT discovered that the "match" parameter in albums.php is not properly
+    sanitized before being processed. The Ampache development team also
+    reported an error when handling user sessions.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could provide malicious input to the application,
+    possibly resulting in the execution of arbitrary SQL code. He could
+    also entice a user to open a specially crafted link to steal the user's
+    session.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ampache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/ampache-3.3.3.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4437">CVE-2007-4437</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4438">CVE-2007-4438</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-17T21:08:28Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-17T21:08:38Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-02T19:57:29Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-14.xml b/metadata/glsa/glsa-200710-14.xml
new file mode 100644
index 000000000000..62556ffae5c1
--- /dev/null
+++ b/metadata/glsa/glsa-200710-14.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-14">
+  <title>DenyHosts: Denial of service</title>
+  <synopsis>
+    DenyHosts does not correctly parse log entries, potentially causing a
+    remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">denyhosts</product>
+  <announced>2007-10-13</announced>
+  <revised count="01">2007-10-13</revised>
+  <bug>181213</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/denyhosts" auto="yes" arch="*">
+      <unaffected range="ge">2.6-r1</unaffected>
+      <vulnerable range="lt">2.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DenyHosts is designed to monitor SSH servers for repeated failed login
+    attempts.
+    </p>
+  </background>
+  <description>
+    <p>
+    Daniel B. Cid discovered that DenyHosts used an incomplete regular
+    expression to parse failed login attempts, a different issue than GLSA
+    200701-01.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote unauthenticated attacker can add arbitrary hosts into the
+    blacklist, including the "all" keyword, by submitting specially crafted
+    version identification strings to the SSH server banner. An attacker
+    may use this to prevent legitimate users from accessing a host
+    remotely.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All DenyHosts users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/denyhosts-2.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4323">CVE-2007-4323</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-06T13:32:04Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-06T13:32:42Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T22:16:56Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-15.xml b/metadata/glsa/glsa-200710-15.xml
new file mode 100644
index 000000000000..335f812968c3
--- /dev/null
+++ b/metadata/glsa/glsa-200710-15.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-15">
+  <title>KDM: Local privilege escalation</title>
+  <synopsis>
+    KDM allows logins without password under certain circumstances allowing a
+    local user to gain elevated privileges.
+  </synopsis>
+  <product type="ebuild">KDM</product>
+  <announced>2007-10-14</announced>
+  <revised count="01">2007-10-14</revised>
+  <bug>192373</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-base/kdm" auto="yes" arch="*">
+      <unaffected range="ge">3.5.7-r2</unaffected>
+      <vulnerable range="lt">3.5.7-r2</vulnerable>
+    </package>
+    <package name="kde-base/kdebase" auto="yes" arch="*">
+      <unaffected range="ge">3.5.7-r4</unaffected>
+      <vulnerable range="lt">3.5.7-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDM is the Display Manager for the graphical desktop environment KDE.
+    It is part of the kdebase package.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kees Huijgen discovered an error when checking the credentials which
+    can lead to a login without specifying a password. This only occurs
+    when auto login is configured for at least one user and a password is
+    required to shut down the machine.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could gain root privileges and execute arbitrary
+    commands by logging in as root without specifying root's password.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KDM users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdm-3.5.7-r2"</code>
+    <p>
+    All kdebase users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdebase-3.5.7-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569">CVE-2007-4569</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-08T00:34:30Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-08T00:49:35Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-08T02:58:05Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-16.xml b/metadata/glsa/glsa-200710-16.xml
new file mode 100644
index 000000000000..27b709c45aa5
--- /dev/null
+++ b/metadata/glsa/glsa-200710-16.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-16">
+  <title>X.Org X server: Composite local privilege escalation</title>
+  <synopsis>
+    A vulnerability has been discovered in the Composite extension of the X.Org
+    X server, allowing for a local privilege escalation.
+  </synopsis>
+  <product type="ebuild">X.Org</product>
+  <announced>2007-10-14</announced>
+  <revised count="01">2007-10-14</revised>
+  <bug>191964</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0.0-r1</unaffected>
+      <vulnerable range="lt">1.3.0.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The X Window System is a graphical windowing system based on a
+    client/server model.
+    </p>
+  </background>
+  <description>
+    <p>
+    Aaron Plattner discovered a buffer overflow in the compNewPixmap()
+    function when copying data from a large pixel depth pixmap into a
+    smaller pixel depth pixmap.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could execute arbitrary code with the privileges of
+    the user running the X server, typically root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the Composite extension by setting ' Option "Composite"
+    "disable" ' in the Extensions section of xorg.conf.
+    </p>
+    <p>
+    Note: This could affect the functionality of some applications.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.Org X server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.3.0.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4730">CVE-2007-4730</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-02T20:35:12Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-02T20:35:33Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-08T00:30:05Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-17.xml b/metadata/glsa/glsa-200710-17.xml
new file mode 100644
index 000000000000..9bf2c7812aa2
--- /dev/null
+++ b/metadata/glsa/glsa-200710-17.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-17">
+  <title>Balsa: Buffer overflow</title>
+  <synopsis>
+    Balsa is vulnerable to a buffer overflow allowing for the user-assisted
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">balsa</product>
+  <announced>2007-10-16</announced>
+  <revised count="01">2007-10-16</revised>
+  <bug>193179</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/balsa" auto="yes" arch="*">
+      <unaffected range="ge">2.3.20</unaffected>
+      <vulnerable range="lt">2.3.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Balsa is a highly configurable email client for GNOME.
+    </p>
+  </background>
+  <description>
+    <p>
+    Evil Ninja Squirrel discovered a stack-based buffer overflow in the
+    ir_fetch_seq() function when receiving a long response to a FETCH
+    command (CVE-2007-5007).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious or
+    compromised IMAP server, possibly leading to the execution of arbitrary
+    code with the rights of the user running Balsa.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Balsa users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/balsa-2.3.20"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5007">CVE-2007-5007</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-26T14:01:38Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-26T14:01:46Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-08T00:14:17Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-18.xml b/metadata/glsa/glsa-200710-18.xml
new file mode 100644
index 000000000000..b01d644d7040
--- /dev/null
+++ b/metadata/glsa/glsa-200710-18.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-18">
+  <title>util-linux: Local privilege escalation</title>
+  <synopsis>
+    The mount and umount programs might allow local attackers to gain root
+    privileges.
+  </synopsis>
+  <product type="ebuild">util-linux</product>
+  <announced>2007-10-18</announced>
+  <revised count="01">2007-10-18</revised>
+  <bug>195390</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/util-linux" auto="yes" arch="*">
+      <unaffected range="ge">2.12r-r8</unaffected>
+      <vulnerable range="lt">2.12r-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    util-linux is a suite of Linux programs including mount and umount,
+    programs used to mount and unmount filesystems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ludwig Nussel discovered that the check_special_mountprog() and
+    check_special_umountprog() functions call setuid() and setgid() in the
+    wrong order and do not check the return values, which can lead to
+    privileges being dropped improperly.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker may be able to exploit this vulnerability by using
+    mount helpers such as the mount.nfs program to gain root privileges and
+    run arbitrary commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All util-linux users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/util-linux-2.12r-r8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191">CVE-2007-5191</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-12T17:17:12Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-12T17:18:23Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-15T00:47:53Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-19.xml b/metadata/glsa/glsa-200710-19.xml
new file mode 100644
index 000000000000..7d9b1514eac8
--- /dev/null
+++ b/metadata/glsa/glsa-200710-19.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-19">
+  <title>The Sleuth Kit: Integer underflow</title>
+  <synopsis>
+    An integer underflow vulnerability has been reported in The Sleuth Kit
+    allowing for the user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">sleuthkit</product>
+  <announced>2007-10-18</announced>
+  <revised count="01">2007-10-18</revised>
+  <bug>181977</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-forensics/sleuthkit" auto="yes" arch="*">
+      <unaffected range="ge">2.0.9</unaffected>
+      <vulnerable range="lt">2.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Sleuth Kit is a collection of file system and media management
+    forensic analysis tools.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jean-Sebastien Guay-Leroux reported an integer underflow in the
+    file_printf() function of the "file" utility which is bundled with The
+    Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not
+    affected by the improper fix for this vulnerability (identified as
+    CVE-2007-2799, see GLSA 200705-25) since version 4.20 of "file" was
+    never shipped with The Sleuth Kit ebuilds.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run The Sleuth Kit on a file
+    system containing a specially crafted file that would trigger a
+    heap-based buffer overflow possibly leading to the execution of
+    arbitrary code with the rights of the user running The Sleuth Kit.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All The Sleuth Kit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-forensics/sleuthkit-2.0.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536">CVE-2007-1536</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799">CVE-2007-2799</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200703-26.xml">GLSA 200703-26</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-25.xml">GLSA 200705-25</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-29T13:59:12Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-29T13:59:20Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T23:47:34Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-20.xml b/metadata/glsa/glsa-200710-20.xml
new file mode 100644
index 000000000000..bc8879cdf0b0
--- /dev/null
+++ b/metadata/glsa/glsa-200710-20.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-20">
+  <title>PDFKit, ImageKits: Buffer overflow</title>
+  <synopsis>
+    PDFKit and ImageKits are vulnerable to an integer overflow and a stack
+    overflow allowing for the user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pdfkit imagekits</product>
+  <announced>2007-10-18</announced>
+  <revised count="01">2007-10-18</revised>
+  <bug>188185</bug>
+  <access>remote</access>
+  <affected>
+    <package name="gnustep-libs/pdfkit" auto="yes" arch="*">
+      <vulnerable range="le">0.9_pre062906</vulnerable>
+    </package>
+    <package name="gnustep-libs/imagekits" auto="yes" arch="*">
+      <vulnerable range="le">0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PDFKit is a framework for rendering of PDF content in GNUstep
+    applications. ImageKits is a collection of frameworks to support
+    imaging in GNUstep applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Maurycy Prodeus discovered an integer overflow vulnerability possibly
+    leading to a stack-based buffer overflow in the XPDF code which PDFKit
+    is based on. ImageKits also contains a copy of PDFKit.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to view a specially crafted PDF file with a viewer
+    based on ImageKits or PDFKit such as Gentoo's ViewPDF, a remote
+    attacker could cause an overflow, potentially resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    PDFKit and ImageKits are not maintained upstream, so the packages were
+    masked in Portage. We recommend that users unmerge PDFKit and
+    ImageKits:
+    </p>
+    <code>
+    # emerge --unmerge gnustep-libs/pdfkit
+    # emerge --unmerge gnustep-libs/imagekits</code>
+    <p>
+    As an alternative, users should upgrade their systems to use PopplerKit
+    instead of PDFKit and Vindaloo instead of ViewPDF.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387">CVE-2007-3387</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200709-12.xml">GLSA 200709-12</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-02T21:24:54Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T23:31:24Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-09T18:28:10Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-21.xml b/metadata/glsa/glsa-200710-21.xml
new file mode 100644
index 000000000000..78a21e3e07c5
--- /dev/null
+++ b/metadata/glsa/glsa-200710-21.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-21">
+  <title>TikiWiki: Arbitrary command execution</title>
+  <synopsis>
+    Tikiwiki contains a command injection vulnerability which may allow remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2007-10-20</announced>
+  <revised count="01">2007-10-20</revised>
+  <bug>195503</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.9.8.1</unaffected>
+      <vulnerable range="lt">1.9.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is an open source content management system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    ShAnKaR reported that input passed to the "f" array parameter in
+    tiki-graph_formula.php is not properly verified before being used to
+    execute PHP functions.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could execute arbitrary code with the rights of the user
+    running the web server by passing a specially crafted parameter string
+    to the tiki-graph_formula.php file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.9.8.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423">CVE-2007-5423</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-13T13:08:51Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-17T22:20:02Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-18T18:49:04Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-22.xml b/metadata/glsa/glsa-200710-22.xml
new file mode 100644
index 000000000000..f396e1de1c7c
--- /dev/null
+++ b/metadata/glsa/glsa-200710-22.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-22">
+  <title>TRAMP: Insecure temporary file creation</title>
+  <synopsis>
+    The TRAMP package for GNU Emacs insecurely creates temporary files.
+  </synopsis>
+  <product type="ebuild">tramp</product>
+  <announced>2007-10-20</announced>
+  <revised count="02">2007-12-30</revised>
+  <bug>194713</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emacs/tramp" auto="yes" arch="*">
+      <unaffected range="ge">2.1.10-r2</unaffected>
+      <unaffected range="lt">2.1</unaffected>
+      <vulnerable range="lt">2.1.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TRAMP is a remote file editing package for GNU Emacs, a highly
+    extensible and customizable text editor.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Monnier discovered that the tramp-make-tramp-temp-file()
+    function creates temporary files in an insecure manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the directory where the
+    temporary files are written, pointing to a valid file somewhere on the
+    filesystem that is writable by the user running TRAMP. When TRAMP
+    writes the temporary file, the target valid file would then be
+    overwritten with the contents of the TRAMP temporary file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TRAMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emacs/tramp-2.1.10-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5377">CVE-2007-5377</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-11T21:37:14Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-18T20:15:33Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-18T20:17:00Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-23.xml b/metadata/glsa/glsa-200710-23.xml
new file mode 100644
index 000000000000..7d60cc4874cc
--- /dev/null
+++ b/metadata/glsa/glsa-200710-23.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-23">
+  <title>Star: Directory traversal vulnerability</title>
+  <synopsis>
+    A directory traversal vulnerability has been discovered in Star.
+  </synopsis>
+  <product type="ebuild">star</product>
+  <announced>2007-10-22</announced>
+  <revised count="01">2007-10-22</revised>
+  <bug>189690</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/star" auto="yes" arch="*">
+      <unaffected range="ge">1.5_alpha84</unaffected>
+      <vulnerable range="lt">1.5_alpha84</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Star program provides the ability to create and extract tar
+    archives.
+    </p>
+  </background>
+  <description>
+    <p>
+    Robert Buchholz of the Gentoo Security team discovered a directory
+    traversal vulnerability in the has_dotdot() function which does not
+    identify //.. (slash slash dot dot) sequences in file names inside tar
+    files.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By enticing a user to extract a specially crafted tar archive, a remote
+    attacker could extract files to arbitrary locations outside of the
+    specified directory with the permissions of the user running Star.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Star users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/star-1.5_alpha84"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4134">CVE-2007-4134</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-11T21:17:08Z">
+    aetius
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-15T01:04:21Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-15T17:56:09Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-24.xml b/metadata/glsa/glsa-200710-24.xml
new file mode 100644
index 000000000000..5857f2bde7b0
--- /dev/null
+++ b/metadata/glsa/glsa-200710-24.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-24">
+  <title>OpenOffice.org: Heap-based buffer overflow</title>
+  <synopsis>
+    A heap-based buffer overflow vulnerability has been discovered in
+    OpenOffice.org, allowing for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openoffice</product>
+  <announced>2007-10-23</announced>
+  <revised count="01">2007-10-23</revised>
+  <bug>192818</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.3.0</unaffected>
+      <vulnerable range="lt">2.3.0</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.3.0</unaffected>
+      <vulnerable range="lt">2.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense Labs reported that the TIFF parsing code uses untrusted values
+    to calculate buffer sizes, which can lead to an integer overflow
+    resulting in heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, possibly leading to execution of arbitrary code with the
+    privileges of the user running OpenOffice.org.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.3.0"</code>
+    <p>
+    All OpenOffice.org binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-2.3.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2834">CVE-2007-2834</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-20T21:31:00Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-20T21:31:08Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-21T10:52:39Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-25.xml b/metadata/glsa/glsa-200710-25.xml
new file mode 100644
index 000000000000..6933f26471e5
--- /dev/null
+++ b/metadata/glsa/glsa-200710-25.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-25">
+  <title>MLDonkey: Privilege escalation</title>
+  <synopsis>
+    The Gentoo MLDonkey ebuild adds a user to the system with a valid login
+    shell and no password.
+  </synopsis>
+  <product type="ebuild">mldonkey</product>
+  <announced>2007-10-24</announced>
+  <revised count="02">2007-11-07</revised>
+  <bug>189412</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/mldonkey" auto="yes" arch="*">
+      <unaffected range="ge">2.9.0-r3</unaffected>
+      <vulnerable range="lt">2.9.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MLDonkey is a peer-to-peer filesharing client that connects to several
+    different peer-to-peer networks, including Overnet and BitTorrent.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so
+    that the MLDonkey service can run under a user with low privileges.
+    With older Portage versions this user is created with a valid login
+    shell and no password.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could log into a vulnerable system as the p2p user.
+    This would require an installed login service that permitted empty
+    passwords, such as SSH configured with the "PermitEmptyPasswords yes"
+    option, a local login console, or a telnet server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    See Resolution.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Change the p2p user's shell to disallow login. For example, as root run
+    the following command:
+    </p>
+    <code>
+    # usermod -s /bin/false p2p</code>
+    <p>
+    NOTE: updating to the current MLDonkey ebuild will not remove this
+    vulnerability, it must be fixed manually. The updated ebuild is to
+    prevent this problem from occurring in the future.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5714">CVE-2007-5714</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-10T16:21:11Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T16:40:51Z">
+    aetius
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-07T19:26:05Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-26.xml b/metadata/glsa/glsa-200710-26.xml
new file mode 100644
index 000000000000..6e07e2f0cf25
--- /dev/null
+++ b/metadata/glsa/glsa-200710-26.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-26">
+  <title>HPLIP: Privilege escalation</title>
+  <synopsis>
+    The hpssd daemon might allow local attackers to execute arbitrary commands
+    with root privileges.
+  </synopsis>
+  <product type="ebuild">hplip</product>
+  <announced>2007-10-24</announced>
+  <revised count="01">2007-10-24</revised>
+  <bug>195565</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-print/hplip" auto="yes" arch="*">
+      <unaffected range="rge">1.7.4a-r2</unaffected>
+      <unaffected range="ge">2.7.9-r1</unaffected>
+      <vulnerable range="lt">2.7.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides
+    drivers for HP's inkjet and laser printers, scanners and fax machines.
+    It integrates with the Common UNIX Printing System (CUPS) and Scanner
+    Access Now Easy (SANE).
+    </p>
+  </background>
+  <description>
+    <p>
+    Kees Cook from the Ubuntu Security team discovered that the hpssd
+    daemon does not correctly validate user supplied data before passing it
+    to a "popen3()" call.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker may be able to exploit this vulnerability by sending a
+    specially crafted request to the hpssd daemon to execute arbitrary
+    commands with the privileges of the user running hpssd, usually root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All HPLIP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "net-print/hplip"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208">CVE-2007-5208</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-21T20:50:24Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-21T20:51:40Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-21T21:46:02Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-27.xml b/metadata/glsa/glsa-200710-27.xml
new file mode 100644
index 000000000000..d01ded7c37c4
--- /dev/null
+++ b/metadata/glsa/glsa-200710-27.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-27">
+  <title>ImageMagick: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in ImageMagick, possibly
+    resulting in arbitrary code execution or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2007-10-24</announced>
+  <revised count="01">2007-10-24</revised>
+  <bug>186030</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.3.5.10</unaffected>
+      <vulnerable range="lt">6.3.5.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a collection of tools and libraries for manipulating
+    various image formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    regenrecht reported multiple infinite loops in functions ReadDCMImage()
+    and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when
+    handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an
+    off-by-one error in the ReadBlobString() function (CVE-2007-4987).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    image, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running the application, or an
+    excessive CPU consumption. Note that applications relying on
+    ImageMagick to process images can also trigger the vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.3.5.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985">CVE-2007-4985</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986">CVE-2007-4986</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987">CVE-2007-4987</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988">CVE-2007-4988</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-30T09:56:31Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-06T12:45:56Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-23T14:53:02Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-28.xml b/metadata/glsa/glsa-200710-28.xml
new file mode 100644
index 000000000000..ba6d9f305bf1
--- /dev/null
+++ b/metadata/glsa/glsa-200710-28.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-28">
+  <title>Qt: Buffer overflow</title>
+  <synopsis>
+    An off-by-one vulnerability has been discovered in Qt, possibly resulting
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">qt</product>
+  <announced>2007-10-25</announced>
+  <revised count="01">2007-10-25</revised>
+  <bug>192472</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/qt" auto="yes" arch="*">
+      <unaffected range="ge">3.3.8-r4</unaffected>
+      <vulnerable range="lt">3.3.8-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qt is a cross-platform GUI framework, which is used e.g. by KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dirk Mueller from the KDE development team discovered a boundary error
+    in file qutfcodec.cpp when processing Unicode strings.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted Unicode string to a
+    vulnerable Qt application, possibly resulting in the remote execution
+    of arbitrary code with the privileges of the user running the
+    application. Note that the boundary error is present but reported to be
+    not exploitable in 4.x series.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Qt 3.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/qt-3.3.8-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137">CVE-2007-4137</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-15T12:11:04Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-29T13:54:49Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-29T13:54:56Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-29.xml b/metadata/glsa/glsa-200710-29.xml
new file mode 100644
index 000000000000..32d1d58c33b1
--- /dev/null
+++ b/metadata/glsa/glsa-200710-29.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-29">
+  <title>Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code</title>
+  <synopsis>
+    A format string error has been discovered in Sylpheed and Claws Mail,
+    potentially leading to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">sylpheed claws-mail</product>
+  <announced>2007-10-25</announced>
+  <revised count="01">2007-10-25</revised>
+  <bug>190104</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/sylpheed" auto="yes" arch="*">
+      <unaffected range="ge">2.4.5</unaffected>
+      <vulnerable range="lt">2.4.5</vulnerable>
+    </package>
+    <package name="mail-client/claws-mail" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0</unaffected>
+      <vulnerable range="lt">3.0.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sylpheed and Claws Mail are two GTK based e-mail clients.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar from Secunia Research discovered a format string error
+    in the inc_put_error() function in file src/inc.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious POP
+    server sending specially crafted replies, possibly resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sylpheed users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/sylpheed-2.4.5"</code>
+    <p>
+    All Claws Mail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/claws-mail-3.0.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2958">CVE-2007-2958</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-08T00:54:19Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-08T02:57:28Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-09T18:46:46Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-30.xml b/metadata/glsa/glsa-200710-30.xml
new file mode 100644
index 000000000000..c223f2e5b22c
--- /dev/null
+++ b/metadata/glsa/glsa-200710-30.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-30">
+  <title>OpenSSL: Remote execution of arbitrary code</title>
+  <synopsis>
+    OpenSSL contains a vulnerability allowing execution of arbitrary code or a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2007-10-27</announced>
+  <revised count="03">2007-10-30</revised>
+  <bug>195634</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.8f</unaffected>
+      <vulnerable range="lt">0.9.8f</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+    (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+    purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is
+    caused due to an unspecified off-by-one error within the DTLS
+    implementation.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this issue to execute arbitrary code or
+    cause a Denial of Service. Only clients and servers explicitly using
+    DTLS are affected, systems using SSL and TLS are not.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8f"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995">CVE-2007-4995</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-16T17:07:11Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-16T17:07:40Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-23T17:06:07Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200710-31.xml b/metadata/glsa/glsa-200710-31.xml
new file mode 100644
index 000000000000..2703d56d1d96
--- /dev/null
+++ b/metadata/glsa/glsa-200710-31.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200710-31">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>
+    Opera contains multiple vulnerabilities, which may allow the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2007-10-30</announced>
+  <revised count="01">2007-10-30</revised>
+  <bug>196164</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.24</unaffected>
+      <vulnerable range="lt">9.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a multi-platform web browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michael A. Puls II discovered an unspecified flaw when launching
+    external email or newsgroup clients (CVE-2007-5541). David Bloom
+    discovered that when displaying frames from different websites, the
+    same-origin policy is not correctly enforced (CVE-2007-5540).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could potentially exploit the first vulnerability to
+    execute arbitrary code with the privileges of the user running Opera by
+    enticing a user to visit a specially crafted URL. Note that this
+    vulnerability requires an external e-mail or newsgroup client
+    configured in Opera to be exploitable. The second vulnerability allows
+    an attacker to execute arbitrary script code in a user's browser
+    session in context of other sites or the theft of browser credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for all these
+    vulnerabilities.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.24"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5540">CVE-2007-5540</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5541">CVE-2007-5541</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-10-21T22:07:58Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-22T21:37:32Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-01.xml b/metadata/glsa/glsa-200711-01.xml
new file mode 100644
index 000000000000..0e5123c2fa86
--- /dev/null
+++ b/metadata/glsa/glsa-200711-01.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-01">
+  <title>gFTP: Multiple vulnerabilities</title>
+  <synopsis>
+    Two buffer overflow vulnerabilities have been discovered in fsplib code
+    used in gFTP.
+  </synopsis>
+  <product type="ebuild">gftp</product>
+  <announced>2007-11-01</announced>
+  <revised count="01">2007-11-01</revised>
+  <bug>188252</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/gftp" auto="yes" arch="*">
+      <unaffected range="ge">2.0.18-r6</unaffected>
+      <vulnerable range="lt">2.0.18-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gFTP is an FTP client for the GNOME desktop environment.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
+    included in gFTP when processing overly long directory or file names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could trigger these vulnerabilities by enticing a
+    user to download a file with a specially crafted directory or file
+    name, possibly resulting in the execution of arbitrary code
+    (CVE-2007-3962) or a Denial of Service (CVE-2007-3961).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gFTP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/gftp-2.0.18-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3961">CVE-2007-3961</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3962">CVE-2007-3962</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-26T07:30:16Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-26T07:30:24Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-10T19:23:34Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-02.xml b/metadata/glsa/glsa-200711-02.xml
new file mode 100644
index 000000000000..a5f797e500f7
--- /dev/null
+++ b/metadata/glsa/glsa-200711-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-02">
+  <title>OpenSSH: Security bypass</title>
+  <synopsis>
+    A flaw has been discovered in OpenSSH which could allow a local attacker to
+    bypass security restrictions.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2007-11-01</announced>
+  <revised count="01">2007-11-01</revised>
+  <bug>191321</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">4.7</unaffected>
+      <vulnerable range="lt">4.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSH is a complete SSH protocol implementation that includes an SFTP
+    client and server support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jan Pechanec discovered that OpenSSH uses a trusted X11 cookie when it
+    cannot create an untrusted one.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could bypass the SSH client security policy and gain
+    privileges by causing an X client to be treated as trusted.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSH users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-4.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752">CVE-2007-4752</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-25T19:38:10Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-25T19:38:18Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-28T12:20:41Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-03.xml b/metadata/glsa/glsa-200711-03.xml
new file mode 100644
index 000000000000..9940b5111117
--- /dev/null
+++ b/metadata/glsa/glsa-200711-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-03">
+  <title>Gallery: Multiple vulnerabilities</title>
+  <synopsis>
+    The WebDAV and Reupload modules of Gallery contain multiple unspecified
+    vulnerabilities.
+  </synopsis>
+  <product type="ebuild">gallery</product>
+  <announced>2007-11-01</announced>
+  <revised count="02">2007-11-11</revised>
+  <bug>191587</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">2.2.3</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is a PHP based photo album manager.
+    </p>
+  </background>
+  <description>
+    <p>
+    Merrick Manalastas and Nicklous Roberts have discovered multiple
+    vulnerabilities in the WebDAV and Reupload modules.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could exploit these vulnerabilities to bypass
+    security restrictions and rename, replace and change properties of
+    items, or edit item data using WebDAV.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gallery users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/gallery-2.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4650">CVE-2007-4650</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-25T09:43:01Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-25T09:46:35Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-15T18:31:52Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-04.xml b/metadata/glsa/glsa-200711-04.xml
new file mode 100644
index 000000000000..5dcd5eadb454
--- /dev/null
+++ b/metadata/glsa/glsa-200711-04.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-04">
+  <title>Evolution: User-assisted remote execution of arbitrary code</title>
+  <synopsis>
+    The IMAP client of Evolution contains a vulnerability potentially leading
+    to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">evolution-data-server</product>
+  <announced>2007-11-06</announced>
+  <revised count="01">2007-11-06</revised>
+  <bug>190861</bug>
+  <access>remote</access>
+  <affected>
+    <package name="gnome-extra/evolution-data-server" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3.1</unaffected>
+      <vulnerable range="lt">1.10.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Evolution is the mail client of the GNOME desktop environment. Camel is
+    the Evolution Data Server module that handles mail functions.
+    </p>
+  </background>
+  <description>
+    <p>
+    The imap_rescan() function of the file camel-imap-folder.c does not
+    properly sanitize the "SEQUENCE" response sent by an IMAP server before
+    being used to index arrays.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A malicious or compromised IMAP server could trigger the vulnerability
+    and execute arbitrary code with the permissions of the user running
+    Evolution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Note that this GLSA addresses the same issue as GLSA 200707-03, but for
+    the 1.10 branch of Evolution Data Server.
+    </p>
+    <p>
+    All Evolution users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=gnome-extra/evolution-data-server-1.10.3.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200707-03.xml">GLSA 200707-03</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257">CVE-2007-3257</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-17T21:12:59Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-17T21:13:37Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-07T19:29:33Z">
+    aetius
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-05.xml b/metadata/glsa/glsa-200711-05.xml
new file mode 100644
index 000000000000..9605bbf70590
--- /dev/null
+++ b/metadata/glsa/glsa-200711-05.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-05">
+  <title>SiteBar: Multiple issues</title>
+  <synopsis>
+    Multiple issues have been identified in SiteBar that might allow execution
+    of arbitrary code and arbitrary file disclosure.
+  </synopsis>
+  <product type="ebuild">sitebar</product>
+  <announced>2007-11-06</announced>
+  <revised count="01">2007-11-06</revised>
+  <bug>195810</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/sitebar" auto="yes" arch="*">
+      <unaffected range="ge">3.3.9</unaffected>
+      <vulnerable range="lt">3.3.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SiteBar is a PHP application that allows users to store their bookmarks
+    on a web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tim Brown discovered these multiple issues: the translation module does
+    not properly sanitize the value to the "dir" parameter (CVE-2007-5491,
+    CVE-2007-5694); the translation module also does not sanitize the
+    values of the "edit" and "value" parameters which it passes to eval()
+    and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does
+    not validate the URL to redirect users to after logging in
+    (CVE-2007-5695); SiteBar also contains several cross-site scripting
+    vulnerabilities (CVE-2007-5692).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An authenticated attacker in the "Translators" or "Admins" group could
+    execute arbitrary code, read arbitrary files and possibly change their
+    permissions with the privileges of the user running the web server by
+    passing a specially crafted parameter string to the "translator.php"
+    file. An unauthenticated attacker could entice a user to browse a
+    specially crafted URL, allowing for the execution of script code in the
+    context of the user's browser, for the theft of browser credentials or
+    for a redirection to an arbitrary web site after login.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SiteBar users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/sitebar-3.3.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5491">CVE-2007-5491</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5492">CVE-2007-5492</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5692">CVE-2007-5692</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5693">CVE-2007-5693</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5694">CVE-2007-5694</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5695">CVE-2007-5695</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-10-18T20:00:51Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-18T20:01:07Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-06.xml b/metadata/glsa/glsa-200711-06.xml
new file mode 100644
index 000000000000..680fc9c2665c
--- /dev/null
+++ b/metadata/glsa/glsa-200711-06.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-06">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Apache, possibly resulting
+    in a Denial of Service or the disclosure of sensitive information.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2007-11-07</announced>
+  <revised count="01">2007-11-07</revised>
+  <bug>186219</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="rge">2.0.59-r5</unaffected>
+      <unaffected range="ge">2.2.6</unaffected>
+      <vulnerable range="lt">2.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple cross-site scripting vulnerabilities have been discovered in
+    mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error
+    has been discovered in the recall_headers() function in mod_mem_cache
+    (CVE-2007-1862). The mod_cache module does not properly sanitize
+    requests before processing them (CVE-2007-1863). The Prefork module
+    does not properly check PID values before sending signals
+    (CVE-2007-3304). The mod_proxy module does not correctly check headers
+    before processing them (CVE-2007-3847).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit one of these vulnerabilities to inject
+    arbitrary script or HTML content, obtain sensitive information or cause
+    a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.0.59-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752">CVE-2006-5752</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862">CVE-2007-1862</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863">CVE-2007-1863</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304">CVE-2007-3304</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847">CVE-2007-3847</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465">CVE-2007-4465</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-25T14:34:09Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-25T14:34:48Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-15T20:07:35Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-07.xml b/metadata/glsa/glsa-200711-07.xml
new file mode 100644
index 000000000000..9c910e4372fc
--- /dev/null
+++ b/metadata/glsa/glsa-200711-07.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-07">
+  <title>Python: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflow vulnerabilities have been discovered in Python,
+    possibly resulting in the execution of arbitrary code or a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2007-11-07</announced>
+  <revised count="01">2007-11-07</revised>
+  <bug>192876</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="rge">2.3.6-r3</unaffected>
+      <unaffected range="ge">2.4.4-r6</unaffected>
+      <vulnerable range="lt">2.4.4-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented programming
+    language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Slythers Bro discovered multiple integer overflows in the imageop
+    module, one of them in the tovideo() method, in various locations in
+    files imageop.c, rbgimgmodule.c, and also in other files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process specially crafted
+    images with an application using the Python imageop module, resulting
+    in the execution of arbitrary code with the privileges of the user
+    running the application, or a Denial of Service. Note that this
+    vulnerability may or may not be exploitable, depending on the
+    application using the module.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Python 2.3.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.3.6-r3"</code>
+    <p>
+    All Python 2.4.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.4.4-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965">CVE-2007-4965</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-27T13:38:30Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-01T20:41:20Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-01T20:41:27Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-08.xml b/metadata/glsa/glsa-200711-08.xml
new file mode 100644
index 000000000000..b4490cc23642
--- /dev/null
+++ b/metadata/glsa/glsa-200711-08.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-08">
+  <title>libpng: Multiple Denials of Service</title>
+  <synopsis>
+    Several vulnerabilities in libpng may allow a remote attacker to crash
+    applications that handle untrusted images.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2007-11-07</announced>
+  <revised count="01">2007-11-07</revised>
+  <bug>195261</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.21-r3</unaffected>
+      <vulnerable range="lt">1.2.21-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is a free ANSI C library used to process and manipulate PNG
+    images.
+    </p>
+  </background>
+  <description>
+    <p>
+    An off-by-one error when handling ICC profile chunks in the
+    png_set_iCCP() function was discovered (CVE-2007-5266). George Cook and
+    Jeff Phillips reported several errors in pngrtran.c, the use of logical
+    instead of a bitwise functions and incorrect comparisons
+    (CVE-2007-5268). Tavis Ormandy reported out-of-bounds read errors in
+    several PNG chunk handling functions (CVE-2007-5269).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could craft an image that when processed or viewed by
+    an application using libpng would cause the application to terminate
+    abnormally.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.21-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266">CVE-2007-5266</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268">CVE-2007-5268</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269">CVE-2007-5269</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-20T09:57:33Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-10-20T09:57:41Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-26T00:26:03Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-09.xml b/metadata/glsa/glsa-200711-09.xml
new file mode 100644
index 000000000000..d1157db45683
--- /dev/null
+++ b/metadata/glsa/glsa-200711-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-09">
+  <title>MadWifi: Denial of service</title>
+  <synopsis>
+    MadWifi does not correctly process beacon frames which can lead to a
+    remotely triggered Denial of Service.
+  </synopsis>
+  <product type="ebuild">madwifi-ng</product>
+  <announced>2007-11-07</announced>
+  <revised count="01">2007-11-07</revised>
+  <bug>195705</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/madwifi-ng" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3.3</unaffected>
+      <vulnerable range="lt">0.9.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The MadWifi driver provides support for Atheros based IEEE 802.11
+    Wireless Lan cards.
+    </p>
+  </background>
+  <description>
+    <p>
+    Clemens Kolbitsch and Sylvester Keil reported an error when processing
+    beacon frames with an overly large "length" value in the "xrates"
+    element.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could act as an access point and send a specially
+    crafted packet to an Atheros based wireless client, possibly resulting
+    in a Denial of Service (kernel panic).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MadWifi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/madwifi-ng-0.9.3.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5448">CVE-2007-5448</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-02T23:16:45Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-03T23:18:04Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-03T23:18:55Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-10.xml b/metadata/glsa/glsa-200711-10.xml
new file mode 100644
index 000000000000..24e74be3008d
--- /dev/null
+++ b/metadata/glsa/glsa-200711-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-10">
+  <title>Mono: Buffer overflow</title>
+  <synopsis>
+    Mono's BigInteger implementation contains a buffer overflow vulnerability
+    that might lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mono</product>
+  <announced>2007-11-07</announced>
+  <revised count="01">2007-11-07</revised>
+  <bug>197067</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/mono" auto="yes" arch="*">
+      <unaffected range="ge">1.2.5.1-r1</unaffected>
+      <vulnerable range="lt">1.2.5.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mono provides the necessary software to develop and run .NET client and
+    server applications on various platforms.
+    </p>
+  </background>
+  <description>
+    <p>
+    IOActive discovered an error in the Mono.Math.BigInteger class, in the
+    reduction step of the Montgomery-based Pow methods, that could lead to
+    a buffer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability by sending specially
+    crafted data to Mono applications using the BigInteger class, which
+    might lead to the execution of arbitrary code with the privileges of
+    the user running the application (possibly root) or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mono users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/mono-1.2.5.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5197">CVE-2007-5197</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-11-03T23:52:57Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-07T22:49:37Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-11.xml b/metadata/glsa/glsa-200711-11.xml
new file mode 100644
index 000000000000..3eb03387be56
--- /dev/null
+++ b/metadata/glsa/glsa-200711-11.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-11">
+  <title>Nagios Plugins: Two buffer overflows</title>
+  <synopsis>
+    Two buffer overflow vulnerabilities in the Nagios Plugins might allow for
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nagios-plugins</product>
+  <announced>2007-11-08</announced>
+  <revised count="01">2007-11-08</revised>
+  <bug>196308</bug>
+  <bug>194178</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/nagios-plugins" auto="yes" arch="*">
+      <unaffected range="ge">1.4.10-r1</unaffected>
+      <vulnerable range="lt">1.4.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Nagios Plugins are an official set of plugins for Nagios, an open
+    source host, service and network monitoring program.
+    </p>
+  </background>
+  <description>
+    <p>
+    fabiodds reported a boundary checking error in the "check_snmp" plugin
+    when processing SNMP "GET" replies that could lead to a stack-based
+    buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary
+    checking error in the redir() function of the "check_http" plugin when
+    processing HTTP "Location:" header information which might lead to a
+    buffer overflow (CVE-2007-5198).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to execute
+    arbitrary code with the privileges of the user running Nagios or cause
+    a Denial of Service by (1) sending a specially crafted SNMP "GET" reply
+    to the Nagios daemon or (2) sending an overly long string in the
+    "Location:" header of an HTTP reply. Note that to exploit (2), the
+    malicious or compromised web server has to be configured in Nagios and
+    the "-f" (follow) option has to be enabled.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of the Nagios Plugins should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nagios-plugins-1.4.10-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5198">CVE-2007-5198</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5623">CVE-2007-5623</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-03T12:12:46Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-05T00:16:27Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-07T19:12:11Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-12.xml b/metadata/glsa/glsa-200711-12.xml
new file mode 100644
index 000000000000..65d0aadaf7d0
--- /dev/null
+++ b/metadata/glsa/glsa-200711-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-12">
+  <title>Tomboy: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Tomboy doesn't properly handle environment variables, potentially allowing
+    a local attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">tomboy</product>
+  <announced>2007-11-08</announced>
+  <revised count="01">2007-11-08</revised>
+  <bug>189249</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-misc/tomboy" auto="yes" arch="*">
+      <unaffected range="ge">0.8.1-r1</unaffected>
+      <vulnerable range="lt">0.8.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tomboy is a GTK-based desktop note-taking application written in C# and
+    the Mono C#.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jan Oravec reported that the "/usr/bin/tomboy" script sets the
+    "LD_LIBRARY_PATH" environment variable incorrectly, which might result
+    in the current working directory (.) to be included when searching for
+    dynamically linked libraries of the Mono Runtime application.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user into running Tomboy in a directory
+    containing a specially crafted library file to execute arbitrary code
+    with the privileges of the user running Tomboy.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run Tomboy from an untrusted working directory.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tomboy users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-misc/tomboy-0.8.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790">CVE-2005-4790</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-06T01:11:29Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-06T04:11:22Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-06T04:11:35Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-13.xml b/metadata/glsa/glsa-200711-13.xml
new file mode 100644
index 000000000000..b5fae92bd609
--- /dev/null
+++ b/metadata/glsa/glsa-200711-13.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-13">
+  <title>3proxy: Denial of service</title>
+  <synopsis>
+    A vulnerability has been discovered in 3proxy, possibly resulting in a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">3proxy</product>
+  <announced>2007-11-08</announced>
+  <revised count="01">2007-11-08</revised>
+  <bug>196772</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/3proxy" auto="yes" arch="*">
+      <unaffected range="ge">0.5.3j</unaffected>
+      <vulnerable range="lt">0.5.3j</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    3proxy is a really tiny cross-platform proxy servers set, including
+    HTTP, HTTPS, FTP, SOCKS and POP3 support.
+    </p>
+  </background>
+  <description>
+    <p>
+    3proxy contains a double free vulnerability in the ftpprchild()
+    function, which frees param-&gt;hostname and calls the parsehostname()
+    function, which in turn attempts to free param-&gt;hostname again.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted request to the proxy,
+    possibly resulting in a Denial of Service. Under typical configuration,
+    the scope of this vulnerability is limited to the local network.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All 3proxy users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/3proxy-0.5.3j"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5622">CVE-2007-5622</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-02T23:15:07Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-03T12:02:00Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-04T14:26:02Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-14.xml b/metadata/glsa/glsa-200711-14.xml
new file mode 100644
index 000000000000..8fb053eb848d
--- /dev/null
+++ b/metadata/glsa/glsa-200711-14.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-14">
+  <title>Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey
+    and XULRunner, potentially allowing to compromise a user's system.
+  </synopsis>
+  <product type="ebuild">firefox seamonkey xulrunner</product>
+  <announced>2007-11-12</announced>
+  <revised count="01">2007-11-12</revised>
+  <bug>196480</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.9</unaffected>
+      <vulnerable range="lt">2.0.0.9</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.9</unaffected>
+      <vulnerable range="lt">2.0.0.9</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.1.6</unaffected>
+      <vulnerable range="lt">1.1.6</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.6</unaffected>
+      <vulnerable range="lt">1.1.6</vulnerable>
+    </package>
+    <package name="net-libs/xulrunner" auto="yes" arch="*">
+      <unaffected range="ge">1.8.1.9</unaffected>
+      <vulnerable range="lt">1.8.1.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey
+    is a free, cross-platform Internet suite.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in Mozilla Firefox and
+    SeaMonkey. Various errors in the browser engine and the Javascript
+    engine can be exploited to cause a memory corruption (CVE-2007-5339 and
+    CVE-2007-5340). Before being used in a request, input passed to the
+    user ID when making an HTTP request with digest authentication is not
+    properly sanitised (CVE-2007-2292). The titlebar can be hidden by a XUL
+    markup language document (CVE-2007-5334). Additionally, an error exists
+    in the handling of "smb:" and "sftp:" URI schemes on systems with
+    gnome-vfs support (CVE-2007-5337). An unspecified error in the handling
+    of "XPCNativeWrappers" and not properly implementing JavaScript
+    onUnload() handlers may allow the execution of arbitrary Javascript
+    code (CVE-2007-5338 and CVE-2007-1095). Another error is triggered by
+    using the addMicrosummaryGenerator sidebar method to access file: URIs
+    (CVE-2007-5335).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these issues to execute arbitrary code,
+    gain the privileges of the user running the application, disclose
+    sensitive information, conduct phishing attacks, and read and
+    manipulate certain data.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-2.0.0.9"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-2.0.0.9"</code>
+    <p>
+    All SeaMonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.1.6"</code>
+    <p>
+    All SeaMonkey binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-1.1.6"</code>
+    <p>
+    All XULRunner users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/xulrunner-1.8.1.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095">CVE-2007-1095</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292">CVE-2007-2292</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334">CVE-2007-5334</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5335">CVE-2007-5335</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337">CVE-2007-5337</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338">CVE-2007-5338</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339">CVE-2007-5339</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340">CVE-2007-5340</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-24T22:27:12Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-10-25T23:05:04Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-12T21:08:46Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-15.xml b/metadata/glsa/glsa-200711-15.xml
new file mode 100644
index 000000000000..47257a62fc53
--- /dev/null
+++ b/metadata/glsa/glsa-200711-15.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-15">
+  <title>FLAC: Buffer overflow</title>
+  <synopsis>
+    Multiple integer overflow vulnerabilities were found in FLAC possibly
+    allowing for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">flac</product>
+  <announced>2007-11-12</announced>
+  <revised count="01">2007-11-12</revised>
+  <bug>195700</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/flac" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1-r1</unaffected>
+      <vulnerable range="lt">1.2.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Xiph.org Free Lossless Audio Codec (FLAC) library is the reference
+    implementation of the FLAC audio file format. It contains encoders and
+    decoders in library and executable form.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sean de Regge reported multiple integer overflows when processing FLAC
+    media files that could lead to improper memory allocations resulting in
+    heap-based buffer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted FLAC
+    file or network stream with an application using FLAC. This might lead
+    to the execution of arbitrary code with privileges of the user playing
+    the file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FLAC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/flac-1.2.1-r1"</code>
+    <p>
+    You should also run revdep-rebuild to rebuild any packages that depend
+    on older versions of FLAC:
+    </p>
+    <code>
+    # revdep-rebuild --library=libFLAC.*</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619">CVE-2007-4619</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-01T19:12:08Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-02T03:25:37Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-03T23:19:45Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-16.xml b/metadata/glsa/glsa-200711-16.xml
new file mode 100644
index 000000000000..1a89986ff2f2
--- /dev/null
+++ b/metadata/glsa/glsa-200711-16.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-16">
+  <title>CUPS: Memory corruption</title>
+  <synopsis>
+    CUPS contains a boundary checking error that might lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2007-11-12</announced>
+  <revised count="01">2007-11-12</revised>
+  <bug>196736</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.2.12-r2</unaffected>
+      <vulnerable range="lt">1.2.12-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CUPS provides a portable printing layer for UNIX-based operating
+    systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alin Rad Pop (Secunia Research) discovered an off-by-one error in the
+    ippReadIO() function when handling Internet Printing Protocol (IPP)
+    tags that might allow to overwrite one byte on the stack.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could send a specially crafted IPP request containing
+    "textWithLanguage" or "nameWithLanguage" tags, leading to a Denial of
+    Service or the execution of arbitrary code with the privileges of the
+    "lp" user. If CUPS is configured to allow network printing, this
+    vulnerability might be remotely exploitable.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    To avoid remote exploitation, network access to CUPS servers on port
+    631/udp should be restricted. In order to do this, update the "Listen"
+    setting in cupsd.conf to "<i>Listen localhost:631</i>" or add a rule to
+    the system's firewall. However, this will not avoid local users from
+    exploiting this vulnerability.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.2.12-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351">CVE-2007-4351</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-11-04T00:16:24Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-11T08:38:00Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-17.xml b/metadata/glsa/glsa-200711-17.xml
new file mode 100644
index 000000000000..a1ec82798000
--- /dev/null
+++ b/metadata/glsa/glsa-200711-17.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-17">
+  <title>Ruby on Rails: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities were found in Ruby on Rails allowing for file
+    disclosure and theft of user credentials.
+  </synopsis>
+  <product type="ebuild">rails</product>
+  <announced>2007-11-14</announced>
+  <revised count="01">2007-11-14</revised>
+  <bug>195315</bug>
+  <bug>182223</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/rails" auto="yes" arch="*">
+      <unaffected range="ge">1.2.5</unaffected>
+      <vulnerable range="lt">1.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby on Rails is a free web framework used to develop database-driven
+    web applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    candlerb found that ActiveResource, when processing responses using the
+    Hash.from_xml() function, does not properly sanitize filenames
+    (CVE-2007-5380). The session management functionality allowed the
+    "session_id" to be set in the URL (CVE-2007-5380). BCC discovered that
+    the to_json() function does not properly sanitize input before
+    returning it to the user (CVE-2007-3227).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Unauthenticated remote attackers could exploit these vulnerabilities to
+    determine the existence of files or to read the contents of arbitrary
+    XML files; conduct session fixation attacks and gain unauthorized
+    access; and to execute arbitrary HTML and script code in a user's
+    browser session in context of an affected site by enticing a user to
+    browse a specially crafted URL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby on Rails users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rails-1.2.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227">CVE-2007-3227</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379">CVE-2007-5379</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380">CVE-2007-5380</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-07T08:24:34Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-07T20:49:09Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-09T19:31:01Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-18.xml b/metadata/glsa/glsa-200711-18.xml
new file mode 100644
index 000000000000..74a11d10a1fc
--- /dev/null
+++ b/metadata/glsa/glsa-200711-18.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-18">
+  <title>Cpio: Buffer overflow</title>
+  <synopsis>
+    GNU cpio contains a buffer overflow vulnerability, possibly resulting in a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">cpio</product>
+  <announced>2007-11-14</announced>
+  <revised count="01">2007-11-14</revised>
+  <bug>196978</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/cpio" auto="yes" arch="*">
+      <unaffected range="ge">2.9-r1</unaffected>
+      <vulnerable range="lt">2.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU cpio copies files into or out of a cpio or tar archive.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow vulnerability in the safer_name_suffix() function in
+    GNU cpio has been discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    archive file resulting in a stack-based buffer overflow, possibly
+    crashing the application. It is disputed whether the execution of
+    arbitrary code is possible.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU cpio users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/cpio-2.9-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476">CVE-2007-4476</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-07T19:52:13Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-07T20:48:37Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-08T18:58:10Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-19.xml b/metadata/glsa/glsa-200711-19.xml
new file mode 100644
index 000000000000..8ee792bea83a
--- /dev/null
+++ b/metadata/glsa/glsa-200711-19.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-19">
+  <title>TikiWiki: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in TikiWiki, possibly
+    resulting in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2007-11-14</announced>
+  <revised count="01">2007-11-14</revised>
+  <bug>195503</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.9.8.3</unaffected>
+      <vulnerable range="lt">1.9.8.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is an open source content management system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Esser reported that a previous vulnerability (CVE-2007-5423,
+    GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1
+    (CVE-2007-5682). The TikiWiki development team also added several
+    checks to avoid file inclusion.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to inject
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.9.8.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-21.xml">GLSA 200710-21</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423">CVE-2007-5423</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5682">CVE-2007-5682</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-10-27T13:39:33Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-03T23:20:18Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-13T23:14:54Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-20.xml b/metadata/glsa/glsa-200711-20.xml
new file mode 100644
index 000000000000..b9fd27361e14
--- /dev/null
+++ b/metadata/glsa/glsa-200711-20.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-20">
+  <title>Pioneers: Multiple Denials of Service</title>
+  <synopsis>
+    Two Denial of Service vulnerabilities were discovered in Pioneers.
+  </synopsis>
+  <product type="ebuild">pioneers</product>
+  <announced>2007-11-14</announced>
+  <revised count="04">2007-11-29</revised>
+  <bug>198807</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-board/pioneers" auto="yes" arch="*">
+      <unaffected range="ge">0.11.3-r1</unaffected>
+      <vulnerable range="lt">0.11.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pioneers (formerly gnocatan) is a clone of the popular board game "The
+    Settlers of Catan".
+    </p>
+  </background>
+  <description>
+    <p>
+    Roland Clobus discovered that the Pioneers server may free sessions
+    objects while they are still in use, resulting in access to invalid
+    memory zones (CVE-2007-5933). Bas Wijnen discovered an error when
+    closing connections which can lead to a failed assertion
+    (CVE-2007-6010).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted data to the vulnerable
+    server, resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pioneers users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-board/pioneers-0.11.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5933">CVE-2007-5933</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6010">CVE-2007-6010</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-11T15:28:52Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-13T22:49:53Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-13T23:00:46Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-21.xml b/metadata/glsa/glsa-200711-21.xml
new file mode 100644
index 000000000000..f036800147a4
--- /dev/null
+++ b/metadata/glsa/glsa-200711-21.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-21">
+  <title>Bochs: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Bochs, possibly allowing
+    for the execution of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">bochs</product>
+  <announced>2007-11-17</announced>
+  <revised count="01">2007-11-17</revised>
+  <bug>188148</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/bochs" auto="yes" arch="*">
+      <unaffected range="ge">2.3</unaffected>
+      <vulnerable range="lt">2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Bochs is a IA-32 (x86) PC emulator written in C++.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team discovered a heap-based
+    overflow vulnerability in the NE2000 driver (CVE-2007-2893). He also
+    discovered a divide-by-zero error in the emulated floppy disk
+    controller (CVE-2007-2894).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker in the guest operating system could exploit these
+    issues to execute code outside of the virtual machine, or cause Bochs
+    to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Bochs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/bochs-2.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2893">CVE-2007-2893</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2894">CVE-2007-2894</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-09-29T14:10:20Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-09-29T14:11:15Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-01T20:22:24Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-22.xml b/metadata/glsa/glsa-200711-22.xml
new file mode 100644
index 000000000000..cfc0cc1cc153
--- /dev/null
+++ b/metadata/glsa/glsa-200711-22.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-22">
+  <title>Poppler, KDE: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Poppler and various KDE components are vulnerable to multiple memory
+    management issues possibly resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">poppler koffice kword kdegraphics kpdf</product>
+  <announced>2007-11-18</announced>
+  <revised count="01">2007-11-18</revised>
+  <bug>196735</bug>
+  <bug>198409</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.6.1-r1</unaffected>
+      <vulnerable range="lt">0.6.1-r1</vulnerable>
+    </package>
+    <package name="kde-base/kpdf" auto="yes" arch="*">
+      <unaffected range="rge">3.5.7-r3</unaffected>
+      <unaffected range="ge">3.5.8-r1</unaffected>
+      <vulnerable range="lt">3.5.8-r1</vulnerable>
+    </package>
+    <package name="kde-base/kdegraphics" auto="yes" arch="*">
+      <unaffected range="rge">3.5.7-r3</unaffected>
+      <unaffected range="ge">3.5.8-r1</unaffected>
+      <vulnerable range="lt">3.5.8-r1</vulnerable>
+    </package>
+    <package name="app-office/kword" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r2</unaffected>
+      <vulnerable range="lt">1.6.3-r2</vulnerable>
+    </package>
+    <package name="app-office/koffice" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r2</unaffected>
+      <vulnerable range="lt">1.6.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Poppler is a cross-platform PDF rendering library originally based on
+    Xpdf. KOffice is an integrated office suite for KDE. KWord is the
+    KOffice word processor. KPDF is a KDE-based PDF viewer included in the
+    kdegraphics package.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alin Rad Pop (Secunia Research) discovered several vulnerabilities in
+    the "Stream.cc" file of Xpdf: An integer overflow in the
+    DCTStream::reset() method and a boundary error in the
+    CCITTFaxStream::lookChar() method, both leading to heap-based buffer
+    overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary
+    checking error in the DCTStream::readProgressiveDataUnit() method
+    causing memory corruption (CVE-2007-4352). Note: Gentoo's version of
+    Xpdf is patched to use the Poppler library, so the update to Poppler
+    will also fix Xpdf.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to view or process a specially crafted PDF file with
+    KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf,
+    ePDFView, and Evince or the CUPS printing system, a remote attacker
+    could cause an overflow, potentially resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Poppler users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.6.1-r1"</code>
+    <p>
+    All KPDF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kpdf-3.5.7-r3"</code>
+    <p>
+    All KDE Graphics Libraries users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdegraphics-3.5.7-r3"</code>
+    <p>
+    All KWord users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/kword-1.6.3-r2"</code>
+    <p>
+    All KOffice users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/koffice-1.6.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352">CVE-2007-4352</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392">CVE-2007-5392</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393">CVE-2007-5393</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-11-13T00:47:07Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-18T00:30:13Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-23.xml b/metadata/glsa/glsa-200711-23.xml
new file mode 100644
index 000000000000..25c9cd40e1da
--- /dev/null
+++ b/metadata/glsa/glsa-200711-23.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-23">
+  <title>VMware Workstation and Player: Multiple vulnerabilities</title>
+  <synopsis>
+    VMware guest operating systems might be able to execute arbitrary code with
+    elevated privileges on the host operating system through multiple flaws.
+  </synopsis>
+  <product type="ebuild">vmware-workstation vmware-player</product>
+  <announced>2007-11-18</announced>
+  <revised count="03">2008-04-16</revised>
+  <bug>193196</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/vmware-workstation" auto="yes" arch="*">
+      <unaffected range="ge">5.5.5.56455</unaffected>
+      <vulnerable range="lt">5.5.5.56455</vulnerable>
+      <vulnerable range="eq">6.0.0.45731</vulnerable>
+    </package>
+    <package name="app-emulation/vmware-player" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5.56455</unaffected>
+      <vulnerable range="lt">1.0.5.56455</vulnerable>
+      <vulnerable range="eq">2.0.0.45731</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VMware Workstation is a virtual machine for developers and system
+    administrators. VMware Player is a freeware virtualization software
+    that can run guests produced by other VMware products.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in several VMware
+    products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that
+    the DHCP server contains an integer overflow vulnerability
+    (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and
+    another error when handling malformed packets (CVE-2007-0061), leading
+    to stack-based buffer overflows or stack corruption. Rafal Wojtczvk
+    (McAfee) discovered two unspecified errors that allow authenticated
+    users with administrative or login privileges on a guest operating
+    system to corrupt memory or cause a Denial of Service (CVE-2007-4496,
+    CVE-2007-4497). Another unspecified vulnerability related to untrusted
+    virtual machine images was discovered (CVE-2007-5617).
+    </p>
+    <p>
+    VMware products also shipped code copies of software with several
+    vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT
+    Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow
+    (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,
+    CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers within a guest system could possibly exploit these
+    vulnerabilities to execute code on the host system with elevated
+    privileges or to cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VMware Workstation users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/vmware-workstation-5.5.5.56455"</code>
+    <p>
+    All VMware Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/vmware-player-1.0.5.56455"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813">CVE-2004-0813</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619">CVE-2006-3619</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146">CVE-2006-4146</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600">CVE-2006-4600</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061">CVE-2007-0061</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062">CVE-2007-0062</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063">CVE-2007-0063</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716">CVE-2007-1716</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496">CVE-2007-4496</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497">CVE-2007-4497</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5617">CVE-2007-5617</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200606-02.xml">GLSA-200606-02</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200702-06.xml">GLSA-200702-06</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200704-11.xml">GLSA-200704-11</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-15.xml">GLSA-200705-15</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200707-11.xml">GLSA-200707-11</uri>
+    <uri link="https://lists.vmware.com/pipermail/security-announce/2007/000001.html">VMSA-2007-0006</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-07T01:24:32Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-13T02:06:33Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-15T23:43:42Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-24.xml b/metadata/glsa/glsa-200711-24.xml
new file mode 100644
index 000000000000..9f2575cc9c8b
--- /dev/null
+++ b/metadata/glsa/glsa-200711-24.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-24">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Thunderbird, which
+    may allow user-assisted arbitrary remote code execution.
+  </synopsis>
+  <product type="ebuild">mozilla-thunderbird mozilla-thunderbird-bin</product>
+  <announced>2007-11-18</announced>
+  <revised count="01">2007-11-18</revised>
+  <bug>196481</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.9</unaffected>
+      <vulnerable range="lt">2.0.0.9</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.9</unaffected>
+      <vulnerable range="lt">2.0.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Thunderbird is a popular open-source email client from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in Mozilla Thunderbird's
+    HTML browser engine (CVE-2007-5339) and JavaScript engine
+    (CVE-2007-5340) that can be exploited to cause a memory corruption.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to read a specially crafted email
+    that could trigger one of the vulnerabilities, possibly leading to the
+    execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time for all of these issues, but
+    some of them can be avoided by disabling JavaScript.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-2.0.0.9"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-2.0.0.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339">CVE-2007-5339</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340">CVE-2007-5340</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-14.xml">GLSA 200711-14</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-18T13:53:08Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-18T19:54:39Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-18T19:58:25Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-25.xml b/metadata/glsa/glsa-200711-25.xml
new file mode 100644
index 000000000000..2f8d6ecd0695
--- /dev/null
+++ b/metadata/glsa/glsa-200711-25.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-25">
+  <title>MySQL: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability was found in MySQL.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2007-11-18</announced>
+  <revised count="01">2007-11-18</revised>
+  <bug>198988</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.0.44-r2</unaffected>
+      <vulnerable range="lt">5.0.44-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular multi-threaded, multi-user SQL server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joe Gallo and Artem Russakovskii reported an error in the
+    convert_search_mode_to_innobase() function in ha_innodb.cc in the
+    InnoDB engine that is leading to a failed assertion when handling
+    CONTAINS operations.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote authenticated attacker with ALTER privileges could send a
+    specially crafted request to a vulnerable database server possibly
+    leading to a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.0.44-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925">CVE-2007-5925</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-18T14:18:51Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-18T20:09:52Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-18T20:10:13Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-26.xml b/metadata/glsa/glsa-200711-26.xml
new file mode 100644
index 000000000000..d728cd8be0aa
--- /dev/null
+++ b/metadata/glsa/glsa-200711-26.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-26">
+  <title>teTeX: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in teTeX, possibly allowing
+    to execute arbitrary code or overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">tetex</product>
+  <announced>2007-11-18</announced>
+  <revised count="01">2007-11-18</revised>
+  <bug>198238</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/tetex" auto="yes" arch="*">
+      <unaffected range="ge">3.0_p1-r6</unaffected>
+      <vulnerable range="lt">3.0_p1-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    teTeX is a complete TeX distribution for editing documents.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joachim Schrod discovered several buffer overflow vulnerabilities and
+    an insecure temporary file creation in the "dvilj" application that is
+    used by dvips to convert DVI files to printer formats (CVE-2007-5937,
+    CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
+    is vulnerable to two stack-based buffer overflows when processing DVI
+    documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
+    code from Xpdf that is vulnerable to a memory corruption and two
+    heap-based buffer overflows (GLSA 200711-22); and it contains code from
+    T1Lib that is vulnerable to a buffer overflow when processing an overly
+    long font filename (GLSA 200710-12).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process a specially crafted
+    DVI or PDF file which could lead to the execution of arbitrary code
+    with the privileges of the user running the application. A local
+    attacker could exploit the "dvilj" vulnerability to conduct a symlink
+    attack to overwrite arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All teTeX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/tetex-3.0_p1-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935">CVE-2007-5935</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5936">CVE-2007-5936</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937">CVE-2007-5937</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-12.xml">GLSA 200710-12</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-22.xml">GLSA 200711-22</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-11-13T01:13:42Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-18T21:46:32Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-27.xml b/metadata/glsa/glsa-200711-27.xml
new file mode 100644
index 000000000000..9adf9be3f1b4
--- /dev/null
+++ b/metadata/glsa/glsa-200711-27.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-27">
+  <title>Link Grammar: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in Link Grammar.
+  </synopsis>
+  <product type="ebuild">link-grammar</product>
+  <announced>2007-11-18</announced>
+  <revised count="01">2007-11-18</revised>
+  <bug>196803</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/link-grammar" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4-r1</unaffected>
+      <vulnerable range="lt">4.2.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Link Grammar parser is a syntactic parser of English, based on link
+    grammar, an original theory of English syntax.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alin Rad Pop from Secunia Research discovered a boundary error in the
+    function separate_sentence() in file tokenize.c when processing an
+    overly long word which might lead to a stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to parse a specially crafted
+    sentence, resulting in the remote execution of arbitrary code with the
+    privileges of the user running the application. Note that this
+    vulnerability may be triggered by an application using Link Grammar to
+    parse sentences (e.g. AbiWord).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Link Grammar users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/link-grammar-4.2.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5395">CVE-2007-5395</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-14T17:43:19Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-17T19:29:25Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-17T19:29:34Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-28.xml b/metadata/glsa/glsa-200711-28.xml
new file mode 100644
index 000000000000..448450818e62
--- /dev/null
+++ b/metadata/glsa/glsa-200711-28.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-28">
+  <title>Perl: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow in the Regular Expression engine in Perl possibly allows
+    for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2007-11-19</announced>
+  <revised count="01">2007-11-19</revised>
+  <bug>198196</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.8.8-r4</unaffected>
+      <vulnerable range="lt">5.8.8-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Perl is a stable, cross-platform programming language created by Larry
+    Wall.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy and Will Drewry (Google Security Team) discovered a
+    heap-based buffer overflow in the Regular Expression engine (regcomp.c)
+    that occurs when switching from byte to Unicode (UTF-8) characters in a
+    regular expression.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could either entice a user to compile a specially
+    crafted regular expression or actively compile it in case the script
+    accepts remote input of regular expressions, possibly leading to the
+    execution of arbitrary code with the privileges of the user running
+    Perl.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Perl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.8.8-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116">CVE-2007-5116</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-14T01:27:30Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-15T00:34:08Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-19T14:24:28Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-29.xml b/metadata/glsa/glsa-200711-29.xml
new file mode 100644
index 000000000000..f2023c0a5824
--- /dev/null
+++ b/metadata/glsa/glsa-200711-29.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-29">
+  <title>Samba: Execution of arbitrary code</title>
+  <synopsis>
+    Samba contains two buffer overflow vulnerabilities potentially resulting in
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2007-11-20</announced>
+  <revised count="03">2007-12-05</revised>
+  <bug>197519</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.27a</unaffected>
+      <vulnerable range="lt">3.0.27a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a suite of SMB and CIFS client/server programs for UNIX.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia
+    Research) discovered a boundary checking error in the
+    reply_netbios_packet() function which could lead to a stack-based
+    buffer overflow (CVE-2007-5398). The Samba developers discovered a
+    boundary error when processing GETDC logon requests also leading to a
+    buffer overflow (CVE-2007-4572).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    To exploit the first vulnerability, a remote unauthenticated attacker
+    could send specially crafted WINS "Name Registration" requests followed
+    by a WINS "Name Query" request. This might lead to execution of
+    arbitrary code with elevated privileges. Note that this vulnerability
+    is exploitable only when WINS server support is enabled in Samba. The
+    second vulnerability could be exploited by sending specially crafted
+    "GETDC" mailslot requests, but requires Samba to be configured as a
+    Primary or Backup Domain Controller. It is not believed the be
+    exploitable to execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    To work around the first vulnerability, disable WINS support in Samba
+    by setting "<i>wins support = no</i>" in the "global" section of your
+    smb.conf and restart Samba.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.27a"</code>
+    <p>
+    The first vulnerability (CVE-2007-5398) was already fixed in Samba
+    3.0.26a-r2.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-11-03T23:37:14Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-20T21:13:02Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-30.xml b/metadata/glsa/glsa-200711-30.xml
new file mode 100644
index 000000000000..8bcbfe2e7250
--- /dev/null
+++ b/metadata/glsa/glsa-200711-30.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-30">
+  <title>PCRE: Multiple vulnerabilities</title>
+  <synopsis>
+    PCRE is vulnerable to multiple buffer overflow and memory corruption
+    vulnerabilities, possibly leading to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libpcre</product>
+  <announced>2007-11-20</announced>
+  <revised count="01">2007-11-20</revised>
+  <bug>198198</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre" auto="yes" arch="*">
+      <unaffected range="ge">7.3-r1</unaffected>
+      <vulnerable range="lt">7.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PCRE is a library providing functions for Perl-compatible regular
+    expressions.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy (Google Security) discovered multiple vulnerabilities in
+    PCRE. He reported an error when processing "\Q\E" sequences with
+    unmatched "\E" codes that can lead to the compiled bytecode being
+    corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for
+    unspecified "multiple forms of character class", which triggers a
+    buffer overflow (CVE-2007-1660). Further improper calculations of
+    memory boundaries were reported when matching certain input bytes
+    against regex patterns in non UTF-8 mode (CVE-2007-1661) and when
+    searching for unmatched brackets or parentheses (CVE-2007-1662).
+    Multiple integer overflows when processing escape sequences may lead to
+    invalid memory read operations or potentially cause heap-based buffer
+    overflows (CVE-2007-4766). PCRE does not properly handle "\P" and
+    "\P{x}" sequences which can lead to heap-based buffer overflows or
+    trigger the execution of infinite loops (CVE-2007-4767), PCRE is also
+    prone to an error when optimizing character classes containing a
+    singleton UTF-8 sequence which might lead to a heap-based buffer
+    overflow (CVE-2007-4768).
+    </p>
+    <p>
+    Chris Evans also reported multiple integer overflow vulnerabilities in
+    PCRE when processing a large number of named subpatterns ("name_count")
+    or long subpattern names ("max_name_size") (CVE-2006-7227), and via
+    large "min", "max", or "duplength" values (CVE-2006-7228) both possibly
+    leading to buffer overflows. Another vulnerability was reported when
+    compiling patterns where the "-x" or "-i" UTF-8 options change within
+    the pattern, which might lead to improper memory calculations
+    (CVE-2006-7230).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities by sending specially
+    crafted regular expressions to applications making use of the PCRE
+    library, which could possibly lead to the execution of arbitrary code,
+    a Denial of Service or the disclosure of sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PCRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-7.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227">CVE-2006-7227</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228">CVE-2006-7228</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230">CVE-2006-7230</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659">CVE-2007-1659</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660">CVE-2007-1660</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661">CVE-2007-1661</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662">CVE-2007-1662</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766">CVE-2007-4766</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767">CVE-2007-4767</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768">CVE-2007-4768</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-09T10:23:13Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-20T00:43:59Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-20T00:44:04Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-31.xml b/metadata/glsa/glsa-200711-31.xml
new file mode 100644
index 000000000000..c2ad71fe7458
--- /dev/null
+++ b/metadata/glsa/glsa-200711-31.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-31">
+  <title>Net-SNMP: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been discovered in Net-SNMP when
+    processing GETBULK requests.
+  </synopsis>
+  <product type="ebuild">net-snmp</product>
+  <announced>2007-11-20</announced>
+  <revised count="01">2007-11-20</revised>
+  <bug>198346</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.4.1-r1</unaffected>
+      <vulnerable range="lt">5.4.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Net-SNMP is a collection of tools for generating and retrieving SNMP
+    data.
+    </p>
+  </background>
+  <description>
+    <p>
+    The SNMP agent (snmpd) does not properly handle GETBULK requests with
+    an overly large "max-repetitions" field.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote unauthenticated attacker could send a specially crafted SNMP
+    request to the vulnerable application, possibly resulting in a high CPU
+    and memory consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Net-SNMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/net-snmp-5.4.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846">CVE-2007-5846</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-18T22:35:11Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-18T22:35:17Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-19T21:51:55Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-32.xml b/metadata/glsa/glsa-200711-32.xml
new file mode 100644
index 000000000000..57ee03352076
--- /dev/null
+++ b/metadata/glsa/glsa-200711-32.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-32">
+  <title>Feynmf: Insecure temporary file creation</title>
+  <synopsis>
+    A vulnerability has been discovered in Feynmf allowing local users to
+    overwrite arbitrary files via a symlink attack.
+  </synopsis>
+  <product type="ebuild">feynmf</product>
+  <announced>2007-11-20</announced>
+  <revised count="01">2007-11-20</revised>
+  <bug>198231</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-tex/feynmf" auto="yes" arch="*">
+      <unaffected range="ge">1.08-r2</unaffected>
+      <vulnerable range="lt">1.08-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Feynmf is a combined LaTeX and Metafont package for easy drawing of
+    professional quality Feynman (and maybe other) diagrams.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kevin B. McCarty discovered that the feynmf.pl script creates a
+    temporary "properly list" file at the location "$TMPDIR/feynmf$PID.pl",
+    where $PID is the process ID.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the directory where the
+    temporary files are written, pointing to a valid file somewhere on the
+    filesystem that is writable by the user running Feynmf. When Feynmf
+    writes the temporary file, the target valid file would then be
+    overwritten with the contents of the Feynmf temporary file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Feynmf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-tex/feynmf-1.08-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5940">CVE-2007-5940</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-19T21:43:28Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-19T21:44:51Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-20T00:07:40Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-33.xml b/metadata/glsa/glsa-200711-33.xml
new file mode 100644
index 000000000000..119a1d48e7a6
--- /dev/null
+++ b/metadata/glsa/glsa-200711-33.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-33">
+  <title>nss_ldap: Information disclosure</title>
+  <synopsis>
+    A race condition might lead to theft of user credentials or information
+    disclosure in services using nss_ldap.
+  </synopsis>
+  <product type="ebuild">nss_ldap</product>
+  <announced>2007-11-25</announced>
+  <revised count="01">2007-11-25</revised>
+  <bug>198390</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-auth/nss_ldap" auto="yes" arch="*">
+      <unaffected range="ge">258</unaffected>
+      <vulnerable range="lt">258</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    nss_ldap is a Name Service Switch module which allows 'passwd', 'group'
+    and 'host' database information to be pulled from LDAP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Josh Burley reported that nss_ldap does not properly handle the LDAP
+    connections due to a race condition that can be triggered by
+    multi-threaded applications using nss_ldap, which might lead to
+    requested data being returned to a wrong process.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    Remote attackers could exploit this race condition by sending queries
+    to a vulnerable server using nss_ldap, possibly leading to theft of
+    user credentials or information disclosure (e.g. Dovecot returning
+    wrong mailbox contents).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All nss_ldap users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-auth/nss_ldap-258"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794">CVE-2007-5794</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-18T15:50:09Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-18T15:50:16Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-21T00:25:43Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200711-34.xml b/metadata/glsa/glsa-200711-34.xml
new file mode 100644
index 000000000000..5ca601571135
--- /dev/null
+++ b/metadata/glsa/glsa-200711-34.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-34">
+  <title>CSTeX: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were discovered in CSTeX, possibly allowing to
+    execute arbitrary code or overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">cstetex</product>
+  <announced>2007-11-25</announced>
+  <revised count="01">2007-11-25</revised>
+  <bug>196673</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/cstetex" auto="no" arch="*">
+      <vulnerable range="lt">2.0.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CSTeX is a TeX distribution with Czech and Slovak support. It is used
+    for creating and manipulating LaTeX documents.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple issues were found in the teTeX 2 codebase that CSTeX builds
+    upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable
+    code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12,
+    GLSA 200711-22) and from T1Lib (GLSA 200710-12).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could possibly execute arbitrary code and local
+    attackers could possibly overwrite arbitrary files with the privileges
+    of the user running CSTeX via multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    CSTeX is not maintained upstream, so the package was masked in Portage.
+    We recommend that users unmerge CSTeX:
+    </p>
+    <code>
+    # emerge --unmerge app-text/cstetex</code>
+    <p>
+    As an alternative, users should upgrade their systems to use teTeX or
+    TeX Live with its Babel packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200708-05.xml">GLSA 200708-05</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200709-12.xml">GLSA 200709-12</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200709-17.xml">GLSA 200709-17</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-12.xml">GLSA 200710-12</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-22.xml">GLSA 200711-22</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-26.xml">GLSA 200711-26</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-11-13T00:12:34Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-19T21:14:43Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-01.xml b/metadata/glsa/glsa-200712-01.xml
new file mode 100644
index 000000000000..6317b212e6d8
--- /dev/null
+++ b/metadata/glsa/glsa-200712-01.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-01">
+  <title>Hugin: Insecure temporary file creation</title>
+  <synopsis>
+    A vulnerability has been discovered in Hugin, potentially allowing for a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">hugin</product>
+  <announced>2007-12-05</announced>
+  <revised count="01">2007-12-05</revised>
+  <bug>195996</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-gfx/hugin" auto="yes" arch="*">
+      <unaffected range="rge">0.6.1-r1</unaffected>
+      <unaffected range="ge">0.7_beta4-r1</unaffected>
+      <vulnerable range="lt">0.7_beta4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Hugin is a GUI for creating and processing panoramic images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Suse Linux reported that Hugin creates the
+    "hugin_debug_optim_results.txt" temporary file in an insecure manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability with a symlink
+    attack, potentially overwriting an arbitrary file with the privileges
+    of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Hugin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/hugin-0.6.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5200">CVE-2007-5200</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-11-17T23:47:03Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-17T23:47:10Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-02.xml b/metadata/glsa/glsa-200712-02.xml
new file mode 100644
index 000000000000..cb41d6a52651
--- /dev/null
+++ b/metadata/glsa/glsa-200712-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-02">
+  <title>Cacti: SQL injection</title>
+  <synopsis>
+    An SQL injection vulnerability has been discovered in Cacti.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2007-12-05</announced>
+  <revised count="02">2007-12-05</revised>
+  <bug>199509</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="rge">0.8.6j-r7</unaffected>
+      <unaffected range="ge">0.8.7a</unaffected>
+      <vulnerable range="lt">0.8.7a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cacti is a complete web-based frontend to rrdtool.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that the "local_graph_id" variable used in the
+    file graph.php is not properly sanitized before being processed in an
+    SQL statement.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted request to the
+    vulnerable host, possibly resulting in the execution of arbitrary SQL
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cacti users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-0.8.6j-r7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6035">CVE-2007-6035</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-02T22:34:20Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-02T22:34:29Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-04T22:01:32Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-03.xml b/metadata/glsa/glsa-200712-03.xml
new file mode 100644
index 000000000000..361378e8ab70
--- /dev/null
+++ b/metadata/glsa/glsa-200712-03.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-03">
+  <title>GNU Emacs: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities were found in GNU Emacs possibly leading to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">emacs</product>
+  <announced>2007-12-09</announced>
+  <revised count="01">2007-12-09</revised>
+  <bug>197958</bug>
+  <bug>200297</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/emacs" auto="yes" arch="*">
+      <unaffected range="ge">22.1-r3</unaffected>
+      <unaffected range="rge">21.4-r14</unaffected>
+      <unaffected range="lt">19</unaffected>
+      <vulnerable range="lt">22.1-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Emacs is a highly extensible and customizable text editor.
+    </p>
+  </background>
+  <description>
+    <p>
+    Drake Wilson reported that the hack-local-variables() function in GNU
+    Emacs 22 does not properly match assignments of local variables in a
+    file against a list of unsafe or risky variables, allowing to override
+    them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based
+    buffer overflow in the format function when handling values with high
+    precision (CVE-2007-6109).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could entice a user to open a specially crafted file
+    in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp
+    code (via CVE-2007-5795) or arbitrary code (via CVE-2007-6109) with the
+    privileges of the user running GNU Emacs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The first vulnerability can be worked around by setting the
+    "enable-local-variables" option to "nil", disabling the processing of
+    local variable lists. GNU Emacs prior to version 22 is not affected by
+    this vulnerability. There is no known workaround for the second
+    vulnerability at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Emacs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/emacs-22.1-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795">CVE-2007-5795</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109">CVE-2007-6109</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-20T22:12:50Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-05T01:01:27Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-07T13:59:32Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-04.xml b/metadata/glsa/glsa-200712-04.xml
new file mode 100644
index 000000000000..41bb42776fea
--- /dev/null
+++ b/metadata/glsa/glsa-200712-04.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-04">
+  <title>Cairo: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflows were discovered in Cairo, possibly leading to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cairo</product>
+  <announced>2007-12-09</announced>
+  <revised count="01">2007-12-09</revised>
+  <bug>200350</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/cairo" auto="yes" arch="*">
+      <unaffected range="ge">1.4.12</unaffected>
+      <vulnerable range="lt">1.4.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cairo is a 2D vector graphics library with cross-device output support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple integer overflows were reported, one of which Peter Valchev
+    (Google Security) found to be leading to a heap-based buffer overflow
+    in the cairo_image_surface_create_from_png() function that processes
+    PNG images.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view or process a specially
+    crafted PNG image file in an application linked against Cairo, possibly
+    leading to the execution of arbitrary code with the privileges of the
+    user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cairo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/cairo-1.4.12"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503">CVE-2007-5503</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-04T23:43:52Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-05T01:36:20Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-05T01:36:55Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-05.xml b/metadata/glsa/glsa-200712-05.xml
new file mode 100644
index 000000000000..3bf90b8df141
--- /dev/null
+++ b/metadata/glsa/glsa-200712-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-05">
+  <title>PEAR::MDB2: Information disclosure</title>
+  <synopsis>
+    A vulnerability when handling database input in PEAR::MDB2 allows remote
+    attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">PEAR-MDB2</product>
+  <announced>2007-12-09</announced>
+  <revised count="01">2007-12-09</revised>
+  <bug>198446</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/PEAR-MDB2" auto="yes" arch="*">
+      <unaffected range="ge">2.5.0_alpha1</unaffected>
+      <vulnerable range="lt">2.5.0_alpha1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a
+    common API for all supported relational database management systems. A
+    LOB ("large object") is a database field holding binary data.
+    </p>
+  </background>
+  <description>
+    <p>
+    priyadi discovered that the request to store a URL string as a LOB is
+    treated as a request to retrieve and store the contents of the URL.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    If an application using PEAR::MDB2 allows input of LOB values via a web
+    form, remote attackers could use the application as an indirect proxy
+    or obtain sensitive information, including "file://" URLs local to the
+    web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    As a workaround, manually filter input before storing it as a LOB in
+    PEAR::MDB2.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PEAR::MDB2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-MDB2-2.5.0_alpha1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5934">CVE-2007-5934</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-02T12:32:27Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-05T01:58:28Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-05T01:59:26Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-06.xml b/metadata/glsa/glsa-200712-06.xml
new file mode 100644
index 000000000000..c4c8674417f3
--- /dev/null
+++ b/metadata/glsa/glsa-200712-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-06">
+  <title>Firebird: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple stack-based buffer overflows were discovered in Firebird.
+  </synopsis>
+  <product type="ebuild">firebird</product>
+  <announced>2007-12-09</announced>
+  <revised count="01">2007-12-09</revised>
+  <bug>195569</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/firebird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3.12981.0-r2</unaffected>
+      <vulnerable range="lt">2.0.3.12981.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Firebird is a multi-platfrom, open source relational database.
+    </p>
+  </background>
+  <description>
+    <p>
+    Adriano Lima and Ramon de Carvalho Valle reported that functions
+    isc_attach_database() and isc_create_database() do not perform proper
+    boundary checking when processing their input.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted requests to the Firebird
+    server on TCP port 3050, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running Firebird
+    (usually firebird).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Firebird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/firebird-2.0.3.12981.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4992">CVE-2007-4992</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5246">CVE-2007-5246</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-28T11:24:49Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-29T00:06:33Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-08T23:26:04Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-07.xml b/metadata/glsa/glsa-200712-07.xml
new file mode 100644
index 000000000000..beafd41bbdd7
--- /dev/null
+++ b/metadata/glsa/glsa-200712-07.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-07">
+  <title>Lookup: Insecure temporary file creation</title>
+  <synopsis>
+    Lookup uses temporary files in an insecure manner, allowing for a symlink
+    attack.
+  </synopsis>
+  <product type="ebuild">lookup</product>
+  <announced>2007-12-09</announced>
+  <revised count="01">2007-12-09</revised>
+  <bug>197306</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emacs/lookup" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1</unaffected>
+      <vulnerable range="lt">1.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Lookup is a search interface to books and dictionnaries for Emacs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tatsuya Kinoshita reported that the ndeb-binary function does not
+    handle temporay files correctly.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could use a symlink attack to overwrite files with the
+    privileges of the user running Lookup.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Lookup users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emacs/lookup-1.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0237">CVE-2007-0237</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-19T22:00:43Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-21T00:09:14Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-08T23:10:28Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-08.xml b/metadata/glsa/glsa-200712-08.xml
new file mode 100644
index 000000000000..a6be9f30e736
--- /dev/null
+++ b/metadata/glsa/glsa-200712-08.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-08">
+  <title>AMD64 x86 emulation Qt library: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the AMD64 x86 emulation Qt library may lead to
+    the remote execution of arbitrary code in Qt applications.
+  </synopsis>
+  <product type="ebuild">emul-linux-x86-qtlibs</product>
+  <announced>2007-12-09</announced>
+  <revised count="01">2007-12-09</revised>
+  <bug>189536</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/emul-linux-x86-qtlibs" auto="yes" arch="amd64">
+      <unaffected range="ge">20071114-r2</unaffected>
+      <vulnerable range="lt">20071114-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qt is a cross-platform GUI framework, which is used e.g. by KDE. The
+    AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86
+    emulation on AMD64.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Qt versions used by the AMD64 x86 emulation Qt libraries were
+    vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28)
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could trigger one of the vulnerabilities by causing a Qt
+    application to parse specially crafted text or Unicode strings, which
+    may lead to the execution of arbitrary code with the privileges of the
+    user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AMD64 x86 emulation Qt library users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-qtlibs-20071114-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200708-16.xml">GLSA 200708-16</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-28.xml">GLSA 200710-28</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-02T12:28:12Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-09T19:55:14Z">
+    welp
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-09T20:04:39Z">
+    welp
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-09.xml b/metadata/glsa/glsa-200712-09.xml
new file mode 100644
index 000000000000..073f99e4ef8b
--- /dev/null
+++ b/metadata/glsa/glsa-200712-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-09">
+  <title>Ruby-GNOME2: Format string error</title>
+  <synopsis>
+    A format string error has been discovered in Ruby-GNOME2, possibly leading
+    to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ruby-gtk2</product>
+  <announced>2007-12-09</announced>
+  <revised count="01">2007-12-09</revised>
+  <bug>200623</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/ruby-gtk2" auto="yes" arch="*">
+      <unaffected range="ge">0.16.0-r2</unaffected>
+      <vulnerable range="lt">0.16.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby-GNOME2 is a set of bindings for using GTK+ within the Ruby
+    programming language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Rohlf discovered that the "Gtk::MessageDialog.new()" method in
+    the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the
+    "message" parameter before passing it to the gtk_message_dialog_new()
+    function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted string to an
+    application using Ruby-GNOME2, possibly leading to the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby-GNOME2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-ruby/ruby-gtk2-0.16.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6183">CVE-2007-6183</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-04T18:00:54Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-04T22:24:59Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-04T22:25:12Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-10.xml b/metadata/glsa/glsa-200712-10.xml
new file mode 100644
index 000000000000..dc403bd7252e
--- /dev/null
+++ b/metadata/glsa/glsa-200712-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-10">
+  <title>Samba: Execution of arbitrary code</title>
+  <synopsis>
+    Samba contains a buffer overflow vulnerability potentially resulting in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2007-12-10</announced>
+  <revised count="01">2007-12-10</revised>
+  <bug>200773</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.28</unaffected>
+      <vulnerable range="lt">3.0.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a suite of SMB and CIFS client/server programs for UNIX.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alin Rad Pop (Secunia Research) discovered a boundary checking error in
+    the send_mailslot() function which could lead to a stack-based buffer
+    overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted "SAMLOGON" domain
+    logon packet, possibly leading to the execution of arbitrary code with
+    elevated privileges. Note that this vulnerability is exploitable only
+    when domain logon support is enabled in Samba, which is not the case in
+    Gentoo's default configuration.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable domain logon in Samba by setting "<i>domain logons = no</i>" in
+    the "global" section of your smb.conf and restart Samba.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.28"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-12-10T02:00:00Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-10T19:33:11Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-11.xml b/metadata/glsa/glsa-200712-11.xml
new file mode 100644
index 000000000000..26840f5c4f0f
--- /dev/null
+++ b/metadata/glsa/glsa-200712-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-11">
+  <title>Portage: Information disclosure</title>
+  <synopsis>
+    Portage may disclose sensitive information when updating configuration
+    files.
+  </synopsis>
+  <product type="ebuild">portage</product>
+  <announced>2007-12-13</announced>
+  <revised count="01">2007-12-13</revised>
+  <bug>193589</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/portage" auto="yes" arch="*">
+      <unaffected range="ge">2.1.3.11</unaffected>
+      <vulnerable range="lt">2.1.3.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Portage is the default Gentoo package management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mike Frysinger reported that the "etc-update" utility uses temporary
+    files with the standard umask, which results in the files being
+    world-readable when merging configuration files in a default setup.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could access sensitive information when configuration
+    files are being merged.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Portage users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/portage-2.1.3.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6249">CVE-2007-6249</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-10T21:27:57Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-10T21:28:40Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-11T22:39:19Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-12.xml b/metadata/glsa/glsa-200712-12.xml
new file mode 100644
index 000000000000..80c56b18117f
--- /dev/null
+++ b/metadata/glsa/glsa-200712-12.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-12">
+  <title>IRC Services: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been reported in IRC Services.
+  </synopsis>
+  <product type="ebuild">ircservices</product>
+  <announced>2007-12-13</announced>
+  <revised count="01">2007-12-13</revised>
+  <bug>199897</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/ircservices" auto="yes" arch="*">
+      <unaffected range="ge">5.0.63</unaffected>
+      <vulnerable range="lt">5.0.63</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    IRC Services is a system of services to be used with Internet Relay
+    Chat networks.
+    </p>
+  </background>
+  <description>
+    <p>
+    loverboy reported that the "default_encrypt()" function in file
+    encrypt.c does not properly handle overly long passwords.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could provide an overly long password to the
+    vulnerable server, resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IRC Services users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/ircservices-5.0.63"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6122">CVE-2007-6122</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-10T21:48:10Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-10T21:51:02Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-11T22:44:42Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-13.xml b/metadata/glsa/glsa-200712-13.xml
new file mode 100644
index 000000000000..ac6bec724d08
--- /dev/null
+++ b/metadata/glsa/glsa-200712-13.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-13">
+  <title>E2fsprogs: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple heap-based buffer overflows in E2fsprogs could result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">e2fsprogs</product>
+  <announced>2007-12-18</announced>
+  <revised count="01">2007-12-18</revised>
+  <bug>201546</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-fs/e2fsprogs" auto="yes" arch="*">
+      <unaffected range="ge">1.40.3</unaffected>
+      <vulnerable range="lt">1.40.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    E2fsprogs provides utilities for use with the ext2 and ext3 file
+    systems including the libext2fs library that allows user-level programs
+    to manipulate an ext2 or ext3 file system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Rafal Wojtczuk (McAfee AVERT Research) discovered multiple integer
+    overflows in libext2fs, that are triggered when processing information
+    from within the file system, resulting in heap-based buffer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to process a specially-crafted ext2 or
+    ext3 file system image (with tools linking against libext2fs, e.g.
+    fsck, forensic tools or Xen's pygrub), possibly resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All E2fsprogs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-fs/e2fsprogs-1.40.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497">CVE-2007-5497</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-12T09:56:09Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-13T21:11:04Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-13T23:03:39Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-14.xml b/metadata/glsa/glsa-200712-14.xml
new file mode 100644
index 000000000000..1aa798a2bac0
--- /dev/null
+++ b/metadata/glsa/glsa-200712-14.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-14">
+  <title>CUPS: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in CUPS, allowing for the
+    remote execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2007-12-18</announced>
+  <revised count="01">2007-12-18</revised>
+  <bug>199195</bug>
+  <bug>201042</bug>
+  <bug>201570</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="rge">1.2.12-r4</unaffected>
+      <unaffected range="ge">1.3.5</unaffected>
+      <vulnerable range="lt">1.3.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CUPS provides a portable printing layer for UNIX-based operating
+    systems. The alternate pdftops filter is a CUPS filter used to convert
+    PDF files to the Postscript format via Poppler; the filter is installed
+    by default in Gentoo Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Wei Wang (McAfee AVERT Research) discovered an integer underflow in the
+    asn1_get_string() function of the SNMP backend, leading to a
+    stack-based buffer overflow when handling SNMP responses
+    (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate
+    pdftops filter creates temporary files with predictable file names when
+    reading from standard input (CVE-2007-6358). Furthermore, the
+    resolution of a Denial of Service vulnerability covered in GLSA
+    200703-28 introduced another Denial of Service vulnerability within SSL
+    handling (CVE-2007-4045).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker on the local network could exploit the first
+    vulnerability to execute arbitrary code with elevated privileges by
+    sending specially crafted SNMP messages as a response to an SNMP
+    broadcast request. A local attacker could exploit the second
+    vulnerability to overwrite arbitrary files with the privileges of the
+    user running the CUPS spooler (usually lp) by using symlink attacks. A
+    remote attacker could cause a Denial of Service condition via the third
+    vulnerability when SSL is enabled in CUPS.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    To disable SNMP support in CUPS, you have have to manually delete the
+    file "/usr/libexec/cups/backend/snmp". Please note that the file is
+    reinstalled if you merge CUPS again later. To disable the pdftops
+    filter, delete all lines referencing "pdftops" in CUPS' "mime.convs"
+    configuration file. To work around the third vulnerability, disable SSL
+    support via the corresponding USE flag.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.2.12-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045">CVE-2007-4045</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849">CVE-2007-5849</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6358">CVE-2007-6358</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200703-28.xml">GLSA 200703-28</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-14T15:44:48Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-14T15:45:00Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-15T13:31:00Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-15.xml b/metadata/glsa/glsa-200712-15.xml
new file mode 100644
index 000000000000..70f7c68ca8e0
--- /dev/null
+++ b/metadata/glsa/glsa-200712-15.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-15">
+  <title>libexif: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities in libexif possibly allow for the execution of
+    arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libexif</product>
+  <announced>2007-12-29</announced>
+  <revised count="01">2007-12-29</revised>
+  <bug>202350</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libexif" auto="yes" arch="*">
+      <unaffected range="ge">0.6.16-r1</unaffected>
+      <vulnerable range="lt">0.6.16-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libexif is a library for parsing, editing and saving Exif metadata from
+    images. Exif, the Exchangeable image file format, specifies the
+    addition of metadata tags to JPEG, TIFF and RIFF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Meder Kydyraliev (Google Security) discovered an integer overflow
+    vulnerability in the exif_data_load_data_thumbnail() function leading
+    to a memory corruption (CVE-2007-6352) and an infinite recursion in the
+    exif_loader_write() function (CVE-2007-6351).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice the user of an application making use of
+    libexif to load an image file with specially crafted Exif tags,
+    possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libexif users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libexif-0.6.16-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351">CVE-2007-6351</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352">CVE-2007-6352</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-21T23:07:24Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-23T19:26:36Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-23T19:28:21Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-16.xml b/metadata/glsa/glsa-200712-16.xml
new file mode 100644
index 000000000000..b7f370e430d8
--- /dev/null
+++ b/metadata/glsa/glsa-200712-16.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-16">
+  <title>Exiv2: Integer overflow</title>
+  <synopsis>
+    An integer overflow vulnerability in Exiv2 possibly allows for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">exiv2</product>
+  <announced>2007-12-29</announced>
+  <revised count="01">2007-12-29</revised>
+  <bug>202351</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/exiv2" auto="yes" arch="*">
+      <unaffected range="ge">0.13-r1</unaffected>
+      <vulnerable range="lt">0.13-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Exiv2 is a C++ library and set of tools for parsing, editing and saving
+    Exif and IPTC metadata from images. Exif, the Exchangeable image file
+    format, specifies the addition of metadata tags to JPEG, TIFF and RIFF
+    files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Meder Kydyraliev (Google Security) discovered an integer overflow
+    vulnerability in the JpegThumbnail::setDataArea() method leading to a
+    heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice the user of an application making use of Exiv2
+    or an application included in Exiv2 to load an image file with
+    specially crafted Exif tags, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Exiv2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/exiv2-0.13-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6353">CVE-2007-6353</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-21T23:04:55Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-23T19:26:11Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-23T19:28:25Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-17.xml b/metadata/glsa/glsa-200712-17.xml
new file mode 100644
index 000000000000..73b2ce57a4b9
--- /dev/null
+++ b/metadata/glsa/glsa-200712-17.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-17">
+  <title>exiftags: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in exiftags possibly allow for the execution of
+    arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">exiftags</product>
+  <announced>2007-12-29</announced>
+  <revised count="01">2007-12-29</revised>
+  <bug>202354</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/exiftags" auto="yes" arch="*">
+      <unaffected range="ge">1.01</unaffected>
+      <vulnerable range="lt">1.01</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    exiftags is a library and set of tools for parsing, editing and saving
+    Exif metadata from images. Exif, the Exchangeable image file format,
+    specifies the addition of metadata tags to JPEG, TIFF and RIFF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Meder Kydyraliev (Google Security) discovered that Exif metadata is not
+    properly sanitized before being processed, resulting in illegal memory
+    access in the postprop() and other functions (CVE-2007-6354). He also
+    discovered integer overflow vulnerabilities in the parsetag() and other
+    functions (CVE-2007-6355) and an infinite recursion in the readifds()
+    function caused by recursive IFD references (CVE-2007-6356).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice the user of an application making use of
+    exiftags or an application included in exiftags to load an image file
+    with specially crafted Exif tags, possibly resulting in the execution
+    of arbitrary code with the privileges of the user running the
+    application or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All exiftags users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/exiftags-1.01"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6354">CVE-2007-6354</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6355">CVE-2007-6355</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6356">CVE-2007-6356</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-18T01:37:57Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-23T19:27:52Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-23T19:28:18Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-18.xml b/metadata/glsa/glsa-200712-18.xml
new file mode 100644
index 000000000000..ac3821eddadb
--- /dev/null
+++ b/metadata/glsa/glsa-200712-18.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-18">
+  <title>Multi-Threaded DAAP Daemon: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the web server in the Multi-Threaded DAAP
+    Daemon may lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mt-daapd</product>
+  <announced>2007-12-29</announced>
+  <revised count="01">2007-12-29</revised>
+  <bug>200110</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mt-daapd" auto="yes" arch="*">
+      <unaffected range="ge">0.2.4.1</unaffected>
+      <vulnerable range="lt">0.2.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Multi-Threaded DAAP Daemon (mt-daapd), also known as the Firefly Media
+    Server, is a software to serve digital music to the Roku Soundbridge
+    and Apple's iTunes.
+    </p>
+  </background>
+  <description>
+    <p>
+    nnp discovered multiple vulnerabilities in the XML-RPC handler in the
+    file webserver.c. The ws_addarg() function contains a format string
+    vulnerability, as it does not properly sanitize username and password
+    data from the "Authorization: Basic" HTTP header line (CVE-2007-5825).
+    The ws_decodepassword() and ws_getheaders() functions do not correctly
+    handle empty Authorization header lines, or header lines without a ':'
+    character, leading to NULL pointer dereferences (CVE-2007-5824).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted HTTP requests to the web
+    server in the Multi-Threaded DAAP Daemon, possibly leading to the
+    execution of arbitrary code with the privileges of the user running the
+    web server or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Multi-Threaded DAAP Daemon users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/mt-daapd-0.2.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5824">CVE-2007-5824</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5825">CVE-2007-5825</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-18T21:05:33Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-23T20:01:54Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-23T20:02:16Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-19.xml b/metadata/glsa/glsa-200712-19.xml
new file mode 100644
index 000000000000..0068fec39b4f
--- /dev/null
+++ b/metadata/glsa/glsa-200712-19.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-19">
+  <title>Syslog-ng: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been discovered in Syslog-ng.
+  </synopsis>
+  <product type="ebuild">syslog-ng</product>
+  <announced>2007-12-29</announced>
+  <revised count="01">2007-12-29</revised>
+  <bug>202718</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/syslog-ng" auto="yes" arch="*">
+      <unaffected range="ge">2.0.6</unaffected>
+      <vulnerable range="lt">2.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Syslog-ng is a flexible and scalable system logger.
+    </p>
+  </background>
+  <description>
+    <p>
+    Oriol Carreras reported a NULL pointer dereference in the
+    log_msg_parse() function when processing timestamps without a
+    terminating whitespace character.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted event to a vulnerable
+    Syslog-ng server, resulting in a crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Syslog-ng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/syslog-ng-2.0.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437">CVE-2007-6437</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-22T13:17:29Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-28T23:09:28Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-28T23:09:43Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-20.xml b/metadata/glsa/glsa-200712-20.xml
new file mode 100644
index 000000000000..9b396a2ed74e
--- /dev/null
+++ b/metadata/glsa/glsa-200712-20.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-20">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in ClamAV allowing remote
+    execution of arbitrary code and Denial of Service attacks.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2007-12-29</announced>
+  <revised count="01">2007-12-29</revised>
+  <bug>202762</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.91.2-r1</unaffected>
+      <vulnerable range="lt">0.91.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a free anti-virus toolkit for UNIX, designed
+    especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense reported an integer overflow vulnerability in the cli_scanpe()
+    function when parsing Portable Executable (PE) files packed in the MEW
+    format, that could be exploited to cause a heap-based buffer overflow
+    (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when
+    decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An
+    unspecified vulnerability related to the bzip2 decompression algorithm
+    has also been discovered (CVE-2007-6337).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could entice a user or automated system to scan a
+    specially crafted file, possibly leading to the execution of arbitrary
+    code with the privileges of the user running ClamAV (either a system
+    user or the "clamav" user if clamd is compromised).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.91.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335">CVE-2007-6335</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336">CVE-2007-6336</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337">CVE-2007-6337</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2007-12-27T00:36:49Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-28T22:56:45Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-21.xml b/metadata/glsa/glsa-200712-21.xml
new file mode 100644
index 000000000000..2e58bfa2ecaa
--- /dev/null
+++ b/metadata/glsa/glsa-200712-21.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-21">
+  <title>Mozilla Firefox, SeaMonkey: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Mozilla Firefox and
+    Mozilla Seamonkey.
+  </synopsis>
+  <product type="ebuild">firefox seamonkey</product>
+  <announced>2007-12-29</announced>
+  <revised count="01">2007-12-29</revised>
+  <bug>198965</bug>
+  <bug>200909</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.11</unaffected>
+      <vulnerable range="lt">2.0.0.11</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.11</unaffected>
+      <vulnerable range="lt">2.0.0.11</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.1.7</unaffected>
+      <vulnerable range="lt">1.1.7</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.7</unaffected>
+      <vulnerable range="lt">1.1.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey
+    is a free, cross-platform Internet suite.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jesse Ruderman and Petko D. Petkov reported that the jar protocol
+    handler in Mozilla Firefox and Seamonkey does not properly check MIME
+    types (CVE-2007-5947). Gregory Fleischer reported that the
+    window.location property can be used to generate a fake HTTP Referer
+    (CVE-2007-5960). Multiple memory errors have also been reported
+    (CVE-2007-5959).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly exploit these vulnerabilities to
+    execute arbitrary code in the context of the browser and conduct
+    Cross-Site-Scripting or Cross-Site Request Forgery attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-2.0.0.11"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-2.0.0.11"</code>
+    <p>
+    All SeaMonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.1.7"</code>
+    <p>
+    All SeaMonkey binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-1.1.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5947">CVE-2007-5947</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5959">CVE-2007-5959</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5960">CVE-2007-5960</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-08T23:32:55Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-12T16:56:13Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-24T11:43:38Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-22.xml b/metadata/glsa/glsa-200712-22.xml
new file mode 100644
index 000000000000..c849768bf8cf
--- /dev/null
+++ b/metadata/glsa/glsa-200712-22.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-22">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were discovered in Opera, allowing for the
+    execution of arbitrary code and cross domain scripting.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2007-12-30</announced>
+  <revised count="01">2007-12-30</revised>
+  <bug>202770</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.25</unaffected>
+      <vulnerable range="lt">9.25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a fast Web browser that is available free of charge.
+    </p>
+  </background>
+  <description>
+    <p>
+    David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520)
+    and Rich text editing (CVE-2007-6522) could be used to allow cross
+    domain scripting. Alexander Klink (Cynops GmbH) discovered an issue
+    with TLS certificates (CVE-2007-6521). Gynvael Coldwind reported that
+    bitmaps might reveal random data from memory (CVE-2007-6524).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities, possibly leading
+    to the execution of arbitrary code and cross domain scripting.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.25"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6520">CVE-2007-6520</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6521">CVE-2007-6521</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6522">CVE-2007-6522</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6524">CVE-2007-6524</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-22T14:34:50Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-22T15:15:57Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-23T19:32:13Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-23.xml b/metadata/glsa/glsa-200712-23.xml
new file mode 100644
index 000000000000..b2ad14da0ecb
--- /dev/null
+++ b/metadata/glsa/glsa-200712-23.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-23">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Wireshark, allowing for
+    the remote execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2007-12-30</announced>
+  <revised count="01">2007-12-30</revised>
+  <bug>199958</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">0.99.7</unaffected>
+      <vulnerable range="lt">0.99.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a network protocol analyzer with a graphical front-end.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple buffer overflows and infinite loops were discovered in
+    multiple dissector and parser components, including those for MP3 and
+    NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and
+    iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP
+    (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP
+    (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119),
+    Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB
+    (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441),
+    RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were
+    discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming,
+    Steve and ainsley.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted packets on a network
+    being monitored with Wireshark or entice a user to open a specially
+    crafted file, possibly resulting in the execution of arbitrary code
+    with the privileges of the user running Wireshark (which might be the
+    root user), or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-0.99.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6111">CVE-2007-6111</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6112">CVE-2007-6112</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6113">CVE-2007-6113</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6114">CVE-2007-6114</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6115">CVE-2007-6115</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6116">CVE-2007-6116</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6117">CVE-2007-6117</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6118">CVE-2007-6118</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6119">CVE-2007-6119</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6120">CVE-2007-6120</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6121">CVE-2007-6121</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6438">CVE-2007-6438</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6439">CVE-2007-6439</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6441">CVE-2007-6441</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6450">CVE-2007-6450</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6451">CVE-2007-6451</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-26T11:44:15Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-29T21:41:40Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-29T22:00:22Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-24.xml b/metadata/glsa/glsa-200712-24.xml
new file mode 100644
index 000000000000..769ae5535fc8
--- /dev/null
+++ b/metadata/glsa/glsa-200712-24.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-24">
+  <title>AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflow vulnerabilities in the AMD64 x86 emulation GTK+
+    libraries may result in the execution of arbitrary code in applications
+    using Cairo.
+  </synopsis>
+  <product type="ebuild">emul-linux-x86-gtklibs</product>
+  <announced>2007-12-30</announced>
+  <revised count="01">2007-12-30</revised>
+  <bug>201860</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/emul-linux-x86-gtklibs" auto="yes" arch="amd64">
+      <unaffected range="ge">20071214</unaffected>
+      <vulnerable range="lt">20071214</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cairo is a 2D vector graphics library with cross-device output support.
+    The AMD64 x86 emulation GTK+ library packages Cairo libraries for 32bit
+    x86 emulation on AMD64.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were
+    vulnerable to integer overflow vulnerabilities (GLSA 200712-04).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view or process a specially
+    crafted PNG image file in an application linked against Cairo, possibly
+    leading to the execution of arbitrary code with the privileges of the
+    user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All AMD64 x86 emulation GTK+ library users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-gtklibs-20071214"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200712-04.xml">GLSA 200712-04</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-22T13:50:24Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-29T22:02:45Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-29T22:14:56Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200712-25.xml b/metadata/glsa/glsa-200712-25.xml
new file mode 100644
index 000000000000..aacc273dd97f
--- /dev/null
+++ b/metadata/glsa/glsa-200712-25.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200712-25">
+  <title>OpenOffice.org: User-assisted arbitrary code execution</title>
+  <synopsis>
+    An unspecified vulnerability has been reported in OpenOffice.org, possibly
+    allowing for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openoffice openoffice-bin hsqldb</product>
+  <announced>2007-12-30</announced>
+  <revised count="01">2007-12-30</revised>
+  <bug>200771</bug>
+  <bug>201799</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.3.1</unaffected>
+      <vulnerable range="lt">2.3.1</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.3.1</unaffected>
+      <vulnerable range="lt">2.3.1</vulnerable>
+    </package>
+    <package name="dev-db/hsqldb" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.9</unaffected>
+      <vulnerable range="lt">1.8.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    The HSQLDB engine, as used in Openoffice.org, does not properly enforce
+    restrictions to SQL statements.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, possibly resulting in the remote execution of arbitrary Java
+    code with the privileges of the user running OpenOffice.org.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.3.1"</code>
+    <p>
+    All OpenOffice.org binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-2.3.1"</code>
+    <p>
+    All HSQLDB users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/hsqldb-1.8.0.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575">CVE-2007-4575</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-08T23:31:31Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-08T23:31:39Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-09T00:15:00Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-01.xml b/metadata/glsa/glsa-200801-01.xml
new file mode 100644
index 000000000000..a891028431cb
--- /dev/null
+++ b/metadata/glsa/glsa-200801-01.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-01">
+  <title>unp: Arbitrary command execution</title>
+  <synopsis>
+    unp allows execution of arbitrary code via malicious file names.
+  </synopsis>
+  <product type="ebuild">remote</product>
+  <announced>2008-01-09</announced>
+  <revised count="01">2008-01-09</revised>
+  <bug>203106</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/unp" auto="yes" arch="*">
+      <unaffected range="ge">1.0.14</unaffected>
+      <vulnerable range="lt">1.0.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    unp is a script for unpacking various file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Erich Schubert from Debian discovered that unp does not escape file
+    names properly before passing them to calls of the shell.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to unpack a
+    compressed archive with a specially crafted file name, leading to the
+    execution of shell commands from within the filename. That code will be
+    executed with the privileges of the user running unp.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All unp users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/unp-1.0.14"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6610">CVE-2007-6610</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-28T00:23:45Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-28T11:27:28Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-28T22:57:04Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-02.xml b/metadata/glsa/glsa-200801-02.xml
new file mode 100644
index 000000000000..09c78084825f
--- /dev/null
+++ b/metadata/glsa/glsa-200801-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-02">
+  <title>R: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in R could result in the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">R</product>
+  <announced>2008-01-09</announced>
+  <revised count="02">2008-01-09</revised>
+  <bug>198976</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/R" auto="yes" arch="*">
+      <unaffected range="ge">2.2.1-r1</unaffected>
+      <vulnerable range="lt">2.2.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    R is a GPL licensed implementation of S, a language and environment for
+    statistical computing and graphics. PCRE is a library providing
+    functions for Perl-compatible regular expressions.
+    </p>
+  </background>
+  <description>
+    <p>
+    R includes a copy of PCRE which is vulnerable to multiple buffer
+    overflows and memory corruptions vulnerabilities (GLSA 200711-30).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to process specially crafted regular
+    expressions with R, which could possibly lead to the execution of
+    arbitrary code, a Denial of Service or the disclosure of sensitive
+    information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All R users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/R-2.2.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-30.xml">GLSA 200711-30</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-20T22:35:44Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-21T00:08:56Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-03T22:08:35Z">
+    py2
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-03.xml b/metadata/glsa/glsa-200801-03.xml
new file mode 100644
index 000000000000..cc007b9ee937
--- /dev/null
+++ b/metadata/glsa/glsa-200801-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-03">
+  <title>Claws Mail: Insecure temporary file creation</title>
+  <synopsis>
+    Claws Mail uses temporary files in an insecure manner, allowing for a
+    symlink attack.
+  </synopsis>
+  <product type="ebuild">claws-mail</product>
+  <announced>2008-01-09</announced>
+  <revised count="01">2008-01-09</revised>
+  <bug>201244</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-client/claws-mail" auto="yes" arch="*">
+      <unaffected range="ge">3.0.2-r1</unaffected>
+      <vulnerable range="lt">3.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Claws Mail is a GTK based e-mail client.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nico Golde from Debian reported that the sylprint.pl script that is
+    part of the Claws Mail tools creates temporary files in an insecure
+    manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to conduct symlink
+    attacks to overwrite files with the privileges of the user running
+    Claws Mail.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Claws Mail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/claws-mail-3.0.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6208">CVE-2007-6208</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-06T23:01:06Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-08T23:07:07Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-08T23:07:18Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-04.xml b/metadata/glsa/glsa-200801-04.xml
new file mode 100644
index 000000000000..8cfc9c9fd331
--- /dev/null
+++ b/metadata/glsa/glsa-200801-04.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-04">
+  <title>OpenAFS: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been discovered in OpenAFS.
+  </synopsis>
+  <product type="ebuild">openafs</product>
+  <announced>2008-01-09</announced>
+  <revised count="01">2008-01-09</revised>
+  <bug>203573</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/openafs" auto="yes" arch="*">
+      <unaffected range="ge">1.4.6</unaffected>
+      <vulnerable range="lt">1.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenAFS is a distributed network filesystem.
+    </p>
+  </background>
+  <description>
+    <p>
+    Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a
+    race condition due to an improper handling of the clients callbacks
+    lists.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could construct cases which trigger the race
+    condition, resulting in a server crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenAFS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/openafs-1.4.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6599">CVE-2007-6599</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-05T00:13:45Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-08T21:35:12Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-08T21:35:21Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-05.xml b/metadata/glsa/glsa-200801-05.xml
new file mode 100644
index 000000000000..f24ca70c440e
--- /dev/null
+++ b/metadata/glsa/glsa-200801-05.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-05">
+  <title>Squid: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been reported in Squid.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2008-01-09</announced>
+  <revised count="01">2008-01-09</revised>
+  <bug>201209</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.6.17</unaffected>
+      <vulnerable range="lt">2.6.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a multi-protocol proxy server.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Wikimedia Foundation reported a memory leak vulnerability when
+    performing cache updates.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could perform numerous specially crafted requests to
+    the vulnerable server, resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-2.6.17"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239">CVE-2007-6239</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-05T21:43:38Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-05T21:44:28Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-07T21:35:14Z">
+    py2
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-06.xml b/metadata/glsa/glsa-200801-06.xml
new file mode 100644
index 000000000000..dc34ce521577
--- /dev/null
+++ b/metadata/glsa/glsa-200801-06.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-06">
+  <title>Xfce: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Xfce might allow user-assisted attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xfce4-panel libxfcegui4</product>
+  <announced>2008-01-09</announced>
+  <revised count="03">2008-01-10</revised>
+  <bug>201292</bug>
+  <bug>201293</bug>
+  <access>remote</access>
+  <affected>
+    <package name="xfce-base/xfce4-panel" auto="yes" arch="*">
+      <unaffected range="ge">4.4.2</unaffected>
+      <vulnerable range="lt">4.4.2</vulnerable>
+    </package>
+    <package name="xfce-base/libxfcegui4" auto="yes" arch="*">
+      <unaffected range="ge">4.4.2</unaffected>
+      <vulnerable range="lt">4.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xfce is a GTK+ 2 based desktop environment that allows to run a modern
+    desktop environment on modest hardware.
+    </p>
+  </background>
+  <description>
+    <p>
+    Gregory Andersen reported that the Xfce4 panel does not correctly
+    calculate memory boundaries, leading to a stack-based buffer overflow
+    in the launcher_update_panel_entry() function (CVE-2007-6531). Daichi
+    Kawahata reported libxfcegui4 did not copy provided values when
+    creating "SessionClient" structs, possibly leading to access of freed
+    memory areas (CVE-2007-6532).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to install a specially crafted
+    "rc" file to execute arbitrary code via long strings in the "Name" and
+    "Comment" fields or via unspecified vectors involving the second
+    vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xfce4 panel users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=xfce-base/xfce4-panel-4.4.2"</code>
+    <p>
+    All libxfcegui4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=xfce-base/libxfcegui4-4.4.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6531">CVE-2007-6531</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6532">CVE-2007-6532</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-08T23:45:36Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-12-22T13:22:06Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-22T16:37:18Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-07.xml b/metadata/glsa/glsa-200801-07.xml
new file mode 100644
index 000000000000..fe527cd9ed12
--- /dev/null
+++ b/metadata/glsa/glsa-200801-07.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-07">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified, the worst of which allow
+    arbitrary code execution on a user's system via a malicious Flash file.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2008-01-20</announced>
+  <revised count="03">2009-05-28</revised>
+  <bug>193519</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">9.0.115.0</unaffected>
+      <vulnerable range="lt">9.0.115.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Adobe Flash Player is a renderer for the popular SWF file format,
+    which is commonly used to provide interactive websites, digital
+    experiences and mobile content.
+    </p>
+  </background>
+  <description>
+    <ul>
+    <li>Flash contains a copy of PCRE which is vulnerable to a heap-based
+    buffer overflow (GLSA 200711-30, CVE-2007-4768).</li>
+    <li>Aaron Portnoy reported an unspecified vulnerability related to
+    input validation (CVE-2007-6242).</li>
+    <li>Jesse Michael and Thomas Biege reported that Flash does not
+    correctly set memory permissions (CVE-2007-6246).</li>
+    <li>Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong
+    Shao reported that Flash does not pin DNS hostnames to a single IP
+    addresses, allowing for DNS rebinding attacks (CVE-2007-5275).</li>
+    <li>David Neu reported an error withing the implementation of the
+    Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).</li>
+    <li>Toshiharu Sugiyama reported that Flash does not sufficiently
+    restrict the interpretation and usage of cross-domain policy files,
+    allowing for easier cross-site scripting attacks (CVE-2007-6243).</li>
+    <li>Rich Cannings reported a cross-site scripting vulnerability in the
+    way the "asfunction:" protocol was handled (CVE-2007-6244).</li>
+    <li>Toshiharu Sugiyama discovered that Flash allows remote attackers to
+    modify HTTP headers for client requests and conduct HTTP Request
+    Splitting attacks (CVE-2007-6245).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted file
+    (usually in a web browser), possibly leading to the execution of
+    arbitrary code with the privileges of the user running the Adobe Flash
+    Player. The attacker could also cause a user's machine to establish TCP
+    sessions with arbitrary hosts, bypass the Security Sandbox Model,
+    obtain sensitive information, port scan arbitrary hosts, or conduct
+    cross-site-scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Flash Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-9.0.115.0"</code>
+    <p>
+    Please be advised that unaffected packages of the Adobe Flash Player
+    have known problems when used from within the Konqueror and Opera
+    browsers.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324">CVE-2007-4324</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768">CVE-2007-4768</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275">CVE-2007-5275</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6242">CVE-2007-6242</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243">CVE-2007-6243</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244">CVE-2007-6244</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245">CVE-2007-6245</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6246">CVE-2007-6246</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-30.xml">GLSA 200711-30</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-01T22:05:12Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-15T17:34:55Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-15T17:41:04Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-08.xml b/metadata/glsa/glsa-200801-08.xml
new file mode 100644
index 000000000000..f06822c3728c
--- /dev/null
+++ b/metadata/glsa/glsa-200801-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-08">
+  <title>libcdio: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in libcdio.
+  </synopsis>
+  <product type="ebuild">libcdio</product>
+  <announced>2008-01-20</announced>
+  <revised count="01">2008-01-20</revised>
+  <bug>203777</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libcdio" auto="yes" arch="*">
+      <unaffected range="ge">0.78.2-r4</unaffected>
+      <vulnerable range="lt">0.78.2-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libcdio is a library for accessing CD-ROM and CD images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Devon Miller reported a boundary error in the "print_iso9660_recurse()"
+    function in files cd-info.c and iso-info.c when processing long
+    filenames within Joliet images.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted ISO
+    image in the cd-info and iso-info applications, resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    application. Applications linking against shared libraries of libcdio
+    are not affected.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libcdio users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libcdio-0.78.2-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6613">CVE-2007-6613</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-01T22:05:45Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-08T21:42:57Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-15T17:44:04Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-09.xml b/metadata/glsa/glsa-200801-09.xml
new file mode 100644
index 000000000000..ae7322263a34
--- /dev/null
+++ b/metadata/glsa/glsa-200801-09.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-09">
+  <title>X.Org X server and Xfont library: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in the X.Org X server and
+    Xfont library, allowing for a local privilege escalation and arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">xorg-server libXfont</product>
+  <announced>2008-01-20</announced>
+  <revised count="03">2008-03-05</revised>
+  <bug>204362</bug>
+  <bug>208343</bug>
+  <access>remote, local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0.0-r5</unaffected>
+      <vulnerable range="lt">1.3.0.0-r5</vulnerable>
+    </package>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1-r1</unaffected>
+      <vulnerable range="lt">1.3.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The X Window System is a graphical windowing system based on a
+    client/server model.
+    </p>
+  </background>
+  <description>
+    <p>
+    regenrecht reported multiple vulnerabilities in various X server
+    extension via iDefense:
+    </p>
+    <ul>
+    <li>The XFree86-Misc extension does not properly sanitize a parameter
+    within a PassMessage request, allowing the modification of a function
+    pointer (CVE-2007-5760).</li>
+    <li>Multiple functions in the XInput extension do not properly sanitize
+    client requests for swapping bytes, leading to corruption of heap
+    memory (CVE-2007-6427).</li>
+    <li>Integer overflow vulnerabilities in the EVI extension and in the
+    MIT-SHM extension can lead to buffer overflows (CVE-2007-6429).</li>
+    <li>The TOG-CUP extension does not sanitize an index value in the
+    ProcGetReservedColormapEntries() function, leading to arbitrary memory
+    access (CVE-2007-6428).</li>
+    <li>A buffer overflow was discovered in the Xfont library when
+    processing PCF font files (CVE-2008-0006).</li>
+    <li>The X server does not enforce restrictions when a user specifies a
+    security policy file and attempts to open it (CVE-2007-5958).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    Remote attackers could exploit the vulnerability in the Xfont library
+    by enticing a user to load a specially crafted PCF font file resulting
+    in the execution of arbitrary code with the privileges of the user
+    running the X server, typically root. Local attackers could exploit
+    this and the vulnerabilities in the X.org extensions to gain elevated
+    privileges. If the X server allows connections from the network, these
+    vulnerabilities could be exploited remotely. A local attacker could
+    determine the existence of arbitrary files by exploiting the last
+    vulnerability or possibly cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Workarounds for some of the vulnerabilities can be found in the X.Org
+    security advisory as listed under References.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All X.Org X server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.3.0.0-r5"</code>
+    <p>
+    All X.Org Xfont library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.3.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760">CVE-2007-5760</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958">CVE-2007-5958</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427">CVE-2007-6427</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428">CVE-2007-6428</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429">CVE-2007-6429</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006">CVE-2008-0006</uri>
+    <uri link="https://lists.freedesktop.org/archives/xorg/2008-January/031918.html">X.Org security advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-01-05T02:03:56Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-17T15:57:38Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-10.xml b/metadata/glsa/glsa-200801-10.xml
new file mode 100644
index 000000000000..939225a12e78
--- /dev/null
+++ b/metadata/glsa/glsa-200801-10.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-10">
+  <title>TikiWiki: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in TikiWiki, some of them
+    having unknown impact.
+  </synopsis>
+  <product type="ebuild">tikiwiki</product>
+  <announced>2008-01-23</announced>
+  <revised count="01">2008-01-23</revised>
+  <bug>203265</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/tikiwiki" auto="yes" arch="*">
+      <unaffected range="ge">1.9.9</unaffected>
+      <vulnerable range="lt">1.9.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TikiWiki is an open source content management system written in PHP.
+    </p>
+  </background>
+  <description>
+    <ul><li>Jesus Olmos Gonzalez from isecauditors reported insufficient
+    sanitization of the "movies" parameter in file tiki-listmovies.php
+    (CVE-2007-6528).</li>
+    <li>Mesut Timur from H-Labs discovered that the
+    input passed to the "area_name" parameter in file
+    tiki-special_chars.php is not properly sanitised before being returned
+    to the user (CVE-2007-6526).</li>
+    <li>redflo reported multiple
+    unspecified vulnerabilities in files tiki-edit_css.php,
+    tiki-list_games.php, and tiki-g-admin_shared_source.php
+    (CVE-2007-6529).</li>
+    </ul>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker can craft the "movies" parameter to run a directory
+    traversal attack through a ".." sequence and read the first 1000 bytes
+    of any arbitrary file, or conduct a cross-site scripting (XSS) attack
+    through the "area_name" parameter. This attack can be exploited to
+    execute arbitrary HTML and script code in a user's browser session,
+    allowing for the theft of browser session data or cookies in the
+    context of the affected web site. The impacts of the unspecified
+    vulnerabilities are still unknown.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TikiWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/tikiwiki-1.9.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6526">CVE-2007-6526</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6528">CVE-2007-6528</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6529">CVE-2007-6529</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-20T18:58:53Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-20T21:50:20Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-20T22:40:20Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-11.xml b/metadata/glsa/glsa-200801-11.xml
new file mode 100644
index 000000000000..ef8354c6dec7
--- /dev/null
+++ b/metadata/glsa/glsa-200801-11.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-11">
+  <title>CherryPy: Directory traversal vulnerability</title>
+  <synopsis>
+    CherryPy is vulnerable to a directory traversal that could allow attackers
+    to read and write arbitrary files.
+  </synopsis>
+  <product type="ebuild">cherrypy</product>
+  <announced>2008-01-27</announced>
+  <revised count="01">2008-01-27</revised>
+  <bug>204829</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/cherrypy" auto="yes" arch="*">
+      <unaffected range="rge">2.2.1-r2</unaffected>
+      <unaffected range="ge">3.0.2-r1</unaffected>
+      <vulnerable range="lt">3.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CherryPy is a Python-based, object-oriented web development framework.
+    </p>
+  </background>
+  <description>
+    <p>
+    CherryPy does not sanitize the session id, provided as a cookie value,
+    in the FileSession._get_file_path() function before using it as part of
+    the file name.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability to read and possibly
+    write arbitrary files on the web server, or to hijack valid sessions,
+    by providing a specially crafted session id. This only affects
+    applications using file-based sessions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the "FileSession" functionality by using "PostgresqlSession" or
+    "RamSession" session management in your CherryPy application.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CherryPy 2.2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-python/cherrypy-2.2.1-r2"</code>
+    <p>
+    All CherryPy 3.0 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-python/cherrypy-3.0.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0252">CVE-2008-0252</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-10T20:11:50Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-20T02:16:18Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-26T19:16:48Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-12.xml b/metadata/glsa/glsa-200801-12.xml
new file mode 100644
index 000000000000..b3f2d5ddeba6
--- /dev/null
+++ b/metadata/glsa/glsa-200801-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-12">
+  <title>xine-lib: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    xine-lib is vulnerable to multiple heap-based buffer overflows when
+    processing RTSP streams.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2008-01-27</announced>
+  <revised count="01">2008-01-27</revised>
+  <bug>205197</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.9.1</unaffected>
+      <vulnerable range="lt">1.1.9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is the core library package for the xine media player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma reported that xine-lib does not properly check
+    boundaries when processing SDP attributes of RTSP streams, leading to
+    heap-based buffer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to play specially crafted RTSP video
+    streams with a player using xine-lib, potentially resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    player.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.9.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0225">CVE-2008-0225</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0238">CVE-2008-0238</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-16T19:08:20Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-20T01:56:19Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-26T21:39:28Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-13.xml b/metadata/glsa/glsa-200801-13.xml
new file mode 100644
index 000000000000..387976aae92a
--- /dev/null
+++ b/metadata/glsa/glsa-200801-13.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-13">
+  <title>ngIRCd: Denial of service</title>
+  <synopsis>
+    ngIRCd does not properly sanitize commands sent by users, allowing for a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">ngircd</product>
+  <announced>2008-01-27</announced>
+  <revised count="02">2008-01-27</revised>
+  <bug>204834</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/ngircd" auto="yes" arch="*">
+      <unaffected range="ge">0.10.4</unaffected>
+      <vulnerable range="lt">0.10.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
+    </p>
+  </background>
+  <description>
+    <p>
+    The IRC_PART() function in the file irc-channel.c does not properly
+    check the number of parameters, referencing an invalid pointer if no
+    channel is supplied.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can exploit this vulnerability to crash the ngIRCd
+    daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ngIRCd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/ngircd-0.10.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0285">CVE-2008-0285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-15T20:42:37Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-20T01:06:19Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-20T01:44:35Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-14.xml b/metadata/glsa/glsa-200801-14.xml
new file mode 100644
index 000000000000..4f03805f6e6f
--- /dev/null
+++ b/metadata/glsa/glsa-200801-14.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-14">
+  <title>Blam: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Blam doesn't properly handle environment variables, potentially allowing a
+    local attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">blam</product>
+  <announced>2008-01-27</announced>
+  <revised count="01">2008-01-27</revised>
+  <bug>199841</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-news/blam" auto="yes" arch="*">
+      <unaffected range="ge">1.8.4</unaffected>
+      <vulnerable range="lt">1.8.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Blam is an RSS and Atom feed reader for GNOME written in C#.
+    </p>
+  </background>
+  <description>
+    <p>
+    The "/usr/bin/blam" script sets the "LD_LIBRARY_PATH" environment
+    variable incorrectly, which might result in the current working
+    directory (.) being included when searching for dynamically linked
+    libraries of the Mono Runtime application.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to run Blam in a directory
+    containing a specially crafted library file which could result in the
+    execution of arbitrary code with the privileges of the user running
+    Blam.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run Blam from an untrusted working directory.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Blam users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-news/blam-1.8.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790">CVE-2005-4790</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-01-20T00:54:46Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-20T00:55:57Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-15.xml b/metadata/glsa/glsa-200801-15.xml
new file mode 100644
index 000000000000..c6dc464814fc
--- /dev/null
+++ b/metadata/glsa/glsa-200801-15.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-15">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>
+    PostgreSQL contains multiple vulnerabilities that could result in privilege
+    escalation or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2008-01-29</announced>
+  <revised count="01">2008-01-29</revised>
+  <bug>204760</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge">8.0.15</unaffected>
+      <unaffected range="rge">7.4.19</unaffected>
+      <unaffected range="rge">7.3.21</unaffected>
+      <vulnerable range="lt">8.0.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PostgreSQL is an open source object-relational database management
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    If using the "expression indexes" feature, PostgreSQL executes index
+    functions as the superuser during VACUUM and ANALYZE instead of the
+    table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the
+    index functions (CVE-2007-6600). Additionally, several errors involving
+    regular expressions were found (CVE-2007-4769, CVE-2007-4772,
+    CVE-2007-6067). Eventually, a privilege escalation vulnerability via
+    unspecified vectors in the DBLink module was reported (CVE-2007-6601).
+    This vulnerability is exploitable when local trust or ident
+    authentication is used, and is due to an incomplete fix of
+    CVE-2007-3278.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote authenticated attacker could send specially crafted queries
+    containing complex regular expressions to the server that could result
+    in a Denial of Service by a server crash (CVE-2007-4769), an infinite
+    loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two
+    other vulnerabilities can be exploited to gain additional privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround for all these issues at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PostgreSQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "dev-db/postgresql"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278">CVE-2007-3278</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769">CVE-2007-4769</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772">CVE-2007-4772</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067">CVE-2007-6067</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600">CVE-2007-6600</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601">CVE-2007-6601</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-20T00:00:08Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-20T00:56:13Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-20T22:38:13Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-16.xml b/metadata/glsa/glsa-200801-16.xml
new file mode 100644
index 000000000000..1613eb45402a
--- /dev/null
+++ b/metadata/glsa/glsa-200801-16.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-16">
+  <title>MaraDNS: CNAME Denial of service</title>
+  <synopsis>
+    MaraDNS is prone to a Denial of Service vulnerability impacting CNAME
+    resolution.
+  </synopsis>
+  <product type="ebuild">maradns</product>
+  <announced>2008-01-29</announced>
+  <revised count="01">2008-01-29</revised>
+  <bug>204351</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/maradns" auto="yes" arch="*">
+      <unaffected range="ge">1.2.12.08</unaffected>
+      <vulnerable range="lt">1.2.12.08</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MaraDNS is a package that implements the Domain Name Service (DNS) with
+    resolver and caching ability.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michael Krieger reported that a specially crafted DNS could prevent an
+    authoritative canonical name (CNAME) record from being resolved because
+    of an "improper rotation of resource records".
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted DNS packets to a
+    vulnerable server, making it unable to resolve CNAME records.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Add "max_ar_chain = 2" to the "marac" configuration file.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MaraDNS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/maradns-1.2.12.09"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0061">CVE-2008-0061</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-27T19:19:02Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-28T17:41:20Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-28T18:03:45Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-17.xml b/metadata/glsa/glsa-200801-17.xml
new file mode 100644
index 000000000000..641d7c5e38eb
--- /dev/null
+++ b/metadata/glsa/glsa-200801-17.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-17">
+  <title>Netkit FTP Server: Denial of service</title>
+  <synopsis>
+    Netkit FTP Server contains a Denial of Service vulnerability.
+  </synopsis>
+  <product type="ebuild">netkit-ftpd</product>
+  <announced>2008-01-29</announced>
+  <revised count="01">2008-01-29</revised>
+  <bug>199206</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/netkit-ftpd" auto="yes" arch="*">
+      <unaffected range="ge">0.17-r7</unaffected>
+      <vulnerable range="lt">0.17-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL
+    support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Venustech AD-LAB discovered that an FTP client connected to a
+    vulnerable server with passive mode and SSL support can trigger an
+    fclose() function call on an uninitialized stream in ftpd.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can send specially crafted FTP data to a server with
+    passive mode and SSL support, causing the ftpd daemon to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable passive mode or SSL.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Netkit FTP Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/netkit-ftpd-0.17-r7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6263">CVE-2007-6263</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-27T19:17:40Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-28T18:03:07Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-28T18:03:42Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-18.xml b/metadata/glsa/glsa-200801-18.xml
new file mode 100644
index 000000000000..1afd68ecbba3
--- /dev/null
+++ b/metadata/glsa/glsa-200801-18.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-18">
+  <title>Kazehakase: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Kazehakase could result in the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">kazehakase</product>
+  <announced>2008-01-30</announced>
+  <revised count="01">2008-01-30</revised>
+  <bug>198983</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/kazehakase" auto="yes" arch="*">
+      <unaffected range="ge">0.5.0</unaffected>
+      <vulnerable range="lt">0.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Kazehakase is a web browser based on the Gecko engine.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kazehakase includes a copy of PCRE which is vulnerable to multiple
+    buffer overflows and memory corruptions vulnerabilities (GLSA
+    200711-30).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open specially crafted input
+    (e.g bookmarks) with Kazehakase, which could possibly lead to the
+    execution of arbitrary code, a Denial of Service or the disclosure of
+    sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Kazehakase users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/kazehakase-0.5.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-30.xml">GLSA-200711-30</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-06T23:02:26Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-29T19:33:56Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-29T19:34:04Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-19.xml b/metadata/glsa/glsa-200801-19.xml
new file mode 100644
index 000000000000..f84fde1e2b72
--- /dev/null
+++ b/metadata/glsa/glsa-200801-19.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-19">
+  <title>GOffice: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in GOffice could result in the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">goffice</product>
+  <announced>2008-01-30</announced>
+  <revised count="01">2008-01-30</revised>
+  <bug>198385</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/goffice" auto="yes" arch="*">
+      <unaffected range="ge">0.6.1</unaffected>
+      <unaffected range="rge">0.4.3</unaffected>
+      <vulnerable range="lt">0.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GOffice is a library of document-centric objects and utilities based on
+    GTK.
+    </p>
+  </background>
+  <description>
+    <p>
+    GOffice includes a copy of PCRE which is vulnerable to multiple buffer
+    overflows and memory corruptions vulnerabilities (GLSA 200711-30).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to open specially crafted documents
+    with GOffice, which could possibly lead to the execution of arbitrary
+    code, a Denial of Service or the disclosure of sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GOffice 0.4.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/goffice-0.4.3"</code>
+    <p>
+    All GOffice 0.6.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/goffice-0.6.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-30.xml">GLSA-200711-30</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-10T19:49:11Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-29T19:42:53Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-29T19:43:29Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-20.xml b/metadata/glsa/glsa-200801-20.xml
new file mode 100644
index 000000000000..a69133598099
--- /dev/null
+++ b/metadata/glsa/glsa-200801-20.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-20">
+  <title>libxml2: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been reported in libxml2.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2008-01-30</announced>
+  <revised count="01">2008-01-30</revised>
+  <bug>202628</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.6.30-r1</unaffected>
+      <vulnerable range="lt">2.6.30-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libxml2 is the XML (eXtended Markup Language) C parser and toolkit
+    initially developed for the Gnome project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Brad Fitzpatrick reported that the xmlCurrentChar() function does not
+    properly handle some UTF-8 multibyte encodings.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted XML
+    document with an application using libxml2, possibly resulting in a
+    high CPU consumption. Note that this vulnerability could also be
+    triggered without user interaction by an automated system processing
+    XML content.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libxml2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.6.30-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284">CVE-2007-6284</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-12T01:14:43Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-28T19:48:32Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-28T19:48:45Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-21.xml b/metadata/glsa/glsa-200801-21.xml
new file mode 100644
index 000000000000..52baaf029c16
--- /dev/null
+++ b/metadata/glsa/glsa-200801-21.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-21">
+  <title>Xdg-Utils: Arbitrary command execution</title>
+  <synopsis>
+    A vulnerability has been discovered in Xdg-Utils, allowing for the remote
+    execution of arbitrary commands.
+  </synopsis>
+  <product type="ebuild">xdg-utils</product>
+  <announced>2008-01-30</announced>
+  <revised count="01">2008-01-30</revised>
+  <bug>207331</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-misc/xdg-utils" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2-r1</unaffected>
+      <vulnerable range="lt">1.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xdg-Utils is a set of tools allowing all applications to easily
+    integrate with the Free Desktop configuration.
+    </p>
+  </background>
+  <description>
+    <p>
+    Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell
+    scripts do not properly sanitize their input before processing it.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted link
+    with a vulnerable application using Xdg-Utils (e.g. an email client),
+    resulting in the execution of arbitrary code with the privileges of the
+    user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xdg-Utils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-misc/xdg-utils-1.0.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386">CVE-2008-0386</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-26T12:15:55Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-28T20:04:22Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-28T20:04:30Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200801-22.xml b/metadata/glsa/glsa-200801-22.xml
new file mode 100644
index 000000000000..9e3d804822c8
--- /dev/null
+++ b/metadata/glsa/glsa-200801-22.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200801-22">
+  <title>PeerCast: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in PeerCast.
+  </synopsis>
+  <product type="ebuild">peercast</product>
+  <announced>2008-01-30</announced>
+  <revised count="02">2008-01-30</revised>
+  <bug>202747</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/peercast" auto="yes" arch="*">
+      <unaffected range="ge">0.1218</unaffected>
+      <vulnerable range="lt">0.1218</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PeerCast is a client and server for P2P-radio network
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma reported a heap-based buffer overflow within the
+    "handshakeHTTP()" function when processing HTTP requests.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted request to the
+    vulnerable server, possibly resulting in the remote execution of
+    arbitrary code with the privileges of the user running the PeerCast
+    server, usually "nobody".
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PeerCast users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/peercast-0.1218"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6454">CVE-2007-6454</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-11T08:22:19Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-01-29T19:51:49Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-29T23:04:06Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-01.xml b/metadata/glsa/glsa-200802-01.xml
new file mode 100644
index 000000000000..97c1854d0e2c
--- /dev/null
+++ b/metadata/glsa/glsa-200802-01.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-01">
+  <title>SDL_image: Two buffer overflow vulnerabilities</title>
+  <synopsis>
+    Two boundary errors have been identified in SDL_image allowing for the
+    remote execution of arbitrary code or the crash of the application using
+    the library.
+  </synopsis>
+  <product type="ebuild">sdl-image</product>
+  <announced>2008-02-06</announced>
+  <revised count="01">2008-02-06</revised>
+  <bug>207933</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/sdl-image" auto="yes" arch="*">
+      <unaffected range="ge">1.2.6-r1</unaffected>
+      <vulnerable range="lt">1.2.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SDL_image is an image file library that loads images as SDL surfaces,
+    and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM,
+    TGA, TIFF, XCF, XPM, and XV.
+    </p>
+  </background>
+  <description>
+    <p>
+    The LWZReadByte() function in file IMG_gif.c and the IMG_LoadLBM_RW()
+    function in file IMG_lbm.c each contain a boundary error that can be
+    triggered to cause a static buffer overflow and a heap-based buffer
+    overflow. The first boundary error comes from some old vulnerable GD
+    PHP code (CVE-2006-4484).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can make an application using the SDL_image library
+    to process a specially crafted GIF file or IFF ILBM file that will
+    trigger a buffer overflow, resulting in the execution of arbitrary code
+    with the permissions of the application or the application crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SDL_image users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/sdl-image-1.2.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/advisories/28640/">SA28640</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6697">CVE-2007-6697</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0544">CVE-2008-0544</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-01-29T09:35:04Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-29T09:36:22Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-02.xml b/metadata/glsa/glsa-200802-02.xml
new file mode 100644
index 000000000000..72a5e2032cb5
--- /dev/null
+++ b/metadata/glsa/glsa-200802-02.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-02">
+  <title>Doomsday: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Doomsday might allow remote execution of
+    arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">doomsday</product>
+  <announced>2008-02-06</announced>
+  <revised count="02">2008-02-10</revised>
+  <bug>190835</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-fps/doomsday" auto="no" arch="*">
+      <vulnerable range="le">1.9.0_beta52</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Doomsday Engine (deng) is a modern gaming engine for popular ID
+    games like Doom, Heretic and Hexen.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma discovered multiple buffer overflows in the
+    D_NetPlayerEvent() function, the Msg_Write() function and the
+    NetSv_ReadCommands() function. He also discovered errors when handling
+    chat messages that are not NULL-terminated (CVE-2007-4642) or contain a
+    short data length, triggering an integer underflow (CVE-2007-4643).
+    Furthermore a format string vulnerability was discovered in the
+    Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages
+    (CVE-2007-4644).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to execute
+    arbitrary code with the rights of the user running the Doomsday server
+    or cause a Denial of Service by sending specially crafted messages to
+    the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    While some of these issues could be resolved in
+    "games-fps/doomsday-1.9.0-beta5.2", the format string vulnerability
+    (CVE-2007-4644) remains unfixed. We recommend that users unmerge
+    Doomsday:
+    </p>
+    <code>
+    # emerge --unmerge games-fps/doomsday</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4642">CVE-2007-4642</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4643">CVE-2007-4643</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4644">CVE-2007-4644</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-12-06T00:50:29Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-12-12T01:08:23Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-20T00:41:43Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-03.xml b/metadata/glsa/glsa-200802-03.xml
new file mode 100644
index 000000000000..9d2373b4595e
--- /dev/null
+++ b/metadata/glsa/glsa-200802-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-03">
+  <title>Horde IMP: Security bypass</title>
+  <synopsis>
+    Insufficient checks in Horde may allow a remote attacker to bypass security
+    restrictions.
+  </synopsis>
+  <product type="ebuild">horde-imp</product>
+  <announced>2008-02-11</announced>
+  <revised count="01">2008-02-11</revised>
+  <bug>205377</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde-imp" auto="yes" arch="*">
+      <unaffected range="ge">4.1.6</unaffected>
+      <vulnerable range="lt">4.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Horde IMP provides a web-based access to IMAP and POP3 mailboxes.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar, Secunia Research discovered that the "frame" and
+    "frameset" HTML tags are not properly filtered out. He also reported
+    that certain HTTP requests are executed without being checked.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted HTML
+    e-mail, possibly resulting in the deletion of arbitrary e-mail
+    messages.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde IMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-imp-4.1.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018">CVE-2007-6018</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-02-05T12:56:07Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-05T12:56:20Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-04.xml b/metadata/glsa/glsa-200802-04.xml
new file mode 100644
index 000000000000..2c4a44e51b4c
--- /dev/null
+++ b/metadata/glsa/glsa-200802-04.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-04">
+  <title>Gallery: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were discovered in Gallery.
+  </synopsis>
+  <product type="ebuild">gallery</product>
+  <announced>2008-02-11</announced>
+  <revised count="01">2008-02-11</revised>
+  <bug>203217</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">2.2.4</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is a web-based application for creating and viewing photo
+    albums.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Gallery developement team reported and fixed critical
+    vulnerabilities during an internal audit (CVE-2007-6685, CVE-2007-6686,
+    CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690,
+    CVE-2007-6691, CVE-2007-6692, CVE-2007-6693).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to execute
+    arbitrary code, conduct Cross-Site Scripting and Cross-Site Request
+    Forgery attacks, or disclose sensitive informations.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gallery users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/gallery-2.2.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6685">CVE-2007-6685</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6686">CVE-2007-6686</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6687">CVE-2007-6687</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6688">CVE-2007-6688</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6689">CVE-2007-6689</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6690">CVE-2007-6690</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6691">CVE-2007-6691</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6692">CVE-2007-6692</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6693">CVE-2007-6693</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-23T19:59:20Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-23T19:59:33Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-06T11:03:19Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-05.xml b/metadata/glsa/glsa-200802-05.xml
new file mode 100644
index 000000000000..f60069df9fa3
--- /dev/null
+++ b/metadata/glsa/glsa-200802-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-05">
+  <title>Gnumeric: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Several integer overflow vulnerabilities have been reported in Gnumeric,
+    possibly resulting in user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gnumeric</product>
+  <announced>2008-02-12</announced>
+  <revised count="01">2008-02-12</revised>
+  <bug>208356</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/gnumeric" auto="yes" arch="*">
+      <unaffected range="ge">1.8.1</unaffected>
+      <vulnerable range="lt">1.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Gnumeric spreadsheet is a versatile application developed as part
+    of the GNOME Office project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple integer overflow and signedness errors have been reported in
+    the excel_read_HLINK() function in file plugins/excel/ms-excel-read.c
+    when processing XLS HLINK opcodes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted XLS
+    file, possibly resulting in the remote execution of arbitrary code with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gnumeric users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/gnumeric-1.8.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0668">CVE-2008-0668</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-10T23:12:13Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-10T23:12:22Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-12T08:14:23Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-06.xml b/metadata/glsa/glsa-200802-06.xml
new file mode 100644
index 000000000000..a6da2e17ceae
--- /dev/null
+++ b/metadata/glsa/glsa-200802-06.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-06">
+  <title>scponly: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in scponly allow authenticated users to bypass
+    security restrictions.
+  </synopsis>
+  <product type="ebuild">scponly</product>
+  <announced>2008-02-12</announced>
+  <revised count="02">2008-02-13</revised>
+  <bug>201726</bug>
+  <bug>203099</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/scponly" auto="yes" arch="*">
+      <unaffected range="ge">4.8</unaffected>
+      <vulnerable range="lt">4.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    scponly is a shell for restricting user access to file transfer only
+    using sftp and scp.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joachim Breitner reported that Subversion and rsync support invokes
+    subcommands in an insecure manner (CVE-2007-6350). It has also been
+    discovered that scponly does not filter the -o and -F options to the
+    scp executable (CVE-2007-6415).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit these vulnerabilities to elevate
+    privileges and execute arbitrary commands on the vulnerable host.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All scponly users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/scponly-4.8"</code>
+    <p>
+    Due to the design of scponly's Subversion support, security
+    restrictions can still be circumvented. Please read carefully the
+    SECURITY file included in the package.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6350">CVE-2007-6350</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6415">CVE-2007-6415</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-23T02:02:07Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-06T10:51:42Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-06T10:51:57Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-07.xml b/metadata/glsa/glsa-200802-07.xml
new file mode 100644
index 000000000000..0124c850b1bf
--- /dev/null
+++ b/metadata/glsa/glsa-200802-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-07">
+  <title>Pulseaudio: Privilege escalation</title>
+  <synopsis>
+    A vulnerability in pulseaudio may allow a local user to execute actions
+    with escalated privileges.
+  </synopsis>
+  <product type="ebuild">pulseaudio</product>
+  <announced>2008-02-13</announced>
+  <revised count="01">2008-02-13</revised>
+  <bug>207214</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/pulseaudio" auto="yes" arch="*">
+      <unaffected range="ge">0.9.9</unaffected>
+      <vulnerable range="lt">0.9.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pulseaudio is a networked sound server with an advanced plugin system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Marcus Meissner from SUSE reported that the pa_drop_root() function
+    does not properly check the return value of the system calls setuid(),
+    seteuid(), setresuid() and setreuid() when dropping its privileges.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could cause a resource exhaustion to make the system
+    calls fail, which would cause Pulseaudio to run as root. The attacker
+    could then perform actions with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pulseaudio users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/pulseaudio-0.9.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0008">CVE-2008-0008</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-11T18:33:13Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-11T18:33:32Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-13T20:35:58Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-08.xml b/metadata/glsa/glsa-200802-08.xml
new file mode 100644
index 000000000000..34f5fae29037
--- /dev/null
+++ b/metadata/glsa/glsa-200802-08.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-08">
+  <title>Boost: Denial of service</title>
+  <synopsis>
+    Two vulnerabilities have been reported in Boost, each one possibly
+    resulting in a Denial of Service.
+  </synopsis>
+  <product type="ebuild">boost</product>
+  <announced>2008-02-14</announced>
+  <revised count="01">2008-02-14</revised>
+  <bug>205955</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/boost" auto="yes" arch="*">
+      <unaffected range="ge">1.34.1-r2</unaffected>
+      <vulnerable range="lt">1.34.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Boost is a set of C++ libraries, including the Boost.Regex library to
+    process regular expressions.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy and Will Drewry from the Google Security Team reported a
+    failed assertion in file regex/v4/perl_matcher_non_recursive.hpp
+    (CVE-2008-0171) and a NULL pointer dereference in function
+    get_repeat_type() file basic_regex_creator.hpp (CVE-2008-0172) when
+    processing regular expressions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could provide specially crafted regular expressions
+    to an application using Boost, resulting in a crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Boost users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/boost-1.34.1-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0171">CVE-2008-0171</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0172">CVE-2008-0172</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-10T14:26:57Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-10T14:27:09Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-13T20:51:31Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-09.xml b/metadata/glsa/glsa-200802-09.xml
new file mode 100644
index 000000000000..56325c776a3a
--- /dev/null
+++ b/metadata/glsa/glsa-200802-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-09">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in ClamAV may result in the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2008-02-21</announced>
+  <revised count="01">2008-02-21</revised>
+  <bug>209915</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.92.1</unaffected>
+      <vulnerable range="lt">0.92.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a free anti-virus toolkit for UNIX, designed
+    especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    An integer overflow has been reported in the "cli_scanpe()" function in
+    file libclamav/pe.c (CVE-2008-0318). Another unspecified vulnerability
+    has been reported in file libclamav/mew.c (CVE-2008-0728).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could entice a user or automated system to scan a
+    specially crafted file, possibly leading to the execution of arbitrary
+    code with the privileges of the user running ClamAV (either a system
+    user or the "clamav" user if clamd is compromised).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.92.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318">CVE-2008-0318</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0728">CVE-2008-0728</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-19T20:13:32Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-19T20:14:59Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-19T21:50:12Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-10.xml b/metadata/glsa/glsa-200802-10.xml
new file mode 100644
index 000000000000..e2c13bcc24fa
--- /dev/null
+++ b/metadata/glsa/glsa-200802-10.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-10">
+  <title>Python: PCRE Integer overflow</title>
+  <synopsis>
+    A vulnerability within Python's copy of PCRE might lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2008-02-23</announced>
+  <revised count="01">2008-02-23</revised>
+  <bug>198373</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">2.3.6-r4</unaffected>
+      <vulnerable range="lt">2.3.6-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented programming
+    language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Python 2.3 includes a copy of PCRE which is vulnerable to an integer
+    overflow vulnerability, leading to a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit the vulnerability by tricking a vulnerable
+    Python application to compile a regular expressions, which could
+    possibly lead to the execution of arbitrary code, a Denial of Service
+    or the disclosure of sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Python 2.3 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.3.6-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228">CVE-2006-7228</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-30.xml">GLSA 200711-30</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-07T19:00:53Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-01-28T18:01:42Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-18T22:37:11Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-11.xml b/metadata/glsa/glsa-200802-11.xml
new file mode 100644
index 000000000000..e8f149f64d2c
--- /dev/null
+++ b/metadata/glsa/glsa-200802-11.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-11">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in Asterisk.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2008-02-26</announced>
+  <revised count="01">2008-02-26</revised>
+  <bug>185713</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="rge">1.2.17-r1</unaffected>
+      <unaffected range="ge">1.2.21.1-r1</unaffected>
+      <vulnerable range="lt">1.2.21.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Asterisk is an open source telephony engine and tool kit.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been found in Asterisk:
+    </p>
+    <ul>
+    <li>Russel Bryant reported a stack buffer overflow in the IAX2 channel
+    driver (chan_iax2) when bridging calls between chan_iax2 and any
+    channel driver that uses RTP for media (CVE-2007-3762).</li>
+    <li>Chris
+    Clark and Zane Lackey (iSEC Partners) reported a NULL pointer
+    dereference in the IAX2 channel driver (chan_iax2)
+    (CVE-2007-3763).</li>
+    <li>Will Drewry (Google Security) reported a
+    vulnerability in the Skinny channel driver (chan_skinny), resulting in
+    an overly large memcpy (CVE-2007-3764).</li>
+    <li>Will Drewry (Google
+    Security) reported a vulnerability in the IAX2 channel driver
+    (chan_iax2), that does not correctly handle unauthenticated
+    transactions using a 3-way handshake (CVE-2007-4103).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    By sending a long voice or video RTP frame, a remote attacker could
+    possibly execute arbitrary code on the target machine. Sending
+    specially crafted LAGRQ or LAGRP frames containing information elements
+    of IAX frames, or a certain data length value in a crafted packet, or
+    performing a flood of calls not completing a 3-way handshake, could
+    result in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Asterisk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.2.17-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3762">CVE-2007-3762</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763">CVE-2007-3763</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3764">CVE-2007-3764</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103">CVE-2007-4103</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-07T19:55:16Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-11-22T23:26:53Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-26T19:44:52Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200802-12.xml b/metadata/glsa/glsa-200802-12.xml
new file mode 100644
index 000000000000..1c4821a05276
--- /dev/null
+++ b/metadata/glsa/glsa-200802-12.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200802-12">
+  <title>xine-lib: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    xine-lib is vulnerable to multiple buffer overflows when processing FLAC
+    and ASF streams.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2008-02-26</announced>
+  <revised count="02">2008-03-03</revised>
+  <bug>209106</bug>
+  <bug>208100</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.10.1</unaffected>
+      <vulnerable range="lt">1.1.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is the core library package for the xine media player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Damian Frizza and Alfredo Ortega (Core Security Technologies)
+    discovered a stack-based buffer overflow within the open_flac_file()
+    function in the file demux_flac.c when parsing tags within a FLAC file
+    (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is
+    similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to play specially crafted FLAC or
+    ASF video streams with a player using xine-lib, potentially resulting
+    in the execution of arbitrary code with the privileges of the user
+    running the player.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.10.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1664">CVE-2006-1664</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486">CVE-2008-0486</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1110">CVE-2008-1110</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-20T08:36:00Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-20T08:36:16Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-23T19:46:42Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-01.xml b/metadata/glsa/glsa-200803-01.xml
new file mode 100644
index 000000000000..8b1a006f7e99
--- /dev/null
+++ b/metadata/glsa/glsa-200803-01.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-01">
+  <title>Adobe Acrobat Reader: Multiple vulnerabilities</title>
+  <synopsis>
+    Adobe Acrobat Reader is vulnerable to remote code execution, Denial of
+    Service, and cross-site request forgery attacks.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2008-03-02</announced>
+  <revised count="05">2008-03-05</revised>
+  <bug>170177</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">8.1.2</unaffected>
+      <vulnerable range="lt">8.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Acrobat Reader is a PDF reader released by Adobe.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Adobe Acrobat Reader,
+    including:
+    </p>
+    <ul><li>A file disclosure when using file:// in PDF documents
+    (CVE-2007-1199)</li>
+    <li>Multiple buffer overflows in unspecified Javascript methods
+    (CVE-2007-5659)</li>
+    <li>An unspecified vulnerability in the Escript.api plugin
+    (CVE-2007-5663)</li>
+    <li>An untrusted search path (CVE-2007-5666)</li>
+    <li>Incorrect handling of printers (CVE-2008-0667)</li>
+    <li>An integer overflow when passing incorrect arguments to
+    "printSepsWithParams" (CVE-2008-0726)</li>
+    </ul>
+    <p>
+    Other unspecified vulnerabilities have also been reported
+    (CVE-2008-0655).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running the application. A remote
+    attacker could also perform cross-site request forgery attacks, or
+    cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Acrobat Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-8.1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1199">CVE-2007-1199</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659">CVE-2007-5659</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5663">CVE-2007-5663</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5666">CVE-2007-5666</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0655">CVE-2008-0655</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0667">CVE-2008-0667</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0726">CVE-2008-0726</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-12T00:03:23Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-27T22:32:54Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-27T22:33:01Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-02.xml b/metadata/glsa/glsa-200803-02.xml
new file mode 100644
index 000000000000..93899153df7a
--- /dev/null
+++ b/metadata/glsa/glsa-200803-02.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-02">
+  <title>Firebird: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Firebird may allow the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">firebird</product>
+  <announced>2008-03-02</announced>
+  <revised count="01">2008-03-02</revised>
+  <bug>208034</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/firebird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3.12981.0-r5</unaffected>
+      <vulnerable range="lt">2.0.3.12981.0-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Firebird is a multi-platform, open source relational database.
+    </p>
+  </background>
+  <description>
+    <p>
+    Firebird does not properly handle certain types of XDR requests,
+    resulting in an integer overflow (CVE-2008-0387). Furthermore, it is
+    vulnerable to a buffer overflow when processing usernames
+    (CVE-2008-0467).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted XDR requests or an
+    overly long username to the vulnerable server, possibly resulting in
+    the remote execution of arbitrary code with the privileges of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Firebird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/firebird-2.0.3.12981.0-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0387">CVE-2008-0387</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467">CVE-2008-0467</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-25T20:05:19Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-25T20:05:28Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-28T12:57:14Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-03.xml b/metadata/glsa/glsa-200803-03.xml
new file mode 100644
index 000000000000..09c352f6bcf7
--- /dev/null
+++ b/metadata/glsa/glsa-200803-03.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-03">
+  <title>Audacity: Insecure temporary file creation</title>
+  <synopsis>
+    Audacity uses temporary files in an insecure manner, allowing for a symlink
+    attack.
+  </synopsis>
+  <product type="ebuild">audacity</product>
+  <announced>2008-03-02</announced>
+  <revised count="01">2008-03-02</revised>
+  <bug>199751</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/audacity" auto="yes" arch="*">
+      <unaffected range="ge">1.3.4-r1</unaffected>
+      <vulnerable range="lt">1.3.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Audacity is a free cross-platform audio editor.
+    </p>
+  </background>
+  <description>
+    <p>
+    Viktor Griph reported that the "AudacityApp::OnInit()" method in file
+    src/AudacityApp.cpp does not handle temporary files properly.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to conduct symlink
+    attacks to delete arbitrary files and directories with the privileges
+    of the user running Audacity.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Audacity users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/audacity-1.3.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6061">CVE-2007-6061</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-20T00:55:24Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-26T22:46:54Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-26T22:47:07Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-04.xml b/metadata/glsa/glsa-200803-04.xml
new file mode 100644
index 000000000000..c596002c1aab
--- /dev/null
+++ b/metadata/glsa/glsa-200803-04.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-04">
+  <title>Mantis: Cross-Site Scripting</title>
+  <synopsis>
+    A persistent Cross-Site Scripting vulnerability has been discovered in
+    Mantis.
+  </synopsis>
+  <product type="ebuild">mantis</product>
+  <announced>2008-03-03</announced>
+  <revised count="01">2008-03-03</revised>
+  <bug>203791</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mantisbt" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8-r1</unaffected>
+      <vulnerable range="lt">1.0.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mantis is a web-based bug tracking system.
+    </p>
+  </background>
+  <description>
+    <p>
+    seiji reported that the filename for the uploaded file in
+    bug_report.php is not properly sanitised before being stored.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could upload a file with a specially crafted to a bug
+    report, resulting in the execution of arbitrary HTML and script code
+    within the context of the users's browser. Note that this vulnerability
+    is only exploitable by authenticated users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mantis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mantisbt-1.0.8-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6611">CVE-2007-6611</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-10T18:16:34Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-10T18:16:43Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-28T12:32:54Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-05.xml b/metadata/glsa/glsa-200803-05.xml
new file mode 100644
index 000000000000..e37ddfa6d13f
--- /dev/null
+++ b/metadata/glsa/glsa-200803-05.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-05">
+  <title>SplitVT: Privilege escalation</title>
+  <synopsis>
+    A vulnerability in SplitVT may allow local users to gain escalated
+    privileges.
+  </synopsis>
+  <product type="ebuild">splitvt</product>
+  <announced>2008-03-03</announced>
+  <revised count="01">2008-03-03</revised>
+  <bug>211240</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-misc/splitvt" auto="yes" arch="*">
+      <unaffected range="ge">1.6.6-r1</unaffected>
+      <vulnerable range="lt">1.6.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SplitVT is a program for splitting terminals into two shells.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mike Ashton reported that SplitVT does not drop group privileges before
+    executing the xprop utility.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could exploit this vulnerability to gain the "utmp"
+    group privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SplitVT users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-misc/splitvt-1.6.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0162">CVE-2008-0162</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-26T20:35:01Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-26T20:35:10Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-29T11:02:58Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-06.xml b/metadata/glsa/glsa-200803-06.xml
new file mode 100644
index 000000000000..a0176a928dff
--- /dev/null
+++ b/metadata/glsa/glsa-200803-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-06">
+  <title>SWORD: Shell command injection</title>
+  <synopsis>
+    Insufficient input checking in SWORD may allow shell command injection.
+  </synopsis>
+  <product type="ebuild">sword</product>
+  <announced>2008-03-03</announced>
+  <revised count="01">2008-03-03</revised>
+  <bug>210754</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/sword" auto="yes" arch="*">
+      <unaffected range="ge">1.5.8-r2</unaffected>
+      <vulnerable range="lt">1.5.8-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SWORD is a library for Bible study software.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dan Dennison reported that the diatheke.pl script used in SWORD does
+    not properly sanitize shell meta-characters in the "range" parameter
+    before processing it.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could provide specially crafted input to a vulnerable
+    application, possibly resulting in the remote execution of arbitrary
+    shell commands with the privileges of the user running SWORD (generally
+    the web server account).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SWORD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/sword-1.5.8-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0932">CVE-2008-0932</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-23T19:11:13Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-29T12:41:01Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-29T12:41:15Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-07.xml b/metadata/glsa/glsa-200803-07.xml
new file mode 100644
index 000000000000..957926590226
--- /dev/null
+++ b/metadata/glsa/glsa-200803-07.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-07">
+  <title>Paramiko: Information disclosure</title>
+  <synopsis>
+    Unsafe randomness usage in Paramiko may allow access to sensitive
+    information.
+  </synopsis>
+  <product type="ebuild">paramiko</product>
+  <announced>2008-03-03</announced>
+  <revised count="01">2008-03-03</revised>
+  <bug>205777</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/paramiko" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2</unaffected>
+      <vulnerable range="lt">1.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Paramiko is a Secure Shell Server implementation written in Python.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dwayne C. Litzenberger reported that the file "common.py" does not
+    properly use RandomPool when using threads or forked processes.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could predict the values generated by applications
+    using Paramiko for encryption purposes, potentially gaining access to
+    sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Paramiko users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-python/paramiko-1.7.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0299">CVE-2008-0299</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-11T18:32:09Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-11T18:33:24Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-28T12:43:49Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-08.xml b/metadata/glsa/glsa-200803-08.xml
new file mode 100644
index 000000000000..ec818cd4430b
--- /dev/null
+++ b/metadata/glsa/glsa-200803-08.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-08">
+  <title>Win32 binary codecs: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the Win32 codecs for Linux may result in the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">win32codecs</product>
+  <announced>2008-03-04</announced>
+  <revised count="01">2008-03-04</revised>
+  <bug>150288</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/win32codecs" auto="yes" arch="*">
+      <unaffected range="ge">20071007-r2</unaffected>
+      <vulnerable range="lt">20071007-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Win32 binary codecs provide support for video and audio playback.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple buffer overflow, heap overflow, and integer overflow
+    vulnerabilities were discovered in the Quicktime plugin when processing
+    MOV, FLC, SGI, H.264 and FPX files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted video
+    file, possibly resulting in the remote execution of arbitrary code with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Win32 binary codecs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/win32codecs-20071007-r2"</code>
+    <p>
+    Note: Since no updated binary versions have been released, the
+    Quicktime libraries have been removed from the package. Please use the
+    free alternative Quicktime implementations within VLC, MPlayer or Xine
+    for playback.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382">CVE-2006-4382</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384">CVE-2006-4384</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385">CVE-2006-4385</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386">CVE-2006-4386</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388">CVE-2006-4388</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389">CVE-2006-4389</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674">CVE-2007-4674</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166">CVE-2007-6166</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-11-13T22:48:06Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-11-13T22:48:15Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-02-29T10:44:06Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-09.xml b/metadata/glsa/glsa-200803-09.xml
new file mode 100644
index 000000000000..91225cf364c4
--- /dev/null
+++ b/metadata/glsa/glsa-200803-09.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-09">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Opera, allowing for file
+    disclosure, privilege escalation and Cross-Site scripting.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2008-03-04</announced>
+  <revised count="01">2008-03-04</revised>
+  <bug>210260</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.26</unaffected>
+      <vulnerable range="lt">9.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a fast web browser that is available free of charge.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mozilla discovered that Opera does not handle input to file form fields
+    properly, allowing scripts to manipulate the file path (CVE-2008-1080).
+    Max Leonov found out that image comments might be treated as scripts,
+    and run within the wrong security context (CVE-2008-1081). Arnaud
+    reported that a wrong representation of DOM attribute values of
+    imported XML documents allows them to bypass sanitization filters
+    (CVE-2008-1082).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to upload a file with a known
+    path by entering text into a specially crafted form, to execute scripts
+    outside intended security boundaries and conduct Cross-Site Scripting
+    attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.26"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1080">CVE-2008-1080</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1081">CVE-2008-1081</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1082">CVE-2008-1082</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-26T10:02:38Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-26T10:02:54Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-02T22:56:26Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-10.xml b/metadata/glsa/glsa-200803-10.xml
new file mode 100644
index 000000000000..ecf5fddd40a7
--- /dev/null
+++ b/metadata/glsa/glsa-200803-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-10">
+  <title>lighttpd: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in lighttpd.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2008-03-05</announced>
+  <revised count="01">2008-03-05</revised>
+  <bug>211230</bug>
+  <bug>211956</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.18-r2</unaffected>
+      <vulnerable range="lt">1.4.18-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    lighttpd is a lightweight high-performance web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    lighttpd contains a calculation error when allocating the global file
+    descriptor array (CVE-2008-0983). Furthermore, it sends the source of a
+    CGI script instead of returning a 500 error (Internal Server Error)
+    when the fork() system call fails (CVE-2008-1111).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities to cause a Denial
+    of Service or gain the source of a CGI script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All lighttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.4.18-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0983">CVE-2008-0983</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1111">CVE-2008-1111</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-02T13:11:03Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-02T22:33:25Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-04T21:56:43Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-11.xml b/metadata/glsa/glsa-200803-11.xml
new file mode 100644
index 000000000000..0337f1670582
--- /dev/null
+++ b/metadata/glsa/glsa-200803-11.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-11">
+  <title>Vobcopy: Insecure temporary file creation</title>
+  <synopsis>
+    Vobcopy uses temporary files in an insecure manner, allowing for a symlink
+    attack.
+  </synopsis>
+  <product type="ebuild">vobcopy</product>
+  <announced>2008-03-05</announced>
+  <revised count="01">2008-03-05</revised>
+  <bug>197578</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-video/vobcopy" auto="yes" arch="*">
+      <unaffected range="ge">1.1.0</unaffected>
+      <vulnerable range="lt">1.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Vobcopy is a tool for decrypting and copying DVD .vob files to a hard
+    disk.
+    </p>
+  </background>
+  <description>
+    <p>
+    Joey Hess reported that vobcopy appends data to the file
+    "/tmp/vobcopy.bla" in an insecure manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to conduct symlink
+    attacks and append data to arbitrary files with the privileges of the
+    user running Vobcopy.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Vobcopy users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vobcopy-1.1.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5718">CVE-2007-5718</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-04T14:25:49Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-04T22:37:51Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-04T22:38:00Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-12.xml b/metadata/glsa/glsa-200803-12.xml
new file mode 100644
index 000000000000..323453f1b731
--- /dev/null
+++ b/metadata/glsa/glsa-200803-12.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-12">
+  <title>Evolution: Format string vulnerability</title>
+  <synopsis>
+    A format string error has been discovered in Evolution, possibly resulting
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">evolution</product>
+  <announced>2008-03-05</announced>
+  <revised count="01">2008-03-05</revised>
+  <bug>212272</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/evolution" auto="yes" arch="*">
+      <unaffected range="ge">2.12.3-r1</unaffected>
+      <vulnerable range="lt">2.12.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Evolution is a GNOME groupware application.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ulf Harnhammar from Secunia Research discovered a format string error
+    in the emf_multipart_encrypted() function in the file mail/em-format.c
+    when reading certain data (e.g. the "Version:" field) from an encrypted
+    e-mail.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    encrypted e-mail, potentially resulting in the execution of arbitrary
+    code with the privileges of the user running Evolution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Evolution users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/evolution-2.12.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0072">CVE-2008-0072</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-05T20:09:16Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-05T21:00:40Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-05T21:00:49Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-13.xml b/metadata/glsa/glsa-200803-13.xml
new file mode 100644
index 000000000000..843def643895
--- /dev/null
+++ b/metadata/glsa/glsa-200803-13.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-13">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in VLC, allowing for the execution of
+    arbitrary code and Denial of Service.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2008-03-07</announced>
+  <revised count="01">2008-03-07</revised>
+  <bug>203345</bug>
+  <bug>211575</bug>
+  <bug>205299</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6e</unaffected>
+      <vulnerable range="lt">0.8.6e</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VLC is a cross-platform media player and streaming server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in VLC:
+    </p>
+    <ul>
+    <li>Michal Luczaj
+    and Luigi Auriemma reported that VLC contains boundary errors when
+    handling subtitles in the ParseMicroDvd(), ParseSSA(), and
+    ParseVplayer() functions in the modules/demux/subtitle.c file, allowing
+    for a stack-based buffer overflow (CVE-2007-6681).</li>
+    <li>The web
+    interface listening on port 8080/tcp contains a format string error in
+    the httpd_FileCallBack() function in the network/httpd.c file
+    (CVE-2007-6682).</li>
+    <li>The browser plugin possibly contains an
+    argument injection vulnerability (CVE-2007-6683).</li>
+    <li>The RSTP
+    module triggers a NULL pointer dereference when processing a request
+    without a "Transport" parameter (CVE-2007-6684).</li>
+    <li>Luigi
+    Auriemma and Remi Denis-Courmont found a boundary error in the
+    modules/access/rtsp/real_sdpplin.c file when processing SDP data for
+    RTSP sessions (CVE-2008-0295) and a vulnerability in the
+    libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a
+    heap-based buffer overflow.</li>
+    <li>Felipe Manzano and Anibal Sacco
+    (Core Security Technologies) discovered an arbitrary memory overwrite
+    vulnerability in VLC's MPEG-4 file format parser (CVE-2008-0984).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a long subtitle in a file that a user is
+    enticed to open, a specially crafted MP4 input file, long SDP data, or
+    a specially crafted HTTP request with a "Connection" header value
+    containing format specifiers, possibly resulting in the remote
+    execution of arbitrary code. Also, a Denial of Service could be caused
+    and arbitrary files could be overwritten via the "demuxdump-file"
+    option in a filename in a playlist or via an EXTVLCOPT statement in an
+    MP3 file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VLC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-0.8.6e"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6681">CVE-2007-6681</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6682">CVE-2007-6682</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6683">CVE-2007-6683</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6684">CVE-2007-6684</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0295">CVE-2008-0295</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0296">CVE-2008-0296</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984">CVE-2008-0984</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-03-05T21:55:08Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-07T18:42:04Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-14.xml b/metadata/glsa/glsa-200803-14.xml
new file mode 100644
index 000000000000..a71fbaf55561
--- /dev/null
+++ b/metadata/glsa/glsa-200803-14.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-14">
+  <title>Ghostscript: Buffer overflow</title>
+  <synopsis>
+    A stack-based buffer overflow has been discovered in Ghostscript, allowing
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">ghostscript</product>
+  <announced>2008-03-08</announced>
+  <revised count="01">2008-03-08</revised>
+  <bug>208999</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-esp" auto="yes" arch="*">
+      <unaffected range="ge">8.15.4-r1</unaffected>
+      <vulnerable range="lt">8.15.4-r1</vulnerable>
+    </package>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">8.61-r3</unaffected>
+      <vulnerable range="lt">8.61-r3</vulnerable>
+    </package>
+    <package name="app-text/ghostscript-gnu" auto="yes" arch="*">
+      <unaffected range="ge">8.60.0-r2</unaffected>
+      <vulnerable range="lt">8.60.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ghostscript is a suite of software based on an interpreter for
+    PostScript and PDF.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans (Google Security) discovered a stack-based buffer overflow
+    within the zseticcspace() function in the file zicc.c when processing a
+    PostScript file containing a long "Range" array in a .seticcscpate
+    operator.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability by enticing a user
+    to open a specially crafted PostScript file, which could possibly lead
+    to the execution of arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ghostscript ESP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-esp-8.15.4-r1"</code>
+    <p>
+    All Ghostscript GPL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-8.61-r3"</code>
+    <p>
+    All Ghostscript GNU users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gnu-8.60.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411">CVE-2008-0411</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-02T15:25:45Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-02T15:25:54Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-05T20:06:31Z">
+    psychoschlumpf
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-15.xml b/metadata/glsa/glsa-200803-15.xml
new file mode 100644
index 000000000000..13654439ef5f
--- /dev/null
+++ b/metadata/glsa/glsa-200803-15.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-15">
+  <title>phpMyAdmin: SQL injection vulnerability</title>
+  <synopsis>
+    A SQL injection vulnerability has been discovered in phpMyAdmin.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2008-03-09</announced>
+  <revised count="01">2008-03-09</revised>
+  <bug>212000</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.11.5</unaffected>
+      <vulnerable range="lt">2.11.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a free web-based database administration tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Richard Cunningham reported that phpMyAdmin uses the $_REQUEST variable
+    of $_GET and $_POST as a source for its parameters.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    An attacker could entice a user to visit a malicious web application
+    that sets an "sql_query" cookie and is hosted on the same domain as
+    phpMyAdmin, and thereby conduct SQL injection attacks with the
+    privileges of the user authenticating in phpMyAdmin afterwards.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.11.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1149">CVE-2008-1149</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-05T09:53:35Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-07T08:44:33Z">
+    psychoschlumpf
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-07T10:05:31Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-16.xml b/metadata/glsa/glsa-200803-16.xml
new file mode 100644
index 000000000000..f12e8e0fb3cf
--- /dev/null
+++ b/metadata/glsa/glsa-200803-16.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-16">
+  <title>MPlayer: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in MPlayer, possibly allowing
+    for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mplayer</product>
+  <announced>2008-03-10</announced>
+  <revised count="01">2008-03-10</revised>
+  <bug>208566</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_rc2_p25993</unaffected>
+      <vulnerable range="lt">1.0_rc2_p25993</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player incuding support for a wide range of audio
+    and video formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following errors have been discovered in MPlayer:
+    </p>
+    <ul>
+    <li>Felipe Manzano and Anibal Sacco (Core Security Technologies)
+    reported an array indexing error in the file libmpdemux/demux_mov.c
+    when parsing MOV file headers (CVE-2008-0485).</li>
+    <li>Damian Frizza
+    and Alfredo Ortega (Core Security Technologies) reported a boundary
+    error in the file libmpdemux/demux_audio.c when parsing FLAC comments
+    (CVE-2008-0486).</li>
+    <li>Adam Bozanich (Mu Security) reported boundary
+    errors in the cddb_parse_matches_list() and cddb_query_parse()
+    functions in the file stream_cddb.c when parsing CDDB album titles
+    (CVE-2008-0629) and in the url_scape_string() function in the file
+    stream/url.c when parsing URLS (CVE-2008-0630).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted file,
+    possibly resulting in the execution of arbitrary code with the
+    privileges of the user running MPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0_rc2_p25993"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485">CVE-2008-0485</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486">CVE-2008-0486</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629">CVE-2008-0629</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630">CVE-2008-0630</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-19T20:10:11Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-19T20:13:04Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-07T23:38:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-17.xml b/metadata/glsa/glsa-200803-17.xml
new file mode 100644
index 000000000000..c72faaf356a5
--- /dev/null
+++ b/metadata/glsa/glsa-200803-17.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-17">
+  <title>PDFlib: Multiple buffer overflows</title>
+  <synopsis>
+    Multiple stack-based buffer overflows have been reported in PDFlib.
+  </synopsis>
+  <product type="ebuild">pdflib</product>
+  <announced>2008-03-10</announced>
+  <revised count="01">2008-03-10</revised>
+  <bug>203287</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/pdflib" auto="yes" arch="*">
+      <unaffected range="ge">7.0.2_p8</unaffected>
+      <vulnerable range="lt">7.0.2_p8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PDFlib is a library for generating PDF on the fly.
+    </p>
+  </background>
+  <description>
+    <p>
+    poplix reported multiple boundary errors in the pdc_fsearch_fopen()
+    function when processing overly long filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted content to a vulnerable
+    application using PDFlib, possibly resulting in the remote execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PDFlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/pdflib-7.0.2_p8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6561">CVE-2007-6561</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-08T16:26:44Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-10T12:46:32Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-10T12:46:45Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-18.xml b/metadata/glsa/glsa-200803-18.xml
new file mode 100644
index 000000000000..f760c5aed23f
--- /dev/null
+++ b/metadata/glsa/glsa-200803-18.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-18">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were discovered in Cacti.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2008-03-10</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>209918</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">0.8.7b</unaffected>
+      <unaffected range="rge">0.8.6j-r8</unaffected>
+      <vulnerable range="lt">0.8.7b</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cacti is a web-based network graphing and reporting tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following inputs are not properly sanitized before being processed:
+    </p>
+    <ul><li>"view_type" parameter in the file graph.php, "filter" parameter
+    in the file graph_view.php, "action" and "login_username" parameters in
+    the file index.php (CVE-2008-0783).</li>
+    <li>"local_graph_id" parameter in the file graph.php
+    (CVE-2008-0784).</li>
+    <li>"graph_list" parameter in the file graph_view.php, "leaf_id" and
+    "id" parameters in the file tree.php, "local_graph_id" in the file
+    graph_xport.php (CVE-2008-0785).</li>
+    </ul>
+    <p>
+    Furthermore, CRLF injection attack are possible via unspecified vectors
+    (CVE-2008-0786).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities, leading to path
+    disclosure, Cross-Site Scripting attacks, SQL injection, and HTTP
+    response splitting.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cacti users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-0.8.7b"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0783">CVE-2008-0783</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0784">CVE-2008-0784</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0785">CVE-2008-0785</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0786">CVE-2008-0786</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-25T22:16:20Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-07T23:16:40Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-07T23:16:51Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-19.xml b/metadata/glsa/glsa-200803-19.xml
new file mode 100644
index 000000000000..7d2454f9cac3
--- /dev/null
+++ b/metadata/glsa/glsa-200803-19.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-19">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Apache.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2008-03-11</announced>
+  <revised count="02">2008-03-12</revised>
+  <bug>201163</bug>
+  <bug>204410</bug>
+  <bug>205195</bug>
+  <bug>209899</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.2.8</unaffected>
+      <vulnerable range="lt">2.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method
+    specifier header is not properly sanitized when the HTTP return code is
+    "413 Request Entity too large" (CVE-2007-6203). The mod_proxy_balancer
+    module does not properly check the balancer name before using it
+    (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its
+    answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported
+    that filenames are not properly sanitized within the mod_negotiation
+    module (CVE-2008-0455, CVE-2008-0456).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to visit a malicious URL or send
+    specially crafted HTTP requests (i.e using Adobe Flash) to perform
+    Cross-Site Scripting and HTTP response splitting attacks, or conduct a
+    Denial of Service attack on the vulnerable web server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203">CVE-2007-6203</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422">CVE-2007-6422</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005">CVE-2008-0005</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455">CVE-2008-0455</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456">CVE-2008-0456</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-13T14:04:58Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-10T12:30:36Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-10T12:31:50Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-20.xml b/metadata/glsa/glsa-200803-20.xml
new file mode 100644
index 000000000000..41e16594b4d9
--- /dev/null
+++ b/metadata/glsa/glsa-200803-20.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-20">
+  <title>International Components for Unicode: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities have been discovered in the International Components
+    for Unicode, possibly resulting in the remote execution of arbitrary code
+    or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2008-03-11</announced>
+  <revised count="03">2009-05-28</revised>
+  <bug>208001</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">3.8.1-r1</unaffected>
+      <unaffected range="rge">3.6-r2</unaffected>
+      <vulnerable range="lt">3.8.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    International Components for Unicode is a set of C/C++ and Java
+    libraries providing Unicode and Globalization support for software
+    applications.
+    </p>
+  </background>
+  <description>
+    <p>
+    Will Drewry (Google Security) reported a vulnerability in the regular
+    expression engine when using back references to capture \0 characters
+    (CVE-2007-4770). He also found that the backtracking stack size is not
+    limited, possibly allowing for a heap-based buffer overflow
+    (CVE-2007-4771).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could submit specially crafted regular expressions to
+    an application using the library, possibly resulting in the remote
+    execution of arbitrary code with the privileges of the user running the
+    application or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All International Components for Unicode users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-3.8.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770">CVE-2007-4770</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771">CVE-2007-4771</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-20T08:30:44Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-20T08:30:59Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-11T12:40:50Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-21.xml b/metadata/glsa/glsa-200803-21.xml
new file mode 100644
index 000000000000..6883a122fdda
--- /dev/null
+++ b/metadata/glsa/glsa-200803-21.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-21">
+  <title>Sarg: Remote execution of arbitrary code</title>
+  <synopsis>
+    Sarg is vulnerable to the execution of arbitrary code when processed with
+    untrusted input files.
+  </synopsis>
+  <product type="ebuild">sarg</product>
+  <announced>2008-03-12</announced>
+  <revised count="01">2008-03-12</revised>
+  <bug>212208</bug>
+  <bug>212731</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/sarg" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5</unaffected>
+      <vulnerable range="lt">2.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Sarg (Squid Analysis Report Generator) is a tool that provides many
+    informations about the Squid web proxy server users activities: time,
+    sites, traffic, etc.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sarg doesn't properly check its input for abnormal content when
+    processing Squid log files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker using a vulnerable Squid as a proxy server or a
+    reverse-proxy server can inject arbitrary content into the "User-Agent"
+    HTTP client header, that will be processed by sarg, which will lead to
+    the execution of arbitrary code, or JavaScript injection, allowing
+    Cross-Site Scripting attacks and the theft of credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sarg users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/sarg-2.2.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1167">CVE-2008-1167</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1168">CVE-2008-1168</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-08T16:52:09Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-09T18:03:52Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-09T21:03:08Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-22.xml b/metadata/glsa/glsa-200803-22.xml
new file mode 100644
index 000000000000..9e0f0c951545
--- /dev/null
+++ b/metadata/glsa/glsa-200803-22.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-22">
+  <title>LIVE555 Media Server: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been reported in LIVE555 Media
+    Server.
+  </synopsis>
+  <product type="ebuild">live</product>
+  <announced>2008-03-13</announced>
+  <revised count="01">2008-03-13</revised>
+  <bug>204065</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-plugins/live" auto="yes" arch="*">
+      <unaffected range="ge">2008.02.08</unaffected>
+      <vulnerable range="lt">2008.02.08</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LIVE555 Media Server is a set of libraries for multimedia streaming.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma reported a signedness error in the
+    parseRTSPRequestString() function when processing short RTSP queries.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted RTSP query to the
+    vulnerable server, resulting in a crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LIVE555 Media Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-plugins/live-2008.02.08"</code>
+    <p>
+    Note: Due to ABI changes, applications built against LIVE555 Media
+    Server such as VLC or MPlayer should also be rebuilt.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6036">CVE-2007-6036</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-08T16:52:57Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-11T12:26:32Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-11T12:27:04Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-23.xml b/metadata/glsa/glsa-200803-23.xml
new file mode 100644
index 000000000000..14a3ebd482ac
--- /dev/null
+++ b/metadata/glsa/glsa-200803-23.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-23">
+  <title>Website META Language: Insecure temporary file usage</title>
+  <synopsis>
+    Multiple insecure temporary file vulnerabilities have been discovered in
+    the Website META Language.
+  </synopsis>
+  <product type="ebuild">wml</product>
+  <announced>2008-03-15</announced>
+  <revised count="01">2008-03-15</revised>
+  <bug>209927</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/wml" auto="yes" arch="*">
+      <unaffected range="ge">2.0.11-r3</unaffected>
+      <vulnerable range="lt">2.0.11-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Website META Language is a free and extensible Webdesigner's off-line
+    HTML generation toolkit for Unix.
+    </p>
+  </background>
+  <description>
+    <p>
+    Temporary files are handled insecurely in the files
+    wml_backend/p1_ipp/ipp.src, wml_contrib/wmg.cgi, and
+    wml_backend/p3_eperl/eperl_sys.c, allowing users to overwrite or delete
+    arbitrary files with the privileges of the user running the program.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Local users can exploit the insecure temporary file vulnerabilities via
+    symlink attacks to perform certain actions with escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Restrict access to the temporary directory to trusted users only.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Website META Language users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/wml-2.0.11-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0665">CVE-2008-0665</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0666">CVE-2008-0666</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-11T22:05:35Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-11T22:05:48Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-15T20:18:51Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-24.xml b/metadata/glsa/glsa-200803-24.xml
new file mode 100644
index 000000000000..8c0b5293db4e
--- /dev/null
+++ b/metadata/glsa/glsa-200803-24.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-24">
+  <title>PCRE: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in PCRE, allowing for
+    the execution of arbitrary code and Denial of Service.
+  </synopsis>
+  <product type="ebuild">libpcre glib</product>
+  <announced>2008-03-17</announced>
+  <revised count="02">2008-03-17</revised>
+  <bug>209067</bug>
+  <bug>209293</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre" auto="yes" arch="*">
+      <unaffected range="ge">7.6-r1</unaffected>
+      <vulnerable range="lt">7.6-r1</vulnerable>
+    </package>
+    <package name="dev-libs/glib" auto="yes" arch="*">
+      <unaffected range="ge">2.14.6</unaffected>
+      <unaffected range="lt">2.14.0</unaffected>
+      <vulnerable range="lt">2.14.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PCRE is a Perl-compatible regular expression library. GLib includes a
+    copy of PCRE.
+    </p>
+  </background>
+  <description>
+    <p>
+    PCRE contains a buffer overflow vulnerability when processing a
+    character class containing a very large number of characters with
+    codepoints greater than 255.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability by sending a
+    specially crafted regular expression to an application making use of
+    the PCRE library, which could possibly lead to the execution of
+    arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PCRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-7.6-r1"</code>
+    <p>
+    All GLib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.14.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674">CVE-2008-0674</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-26T20:45:26Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-01T06:12:22Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-05T14:06:55Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-25.xml b/metadata/glsa/glsa-200803-25.xml
new file mode 100644
index 000000000000..86bee5f8f31a
--- /dev/null
+++ b/metadata/glsa/glsa-200803-25.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-25">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities in Dovecot allow for information disclosure and
+    argument injection.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2008-03-18</announced>
+  <revised count="01">2008-03-18</revised>
+  <bug>212336</bug>
+  <bug>213030</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">1.0.13-r1</unaffected>
+      <vulnerable range="lt">1.0.13-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dovecot uses the group configured via the "mail_extra_groups" setting,
+    which should be used to create lockfiles in the /var/mail directory,
+    when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape
+    TAB characters in passwords when saving them, which might allow for
+    argument injection in blocking passdbs such as MySQL, PAM or shadow
+    (CVE-2008-1218).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers can exploit the first vulnerability to disclose
+    sensitive data, such as the mail of other users, or modify files or
+    directories that are writable by group via a symlink attack. Please
+    note that the "mail_extra_groups" setting is set to the "mail" group by
+    default when the "mbox" USE flag is enabled.
+    </p>
+    <p>
+    The second vulnerability can be abused to inject arguments for internal
+    fields. No exploitation vectors are known for this vulnerability that
+    affect previously stable versions of Dovecot in Gentoo.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dovecot users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-1.0.13-r1"</code>
+    <p>
+    This version removes the "mail_extra_groups" option and introduces a
+    "mail_privileged_group" setting which is handled safely.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1199">CVE-2008-1199</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1218">CVE-2008-1218</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-11T18:35:36Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-12T01:34:31Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-18T11:19:55Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-26.xml b/metadata/glsa/glsa-200803-26.xml
new file mode 100644
index 000000000000..f2cf77bb5045
--- /dev/null
+++ b/metadata/glsa/glsa-200803-26.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-26">
+  <title>Adobe Acrobat Reader: Insecure temporary file creation</title>
+  <synopsis>
+    An insecure temporary file creation vulnerability has been discovered in
+    Adobe Acrobat Reader.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2008-03-18</announced>
+  <revised count="01">2008-03-18</revised>
+  <bug>212367</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">8.1.2-r1</unaffected>
+      <vulnerable range="lt">8.1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Acrobat Reader is a PDF reader released by Adobe.
+    </p>
+  </background>
+  <description>
+    <p>
+    SUSE reported that the "acroread" wrapper script does not create
+    temporary files in a secure manner when handling SSL certificates
+    (CVE-2008-0883).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to overwrite
+    arbitrary files via a symlink attack on temporary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Acrobat Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-8.1.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0883">CVE-2008-0883</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-16T13:19:39Z">
+    mfleming
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-17T11:44:20Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-18T13:28:58Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-27.xml b/metadata/glsa/glsa-200803-27.xml
new file mode 100644
index 000000000000..4429b4a8111b
--- /dev/null
+++ b/metadata/glsa/glsa-200803-27.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-27">
+  <title>MoinMoin: Multiple vulnerabilities</title>
+  <synopsis>
+    Several vulnerabilities have been reported in MoinMoin Wiki Engine.
+  </synopsis>
+  <product type="ebuild">moinmoin</product>
+  <announced>2008-03-18</announced>
+  <revised count="01">2008-03-18</revised>
+  <bug>209133</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/moinmoin" auto="yes" arch="*">
+      <unaffected range="ge">1.6.1</unaffected>
+      <vulnerable range="lt">1.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MoinMoin is an advanced, easy to use and extensible Wiki Engine.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered:
+    </p>
+    <ul>
+    <li>
+    A vulnerability exists in the file wikimacro.py because the
+    _macro_Getval function does not properly enforce ACLs
+    (CVE-2008-1099).</li>
+    <li>
+    A directory traversal vulnerability exists in the userform action
+    (CVE-2008-0782).</li>
+    <li>
+    A Cross-Site Scripting vulnerability exists in the login action
+    (CVE-2008-0780).</li>
+    <li>
+    Multiple Cross-Site Scripting vulnerabilities exist in the file
+    action/AttachFile.py when using the message, pagename, and target
+    filenames (CVE-2008-0781).</li>
+    <li>
+    Multiple Cross-Site Scripting vulnerabilities exist in
+    formatter/text_gedit.py (aka the gui editor formatter) which can be
+    exploited via a page name or destination page name, which trigger an
+    injection in the file PageEditor.py (CVE-2008-1098).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities can be exploited to allow remote attackers to
+    inject arbitrary web script or HTML, overwrite arbitrary files, or read
+    protected pages.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MoinMoin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/moinmoin-1.6.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0780">CVE-2008-0780</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0781">CVE-2008-0781</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0782">CVE-2008-0782</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1098">CVE-2008-1098</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1099">CVE-2008-1099</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-02-26T09:02:13Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-26T09:03:06Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-15T19:53:09Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-28.xml b/metadata/glsa/glsa-200803-28.xml
new file mode 100644
index 000000000000..9e6d5a987e5e
--- /dev/null
+++ b/metadata/glsa/glsa-200803-28.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-28">
+  <title>OpenLDAP: Denial of Service vulnerabilities</title>
+  <synopsis>
+    Multiple Denial of Service vulnerabilities have been reported in OpenLDAP.
+  </synopsis>
+  <product type="ebuild">openldap</product>
+  <announced>2008-03-19</announced>
+  <revised count="01">2008-03-19</revised>
+  <bug>197446</bug>
+  <bug>209677</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nds/openldap" auto="yes" arch="*">
+      <unaffected range="ge">2.3.41</unaffected>
+      <vulnerable range="lt">2.3.41</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenLDAP Software is an open source implementation of the Lightweight
+    Directory Access Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following errors have been discovered in OpenLDAP:
+    </p>
+    <ul>
+    <li>
+    Tony Blake discovered an error which exists within the normalisation of
+    "objectClasses" (CVE-2007-5707).</li>
+    <li>
+    Thomas Sesselmann reported that, when running as a proxy-caching server
+    the "add_filter_attrs()" function in servers/slapd/overlay/pcache.c
+    does not correctly NULL terminate "new_attrs" (CVE-2007-5708).</li>
+    <li>
+    A double-free bug exists in attrs_free() in the file
+    servers/slapd/back-bdb/modrdn.c, which was discovered by Jonathan
+    Clarke (CVE-2008-0658).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can cause a Denial of Serivce by sending a malformed
+    "objectClasses" attribute, and via unknown vectors that prevent the
+    "new_attrs" array from being NULL terminated, and via a modrdn
+    operation with a NOOP (LDAP_X_NO_OPERATION) control.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenLDAP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-nds/openldap-2.3.41"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5707">CVE-2007-5707</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708">CVE-2007-5708</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658">CVE-2008-0658</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-03-15T17:57:19Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-19T01:23:44Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-29.xml b/metadata/glsa/glsa-200803-29.xml
new file mode 100644
index 000000000000..8b3ac90f05b0
--- /dev/null
+++ b/metadata/glsa/glsa-200803-29.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-29">
+  <title>ViewVC: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple security issues have been reported in ViewVC, which can be
+    exploited by malicious people to bypass certain security restrictions.
+  </synopsis>
+  <product type="ebuild">viewvc</product>
+  <announced>2008-03-19</announced>
+  <revised count="02">2009-04-01</revised>
+  <bug>212288</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/viewvc" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ViewVC is a browser interface for CVS and Subversion version control
+    repositories.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple unspecified errors were reportedly fixed by the ViewVC
+    development team.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted URL to the server to
+    list CVS or SVN commits on "all-forbidden" files, access hidden CVSROOT
+    folders, and view restricted content via the revision view, the log
+    history, or the diff view.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ViewVC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/viewvc-1.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1290">CVE-2008-1290</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1291">CVE-2008-1291</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1292">CVE-2008-1292</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-11T22:06:35Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-11T22:06:42Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-15T21:33:23Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-30.xml b/metadata/glsa/glsa-200803-30.xml
new file mode 100644
index 000000000000..c935e44eeb46
--- /dev/null
+++ b/metadata/glsa/glsa-200803-30.xml
@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-30">
+  <title>ssl-cert eclass: Certificate disclosure</title>
+  <synopsis>
+    An error in the usage of the ssl-cert eclass within multiple ebuilds might
+    allow for disclosure of generated SSL private keys.
+  </synopsis>
+  <product type="ebuild">ssl-cert.eclass</product>
+  <announced>2008-03-20</announced>
+  <revised count="01">2008-03-20</revised>
+  <bug>174759</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/conserver" auto="yes" arch="*">
+      <unaffected range="ge">8.1.16</unaffected>
+      <vulnerable range="lt">8.1.16</vulnerable>
+    </package>
+    <package name="mail-mta/postfix" auto="yes" arch="*">
+      <unaffected range="ge">2.4.6-r2</unaffected>
+      <unaffected range="rge">2.3.8-r1</unaffected>
+      <unaffected range="rge">2.2.11-r1</unaffected>
+      <vulnerable range="lt">2.4.6-r2</vulnerable>
+    </package>
+    <package name="net-ftp/netkit-ftpd" auto="yes" arch="*">
+      <unaffected range="ge">0.17-r7</unaffected>
+      <vulnerable range="lt">0.17-r7</vulnerable>
+    </package>
+    <package name="net-im/ejabberd" auto="yes" arch="*">
+      <unaffected range="ge">1.1.3</unaffected>
+      <vulnerable range="lt">1.1.3</vulnerable>
+    </package>
+    <package name="net-irc/unrealircd" auto="yes" arch="*">
+      <unaffected range="ge">3.2.7-r2</unaffected>
+      <vulnerable range="lt">3.2.7-r2</vulnerable>
+    </package>
+    <package name="net-mail/cyrus-imapd" auto="yes" arch="*">
+      <unaffected range="ge">2.3.9-r1</unaffected>
+      <vulnerable range="lt">2.3.9-r1</vulnerable>
+    </package>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">1.0.10</unaffected>
+      <vulnerable range="lt">1.0.10</vulnerable>
+    </package>
+    <package name="net-misc/stunnel" auto="yes" arch="*">
+      <unaffected range="ge">4.21-r1</unaffected>
+      <unaffected range="lt">4.0</unaffected>
+      <vulnerable range="lt">4.21-r1</vulnerable>
+    </package>
+    <package name="net-nntp/inn" auto="yes" arch="*">
+      <unaffected range="ge">2.4.3-r1</unaffected>
+      <vulnerable range="lt">2.4.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The ssl-cert eclass is a code module used by Gentoo ebuilds to generate
+    SSL certificates.
+    </p>
+  </background>
+  <description>
+    <p>
+    Robin Johnson reported that the docert() function provided by
+    ssl-cert.eclass can be called by source building stages of an ebuild,
+    such as src_compile() or src_install(), which will result in the
+    generated SSL keys being included inside binary packages (binpkgs).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could recover the SSL keys from publicly readable
+    binary packages when "<i>emerge</i>" is called with the "<i>--buildpkg
+    (-b)</i>" or "<i>--buildpkgonly (-B)</i>" option. Remote attackers can
+    recover these keys if the packages are served to a network. Binary
+    packages built using "<i>quickpkg</i>" are not affected.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not use pre-generated SSL keys, but use keys that were generated
+    using a different Certificate Authority.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Upgrading to newer versions of the above packages will neither remove
+    possibly compromised SSL certificates, nor old binary packages. Please
+    remove the certificates installed by Portage, and then emerge an
+    upgrade to the package.
+    </p>
+    <p>
+    All Conserver users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/conserver-8.1.16"</code>
+    <p>
+    All Postfix 2.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/postfix-2.4.6-r2"</code>
+    <p>
+    All Postfix 2.3 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/postfix-2.3.8-r1"</code>
+    <p>
+    All Postfix 2.2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/postfix-2.2.11-r1"</code>
+    <p>
+    All Netkit FTP Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/netkit-ftpd-0.17-r7"</code>
+    <p>
+    All ejabberd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/ejabberd-1.1.3"</code>
+    <p>
+    All UnrealIRCd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/unrealircd-3.2.7-r2"</code>
+    <p>
+    All Cyrus IMAP Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/cyrus-imapd-2.3.9-r1"</code>
+    <p>
+    All Dovecot users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-1.0.10"</code>
+    <p>
+    All stunnel 4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/stunnel-4.21"</code>
+    <p>
+    All InterNetNews users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-nntp/inn-2.4.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1383">CVE-2008-1383</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-03-14T23:17:10Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-15T00:11:06Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-31.xml b/metadata/glsa/glsa-200803-31.xml
new file mode 100644
index 000000000000..bd5aedd20e1c
--- /dev/null
+++ b/metadata/glsa/glsa-200803-31.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-31">
+  <title>MIT Kerberos 5: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in MIT Kerberos 5, which could
+    allow a remote unauthenticated user to execute arbitrary code with root
+    privileges.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2008-03-24</announced>
+  <revised count="01">2008-03-24</revised>
+  <bug>199205</bug>
+  <bug>212363</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r1</unaffected>
+      <vulnerable range="lt">1.6.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT Kerberos 5 is a suite of applications that implement the Kerberos
+    network protocol. kadmind is the MIT Kerberos 5 administration daemon,
+    KDC is the Key Distribution Center.
+    </p>
+  </background>
+  <description>
+    <ul><li>Two vulnerabilities were found in the Kerberos 4 support in
+    KDC: A global variable is not set for some incoming message types,
+    leading to a NULL pointer dereference or a double free()
+    (CVE-2008-0062) and unused portions of a buffer are not properly
+    cleared when generating an error message, which results in stack
+    content being contained in a reply (CVE-2008-0063).</li>
+    <li>Jeff
+    Altman (Secure Endpoints) discovered a buffer overflow in the RPC
+    library server code, used in the kadmin server, caused when too many
+    file descriptors are opened (CVE-2008-0947).</li>
+    <li>Venustech AD-LAB
+    discovered multiple vulnerabilities in the GSSAPI library: usage of a
+    freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and
+    a double free() vulnerability in the gss_krb5int_make_seal_token_v3()
+    function (CVE-2007-5971).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    The first two vulnerabilities can be exploited by a remote
+    unauthenticated attacker to execute arbitrary code on the host running
+    krb5kdc, compromise the Kerberos key database or cause a Denial of
+    Service. These bugs can only be triggered when Kerberos 4 support is
+    enabled.
+    </p>
+    <p>
+    The RPC related vulnerability can be exploited by a remote
+    unauthenticated attacker to crash kadmind, and theoretically execute
+    arbitrary code with root privileges or cause database corruption. This
+    bug can only be triggered in configurations that allow large numbers of
+    open file descriptors in a process.
+    </p>
+    <p>
+    The GSSAPI vulnerabilities could be exploited by a remote attacker to
+    cause Denial of Service conditions or possibly execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Kerberos 4 support can be disabled via disabling the "krb4" USE flag
+    and recompiling the ebuild, or setting "v4_mode=none" in the
+    [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around
+    the KDC related vulnerabilities.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT Kerberos 5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.6.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894">CVE-2007-5901</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971">CVE-2007-5971</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062">CVE-2008-0062</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063">CVE-2008-0063</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947">CVE-2008-0947</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-18T22:11:44Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-20T23:06:42Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-20T23:15:12Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200803-32.xml b/metadata/glsa/glsa-200803-32.xml
new file mode 100644
index 000000000000..daa30e74884b
--- /dev/null
+++ b/metadata/glsa/glsa-200803-32.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200803-32">
+  <title>Wireshark: Denial of service</title>
+  <synopsis>
+    Multiple Denial of Service vulnerabilities have been discovered in
+    Wireshark.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2008-03-24</announced>
+  <revised count="01">2008-03-24</revised>
+  <bug>212149</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">0.99.8</unaffected>
+      <vulnerable range="lt">0.99.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a network protocol analyzer with a graphical front-end.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple unspecified errors exist in the SCTP, SNMP, and TFTP
+    dissectors.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause a Denial of Service by sending a
+    malformed packet.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the SCTP, SNMP, and TFTP dissectors.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-0.99.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070">CVE-2008-1070</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071">CVE-2008-1071</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1072">CVE-2008-1072</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-21T02:18:33Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-21T21:01:15Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-03-24T19:58:33Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-01.xml b/metadata/glsa/glsa-200804-01.xml
new file mode 100644
index 000000000000..944ad6885eb6
--- /dev/null
+++ b/metadata/glsa/glsa-200804-01.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-01">
+  <title>CUPS: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in CUPS, allowing for the
+    remote execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2008-04-01</announced>
+  <revised count="01">2008-04-01</revised>
+  <bug>211449</bug>
+  <bug>212364</bug>
+  <bug>214068</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.2.12-r7</unaffected>
+      <vulnerable range="lt">1.2.12-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CUPS provides a portable printing layer for UNIX-based operating
+    systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in CUPS:
+    </p>
+    <ul>
+    <li>regenrecht (VeriSign iDefense) discovered that the
+    cgiCompileSearch() function used in several CGI scripts in CUPS'
+    administration interface does not correctly calculate boundaries when
+    processing a user-provided regular expression, leading to a heap-based
+    buffer overflow (CVE-2008-0047).</li>
+    <li>Helge Blischke reported a
+    double free() vulnerability in the process_browse_data() function when
+    adding or removing remote shared printers (CVE-2008-0882).</li>
+    <li>Tomas Hoger (Red Hat) reported that the gif_read_lzw() function
+    uses the code_size value from GIF images without properly checking it,
+    leading to a buffer overflow (CVE-2008-1373).</li>
+    <li>An unspecified
+    input validation error was discovered in the HP-GL/2 filter
+    (CVE-2008-0053).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could send specially crafted network packets or print
+    jobs and possibly execute arbitrary code with the privileges of the
+    user running CUPS (usually lp), or cause a Denial of Service. The
+    vulnerabilities are exploitable via the network when CUPS is sharing
+    printers remotely.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.2.12-r7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047">CVE-2008-0047</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053">CVE-2008-0053</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882">CVE-2008-0882</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373">CVE-2008-1373</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-08T16:37:44Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-18T13:25:31Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-01T19:15:08Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-02.xml b/metadata/glsa/glsa-200804-02.xml
new file mode 100644
index 000000000000..c6f4d547caf2
--- /dev/null
+++ b/metadata/glsa/glsa-200804-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-02">
+  <title>bzip2: Denial of service</title>
+  <synopsis>
+    A buffer overread vulnerability has been discovered in Bzip2.
+  </synopsis>
+  <product type="ebuild">bzip2</product>
+  <announced>2008-04-02</announced>
+  <revised count="01">2008-04-02</revised>
+  <bug>213820</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/bzip2" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    bzip2 is a free and open source lossless data compression program.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Oulu University discovered that bzip2 does not properly check
+    offsets provided by the bzip2 file, leading to a buffer overread.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers can entice a user or automated system to open a
+    specially crafted file that triggers a buffer overread, causing a
+    Denial of Service. libbz2 and programs linking against it are also
+    affected.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All bzip2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/bzip2-1.0.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372">CVE-2008-1372</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-21T02:17:50Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-21T23:42:29Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-02T13:31:45Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-03.xml b/metadata/glsa/glsa-200804-03.xml
new file mode 100644
index 000000000000..9ecaf1eb1163
--- /dev/null
+++ b/metadata/glsa/glsa-200804-03.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-03">
+  <title>OpenSSH: Privilege escalation</title>
+  <synopsis>
+    Two flaws have been discovered in OpenSSH which could allow local attackers
+    to escalate their privileges.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2008-04-05</announced>
+  <revised count="01">2008-04-05</revised>
+  <bug>214985</bug>
+  <bug>215702</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">4.7_p1-r6</unaffected>
+      <vulnerable range="lt">4.7_p1-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSH is a complete SSH protocol implementation that includes an SFTP
+    client and server support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two issues have been discovered in OpenSSH:
+    </p>
+    <ul>
+    <li>Timo Juhani
+    Lindfors discovered that OpenSSH sets the DISPLAY variable in SSH
+    sessions using X11 forwarding even when it cannot bind the X11 server
+    to a local port in all address families (CVE-2008-1483).</li>
+    <li>OpenSSH will execute the contents of the ".ssh/rc" file even when
+    the "ForceCommand" directive is enabled in the global sshd_config
+    (CVE-2008-1657).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit the first vulnerability to hijack
+    forwarded X11 sessions of other users and possibly execute code with
+    their privileges, disclose sensitive data or cause a Denial of Service,
+    by binding a local X11 server to a port using only one address family.
+    The second vulnerability might allow local attackers to bypass intended
+    security restrictions and execute commands other than those specified
+    by "ForceCommand" if they are able to write to their home directory.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSH users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-4.7_p1-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483">CVE-2008-1483</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657">CVE-2008-1657</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-31T15:53:04Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-03T21:55:34Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T22:39:55Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-04.xml b/metadata/glsa/glsa-200804-04.xml
new file mode 100644
index 000000000000..3dd85090c08b
--- /dev/null
+++ b/metadata/glsa/glsa-200804-04.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-04">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in MySQL might lead to privilege escalation and
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2008-04-06</announced>
+  <revised count="01">2008-04-06</revised>
+  <bug>201669</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.0.54</unaffected>
+      <vulnerable range="lt">5.0.54</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular multi-threaded, multi-user SQL server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in MySQL:
+    </p>
+    <ul>
+    <li>Mattias Jonsson reported that a "RENAME TABLE" command against a
+    table with explicit "DATA DIRECTORY" and "INDEX DIRECTORY" options
+    would overwrite the file to which the symlink points
+    (CVE-2007-5969).</li>
+    <li>Martin Friebe discovered that MySQL does not
+    update the DEFINER value of a view when the view is altered
+    (CVE-2007-6303).</li>
+    <li>Philip Stoev discovered that the federated
+    engine expects the response of a remote MySQL server to contain a
+    minimum number of columns in query replies (CVE-2007-6304).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An authenticated remote attacker could exploit the first vulnerability
+    to overwrite MySQL system tables and escalate privileges, or use the
+    second vulnerability to gain privileges via an "ALTER VIEW" statement.
+    Remote federated MySQL servers could cause a Denial of Service in the
+    local MySQL server by exploiting the third vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.0.54"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969">CVE-2007-5969</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303">CVE-2007-6303</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304">CVE-2007-6304</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-01-28T18:21:58Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-02-09T20:29:29Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-03T23:20:56Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-05.xml b/metadata/glsa/glsa-200804-05.xml
new file mode 100644
index 000000000000..0d7ca3e304f1
--- /dev/null
+++ b/metadata/glsa/glsa-200804-05.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-05">
+  <title>NX: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    NX uses code from the X.org X11 server which is prone to multiple
+    vulnerabilities.
+  </synopsis>
+  <product type="ebuild">nx, nxnode</product>
+  <announced>2008-04-06</announced>
+  <revised count="02">2008-04-06</revised>
+  <bug>210317</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/nxnode" auto="yes" arch="*">
+      <unaffected range="ge">3.1.0-r2</unaffected>
+      <vulnerable range="lt">3.1.0-r2</vulnerable>
+    </package>
+    <package name="net-misc/nx" auto="yes" arch="*">
+      <unaffected range="ge">3.1.0-r1</unaffected>
+      <vulnerable range="lt">3.1.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NoMachine's NX establishes remote connections to X11 desktops over
+    small bandwidth links. NX and NX Node are the compression core
+    libraries, whereas NX is used by FreeNX and NX Node by the binary-only
+    NX servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple integer overflow and buffer overflow vulnerabilities have been
+    discovered in the X.Org X server as shipped by NX and NX Node
+    (vulnerabilities 1-4 in GLSA 200801-09).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities via unspecified
+    vectors, leading to the execution of arbitrary code with the privileges
+    of the user on the machine running the NX server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NX Node users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/nxnode-3.1.0-r2"</code>
+    <p>
+    All NX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/nx-3.1.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200801-09.xml">GLSA 200801-09</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-21T02:19:05Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-03T22:57:19Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T22:57:27Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-06.xml b/metadata/glsa/glsa-200804-06.xml
new file mode 100644
index 000000000000..1168c2fa1b3e
--- /dev/null
+++ b/metadata/glsa/glsa-200804-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-06">
+  <title>UnZip: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A double free vulnerability discovered in UnZip might lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">unzip</product>
+  <announced>2008-04-06</announced>
+  <revised count="01">2008-04-06</revised>
+  <bug>213761</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/unzip" auto="yes" arch="*">
+      <unaffected range="ge">5.52-r2</unaffected>
+      <vulnerable range="lt">5.52-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Info-ZIP's UnZip is a tool to list and extract files inside PKZIP
+    compressed files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team discovered that the NEEDBITS
+    macro in the inflate_dynamic() function in the file inflate.c can be
+    invoked using invalid buffers, which can lead to a double free.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could entice a user or automated system to open a
+    specially crafted ZIP file that might lead to the execution of
+    arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All UnZip users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-arch/unzip-5.52-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888">CVE-2008-0888</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-29T19:46:56Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-03T22:38:54Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T22:39:11Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-07.xml b/metadata/glsa/glsa-200804-07.xml
new file mode 100644
index 000000000000..39b6c25c30ea
--- /dev/null
+++ b/metadata/glsa/glsa-200804-07.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-07">
+  <title>PECL APC: Buffer Overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability in PECL APC might allow for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pecl-apc</product>
+  <announced>2008-04-09</announced>
+  <revised count="01">2008-04-09</revised>
+  <bug>214576</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php5/pecl-apc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.16-r1</unaffected>
+      <vulnerable range="lt">3.0.16-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PECL Alternative PHP Cache (PECL APC) is a free, open, and robust
+    framework for caching and optimizing PHP intermediate code.
+    </p>
+  </background>
+  <description>
+    <p>
+    Daniel Papasian discovered a stack-based buffer overflow in the
+    apc_search_paths() function in the file apc.c when processing long
+    filenames.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to execute arbitrary
+    code in PHP applications that pass user-controlled input to the
+    include() function.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PECL APC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php5/pecl-apc-3.0.16-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1488">CVE-2008-1488</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-03T14:46:37Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T14:49:16Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-03T23:31:29Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-08.xml b/metadata/glsa/glsa-200804-08.xml
new file mode 100644
index 000000000000..eb9cc165152c
--- /dev/null
+++ b/metadata/glsa/glsa-200804-08.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-08">
+  <title>lighttpd: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in lighttpd may lead to information disclosure or
+    a Denial of Service.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2008-04-10</announced>
+  <revised count="01">2008-04-10</revised>
+  <bug>212930</bug>
+  <bug>214892</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.19-r2</unaffected>
+      <vulnerable range="lt">1.4.19-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    lighttpd is a lightweight high-performance web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Julien Cayzax discovered that an insecure default setting exists in
+    mod_userdir in lighttpd. When userdir.path is not set the default value
+    used is $HOME. It should be noted that the "nobody" user's $HOME is "/"
+    (CVE-2008-1270). An error also exists in the SSL connection code which
+    can be triggered when a user prematurely terminates his connection
+    (CVE-2008-1531).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit the first vulnerability to read
+    arbitrary files. The second vulnerability can be exploited by a remote
+    attacker to cause a Denial of Service by terminating a victim's SSL
+    connection.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    As a workaround for CVE-2008-1270 you can set userdir.path to a
+    sensible value, e.g. <i>"public_html"</i>.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All lighttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.4.19-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1270">CVE-2008-1270</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531">CVE-2008-1531</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-29T20:15:35Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T22:44:24Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-06T21:43:05Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-09.xml b/metadata/glsa/glsa-200804-09.xml
new file mode 100644
index 000000000000..f357c07e2744
--- /dev/null
+++ b/metadata/glsa/glsa-200804-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-09">
+  <title>am-utils: Insecure temporary file creation</title>
+  <synopsis>
+    am-utils creates temporary files insecurely allowing local users to
+    overwrite arbitrary files via a symlink attack.
+  </synopsis>
+  <product type="ebuild">am-utils</product>
+  <announced>2008-04-10</announced>
+  <revised count="01">2008-04-10</revised>
+  <bug>210158</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-fs/am-utils" auto="yes" arch="*">
+      <unaffected range="ge">6.1.5</unaffected>
+      <vulnerable range="lt">6.1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    am-utils is a collection of utilities for use with the Berkeley
+    Automounter.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy discovered that, when creating temporary files, the
+    'expn' utility does not check whether the file already exists.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit the vulnerability via a symlink attack
+    to overwrite arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All am-utils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/am-utils-6.1.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1078">CVE-2008-1078</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-08T21:38:37Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-10T09:22:28Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-10T13:21:27Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-10.xml b/metadata/glsa/glsa-200804-10.xml
new file mode 100644
index 000000000000..0b03777f127c
--- /dev/null
+++ b/metadata/glsa/glsa-200804-10.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-10">
+  <title>Tomcat: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Tomcat may lead to local file overwriting,
+    session hijacking or information disclosure.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2008-04-10</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>196066</bug>
+  <bug>203169</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="rge">5.5.26</unaffected>
+      <unaffected range="ge">6.0.16</unaffected>
+      <unaffected range="rge">5.5.27</unaffected>
+      <vulnerable range="lt">6.0.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tomcat is the Apache Jakarta Project's official implementation of Java
+    Servlets and Java Server Pages.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were reported:
+    </p>
+    <ul>
+    <li>Delian Krustev discovered that the JULI logging component does not
+    properly enforce access restrictions, allowing web application to add
+    or overwrite files (CVE-2007-5342).</li>
+    <li>
+    When the native APR connector is used, Tomcat does not properly handle
+    an empty request to the SSL port, which allows remote attackers to
+    trigger handling of a duplicate copy of one of the recent requests
+    (CVE-2007-6286).</li>
+    <li>
+    If the processing or parameters is interrupted, i.e. by an exception,
+    then it is possible for the parameters to be processed as part of later
+    request (CVE-2008-0002).</li>
+    <li>
+    An absolute path traversal vulnerability exists due to the way that
+    WebDAV write requests are handled (CVE-2007-5461).</li>
+    <li>
+    Tomcat does not properly handle double quote (") characters or %5C
+    (encoded backslash) sequences in a cookie value, which might cause
+    sensitive information such as session IDs to be leaked to remote
+    attackers and enable session hijacking attacks
+    (CVE-2007-5333).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities can be exploited by:
+    </p>
+    <ul>
+    <li>
+    a malicious web application to add or overwrite files with the
+    permissions of the user running Tomcat.
+    </li>
+    <li>
+    a remote attacker to conduct session hijacking or disclose sensitive
+    data.
+    </li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tomcat 5.5.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-5.5.26"</code>
+    <p>
+    All Tomcat 6.0.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-6.0.16"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">CVE-2007-5333</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342">CVE-2007-5342</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">CVE-2007-5461</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286">CVE-2007-6286</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002">CVE-2008-0002</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-21T02:25:49Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-03-21T18:05:04Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-04T15:09:23Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-11.xml b/metadata/glsa/glsa-200804-11.xml
new file mode 100644
index 000000000000..6a819a44cde7
--- /dev/null
+++ b/metadata/glsa/glsa-200804-11.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-11">
+  <title>policyd-weight: Insecure temporary file creation</title>
+  <synopsis>
+    policyd-weight uses temporary files in an insecure manner, allowing for a
+    symlink attack.
+  </synopsis>
+  <product type="ebuild">policyd-weight</product>
+  <announced>2008-04-11</announced>
+  <revised count="01">2008-04-11</revised>
+  <bug>214403</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-filter/policyd-weight" auto="yes" arch="*">
+      <unaffected range="ge">0.1.14.17</unaffected>
+      <vulnerable range="lt">0.1.14.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    policyd-weight is a Perl policy daemon for the Postfix MTA intended to
+    eliminate forged envelope senders and HELOs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Howells reported that policyd-weight creates and uses the
+    "/tmp/.policyd-weight/" directory in an insecure manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to delete arbitrary
+    files or change the ownership to the "polw" user via symlink attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Set "<i>$LOCKPATH = '/var/run/policyd-weight/'</i>" manually in
+    "/etc/policyd-weight.conf".
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All policyd-weight users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-filter/policyd-weight-0.1.14.17"</code>
+    <p>
+    This version changes the default path for sockets to
+    "/var/run/policyd-weight", which is only writable by a privileged user.
+    Users need to restart policyd-weight immediately after the upgrade due
+    to this change.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1569">CVE-2008-1569</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-29T20:06:42Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-07T07:47:13Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-07T07:47:40Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-12.xml b/metadata/glsa/glsa-200804-12.xml
new file mode 100644
index 000000000000..78a9adefe150
--- /dev/null
+++ b/metadata/glsa/glsa-200804-12.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-12">
+  <title>gnome-screensaver: Privilege escalation</title>
+  <synopsis>
+    gnome-screensaver allows local users to bypass authentication under certain
+    configurations.
+  </synopsis>
+  <product type="ebuild">gnome-screensaver</product>
+  <announced>2008-04-11</announced>
+  <revised count="01">2008-04-11</revised>
+  <bug>213940</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-extra/gnome-screensaver" auto="yes" arch="*">
+      <unaffected range="ge">2.20.0-r3</unaffected>
+      <vulnerable range="lt">2.20.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gnome-screensaver is a screensaver, designed to integrate with the
+    Gnome desktop, that can replace xscreensaver.
+    </p>
+  </background>
+  <description>
+    <p>
+    gnome-screensaver incorrectly handles the results of the getpwuid()
+    function in the file src/setuid.c when using directory servers (like
+    NIS) during a network outage, a similar issue to GLSA 200705-14.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local user can crash gnome-xscreensaver by preventing network
+    connectivity if the system uses a remote directory service for
+    credentials such as NIS or LDAP, which will unlock the screen.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gnome-screensaver users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=gnome-extra/gnome-screensaver-2.20.0-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887">CVE-2008-0887</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-14.xml">GLSA 200705-14</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-04-09T17:28:36Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-10T13:16:15Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-13.xml b/metadata/glsa/glsa-200804-13.xml
new file mode 100644
index 000000000000..c2574c0b7400
--- /dev/null
+++ b/metadata/glsa/glsa-200804-13.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-13">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in Asterisk allowing for SQL
+    injection, session hijacking and unauthorized usage.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2008-04-14</announced>
+  <revised count="01">2008-04-14</revised>
+  <bug>200792</bug>
+  <bug>202733</bug>
+  <bug>213883</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.27</unaffected>
+      <vulnerable range="lt">1.2.27</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Asterisk is an open source telephony engine and tool kit.
+    </p>
+  </background>
+  <description>
+    <p>
+    Asterisk upstream developers reported multiple vulnerabilities:
+    </p>
+    <ul>
+    <li>The Call Detail Record Postgres logging engine (cdr_pgsql)
+    does not correctly escape the ANI and DNIS arguments before using them
+    in SQL statements (CVE-2007-6170).</li>
+    <li>When using database-based
+    registrations ("realtime") and host-based authentication, Asterisk does
+    not check the IP address when the username is correct and there is no
+    password provided (CVE-2007-6430).</li>
+    <li>The SIP channel driver does
+    not correctly determine if authentication is required
+    (CVE-2008-1332).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote authenticated attackers could send specially crafted data to
+    Asterisk to execute arbitrary SQL commands and compromise the
+    administrative database. Remote unauthenticated attackers could bypass
+    authentication using a valid username to hijack other user's sessions,
+    and establish sessions on the SIP channel without authentication.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Asterisk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.2.27"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6170">CVE-2007-6170</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6430">CVE-2007-6430</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1332">CVE-2008-1332</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-29T20:11:29Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T14:50:06Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-07T07:59:17Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-14.xml b/metadata/glsa/glsa-200804-14.xml
new file mode 100644
index 000000000000..5bb340eb7301
--- /dev/null
+++ b/metadata/glsa/glsa-200804-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-14">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Opera, allowing for
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2008-04-14</announced>
+  <revised count="01">2008-04-14</revised>
+  <bug>216022</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.27</unaffected>
+      <vulnerable range="lt">9.27</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a fast web browser that is available free of charge.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michal Zalewski reported two vulnerabilities, memory corruption when
+    adding news feed sources from a website (CVE-2008-1761) as well as when
+    processing HTML CANVAS elements to use scaled images (CVE-2008-1762).
+    Additionally, an unspecified weakness related to keyboard handling of
+    password inputs has been reported (CVE-2008-1764).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to visit a specially crafted web
+    site or news feed and possibly execute arbitrary code with the
+    privileges of the user running Opera.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.27"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1761">CVE-2008-1761</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1762">CVE-2008-1762</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1764">CVE-2008-1764</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-04-13T00:02:37Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-13T00:02:49Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-15.xml b/metadata/glsa/glsa-200804-15.xml
new file mode 100644
index 000000000000..6e0a1281bab2
--- /dev/null
+++ b/metadata/glsa/glsa-200804-15.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-15">
+  <title>libpng: Execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability in libpng may allow for execution of arbitrary code in
+    certain applications that handle untrusted images.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2008-04-15</announced>
+  <revised count="01">2008-04-15</revised>
+  <bug>217047</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.26-r1</unaffected>
+      <vulnerable range="lt">1.2.26-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is a free ANSI C library used to process and manipulate PNG
+    images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security Team discovered that libpng does
+    not handle zero-length unknown chunks in PNG files correctly, which
+    might lead to memory corruption in applications that call
+    png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks().
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could entice a user or automated system to process a
+    specially crafted PNG image in an application using libpng and possibly
+    execute arbitrary code with the privileges of the user running the
+    application. Note that processing of unknown chunks is disabled by
+    default in most PNG applications, but some such as ImageMagick are
+    affected.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.26-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382">CVE-2008-1382</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-14T01:44:56Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-14T01:49:03Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-14T08:39:38Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-16.xml b/metadata/glsa/glsa-200804-16.xml
new file mode 100644
index 000000000000..c2bf8e725717
--- /dev/null
+++ b/metadata/glsa/glsa-200804-16.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-16">
+  <title>rsync: Execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in rsync might lead to the remote execution of arbitrary
+    code when extended attributes are being used.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2008-04-17</announced>
+  <revised count="01">2008-04-17</revised>
+  <bug>216887</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">2.6.9-r6</unaffected>
+      <vulnerable range="lt">2.6.9-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rsync is a file transfer program to keep remote directories
+    synchronized.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer of SUSE reported an integer overflow in the
+    expand_item_list() function in the file util.c which might lead to a
+    heap-based buffer overflow when extended attribute (xattr) support is
+    enabled.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a file containing specially crafted
+    extended attributes to an rsync deamon, or entice a user to sync from
+    an rsync server containing specially crafted files, possibly leading to
+    the execution of arbitrary code.
+    </p>
+    <p>
+    Please note that extended attributes are only enabled when USE="acl" is
+    enabled, which is the default setting.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable extended attributes in the rsync daemon by setting "<i>refuse
+    options = xattrs</i>" in the file "/etc/rsyncd.conf" (or append
+    "xattrs" to an existing "refuse" statement). When synchronizing to a
+    server, do not provide the "-X" parameter to rsync. You can also
+    disable the "acl" USE flag for rsync and recompile the package.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All rsync users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-2.6.9-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720">CVE-2008-1720</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-14T22:37:35Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-14T23:01:29Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-14T23:01:42Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-17.xml b/metadata/glsa/glsa-200804-17.xml
new file mode 100644
index 000000000000..70665d23d7fe
--- /dev/null
+++ b/metadata/glsa/glsa-200804-17.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-17">
+  <title>Speex: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Improper input validation in Speex might lead to array indexing
+    vulnerabilities in multiple player applications.
+  </synopsis>
+  <product type="ebuild">speex</product>
+  <announced>2008-04-17</announced>
+  <revised count="01">2008-04-17</revised>
+  <bug>217715</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/speex" auto="yes" arch="*">
+      <unaffected range="ge">1.2_beta3_p2</unaffected>
+      <vulnerable range="lt">1.2_beta3_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Speex is an audio compression format designed for speech that is free
+    of patent restrictions.
+    </p>
+  </background>
+  <description>
+    <p>
+    oCERT reported that the Speex library does not properly validate the
+    "mode" value it derives from Speex streams, allowing for array indexing
+    vulnerabilities inside multiple player applications. Within Gentoo,
+    xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins,
+    vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found
+    to be vulnerable.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted Speex
+    file or network stream with an application listed above. This might
+    lead to the execution of arbitrary code with privileges of the user
+    playing the file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Speex users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/speex-1.2_beta3_p2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686">CVE-2008-1686</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-17T09:58:14Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-17T09:58:25Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-17T10:58:23Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-18.xml b/metadata/glsa/glsa-200804-18.xml
new file mode 100644
index 000000000000..b84eab008134
--- /dev/null
+++ b/metadata/glsa/glsa-200804-18.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-18">
+  <title>Poppler: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Poppler does not handle fonts inside PDF files safely, allowing for
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2008-04-17</announced>
+  <revised count="02">2008-04-17</revised>
+  <bug>216850</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.6.3</unaffected>
+      <vulnerable range="lt">0.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Poppler is a cross-platform PDF rendering library originally based on
+    Xpdf.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kees Cook from the Ubuntu Security Team reported that the
+    CairoFont::create() function in the file CairoFontEngine.cc does not
+    verify the type of an embedded font object inside a PDF file before
+    dereferencing a function pointer from it.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted PDF
+    file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview,
+    or Evince, potentially resulting in the execution of arbitrary code
+    with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Poppler users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.6.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693">CVE-2008-1693</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-04-14T01:16:23Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-17T11:28:12Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-19.xml b/metadata/glsa/glsa-200804-19.xml
new file mode 100644
index 000000000000..44b2e4776143
--- /dev/null
+++ b/metadata/glsa/glsa-200804-19.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-19">
+  <title>PHP Toolkit: Data disclosure and Denial of service</title>
+  <synopsis>
+    PHP Toolkit does not quote parameters, allowing for PHP source code
+    disclosure on Apache, and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">php-toolkit</product>
+  <announced>2008-04-17</announced>
+  <revised count="01">2008-04-17</revised>
+  <bug>209535</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/php-toolkit" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP Toolkit is a utility to manage parallel installations of PHP within
+    Gentoo. It is executed by the PHP ebuilds at setup.
+    </p>
+  </background>
+  <description>
+    <p>
+    Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph
+    reported that php-select does not quote parameters passed to the "tr"
+    command, which could convert the "-D PHP5" argument in the
+    "APACHE2_OPTS" setting in the file /etc/conf.d/apache2 to lower case.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a system administrator to run "<i>emerge
+    php</i>" or call "<i>php-select -t apache2 php5</i>" directly in a
+    directory containing a lower case single-character named file, which
+    would prevent Apache from loading mod_php and thereby disclose PHP
+    source code and cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run "emerge" or "php-select" from a working directory which
+    contains a lower case single-character named file.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP Toolkit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/php-toolkit-1.0.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1734">CVE-2008-1734</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-07T23:54:47Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-10T13:22:11Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-11T19:26:49Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-20.xml b/metadata/glsa/glsa-200804-20.xml
new file mode 100644
index 000000000000..c7295f527b9f
--- /dev/null
+++ b/metadata/glsa/glsa-200804-20.xml
@@ -0,0 +1,231 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-20">
+  <title>Sun JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified in Sun Java Development Kit
+    (JDK) and Java Runtime Environment (JRE).
+  </synopsis>
+  <product type="ebuild">sun-jdk, sun-jre-bin, emul-linux-x86-java</product>
+  <announced>2008-04-17</announced>
+  <revised count="06">2010-03-05</revised>
+  <bug>178851</bug>
+  <bug>178962</bug>
+  <bug>183580</bug>
+  <bug>185256</bug>
+  <bug>194711</bug>
+  <bug>212425</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0.05</unaffected>
+      <unaffected range="rge">1.5.0.21</unaffected>
+      <unaffected range="rge">1.5.0.20</unaffected>
+      <unaffected range="rge">1.5.0.19</unaffected>
+      <unaffected range="rge">1.5.0.18</unaffected>
+      <unaffected range="rge">1.5.0.17</unaffected>
+      <unaffected range="rge">1.5.0.16</unaffected>
+      <unaffected range="rge">1.5.0.15</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.5.0.22</unaffected>
+      <vulnerable range="lt">1.6.0.05</vulnerable>
+    </package>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0.05</unaffected>
+      <unaffected range="rge">1.5.0.21</unaffected>
+      <unaffected range="rge">1.5.0.20</unaffected>
+      <unaffected range="rge">1.5.0.19</unaffected>
+      <unaffected range="rge">1.5.0.18</unaffected>
+      <unaffected range="rge">1.5.0.17</unaffected>
+      <unaffected range="rge">1.5.0.16</unaffected>
+      <unaffected range="rge">1.5.0.15</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.5.0.22</unaffected>
+      <vulnerable range="lt">1.6.0.05</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0.05</unaffected>
+      <unaffected range="rge">1.5.0.21</unaffected>
+      <unaffected range="rge">1.5.0.20</unaffected>
+      <unaffected range="rge">1.5.0.19</unaffected>
+      <unaffected range="rge">1.5.0.18</unaffected>
+      <unaffected range="rge">1.5.0.17</unaffected>
+      <unaffected range="rge">1.5.0.16</unaffected>
+      <unaffected range="rge">1.5.0.15</unaffected>
+      <unaffected range="rge">1.4.2.17</unaffected>
+      <unaffected range="rge">1.5.0.22</unaffected>
+      <vulnerable range="lt">1.6.0.05</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
+    (JRE) provide the Sun Java platform.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Sun Java:
+    </p>
+    <ul>
+    <li>Daniel Soeder discovered that a long codebase attribute string in a
+    JNLP file will overflow a stack variable when launched by Java WebStart
+    (CVE-2007-3655).</li>
+    <li>Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788,
+    CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA
+    200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the
+    initial revision of said GLSAs.</li>
+    <li>The Zero Day Initiative, TippingPoint and John Heasman reported
+    multiple buffer overflows and unspecified vulnerabilities in Java Web
+    Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190,
+    CVE-2008-1191).</li>
+    <li>Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue
+    when performing XSLT transformations (CVE-2008-1187).</li>
+    <li>CERT/CC reported a Stack-based buffer overflow in Java Web Start
+    when using JNLP files (CVE-2008-1196).</li>
+    <li>Azul Systems reported an unspecified vulnerability that allows
+    applets to escalate their privileges (CVE-2007-5689).</li>
+    <li>Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz,
+    Weidong Shao, and David Byrne discovered multiple instances where Java
+    applets or JavaScript programs run within browsers do not pin DNS
+    hostnames to a single IP address, allowing for DNS rebinding attacks
+    (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274).</li>
+    <li>Peter Csepely reported that Java Web Start does not properly
+    enforce access restrictions for untrusted applications (CVE-2007-5237,
+    CVE-2007-5238).</li>
+    <li>Java Web Start does not properly enforce access restrictions for
+    untrusted Java applications and applets, when handling drag-and-drop
+    operations (CVE-2007-5239).</li>
+    <li>Giorgio Maone discovered that warnings for untrusted code can be
+    hidden under applications' windows (CVE-2007-5240).</li>
+    <li>Fujitsu reported two security issues where security restrictions of
+    web applets and applications were not properly enforced (CVE-2008-1185,
+    CVE-2008-1186).</li>
+    <li>John Heasman of NGSSoftware discovered that the Java Plug-in does
+    not properly enforce the same origin policy (CVE-2008-1192).</li>
+    <li>Chris Evans of the Google Security Team discovered multiple
+    unspecified vulnerabilities within the Java Runtime Environment Image
+    Parsing Library (CVE-2008-1193, CVE-2008-1194).</li>
+    <li>Gregory Fleischer reported that web content fetched via the "jar:"
+    protocol was not subject to network access restrictions
+    (CVE-2008-1195).</li>
+    <li>Chris Evans and Johannes Henkel of the Google Security Team
+    reported that the XML parsing code retrieves external entities even
+    when that feature is disabled (CVE-2008-0628).</li>
+    <li>Multiple unspecified vulnerabilities might allow for escalation of
+    privileges (CVE-2008-0657).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run a specially crafted applet
+    on a website or start an application in Java Web Start to execute
+    arbitrary code outside of the Java sandbox and of the Java security
+    restrictions with the privileges of the user running Java. The attacker
+    could also obtain sensitive information, create, modify, rename and
+    read local files, execute local applications, establish connections in
+    the local network, bypass the same origin policy, and cause a Denial of
+    Service via multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun JRE 1.6 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.6.0.05"</code>
+    <p>
+    All Sun JRE 1.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.5.0.15"</code>
+    <p>
+    All Sun JRE 1.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.4.2.17"</code>
+    <p>
+    All Sun JDK 1.6 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.6.0.05"</code>
+    <p>
+    All Sun JDK 1.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.5.0.15"</code>
+    <p>
+    All Sun JDK 1.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.4.2.17"</code>
+    <p>
+    All emul-linux-x86-java 1.6 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-java-1.6.0.05"</code>
+    <p>
+    All emul-linux-x86-java 1.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-java-1.5.0.15"</code>
+    <p>
+    All emul-linux-x86-java 1.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-java-1.4.2.17"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435">CVE-2007-2435</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788">CVE-2007-2788</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789">CVE-2007-2789</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3655">CVE-2007-3655</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232">CVE-2007-5232</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5237">CVE-2007-5237</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238">CVE-2007-5238</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239">CVE-2007-5239</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240">CVE-2007-5240</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273">CVE-2007-5273</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274">CVE-2007-5274</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689">CVE-2007-5689</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0628">CVE-2008-0628</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0657">CVE-2008-0657</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1185">CVE-2008-1185</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1186">CVE-2008-1186</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187">CVE-2008-1187</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188">CVE-2008-1188</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189">CVE-2008-1189</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190">CVE-2008-1190</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191">CVE-2008-1191</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192">CVE-2008-1192</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193">CVE-2008-1193</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194">CVE-2008-1194</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195">CVE-2008-1195</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196">CVE-2008-1196</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-23.xml">GLSA 200705-23</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200706-08.xml">GLSA 200706-08</uri>
+  </references>
+  <metadata tag="requester" timestamp="2007-07-15T07:23:49Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2007-07-25T05:33:06Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2007-09-09T23:51:30Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-21.xml b/metadata/glsa/glsa-200804-21.xml
new file mode 100644
index 000000000000..20252414ac86
--- /dev/null
+++ b/metadata/glsa/glsa-200804-21.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-21">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified, the worst of which allow
+    arbitrary code execution on a user's system via a malicious Flash file.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2008-04-18</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>204344</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">9.0.124.0</unaffected>
+      <vulnerable range="lt">9.0.124.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Adobe Flash Player is a renderer for the popular SWF file format,
+    which is commonly used to provide interactive websites, digital
+    experiences and mobile content.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Adobe Flash:
+    </p>
+    <ul>
+    <li>
+    Secunia Research and Zero Day Initiative reported a boundary error
+    related to DeclareFunction2 Actionscript tags in SWF files
+    (CVE-2007-6019).
+    </li>
+    <li>
+    The ISS X-Force and the Zero Day Initiative reported an unspecified
+    input validation error that might lead to a buffer overflow
+    (CVE-2007-0071).
+    </li>
+    <li>
+    Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy
+    files are not checked before sending HTTP headers to another domain
+    (CVE-2008-1654) and that it does not sufficiently restrict the
+    interpretation and usage of cross-domain policy files (CVE-2007-6243).
+    </li>
+    <li>
+    The Stanford University and Ernst and Young's Advanced Security Center
+    reported that Flash does not pin DNS hostnames to a single IP
+    addresses, allowing for DNS rebinding attacks (CVE-2007-5275,
+    CVE-2008-1655).
+    </li>
+    <li>
+    The Google Security Team and Minded Security Multiple reported multiple
+    cross-site scripting vulnerabilities when passing input to Flash
+    functions (CVE-2007-6637).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted file
+    (usually in a web browser), possibly leading to the execution of
+    arbitrary code with the privileges of the user running the Adobe Flash
+    Player. The attacker could also cause a user's machine to send HTTP
+    requests to other hosts, establish TCP sessions with arbitrary hosts,
+    bypass the security sandbox model, or conduct Cross-Site Scripting and
+    Cross-Site Request Forgery attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Flash Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-9.0.124.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071">CVE-2007-0071</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275">CVE-2007-5275</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019">CVE-2007-6019</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243">CVE-2007-6243</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637">CVE-2007-6637</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654">CVE-2008-1654</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655">CVE-2008-1655</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-17T10:39:32Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-18T01:16:42Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-18T01:18:41Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-22.xml b/metadata/glsa/glsa-200804-22.xml
new file mode 100644
index 000000000000..3920f85f40ec
--- /dev/null
+++ b/metadata/glsa/glsa-200804-22.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-22">
+  <title>PowerDNS Recursor: DNS Cache Poisoning</title>
+  <synopsis>
+    Use of insufficient randomness in PowerDNS Recursor might lead to DNS cache
+    poisoning.
+  </synopsis>
+  <product type="ebuild">pdns-recursor</product>
+  <announced>2008-04-18</announced>
+  <revised count="03">2008-08-21</revised>
+  <bug>215567</bug>
+  <bug>231335</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdns-recursor" auto="yes" arch="*">
+      <unaffected range="ge">3.1.6</unaffected>
+      <vulnerable range="lt">3.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The PowerDNS Recursor is an advanced recursing nameserver.
+    </p>
+  </background>
+  <description>
+    <p>
+    Amit Klein of Trusteer reported that insufficient randomness is used to
+    calculate the TRXID values and the UDP source port numbers
+    (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to
+    resolve this issue was incomplete, as it did not always enable the
+    stronger random number generator for source port selection
+    (CVE-2008-3217).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send malicious answers to insert arbitrary DNS
+    data into the cache. These attacks would in turn help an attacker to
+    perform man-in-the-middle and site impersonation attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PowerDNS Recursor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-recursor-3.1.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1637">CVE-2008-1637</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3217">CVE-2008-3217</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-17T20:12:08Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-18T01:27:35Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-18T01:27:43Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-23.xml b/metadata/glsa/glsa-200804-23.xml
new file mode 100644
index 000000000000..a8aadce80cc8
--- /dev/null
+++ b/metadata/glsa/glsa-200804-23.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-23">
+  <title>CUPS: Integer overflow vulnerability</title>
+  <synopsis>
+    A vulnerability in CUPS might allow for the execution of arbitrary code or
+    a Denial of Service.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2008-04-18</announced>
+  <revised count="01">2008-04-18</revised>
+  <bug>217232</bug>
+  <access>remote, local</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.2.12-r8</unaffected>
+      <vulnerable range="lt">1.2.12-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CUPS provides a portable printing layer for UNIX-based operating
+    systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Thomas Pollet reported a possible integer overflow vulnerability in the
+    PNG image handling in the file filter/image-png.c.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A malicious user might be able to execute arbitrary code with the
+    privileges of the user running CUPS (usually lp), or cause a Denial of
+    Service by sending a specially crafted PNG image to the print server.
+    The vulnerability is exploitable via the network if CUPS is sharing
+    printers remotely.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.2.12-r8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722">CVE-2008-1722</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-17T10:26:38Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-17T10:26:47Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-17T11:05:44Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-24.xml b/metadata/glsa/glsa-200804-24.xml
new file mode 100644
index 000000000000..ef3665b1f934
--- /dev/null
+++ b/metadata/glsa/glsa-200804-24.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-24">
+  <title>DBmail: Data disclosure</title>
+  <synopsis>
+    A vulnerability in DBMail could allow for passwordless login to any account
+    under certain configurations.
+  </synopsis>
+  <product type="ebuild">dbmail</product>
+  <announced>2008-04-18</announced>
+  <revised count="01">2008-04-18</revised>
+  <bug>218154</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dbmail" auto="yes" arch="*">
+      <unaffected range="ge">2.2.9</unaffected>
+      <vulnerable range="lt">2.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DBMail is a mail storage and retrieval daemon that uses SQL databases
+    as its data store. IMAP and POP3 can be used to retrieve mails from the
+    database.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability in DBMail's authldap module when used in conjunction
+    with an Active Directory server has been reported by vugluskr. When
+    passing a zero length password to the module, it tries to bind
+    anonymously to the LDAP server. If the LDAP server allows anonymous
+    binds, this bind succeeds and results in a successful authentication to
+    DBMail.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    By passing an empty password string to the server, an attacker could be
+    able to log in to any account.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All DBMail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/dbmail-2.2.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6714">CVE-2007-6714</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-18T08:54:02Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-18T09:20:04Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-18T14:01:09Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-25.xml b/metadata/glsa/glsa-200804-25.xml
new file mode 100644
index 000000000000..0e05665b906a
--- /dev/null
+++ b/metadata/glsa/glsa-200804-25.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-25">
+  <title>VLC: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities were found in VLC, allowing for the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2008-04-23</announced>
+  <revised count="01">2008-04-23</revised>
+  <bug>214277</bug>
+  <bug>214627</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6f</unaffected>
+      <vulnerable range="lt">0.8.6f</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VLC is a cross-platform media player and streaming server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in VLC:
+    </p>
+    <ul>
+    <li>
+    Luigi Auriemma discovered that the stack-based buffer overflow when
+    reading subtitles, which has been reported as CVE-2007-6681 in GLSA
+    200803-13, was not properly fixed (CVE-2008-1881).
+    </li>
+    <li>
+    Alin Rad Pop of Secunia reported an array indexing vulnerability in the
+    sdpplin_parse() function when processing streams from RTSP servers in
+    Xine code, which is also used in VLC (CVE-2008-0073).
+    </li>
+    <li>
+    Drew Yao and Nico Golde reported an integer overflow in the
+    MP4_ReadBox_rdrf() function in the file libmp4.c leading to a
+    heap-based buffer overflow when reading MP4 files (CVE-2008-1489).
+    </li>
+    <li>Drew Yao also reported integer overflows in the MP4 demuxer,
+    the Real demuxer and in the Cinepak codec, which might lead to buffer
+    overflows (CVE-2008-1768).</li>
+    <li>Drew Yao finally discovered and a
+    boundary error in Cinepak, which might lead to memory corruption
+    (CVE-2008-1769).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted media
+    file or stream, possibly resulting in the remote execution of arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VLC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-0.8.6f"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6681">CVE-2007-6681</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073">CVE-2008-0073</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489">CVE-2008-1489</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1768">CVE-2008-1768</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1769">CVE-2008-1769</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1881">CVE-2008-1881</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200803-13.xml">GLSA 200803-13</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-24T19:42:45Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-14T00:49:24Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-14T00:56:14Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-26.xml b/metadata/glsa/glsa-200804-26.xml
new file mode 100644
index 000000000000..9ef461493335
--- /dev/null
+++ b/metadata/glsa/glsa-200804-26.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-26">
+  <title>Openfire: Denial of service</title>
+  <synopsis>
+    A design error in Openfire might lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">openfire</product>
+  <announced>2008-04-23</announced>
+  <revised count="01">2008-04-23</revised>
+  <bug>217234</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/openfire" auto="yes" arch="*">
+      <unaffected range="ge">3.5.0</unaffected>
+      <vulnerable range="lt">3.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Openfire (formerly Wildfire) is a Java implementation of a complete
+    Jabber server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Openfire's connection manager in the file ConnectionManagerImpl.java
+    cannot handle clients that fail to read messages, and has no limit on
+    their session's send buffer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote authenticated attackers could trigger large outgoing queues
+    without reading messages, causing a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Openfire users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/openfire-3.5.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1728">CVE-2008-1728</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-17T20:09:13Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-18T01:33:23Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-18T01:33:32Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-27.xml b/metadata/glsa/glsa-200804-27.xml
new file mode 100644
index 000000000000..8a2649dd4c6a
--- /dev/null
+++ b/metadata/glsa/glsa-200804-27.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-27">
+  <title>SILC: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in SILC Client, Server, and Toolkit,
+    allowing for Denial of Service and execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">silc-toolkit silc-client silc-server</product>
+  <announced>2008-04-24</announced>
+  <revised count="01">2008-04-24</revised>
+  <bug>212362</bug>
+  <bug>214116</bug>
+  <bug>214812</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/silc-toolkit" auto="yes" arch="*">
+      <unaffected range="ge">1.1.7</unaffected>
+      <vulnerable range="lt">1.1.7</vulnerable>
+    </package>
+    <package name="net-im/silc-client" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4</unaffected>
+      <vulnerable range="lt">1.1.4</vulnerable>
+    </package>
+    <package name="net-im/silc-server" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2</unaffected>
+      <vulnerable range="lt">1.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SILC (Secure Internet Live Conferencing protocol) Toolkit is a software
+    development kit for use in clients, SILC Server is a communication
+    server, and SILC Client is an IRSSI-based text client.
+    </p>
+  </background>
+  <description>
+    <ul>
+    <li>Nathan G. Grennan reported a boundary error in SILC Toolkit
+    within the silc_fingerprint() function in the file
+    lib/silcutil/silcutil.c when passing overly long data, resulting in a
+    stack-based buffer overflow (CVE-2008-1227).</li>
+    <li>A vulnerability
+    has been reported in SILC Server which is caused due to an error in the
+    handling of "NEW_CLIENT" packets that do not contain a nickname
+    (CVE-2008-1429).</li>
+    <li>Ariel Waissbein, Pedro Varangot, Martin
+    Mizrahi, Oren Isacson, Carlos Garcia, and Ivan Arce of Core Security
+    Technologies reported that SILC Client, Server, and Toolkit contain a
+    vulnerability in the silc_pkcs1_decode() function in the silccrypt
+    library (silcpkcs1.c), resulting in an integer underflow, signedness
+    error, and a buffer overflow (CVE-2008-1552).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities to cause a Denial
+    of Service or execute arbitrary code with the privileges of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SILC Toolkit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/silc-toolkit-1.1.7"</code>
+    <p>
+    All SILC Client users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/silc-client-1.1.4"</code>
+    <p>
+    All SILC Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/silc-server-1.1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1227">CVE-2008-1227</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1429">CVE-2008-1429</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1552">CVE-2008-1552</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-21T02:19:53Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T14:49:27Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-23T16:41:55Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-28.xml b/metadata/glsa/glsa-200804-28.xml
new file mode 100644
index 000000000000..9210a2e7d189
--- /dev/null
+++ b/metadata/glsa/glsa-200804-28.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-28">
+  <title>JRockit: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified in BEA JRockit.
+  </synopsis>
+  <product type="ebuild">jrockit-jdk-bin</product>
+  <announced>2008-04-24</announced>
+  <revised count="01">2008-04-24</revised>
+  <bug>218226</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/jrockit-jdk-bin" auto="yes" arch="*">
+      <unaffected range="rge">1.4.2.16</unaffected>
+      <unaffected range="ge">1.5.0.14</unaffected>
+      <vulnerable range="lt">1.5.0.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    JRockit is BEA WebLogic's J2SE Development Kit.
+    </p>
+  </background>
+  <description>
+    <p>
+    Because of sharing the same codebase, JRockit is affected by the
+    vulnerabilities mentioned in GLSA 200804-20.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run a specially crafted applet
+    on a website or start an application in Java Web Start to execute
+    arbitrary code outside of the Java sandbox and of the Java security
+    restrictions with the privileges of the user running Java. The attacker
+    could also obtain sensitive information, create, modify, rename and
+    read local files, execute local applications, establish connections in
+    the local network, bypass the same origin policy, and cause a Denial of
+    Service via multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All JRockit 1.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/jrockit-jdk-bin-1.4.2.16"</code>
+    <p>
+    All JRockit 1.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/jrockit-jdk-bin-1.5.0.14"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200804-20.xml">GLSA 200804-20</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-23T16:40:01Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-23T17:27:24Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-23T17:27:42Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-29.xml b/metadata/glsa/glsa-200804-29.xml
new file mode 100644
index 000000000000..635cebd6051f
--- /dev/null
+++ b/metadata/glsa/glsa-200804-29.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-29">
+  <title>Comix: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Comix may lead to execution of arbitrary
+    commands and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">comix</product>
+  <announced>2008-04-25</announced>
+  <revised count="01">2008-04-25</revised>
+  <bug>215694</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-gfx/comix" auto="yes" arch="*">
+      <unaffected range="ge">3.6.4-r1</unaffected>
+      <vulnerable range="lt">3.6.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Comix is a GTK comic book viewer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Comix does not properly sanitize filenames containing shell
+    metacharacters when they are passed to the rar, unrar, or jpegtran
+    programs (CVE-2008-1568). Comix also creates directories with
+    predictable names (CVE-2008-1796).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit the first vulnerability by enticing a
+    user to use Comix to open a file with a specially crafted filename,
+    resulting in the execution of arbitrary commands. The second
+    vulnerability could be exploited by a local attacker to cause a Denial
+    of Service by creating a file or directory with the same filename as
+    the predictable filename used by Comix.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Comix users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/comix-3.6.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1568">CVE-2008-1568</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1796">CVE-2008-1796</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-10T14:29:23Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-10T22:35:39Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-13T23:01:03Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200804-30.xml b/metadata/glsa/glsa-200804-30.xml
new file mode 100644
index 000000000000..9d2e907d00e3
--- /dev/null
+++ b/metadata/glsa/glsa-200804-30.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200804-30">
+  <title>KDE start_kdeinit: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in start_kdeinit could possibly allow a local
+    attacker to execute arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">kdelibs</product>
+  <announced>2008-04-29</announced>
+  <revised count="02">2009-04-08</revised>
+  <bug>218933</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="rge">3.5.8-r4</unaffected>
+      <unaffected range="rge">3.5.9-r3</unaffected>
+      <unaffected range="gt">4.0</unaffected>
+      <unaffected range="lt">3.5.5</unaffected>
+      <unaffected range="rge">3.5.10-r2</unaffected>
+      <vulnerable range="lt">4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KDE is a feature-rich graphical desktop environment for Linux and
+    Unix-like operating systems. start_kdeinit is a wrapper for kdeinit.
+    </p>
+  </background>
+  <description>
+    <p>
+    Vulnerabilities have been reported in the processing of user-controlled
+    data by start_kdeinit, which is setuid root by default.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could possibly execute arbitrary code with root
+    privileges, cause a Denial of Service or send Unix signals to other
+    processes, when start_kdeinit is setuid root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All kdelibs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdelibs-3.5.8-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671">CVE-2008-1671</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-04-24T09:52:59Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-28T13:20:59Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-01.xml b/metadata/glsa/glsa-200805-01.xml
new file mode 100644
index 000000000000..3effd5f9be87
--- /dev/null
+++ b/metadata/glsa/glsa-200805-01.xml
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-01">
+  <title>Horde Application Framework: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the Horde Application Framework may lead to the
+    execution of arbitrary files, information disclosure, and allow a remote
+    attacker to bypass security restrictions.
+  </synopsis>
+  <product type="ebuild">horde</product>
+  <announced>2008-05-05</announced>
+  <revised count="01">2008-05-05</revised>
+  <bug>212635</bug>
+  <bug>213493</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde" auto="yes" arch="*">
+      <unaffected range="ge">3.1.7</unaffected>
+      <vulnerable range="lt">3.1.7</vulnerable>
+    </package>
+    <package name="www-apps/horde-groupware" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+    <package name="www-apps/horde-kronolith" auto="yes" arch="*">
+      <unaffected range="ge">2.1.7</unaffected>
+      <vulnerable range="lt">2.1.7</vulnerable>
+    </package>
+    <package name="www-apps/horde-mnemo" auto="yes" arch="*">
+      <unaffected range="ge">2.1.2</unaffected>
+      <vulnerable range="lt">2.1.2</vulnerable>
+    </package>
+    <package name="www-apps/horde-nag" auto="yes" arch="*">
+      <unaffected range="ge">2.1.4</unaffected>
+      <vulnerable range="lt">2.1.4</vulnerable>
+    </package>
+    <package name="www-apps/horde-webmail" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6</unaffected>
+      <vulnerable range="lt">1.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Horde Application Framework is a general-purpose web application
+    framework written in PHP, providing classes for handling preferences,
+    compression, browser detection, connection tracking, MIME and more.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in the Horde Application
+    Framework:
+    </p>
+    <ul>
+    <li>David Collins, Patrick Pelanne and the
+    HostGator.com LLC support team discovered that the theme preference
+    page does not sanitize POST variables for several options, allowing the
+    insertion of NULL bytes and ".." sequences (CVE-2008-1284).</li>
+    <li>An
+    error exists in the Horde API allowing users to bypass security
+    restrictions.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    The first vulnerability can be exploited by a remote attacker to read
+    arbitrary files and by remote authenticated attackers to execute
+    arbitrary files. The second vulnerability can be exploited by
+    authenticated remote attackers to perform restricted operations.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde Application Framework users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-3.1.7"</code>
+    <p>
+    All horde-groupware users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-groupware-1.0.5"</code>
+    <p>
+    All horde-kronolith users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-kronolith-2.1.7"</code>
+    <p>
+    All horde-mnemo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-mnemo-2.1.2"</code>
+    <p>
+    All horde-nag users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-nag-2.1.4"</code>
+    <p>
+    All horde-webmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-webmail-1.0.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284">CVE-2008-1284</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-29T20:23:06Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T14:49:55Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-26T11:40:54Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-02.xml b/metadata/glsa/glsa-200805-02.xml
new file mode 100644
index 000000000000..92899ef02337
--- /dev/null
+++ b/metadata/glsa/glsa-200805-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-02">
+  <title>phpMyAdmin: Information disclosure</title>
+  <synopsis>
+    A vulnerability in phpMyAdmin may lead to information disclosure.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2008-05-05</announced>
+  <revised count="01">2008-05-05</revised>
+  <bug>219005</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.11.5.2</unaffected>
+      <vulnerable range="lt">2.11.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a tool written in PHP intended to handle the
+    administration of MySQL databases from a web-browser.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cezary Tomczak reported that an undefined UploadDir variable exposes an
+    information disclosure vulnerability when running on shared hosts.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker with CREATE TABLE permissions can exploit this
+    vulnerability via a specially crafted HTTP POST request in order to
+    read arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.11.5.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1924">CVE-2008-1924</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-29T13:00:15Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-29T13:00:26Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-29T18:38:43Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-03.xml b/metadata/glsa/glsa-200805-03.xml
new file mode 100644
index 000000000000..e68f304d091e
--- /dev/null
+++ b/metadata/glsa/glsa-200805-03.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-03">
+  <title>Multiple X11 terminals: Local privilege escalation</title>
+  <synopsis>
+    A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT,
+    rxvt-unicode, and wterm, allowing for local privilege escalation.
+  </synopsis>
+  <product type="ebuild">aterm eterm rxvt mrxvt multi-aterm wterm rxvt-unicode</product>
+  <announced>2008-05-07</announced>
+  <revised count="02">2008-05-10</revised>
+  <bug>216833</bug>
+  <bug>217819</bug>
+  <bug>219746</bug>
+  <bug>219750</bug>
+  <bug>219754</bug>
+  <bug>219760</bug>
+  <bug>219762</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-terms/aterm" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1-r1</unaffected>
+      <vulnerable range="lt">1.0.1-r1</vulnerable>
+    </package>
+    <package name="x11-terms/eterm" auto="yes" arch="*">
+      <unaffected range="ge">0.9.4-r1</unaffected>
+      <vulnerable range="lt">0.9.4-r1</vulnerable>
+    </package>
+    <package name="x11-terms/mrxvt" auto="yes" arch="*">
+      <unaffected range="ge">0.5.3-r2</unaffected>
+      <vulnerable range="lt">0.5.3-r2</vulnerable>
+    </package>
+    <package name="x11-terms/multi-aterm" auto="yes" arch="*">
+      <unaffected range="ge">0.2.1-r1</unaffected>
+      <vulnerable range="lt">0.2.1-r1</vulnerable>
+    </package>
+    <package name="x11-terms/rxvt" auto="yes" arch="*">
+      <unaffected range="ge">2.7.10-r4</unaffected>
+      <vulnerable range="lt">2.7.10-r4</vulnerable>
+    </package>
+    <package name="x11-terms/rxvt-unicode" auto="yes" arch="*">
+      <unaffected range="ge">9.02-r1</unaffected>
+      <vulnerable range="lt">9.02-r1</vulnerable>
+    </package>
+    <package name="x11-terms/wterm" auto="yes" arch="*">
+      <unaffected range="ge">6.2.9-r3</unaffected>
+      <vulnerable range="lt">6.2.9-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11
+    terminal emulators.
+    </p>
+  </background>
+  <description>
+    <p>
+    Bernhard R. Link discovered that RXVT opens a terminal on :0 if the
+    "-display" option is not specified and the DISPLAY environment variable
+    is not set. Further research by the Gentoo Security Team has shown that
+    aterm, Eterm, Mrxvt, multi-aterm, rxvt-unicode, and wterm are also
+    affected.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to hijack X11
+    terminals of other users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All aterm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/aterm-1.0.1-r1"</code>
+    <p>
+    All Eterm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/eterm-0.9.4-r1"</code>
+    <p>
+    All Mrxvt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/mrxvt-0.5.3-r2"</code>
+    <p>
+    All multi-aterm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/multi-aterm-0.2.1-r1"</code>
+    <p>
+    All RXVT users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/rxvt-2.7.10-r4"</code>
+    <p>
+    All rxvt-unicode users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/rxvt-unicode-9.02-r1"</code>
+    <p>
+    All wterm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/wterm-6.2.9-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142">CVE-2008-1142</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692">CVE-2008-1692</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-29T13:00:54Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-29T13:12:03Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-07T18:53:21Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-04.xml b/metadata/glsa/glsa-200805-04.xml
new file mode 100644
index 000000000000..556a5c8b25a8
--- /dev/null
+++ b/metadata/glsa/glsa-200805-04.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-04">
+  <title>eGroupWare: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in eGroupWare may lead to execution of arbitrary
+    PHP code, the ability to upload malicious files and cross-site scripting
+    attacks.
+  </synopsis>
+  <product type="ebuild">egroupware</product>
+  <announced>2008-05-07</announced>
+  <revised count="01">2008-05-07</revised>
+  <bug>214212</bug>
+  <bug>218625</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/egroupware" auto="yes" arch="*">
+      <unaffected range="ge">1.4.004</unaffected>
+      <vulnerable range="lt">1.4.004</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    eGroupWare is a suite of web-based group applications including
+    calendar, address book, messenger and email.
+    </p>
+  </background>
+  <description>
+    <p>
+    A vulnerability has been reported in FCKEditor due to the way that file
+    uploads are handled in the file
+    editor/filemanager/upload/php/upload.php when a filename has multiple
+    file extensions (CVE-2008-2041). Another vulnerability exists in the
+    _bad_protocol_once() function in the file
+    phpgwapi/inc/class.kses.inc.php, which allows remote attackers to
+    bypass HTML filtering (CVE-2008-1502).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The first vulnerability can be exploited to upload malicious files and
+    execute arbitrary PHP code provided that a directory is writable by the
+    webserver. The second vulnerability can be exploited by remote
+    attackers via a specially crafted URL in order to conduct cross-site
+    scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All eGroupWare users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/egroupware-1.4.004"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1502">CVE-2008-1502</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2041">CVE-2008-2041</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-29T12:58:46Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-29T13:57:44Z">
+    mfleming
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-29T14:01:45Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-05.xml b/metadata/glsa/glsa-200805-05.xml
new file mode 100644
index 000000000000..ee55e151f114
--- /dev/null
+++ b/metadata/glsa/glsa-200805-05.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-05">
+  <title>Wireshark: Denial of service</title>
+  <synopsis>
+    Multiple Denial of Service vulnerabilities have been discovered in
+    Wireshark.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2008-05-07</announced>
+  <revised count="01">2008-05-07</revised>
+  <bug>215276</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0</unaffected>
+      <vulnerable range="lt">1.0.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a network protocol analyzer with a graphical front-end.
+    </p>
+  </background>
+  <description>
+    <p>
+    Errors exist in:
+    </p>
+    <ul>
+    <li>
+    the X.509sat dissector because of an uninitialized variable and the
+    Roofnet dissector because a NULL pointer may be passed to the
+    g_vsnprintf() function (CVE-2008-1561).</li>
+    <li>
+    the LDAP dissector because a NULL pointer may be passed to the
+    ep_strdup_printf() function (CVE-2008-1562).</li>
+    <li>
+    the SCCP dissector because it does not reset a pointer once the packet
+    has been processed (CVE-2008-1563).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending a
+    malformed packet or enticing a user to read a malformed packet trace
+    file, causing a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the X.509sat, Roofnet, LDAP, and SCCP dissectors.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.0.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1561">CVE-2008-1561</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1562">CVE-2008-1562</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1563">CVE-2008-1563</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-29T13:11:47Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-29T13:12:26Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-29T15:31:30Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-06.xml b/metadata/glsa/glsa-200805-06.xml
new file mode 100644
index 000000000000..dfedbc4dde9d
--- /dev/null
+++ b/metadata/glsa/glsa-200805-06.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-06">
+  <title>Firebird: Data disclosure</title>
+  <synopsis>
+    Firebird allows remote connections to the administrative account without
+    verifying credentials.
+  </synopsis>
+  <product type="ebuild">firebird</product>
+  <announced>2008-05-09</announced>
+  <revised count="01">2008-05-09</revised>
+  <bug>216158</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/firebird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3.12981.0-r6</unaffected>
+      <vulnerable range="lt">2.0.3.12981.0-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Firebird is a multi-platform, open source relational database.
+    </p>
+  </background>
+  <description>
+    <p>
+    Viesturs reported that the default configuration for Gentoo's init
+    script ("/etc/conf.d/firebird") sets the "ISC_PASSWORD" environment
+    variable when starting Firebird. It will be used when no password is
+    supplied by a client connecting as the "SYSDBA" user.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can authenticate as the "SYSDBA" user without
+    providing the credentials, resulting in complete disclosure of all
+    databases except for the user and password database (security2.fdb).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Firebird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/firebird-2.0.3.12981.0-r6"</code>
+    <p>
+    Note: /etc/conf.d is protected by Portage as a configuration directory.
+    Do not forget to use "<i>etc-update</i>" or "<i>dispatch-conf</i>" to
+    overwrite the "firebird" configuration file, and then restart Firebird.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1880">CVE-2008-1880</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-04-14T02:05:02Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-15T09:22:33Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-07.xml b/metadata/glsa/glsa-200805-07.xml
new file mode 100644
index 000000000000..545f6c3d8fbf
--- /dev/null
+++ b/metadata/glsa/glsa-200805-07.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-07">
+  <title>Linux Terminal Server Project: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in components shipped with
+    LTSP which allow remote attackers to compromise terminal clients.
+  </synopsis>
+  <product type="ebuild">ltsp</product>
+  <announced>2008-05-09</announced>
+  <revised count="01">2008-05-09</revised>
+  <bug>215699</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ltsp" auto="yes" arch="*">
+      <vulnerable range="lt">5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Linux Terminal Server Project adds thin-client support to Linux
+    servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    LTSP version 4.2, ships prebuilt copies of programs such as the Linux
+    Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA
+    200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA
+    200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30)
+    which were subject to multiple security vulnerabilities since 2006.
+    Please note that the given list of vulnerabilities might not be
+    exhaustive.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly exploit vulnerabilities in the
+    aforementioned programs and execute arbitrary code, disclose sensitive
+    data or cause a Denial of Service within LTSP 4.2 clients.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    LTSP 4.2 is not maintained upstream in favor of version 5. Since
+    version 5 is not yet available in Gentoo, the package has been masked.
+    We recommend that users unmerge LTSP:
+    </p>
+    <code>
+    # emerge --unmerge net-misc/ltsp</code>
+    <p>
+    If you have a requirement for Linux Terminal Servers, please either set
+    up a terminal server by hand or use one of the distributions that
+    already migrated to LTSP 5. If you want to contribute to the
+    integration of LTSP 5 in Gentoo, or want to follow its development,
+    find details in bug 177580.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-02.xml">GLSA 200705-02</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-06.xml">GLSA 200705-06</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-22.xml">GLSA 200705-22</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-24.xml">GLSA 200705-24</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-06.xml">GLSA 200710-06</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-16.xml">GLSA 200710-16</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-30.xml">GLSA 200710-30</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-08.xml">GLSA 200711-08</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200801-09.xml">GLSA 200801-09</uri>
+    <uri link="https://bugs.gentoo.org/177580">Gentoo bug 177580: Port LTSP 5 to Gentoo</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-01T19:23:11Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-03T14:49:37Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-03T22:27:26Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-08.xml b/metadata/glsa/glsa-200805-08.xml
new file mode 100644
index 000000000000..02e9b524981b
--- /dev/null
+++ b/metadata/glsa/glsa-200805-08.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-08">
+  <title>InspIRCd: Denial of service</title>
+  <synopsis>
+    A buffer overflow in InspIRCd allows remote attackers to cause a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">inspircd</product>
+  <announced>2008-05-09</announced>
+  <revised count="01">2008-05-09</revised>
+  <bug>215704</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/inspircd" auto="yes" arch="*">
+      <unaffected range="ge">1.1.19</unaffected>
+      <vulnerable range="lt">1.1.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    InspIRCd (Inspire IRCd) is a modular C++ IRC daemon.
+    </p>
+  </background>
+  <description>
+    <p>
+    The "namesx" and "uhnames" modules do not properly validate network
+    input, leading to a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can send specially crafted IRC commands to the
+    server, causing a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Unload the "uhnames" module in the InspIRCd configuration.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All InspIRCd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/inspircd-1.1.19"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1925">CVE-2008-1925</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-06T14:50:35Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-06T19:30:15Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-06T19:30:22Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-09.xml b/metadata/glsa/glsa-200805-09.xml
new file mode 100644
index 000000000000..f9288b95feaf
--- /dev/null
+++ b/metadata/glsa/glsa-200805-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-09">
+  <title>MoinMoin: Privilege escalation</title>
+  <synopsis>
+    A vulnerability in MoinMoin may allow a remote attacker to elevate his
+    privileges.
+  </synopsis>
+  <product type="ebuild">moinmoin</product>
+  <announced>2008-05-11</announced>
+  <revised count="01">2008-05-11</revised>
+  <bug>218752</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/moinmoin" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3</unaffected>
+      <vulnerable range="lt">1.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MoinMoin is an advanced and extensible Wiki Engine.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that the user form processing in the file
+    userform.py does not properly manage users when using Access Control
+    Lists or a non-empty superusers list.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability to gain superuser
+    privileges on the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MoinMoin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/moinmoin-1.6.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1937">CVE-2008-1937</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-07T22:43:27Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-07T22:49:11Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-09T14:03:55Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-10.xml b/metadata/glsa/glsa-200805-10.xml
new file mode 100644
index 000000000000..6b22cdf1d77b
--- /dev/null
+++ b/metadata/glsa/glsa-200805-10.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-10">
+  <title>Pngcrush: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability in Pngcrush might result in user-assisted execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pngcrush</product>
+  <announced>2008-05-11</announced>
+  <revised count="01">2008-05-11</revised>
+  <bug>219033</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/pngcrush" auto="yes" arch="*">
+      <unaffected range="ge">1.6.4-r1</unaffected>
+      <vulnerable range="lt">1.6.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pngcrush is a multi platform optimizer for PNG (Portable Network
+    Graphics) files.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that Pngcrush includes a copy of libpng that is
+    vulnerable to a memory corruption (GLSA 200804-15).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process a specially crafted
+    PNG image, possibly resulting in the execution of arbitrary code with
+    the privileges of the user running the application, or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pngcrush users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/pngcrush-1.6.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382">CVE-2008-1382</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200804-15.xml">GLSA 200804-15</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-05T21:28:49Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-05T21:29:02Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-09T14:19:10Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-11.xml b/metadata/glsa/glsa-200805-11.xml
new file mode 100644
index 000000000000..87c0e120f3f3
--- /dev/null
+++ b/metadata/glsa/glsa-200805-11.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-11">
+  <title>Chicken: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Chicken could result in the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">chicken</product>
+  <announced>2008-05-12</announced>
+  <revised count="01">2008-05-12</revised>
+  <bug>198979</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-scheme/chicken" auto="yes" arch="*">
+      <unaffected range="ge">3.1.0</unaffected>
+      <vulnerable range="lt">3.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Chicken is a Scheme interpreter and native Scheme to C compiler.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chicken includes a copy of PCRE which is vulnerable to multiple buffer
+    overflows and memory corruption vulnerabilities (GLSA 200711-30).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to process specially crafted regular
+    expressions with Chicken, which could possibly lead to the execution of
+    arbitrary code, a Denial of Service or the disclosure of sensitive
+    information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Chicken users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-scheme/chicken-3.1.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-30.xml">GLSA 200711-30</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-12T11:47:42Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-12T11:47:52Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-12T12:10:35Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-12.xml b/metadata/glsa/glsa-200805-12.xml
new file mode 100644
index 000000000000..888173f8302f
--- /dev/null
+++ b/metadata/glsa/glsa-200805-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-12">
+  <title>Blender: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Blender might result in the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">blender</product>
+  <announced>2008-05-12</announced>
+  <revised count="01">2008-05-12</revised>
+  <bug>219008</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/blender" auto="yes" arch="*">
+      <unaffected range="ge">2.43-r2</unaffected>
+      <vulnerable range="lt">2.43-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Blender is a 3D creation, animation and publishing program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Cornelius (Secunia Research) reported a boundary error within
+    the imb_loadhdr() function in in the file
+    source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images
+    (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of
+    temporary files have also been reported (CVE-2008-1103).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted file
+    (.hdr or .blend), possibly resulting in the remote execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Blender users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/blender-2.43-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1102">CVE-2008-1102</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1103">CVE-2008-1103</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-11T13:10:27Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-12T11:15:05Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-12T11:15:14Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-13.xml b/metadata/glsa/glsa-200805-13.xml
new file mode 100644
index 000000000000..0eaacac5e118
--- /dev/null
+++ b/metadata/glsa/glsa-200805-13.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-13">
+  <title>PTeX: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were discovered in PTeX, possibly allowing the
+    execution of arbitrary code or overwriting arbitrary files.
+  </synopsis>
+  <product type="ebuild">ptex</product>
+  <announced>2008-05-12</announced>
+  <revised count="01">2008-05-12</revised>
+  <bug>196673</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ptex" auto="yes" arch="*">
+      <unaffected range="ge">3.1.10_p20071203</unaffected>
+      <vulnerable range="lt">3.1.10_p20071203</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PTeX is a TeX distribution with Japanese support. It is used for
+    creating and manipulating LaTeX documents.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple issues were found in the teTeX 2 codebase that PTeX builds
+    upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable
+    code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12,
+    GLSA 200711-22) and from T1Lib (GLSA 200710-12).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could possibly execute arbitrary code and local
+    attackers could possibly overwrite arbitrary files with the privileges
+    of the user running PTeX via multiple vectors, e.g. enticing users to
+    open specially crafted files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PTeX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/ptex-3.1.10_p20071203"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200708-05.xml">GLSA 200708-05</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200709-12.xml">GLSA 200709-12</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200709-17.xml">GLSA 200709-17</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-12.xml">GLSA 200710-12</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-22.xml">GLSA 200711-22</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-26.xml">GLSA 200711-26</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-07T22:31:38Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-07T22:32:17Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-12T11:34:22Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-14.xml b/metadata/glsa/glsa-200805-14.xml
new file mode 100644
index 000000000000..d788c4da4a12
--- /dev/null
+++ b/metadata/glsa/glsa-200805-14.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-14">
+  <title>Common Data Format library: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in the Common Data
+    Format library.
+  </synopsis>
+  <product type="ebuild">cdf</product>
+  <announced>2008-05-13</announced>
+  <revised count="01">2008-05-13</revised>
+  <bug>220391</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sci-libs/cdf" auto="yes" arch="*">
+      <unaffected range="ge">3.2.1</unaffected>
+      <vulnerable range="lt">3.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Common Data Format library is a scientific data management package
+    which allows programmers and application developers to manage and
+    manipulate scalar, vector, and multi-dimensional data arrays in a
+    platform independent fashion.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alfredo Ortega (Core Security Technologies) reported a boundary error
+    within the Read32s_64() function when processing CDF files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted CDF
+    file, possibly resulting in the remote execution of arbitrary code with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Common Data Format library users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sci-libs/cdf-3.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2080">CVE-2008-2080</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-11T18:49:47Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-12T10:41:41Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-12T10:41:52Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-15.xml b/metadata/glsa/glsa-200805-15.xml
new file mode 100644
index 000000000000..96643bbef636
--- /dev/null
+++ b/metadata/glsa/glsa-200805-15.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-15">
+  <title>libid3tag: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability was found in libid3tag.
+  </synopsis>
+  <product type="ebuild">libid3tag</product>
+  <announced>2008-05-14</announced>
+  <revised count="01">2008-05-14</revised>
+  <bug>210564</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libid3tag" auto="yes" arch="*">
+      <unaffected range="ge">0.15.1b-r2</unaffected>
+      <vulnerable range="lt">0.15.1b-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libid3tag is an ID3 tag manipulation library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Kentaro Oda reported an infinite loop in the file field.c when parsing
+    an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted MP3
+    file, possibly resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libid3tag users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libid3tag-0.15.1b-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109">CVE-2008-2109</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-13T20:49:10Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-13T20:57:48Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-13T21:27:22Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-16.xml b/metadata/glsa/glsa-200805-16.xml
new file mode 100644
index 000000000000..2dfc035ffeec
--- /dev/null
+++ b/metadata/glsa/glsa-200805-16.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-16">
+  <title>OpenOffice.org: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in OpenOffice.org, possibly
+    allowing for user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openoffice openoffice-bin</product>
+  <announced>2008-05-14</announced>
+  <revised count="02">2008-05-14</revised>
+  <bug>218080</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.4.0</unaffected>
+      <vulnerable range="lt">2.4.0</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.4.0</unaffected>
+      <vulnerable range="lt">2.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    iDefense Labs reported multiple vulnerabilities in OpenOffice.org:
+    </p>
+    <ul>
+    <li>
+    multiple heap-based buffer overflows when parsing the "Attribute" and
+    "Font" Description records of Quattro Pro (QPRO) files
+    (CVE-2007-5745),
+    </li>
+    <li>
+    an integer overflow when parsing the EMR_STRETCHBLT record of an EMF
+    file, resulting in a heap-based buffer overflow (CVE-2007-5746),
+    </li>
+    <li>
+    an integer underflow when parsing Quattro Pro (QPRO) files, resulting
+    in an excessive loop and a stack-based buffer overflow
+    (CVE-2007-5747),
+    </li>
+    <li>
+    and a heap-based buffer overflow when parsing the
+    "DocumentSummaryInformation" stream in an OLE file (CVE-2008-0320).
+    </li>
+    </ul>
+    <p>
+    Furthermore, Will Drewry (Google Security) reported vulnerabilities in
+    the memory management of the International Components for Unicode
+    (CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20.
+    However, the binary version of OpenOffice.org uses an internal copy of
+    said library.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running OpenOffice.org.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.4.0"</code>
+    <p>
+    All OpenOffice.org binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-2.4.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770">CVE-2007-4770</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771">CVE-2007-4771</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745">CVE-2007-5745</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746">CVE-2007-5746</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747">CVE-2007-5747</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320">CVE-2008-0320</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200803-20.xml">GLSA 200803-20</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-29T12:59:56Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-08T17:40:20Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-08T17:40:49Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-17.xml b/metadata/glsa/glsa-200805-17.xml
new file mode 100644
index 000000000000..55a2525b2775
--- /dev/null
+++ b/metadata/glsa/glsa-200805-17.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-17">
+  <title>Perl: Execution of arbitrary code</title>
+  <synopsis>
+    A double free vulnerability was discovered in Perl, possibly resulting in
+    the execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">perl libperl</product>
+  <announced>2008-05-20</announced>
+  <revised count="01">2008-05-20</revised>
+  <bug>219203</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.8.8-r5</unaffected>
+      <vulnerable range="lt">5.8.8-r5</vulnerable>
+    </package>
+    <package name="sys-devel/libperl" auto="yes" arch="*">
+      <unaffected range="ge">5.8.8-r2</unaffected>
+      <vulnerable range="lt">5.8.8-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Perl is a stable, cross platform programming language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy and Will Drewry of the Google Security Team have reported
+    a double free vulnerability when processing a crafted regular
+    expression containing UTF-8 characters.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly exploit this vulnerability to execute
+    arbitrary code or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Perl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.8.8-r5"</code>
+    <p>
+    All libperl users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-devel/libperl-5.8.8-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927">CVE-2008-1927</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-17T10:42:17Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-17T10:42:31Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-17T13:52:28Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-18.xml b/metadata/glsa/glsa-200805-18.xml
new file mode 100644
index 000000000000..6f916e6a03c7
--- /dev/null
+++ b/metadata/glsa/glsa-200805-18.xml
@@ -0,0 +1,279 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-18">
+  <title>Mozilla products: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Firefox,
+    Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox mozilla-firefox-bin seamonkey seamonkey-bin mozilla-thunderbird mozilla-thunderbird-bin xulrunner</product>
+  <announced>2008-05-20</announced>
+  <revised count="01">2008-05-20</revised>
+  <bug>208128</bug>
+  <bug>214816</bug>
+  <bug>218065</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.14</unaffected>
+      <vulnerable range="lt">2.0.0.14</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.14</unaffected>
+      <vulnerable range="lt">2.0.0.14</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.14</unaffected>
+      <vulnerable range="lt">2.0.0.14</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.14</unaffected>
+      <vulnerable range="lt">2.0.0.14</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.1.9-r1</unaffected>
+      <vulnerable range="lt">1.1.9-r1</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.9</unaffected>
+      <vulnerable range="lt">1.1.9</vulnerable>
+    </package>
+    <package name="net-libs/xulrunner" auto="yes" arch="*">
+      <unaffected range="ge">1.8.1.14</unaffected>
+      <vulnerable range="lt">1.8.1.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
+    an open-source email client, both from the Mozilla Project. The
+    SeaMonkey project is a community effort to deliver production-quality
+    releases of code derived from the application formerly known as the
+    'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
+    that can be used to bootstrap XUL+XPCOM applications like Firefox and
+    Thunderbird.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were reported in all mentioned Mozilla
+    products:
+    </p>
+    <ul>
+    <li>
+    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul
+    Nickerson reported browser crashes related to JavaScript methods,
+    possibly triggering memory corruption (CVE-2008-0412).
+    </li>
+    <li>
+    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
+    Philip Taylor, and tgirmann reported crashes in the JavaScript engine,
+    possibly triggering memory corruption (CVE-2008-0413).
+    </li>
+    <li>
+    David Bloom discovered a vulnerability in the way images are treated by
+    the browser when a user leaves a page, possibly triggering memory
+    corruption (CVE-2008-0419).
+    </li>
+    <li>
+    moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of
+    privilege escalation vulnerabilities related to JavaScript
+    (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).
+    </li>
+    <li>
+    Mozilla developers identified browser crashes caused by the layout and
+    JavaScript engines, possibly triggering memory corruption
+    (CVE-2008-1236, CVE-2008-1237).
+    </li>
+    <li>
+    moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from
+    its sandboxed context and run with chrome privileges, and inject script
+    content into another site, violating the browser's same origin policy
+    (CVE-2008-0415).
+    </li>
+    <li>
+    Gerry Eisenhaur discovered a directory traversal vulnerability when
+    using "flat" addons (CVE-2008-0418).
+    </li>
+    <li>
+    Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported
+    multiple character handling flaws related to the backspace character,
+    the "0x80" character, involving zero-length non-ASCII sequences in
+    multiple character sets, that could facilitate Cross-Site Scripting
+    attacks (CVE-2008-0416).
+    </li>
+    </ul> <p>
+    The following vulnerability was reported in Thunderbird and SeaMonkey:
+    </p>
+    <ul>
+    <li>
+    regenrecht (via iDefense) reported a heap-based buffer overflow when
+    rendering an email message with an external MIME body (CVE-2008-0304).
+    </li>
+    </ul> <p>
+    The following vulnerabilities were reported in Firefox, SeaMonkey and
+    XULRunner:
+    </p>
+    <ul>
+    <li>The fix for CVE-2008-1237 in Firefox 2.0.0.13
+    and SeaMonkey 1.1.9 introduced a new crash vulnerability
+    (CVE-2008-1380).</li>
+    <li>hong and Gregory Fleischer each reported a
+    variant on earlier reported bugs regarding focus shifting in file input
+    controls (CVE-2008-0414).
+    </li>
+    <li>
+    Gynvael Coldwind (Vexillium) discovered that BMP images could be used
+    to reveal uninitialized memory, and that this data could be extracted
+    using a "canvas" feature (CVE-2008-0420).
+    </li>
+    <li>
+    Chris Thomas reported that background tabs could create a borderless
+    XUL pop-up in front of pages in other tabs (CVE-2008-1241).
+    </li>
+    <li>
+    oo.rio.oo discovered that a plain text file with a
+    "Content-Disposition: attachment" prevents Firefox from rendering
+    future plain text files within the browser (CVE-2008-0592).
+    </li>
+    <li>
+    Martin Straka reported that the ".href" property of stylesheet DOM
+    nodes is modified to the final URI of a 302 redirect, bypassing the
+    same origin policy (CVE-2008-0593).
+    </li>
+    <li>
+    Gregory Fleischer discovered that under certain circumstances, leading
+    characters from the hostname part of the "Referer:" HTTP header are
+    removed (CVE-2008-1238).
+    </li>
+    <li>
+    Peter Brodersen and Alexander Klink reported that the browser
+    automatically selected and sent a client certificate when SSL Client
+    Authentication is requested by a server (CVE-2007-4879).
+    </li>
+    <li>
+    Gregory Fleischer reported that web content fetched via the "jar:"
+    protocol was not subject to network access restrictions
+    (CVE-2008-1240).
+    </li>
+    </ul> <p>
+    The following vulnerabilities were reported in Firefox:
+    </p>
+    <ul>
+    <li>
+    Justin Dolske discovered a CRLF injection vulnerability when storing
+    passwords (CVE-2008-0417).
+    </li>
+    <li>
+    Michal Zalewski discovered that Firefox does not properly manage a
+    delay timer used in confirmation dialogs (CVE-2008-0591).
+    </li>
+    <li>
+    Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
+    warning dialog is not displayed if the entire contents of a web page
+    are in a DIV tag that uses absolute positioning (CVE-2008-0594).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a specially crafted web
+    page or email that will trigger one of the vulnerabilities, possibly
+    leading to the execution of arbitrary code or a Denial of Service. It
+    is also possible for an attacker to trick a user to upload arbitrary
+    files when submitting a form, to corrupt saved passwords for other
+    sites, to steal login credentials, or to conduct Cross-Site Scripting
+    and Cross-Site Request Forgery attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-2.0.0.14"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-2.0.0.14"</code>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-2.0.0.14"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-2.0.0.14"</code>
+    <p>
+    All SeaMonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.1.9-r1"</code>
+    <p>
+    All SeaMonkey binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-1.1.9"</code>
+    <p>
+    All XULRunner users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/xulrunner-1.8.1.14"</code>
+    <p>
+    NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in
+    the SeaMonkey binary ebuild, as no precompiled packages have been
+    released. Until an update is available, we recommend all SeaMonkey
+    users to disable JavaScript, use Firefox for JavaScript-enabled
+    browsing, or switch to the SeaMonkey source ebuild.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879">CVE-2007-4879</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304">CVE-2008-0304</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412">CVE-2008-0412</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413">CVE-2008-0413</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0414">CVE-2008-0414</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415">CVE-2008-0415</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416">CVE-2008-0416</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417">CVE-2008-0417</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418">CVE-2008-0418</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419">CVE-2008-0419</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0420">CVE-2008-0420</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591">CVE-2008-0591</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592">CVE-2008-0592</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593">CVE-2008-0593</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594">CVE-2008-0594</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233">CVE-2008-1233</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234">CVE-2008-1234</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235">CVE-2008-1235</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236">CVE-2008-1236</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237">CVE-2008-1237</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238">CVE-2008-1238</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240">CVE-2008-1240</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241">CVE-2008-1241</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380">CVE-2008-1380</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-03-27T03:40:04Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-20T21:13:08Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-19.xml b/metadata/glsa/glsa-200805-19.xml
new file mode 100644
index 000000000000..fc53cddf815a
--- /dev/null
+++ b/metadata/glsa/glsa-200805-19.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-19">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in ClamAV may result in the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2008-05-20</announced>
+  <revised count="01">2008-05-20</revised>
+  <bug>213762</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.93</unaffected>
+      <vulnerable range="lt">0.93</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a free anti-virus toolkit for UNIX, designed
+    especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported:
+    </p>
+    <ul>
+    <li>
+    Damian Put reported a heap-based buffer overflow when processing PeSpin
+    packed PE binaries (CVE-2008-0314).
+    </li>
+    <li>
+    Alin Rad Pop of Secunia Research reported a buffer overflow in the
+    cli_scanpe() function when processing Upack PE binaries
+    (CVE-2008-1100).
+    </li>
+    <li>
+    Hanno Boeck reported an infinite loop when processing ARJ archives
+    (CVE-2008-1387).
+    </li>
+    <li>
+    Damian Put and Thomas Pollet reported a heap-based buffer overflow when
+    processing WWPack compressed PE binaries (CVE-2008-1833).
+    </li>
+    <li>
+    A buffer over-read was discovered in the rfc2231() function when
+    producing a string that is not NULL terminated (CVE-2008-1836).
+    </li>
+    <li>
+    An unspecified vulnerability leading to "memory problems" when scanning
+    RAR files was reported (CVE-2008-1837).
+    </li>
+    <li>
+    Thierry Zoller reported that scanning of RAR files could be
+    circumvented (CVE-2008-1835).
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could entice a user or automated system to scan a
+    specially crafted file, possibly leading to the execution of arbitrary
+    code with the privileges of the user running ClamAV (either a system
+    user or the "clamav" user if clamd is compromised), or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.93"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314">CVE-2008-0314</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100">CVE-2008-1100</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387">CVE-2008-1387</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833">CVE-2008-1833</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835">CVE-2008-1835</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836">CVE-2008-1836</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837">CVE-2008-1837</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-05-14T18:45:19Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-14T18:56:12Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-20.xml b/metadata/glsa/glsa-200805-20.xml
new file mode 100644
index 000000000000..4e4b91b09152
--- /dev/null
+++ b/metadata/glsa/glsa-200805-20.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-20">
+  <title>GnuTLS: Execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities might allow for the execution of arbitrary code in
+    daemons using GnuTLS.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2008-05-21</announced>
+  <revised count="01">2008-05-21</revised>
+  <bug>222823</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5</unaffected>
+      <vulnerable range="lt">2.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnuTLS is an implementation of Secure Sockets Layer (SSL) 3.0 and
+    Transport Layer Security (TLS) 1.0, 1.1 and 1.2.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ossi Herrala and Jukka Taimisto of Codenomicon reported three
+    vulnerabilities in libgnutls of GnuTLS:
+    </p>
+    <ul>
+    <li>
+    "Client Hello" messages containing an invalid server name can lead to a
+    buffer overflow when evaluating "Security Parameters" (CVE-2008-1948).
+    </li>
+    <li>
+    Multiple "Client Hello" messages can lead to a NULL pointer dereference
+    (CVE-2008-1949).
+    </li>
+    <li>
+    A TLS handshake including an encrypted "Client Hello" message and an
+    invalid record length could lead to a buffer overread (CVE-2008-1950).
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    Unauthenticated remote attackers could exploit these vulnerabilities to
+    cause Denial of Service conditions in daemons using GnuTLS. The first
+    vulnerability (CVE-2008-1948) might allow for the execution of
+    arbitrary code with the privileges of the daemon handling incoming TLS
+    connections.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuTLS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-2.2.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948">CVE-2008-1948</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949">CVE-2008-1949</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950">CVE-2008-1950</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-05-20T16:44:10Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-21T16:32:55Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-21.xml b/metadata/glsa/glsa-200805-21.xml
new file mode 100644
index 000000000000..4ad58b27e872
--- /dev/null
+++ b/metadata/glsa/glsa-200805-21.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-21">
+  <title>Roundup: Permission bypass</title>
+  <synopsis>
+    A vulnerability in Roundup allows for bypassing permission restrictions.
+  </synopsis>
+  <product type="ebuild">roundup</product>
+  <announced>2008-05-27</announced>
+  <revised count="01">2008-05-27</revised>
+  <bug>212488</bug>
+  <bug>214666</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/roundup" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4-r1</unaffected>
+      <vulnerable range="lt">1.4.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Roundup is an issue-tracking system with command-line, web and e-mail
+    interfaces.
+    </p>
+  </background>
+  <description>
+    <p>
+    Philipp Gortan reported that the xml-rpc server in Roundup does not
+    check property permissions (CVE-2008-1475). Furthermore, Roland Meister
+    discovered multiple vulnerabilities caused by unspecified errors, some
+    of which may be related to cross-site scripting (CVE-2008-1474).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly exploit the first vulnerability to
+    edit or view restricted properties via the list(), display(), and set()
+    methods. The impact and attack vectors of the second vulnerability are
+    unknown.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Roundup users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/roundup-1.4.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1474">CVE-2008-1474</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1475">CVE-2008-1475</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-19T15:24:06Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-21T19:07:57Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-22T09:03:17Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-22.xml b/metadata/glsa/glsa-200805-22.xml
new file mode 100644
index 000000000000..8e4101ada2e7
--- /dev/null
+++ b/metadata/glsa/glsa-200805-22.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-22">
+  <title>MPlayer: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    An integer overflow vulnerability in MPlayer may allow for the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">mplayer</product>
+  <announced>2008-05-29</announced>
+  <revised count="01">2008-05-29</revised>
+  <bug>215006</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_rc2_p26753</unaffected>
+      <vulnerable range="lt">1.0_rc2_p26753</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player including support for a wide range of audio
+    and video formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    k`sOSe reported an integer overflow vulnerability in the
+    sdpplin_parse() function in the file stream/realrtsp/sdpplin.c, which
+    can be exploited to overwrite arbitrary memory regions via an overly
+    large "StreamCount" SDP parameter.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted media
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running MPlayer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0_rc2_p26753"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1558">CVE-2008-1558</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-22T17:37:55Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-27T21:32:21Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-28T13:57:42Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200805-23.xml b/metadata/glsa/glsa-200805-23.xml
new file mode 100644
index 000000000000..b2b9738f3e5f
--- /dev/null
+++ b/metadata/glsa/glsa-200805-23.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200805-23">
+  <title>Samba: Heap-based buffer overflow</title>
+  <synopsis>
+    A heap-based buffer overflow vulnerability was found in Samba, allowing for
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2008-05-29</announced>
+  <revised count="01">2008-05-29</revised>
+  <bug>222299</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.28a-r1</unaffected>
+      <vulnerable range="lt">3.0.28a-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a suite of SMB and CIFS client/server programs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alin Rad Pop (Secunia Research) reported a vulnerability in Samba
+    within the receive_smb_raw() function in the file lib/util_sock.c when
+    parsing SMB packets, possibly leading to a heap-based buffer overflow
+    via an overly large SMB packet.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly exploit this vulnerability by enticing
+    a user to connect to a malicious server or by sending specially crafted
+    packets to an nmbd server configured as a local or domain master
+    browser, resulting in the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.28a-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-27T15:20:30Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-27T21:23:53Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-05-29T13:07:54Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-01.xml b/metadata/glsa/glsa-200806-01.xml
new file mode 100644
index 000000000000..a37371431d7e
--- /dev/null
+++ b/metadata/glsa/glsa-200806-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-01">
+  <title>mtr: Stack-based buffer overflow</title>
+  <synopsis>
+    A stack-based buffer overflow was found in mtr, possibly resulting in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mtr</product>
+  <announced>2008-06-03</announced>
+  <revised count="01">2008-06-03</revised>
+  <bug>223017</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/mtr" auto="yes" arch="*">
+      <unaffected range="ge">0.73-r1</unaffected>
+      <vulnerable range="lt">0.73-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mtr combines the functionality of the 'traceroute' and 'ping' programs
+    in a single network diagnostic tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Adam Zabrocki reported a boundary error within the split_redraw()
+    function in the file split.c, possibly leading to a stack-based buffer
+    overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could use a specially crafted resolved hostname to
+    execute arbitrary code with root privileges. However, it is required
+    that the attacker controls the DNS server used by the victim, and that
+    the "-p" (or "--split") command line option is used.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mtr users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/mtr-0.73-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2357">CVE-2008-2357</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-26T19:29:01Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-27T21:17:06Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-02T21:28:08Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-02.xml b/metadata/glsa/glsa-200806-02.xml
new file mode 100644
index 000000000000..4e338650288d
--- /dev/null
+++ b/metadata/glsa/glsa-200806-02.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-02">
+  <title>libxslt: Execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability was found in libxslt, possibly resulting in the execution
+    of arbitrary code and Denial of Service.
+  </synopsis>
+  <product type="ebuild">libxslt</product>
+  <announced>2008-06-03</announced>
+  <revised count="01">2008-06-03</revised>
+  <bug>222499</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxslt" auto="yes" arch="*">
+      <unaffected range="ge">1.1.24</unaffected>
+      <vulnerable range="lt">1.1.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Libxslt is the XSLT C library developed for the GNOME project. XSLT
+    itself is an XML language to define transformations for XML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Anthony de Almeida Lopes reported a vulnerability in libxslt when
+    handling XSL style-sheet files, which could be exploited to trigger the
+    use of uninitialized memory, e.g. in a call to "free()".
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to process an
+    XML file using a specially crafted XSL transformation file, possibly
+    resulting in the execution of arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libxslt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxslt-1.1.24"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767">CVE-2008-1767</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-27T20:52:43Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-05-27T21:07:25Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-02T21:27:22Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-03.xml b/metadata/glsa/glsa-200806-03.xml
new file mode 100644
index 000000000000..0126b257e705
--- /dev/null
+++ b/metadata/glsa/glsa-200806-03.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-03">
+  <title>Imlib 2: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Two vulnerabilities in Imlib 2 may allow for the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">imlib2</product>
+  <announced>2008-06-08</announced>
+  <revised count="01">2008-06-08</revised>
+  <bug>223965</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/imlib2" auto="yes" arch="*">
+      <unaffected range="ge">1.4.0-r1</unaffected>
+      <vulnerable range="lt">1.4.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Imlib 2 is an advanced replacement library for libraries like libXpm.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Cornelius (Secunia Research) reported two boundary errors in
+    Imlib2:
+    </p>
+    <ul>
+    <li>One of them within the load() function in the
+    file src/modules/loaders/loader_pnm.c when processing the header of a
+    PNM image file, possibly leading to a stack-based buffer overflow.</li>
+    <li>The second one within the load() function in the file
+    src/modules/loader_xpm.c when processing an XPM image file, possibly
+    leading to a stack-based buffer overflow.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted PNM
+    or XPM image, possibly resulting in the execution of arbitrary code
+    with the rights of the user running the application using Imlib 2.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Imlib 2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/imlib2-1.4.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426">CVE-2008-2426</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-31T09:11:57Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-03T07:11:46Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-06T17:06:14Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-04.xml b/metadata/glsa/glsa-200806-04.xml
new file mode 100644
index 000000000000..8fd3be59be1f
--- /dev/null
+++ b/metadata/glsa/glsa-200806-04.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-04">
+  <title>rdesktop: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in rdesktop may lead to the execution of arbitrary
+    code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">rdesktop</product>
+  <announced>2008-06-14</announced>
+  <revised count="01">2008-06-14</revised>
+  <bug>220911</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rdesktop" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0</unaffected>
+      <vulnerable range="lt">1.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    rdesktop is an open source Remote Desktop Protocol (RDP) client.
+    </p>
+  </background>
+  <description>
+    <p>
+    An anonymous researcher reported multiple vulnerabilities in rdesktop
+    via iDefense Labs:
+    </p>
+    <ul>
+    <li>An integer underflow error exists in
+    the function iso_recv_msg() in the file iso.c which can be triggered
+    via a specially crafted RDP request, causing a heap-based buffer
+    overflow (CVE-2008-1801).</li>
+    <li>An input validation error exists in
+    the function process_redirect_pdu() in the file rdp.c which can be
+    triggered via a specially crafted RDP redirect request, causing a
+    BSS-based buffer overflow (CVE-2008-1802).</li>
+    <li>
+    An integer signedness error exists in the function xrealloc() in the
+    file rdesktop.c which can be be exploited to cause a heap-based buffer
+    overflow (CVE-2008-1803).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities by enticing a user to
+    connect to a malicious RDP server thereby allowing the attacker to
+    execute arbitrary code or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All rdesktop users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/rdesktop-1.6.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801">CVE-2008-1801</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802">CVE-2008-1802</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803">CVE-2008-1803</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-19T15:23:05Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-03T15:21:36Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-07T15:00:31Z">
+    mfleming
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-05.xml b/metadata/glsa/glsa-200806-05.xml
new file mode 100644
index 000000000000..751a5966fe1c
--- /dev/null
+++ b/metadata/glsa/glsa-200806-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-05">
+  <title>cbrPager: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Insecure filename usage in cbrPager may allow for the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">cbrpager</product>
+  <announced>2008-06-16</announced>
+  <revised count="01">2008-06-16</revised>
+  <bug>223657</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/cbrpager" auto="yes" arch="*">
+      <unaffected range="ge">0.9.17</unaffected>
+      <vulnerable range="lt">0.9.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cbrPager is a comic book pager.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mamoru Tasaka discovered that filenames of the image archives are not
+    properly sanitized before being passed to decompression utilities like
+    unrar and unzip, which use the system() libc library call.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open an archive with a
+    specially crafted filename, resulting in arbitrary code execution with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All cbrPager users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-misc/cbrpager-0.9.17"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2575">CVE-2008-2575</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-28T17:48:23Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-03T15:18:59Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-14T21:12:52Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-06.xml b/metadata/glsa/glsa-200806-06.xml
new file mode 100644
index 000000000000..b5dc20a95303
--- /dev/null
+++ b/metadata/glsa/glsa-200806-06.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-06">
+  <title>Evolution: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities in Evolution may allow for user-assisted execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">evolution</product>
+  <announced>2008-06-16</announced>
+  <revised count="01">2008-06-16</revised>
+  <bug>223963</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/evolution" auto="yes" arch="*">
+      <unaffected range="ge">2.12.3-r2</unaffected>
+      <vulnerable range="lt">2.12.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Evolution is the mail client of the GNOME desktop environment.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alin Rad Pop (Secunia Research) reported two vulnerabilities in
+    Evolution:
+    </p>
+    <ul><li>
+    A boundary error exists when parsing overly long timezone strings
+    contained within iCalendar attachments and when the ITip formatter is
+    disabled (CVE-2008-1108).</li>
+    <li>
+    A boundary error exists when replying to an iCalendar request with an
+    overly long "DESCRIPTION" property while in calendar view
+    (CVE-2008-1109).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    iCalendar attachment, resulting in the execution of arbitrary code with
+    the privileges of the user running Evolution.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Evolution users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/evolution-2.12.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1108">CVE-2008-1108</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1109">CVE-2008-1109</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-06-03T15:11:52Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-05T10:04:23Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-14T21:39:04Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-07.xml b/metadata/glsa/glsa-200806-07.xml
new file mode 100644
index 000000000000..73d54ceff4d7
--- /dev/null
+++ b/metadata/glsa/glsa-200806-07.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-07">
+  <title>X.Org X server: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in the X.Org X server,
+    possibly allowing for the remote execution of arbitrary code with root
+    privileges.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2008-06-19</announced>
+  <revised count="01">2008-06-19</revised>
+  <bug>225419</bug>
+  <access>remote, local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0.0-r6</unaffected>
+      <vulnerable range="lt">1.3.0.0-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The X Window System is a graphical windowing system based on a
+    client/server model.
+    </p>
+  </background>
+  <description>
+    <p>
+    Regenrecht reported multiple vulnerabilities in various X server
+    extensions via iDefense:
+    </p>
+    <ul>
+    <li>The
+    SProcSecurityGenerateAuthorization() and SProcRecordCreateContext()
+    functions of the RECORD and Security extensions are lacking proper
+    parameter validation (CVE-2008-1377).</li>
+    <li>An integer overflow is
+    possible in the function ShmPutImage() of the MIT-SHM extension
+    (CVE-2008-1379).</li>
+    <li>The RENDER extension contains several
+    possible integer overflows in the AllocateGlyph() function
+    (CVE-2008-2360) which could possibly lead to a heap-based buffer
+    overflow. Further possible integer overflows have been found in the
+    ProcRenderCreateCursor() function (CVE-2008-2361) as well as in the
+    SProcRenderCreateLinearGradient(), SProcRenderCreateRadialGradient()
+    and SProcRenderCreateConicalGradient() functions (CVE-2008-2362).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    Exploitation of these vulnerabilities could possibly lead to the remote
+    execution of arbitrary code with root privileges, if the server is
+    running as root, which is the default. It is also possible to crash the
+    server by making use of these vulnerabilities.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    It is possible to avoid these vulnerabilities by disabling the affected
+    server extensions. Therefore edit the configuration file
+    (/etc/X11/xorg.conf) to contain the following in the appropriate
+    places:
+    </p>
+    <code>
+      Section "Extensions"   
+    	Option "MIT-SHM" "disable"
+    	Option "RENDER" "disable" 
+    	Option "SECURITY" "disable"
+      EndSection
+    
+      Section "Module"
+       Disable "record"
+      EndSection</code>
+  </workaround>
+  <resolution>
+    <p>
+    All X.org X Server users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.3.0.0-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377">CVE-2008-1377</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379">CVE-2008-1379</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360">CVE-2008-2360</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361">CVE-2008-2361</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362">CVE-2008-2362</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-06-11T10:16:02Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-16T08:09:32Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-08.xml b/metadata/glsa/glsa-200806-08.xml
new file mode 100644
index 000000000000..d0c5a77a546c
--- /dev/null
+++ b/metadata/glsa/glsa-200806-08.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-08">
+  <title>OpenSSL: Denial of service</title>
+  <synopsis>
+    Two vulnerabilities might allow for a Denial of Service of daemons using
+    OpenSSL.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2008-06-23</announced>
+  <revised count="01">2008-06-23</revised>
+  <bug>223429</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.8g-r2</unaffected>
+      <unaffected range="lt">0.9.8f</unaffected>
+      <vulnerable range="lt">0.9.8g-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+    (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+    purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Ossi Herrala and Jukka Taimisto of Codenomicon discovered two
+    vulnerabilities:
+    </p>
+    <ul>
+    <li>
+    A double free() call in the TLS server name extension (CVE-2008-0891).
+    </li>
+    <li>
+    The OpenSSL client code does not properly handle servers that omit the
+    Server Key Exchange message in the TLS handshake (CVE-2008-1672).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could connect to a vulnerable server, or entice a
+    daemon to connect to a malicious server, causing a Denial of Service of
+    the daemon in both cases.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8g-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891">CVE-2008-0891</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672">CVE-2008-1672</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-06-16T22:48:49Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-16T23:22:26Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-16T23:22:36Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-09.xml b/metadata/glsa/glsa-200806-09.xml
new file mode 100644
index 000000000000..eaa69465c032
--- /dev/null
+++ b/metadata/glsa/glsa-200806-09.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-09">
+  <title>libvorbis: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in libvorbis might lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">libvorbis</product>
+  <announced>2008-06-23</announced>
+  <revised count="02">2008-06-23</revised>
+  <bug>222085</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libvorbis" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1_rc1</unaffected>
+      <vulnerable range="lt">1.2.1_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libvorbis is the reference implementation of the Xiph.org Ogg Vorbis
+    audio file format. It is used by many applications for playback of Ogg
+    Vorbis files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Will Drewry of the Google Security Team reported multiple
+    vulnerabilities in libvorbis:
+    </p>
+    <ul>
+    <li>
+    A zero value for "codebook.dim" is not properly handled, leading to a
+    crash, infinite loop or triggering an integer overflow
+    (CVE-2008-1419).
+    </li>
+    <li>
+    An integer overflow in "residue partition value" evaluation might lead
+    to a heap-based buffer overflow (CVE-2008-1420).
+    </li>
+    <li>
+    An integer overflow in a certain "quantvals" and "quantlist"
+    calculation might lead to a heap-based buffer overflow
+    (CVE-2008-1423).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by enticing a
+    user to open a specially crafted Ogg Vorbis file or network stream with
+    an application using libvorbis. This might lead to the execution of
+    arbitrary code with the privileges of the user playing the file or a
+    Denial of Service by a crash or CPU consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libvorbis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libvorbis-1.2.1_rc1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419">CVE-2008-1419</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420">CVE-2008-1420</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423">CVE-2008-1423</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-06-16T22:45:51Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-16T23:30:07Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-16T23:30:17Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-10.xml b/metadata/glsa/glsa-200806-10.xml
new file mode 100644
index 000000000000..170c1658879d
--- /dev/null
+++ b/metadata/glsa/glsa-200806-10.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-10">
+  <title>FreeType: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Font parsing vulnerabilities in FreeType might lead to user-assisted
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2008-06-23</announced>
+  <revised count="03">2009-05-28</revised>
+  <bug>225851</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.3.6</unaffected>
+      <unaffected range="rge">1.4_pre20080316-r1</unaffected>
+      <vulnerable range="lt">2.3.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeType is a font rendering library for TrueType Font (TTF) and
+    Printer Font Binary (PFB).
+    </p>
+  </background>
+  <description>
+    <p>
+    Regenrecht reported multiple vulnerabilities in FreeType via iDefense:
+    </p>
+    <ul>
+    <li>
+    An integer overflow when parsing values in the Private dictionary table
+    in a PFB file, leading to a heap-based buffer overflow
+    (CVE-2008-1806).
+    </li>
+    <li>
+    An invalid free() call related to parsing an invalid "number of axes"
+    field in a PFB file (CVE-2008-1807).
+    </li>
+    <li>
+    Multiple off-by-one errors when parsing PBF and TTF files, leading to
+    heap-based buffer overflows (CVE-2008-1808).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted TTF
+    or PBF file, possibly resulting in the execution of arbitrary code with
+    the privileges of the user running an application linked against
+    FreeType (such as the X.org X server, running as root).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeType users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.3.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806">CVE-2008-1806</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807">CVE-2008-1807</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808">CVE-2008-1808</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-06-12T09:20:25Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-17T00:04:48Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-17T00:04:59Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200806-11.xml b/metadata/glsa/glsa-200806-11.xml
new file mode 100644
index 000000000000..56996826ab8b
--- /dev/null
+++ b/metadata/glsa/glsa-200806-11.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200806-11">
+  <title>IBM JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in IBM Java Development Kit (JDK)
+    and Java Runtime Environment (JRE), resulting in the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">ibm-jdk-bin ibm-jre-bin</product>
+  <announced>2008-06-25</announced>
+  <revised count="01">2008-06-25</revised>
+  <bug>186277</bug>
+  <bug>198644</bug>
+  <bug>216112</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/ibm-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.7</unaffected>
+      <unaffected range="rge">1.4.2.11</unaffected>
+      <vulnerable range="lt">1.5.0.7</vulnerable>
+    </package>
+    <package name="dev-java/ibm-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0.7</unaffected>
+      <unaffected range="rge">1.4.2.11</unaffected>
+      <vulnerable range="lt">1.5.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The IBM Java Development Kit (JDK) and the IBM Java Runtime Environment
+    (JRE) provide the IBM Java platform.
+    </p>
+  </background>
+  <description>
+    <p>
+    Because of sharing the same codebase, IBM JDK and JRE are affected by
+    the vulnerabilities mentioned in GLSA 200804-20.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run a specially crafted applet
+    on a website or start an application in Java Web Start to execute
+    arbitrary code outside of the Java sandbox and of the Java security
+    restrictions with the privileges of the user running Java. The attacker
+    could also obtain sensitive information, create, modify, rename and
+    read local files, execute local applications, establish connections in
+    the local network, bypass the same origin policy, and cause a Denial of
+    Service via multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IBM JDK 1.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/ibm-jdk-bin-1.5.0.7"</code>
+    <p>
+    All IBM JDK 1.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/ibm-jdk-bin-1.4.2.11"</code>
+    <p>
+    All IBM JRE 1.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/ibm-jre-bin-1.5.0.7"</code>
+    <p>
+    All IBM JRE 1.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/ibm-jre-bin-1.4.2.11"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200804-20.xml">GLSA 200804-20</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-04-05T22:14:16Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-23T17:16:09Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-24T01:10:44Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-01.xml b/metadata/glsa/glsa-200807-01.xml
new file mode 100644
index 000000000000..b81eb7532cb1
--- /dev/null
+++ b/metadata/glsa/glsa-200807-01.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-01">
+  <title>Python: Multiple integer overflows</title>
+  <synopsis>
+    Multiple integer overflows may allow for Denial of Service.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2008-07-01</announced>
+  <revised count="01">2008-07-01</revised>
+  <bug>216673</bug>
+  <bug>217221</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="rge">2.3.6-r6</unaffected>
+      <unaffected range="ge">2.4.4-r13</unaffected>
+      <vulnerable range="lt">2.4.4-r13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented programming
+    language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Python:
+    </p>
+    <ul>
+    <li>David
+    Remahl reported multiple integer overflows in the file imageop.c,
+    leading to a heap-based buffer overflow (CVE-2008-1679). This issue is
+    due to an incomplete fix for CVE-2007-4965.</li>
+    <li>Justin Ferguson
+    discovered that an integer signedness error in the zlib extension
+    module might trigger insufficient memory allocation and a buffer
+    overflow via a negative signed integer (CVE-2008-1721).</li>
+    <li>Justin
+    Ferguson discovered that insufficient input validation in the
+    PyString_FromStringAndSize() function might lead to a buffer overflow
+    (CVE-2008-1887).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities to cause a Denial
+    of Service or possibly the remote execution of arbitrary code with the
+    privileges of the user running Python.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    The imageop module is no longer built in the unaffected versions.
+    </p>
+    <p>
+    All Python 2.3 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.3.6-r6"</code>
+    <p>
+    All Python 2.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.4.4-r13"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679">CVE-2008-1679</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721">CVE-2008-1721</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887">CVE-2008-1887</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-06-27T08:54:25Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-01T11:46:03Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-02.xml b/metadata/glsa/glsa-200807-02.xml
new file mode 100644
index 000000000000..ebada9a91c2c
--- /dev/null
+++ b/metadata/glsa/glsa-200807-02.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-02">
+  <title>Motion: Execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities in Motion might result in the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">motion</product>
+  <announced>2008-07-01</announced>
+  <revised count="01">2008-07-01</revised>
+  <bug>227053</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/motion" auto="yes" arch="*">
+      <unaffected range="ge">3.2.10.1</unaffected>
+      <vulnerable range="lt">3.2.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Motion is a program that monitors the video signal from one or more
+    cameras and is able to detect motions.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nico Golde reported an off-by-one error within the read_client()
+    function in the webhttpd.c file, leading to a stack-based buffer
+    overflow. Stefan Cornelius (Secunia Research) reported a boundary error
+    within the same function, also leading to a stack-based buffer
+    overflow. Both vulnerabilities require that the HTTP Control interface
+    is enabled.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending an
+    overly long or specially crafted request to a vulnerable Motion HTTP
+    control interface, possibly resulting in the execution of arbitrary
+    code with the privileges of the motion user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Motion users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/motion-3.2.10.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2654">CVE-2008-2654</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-06-24T00:58:06Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-25T11:12:50Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-01T11:55:40Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-03.xml b/metadata/glsa/glsa-200807-03.xml
new file mode 100644
index 000000000000..146838f45b61
--- /dev/null
+++ b/metadata/glsa/glsa-200807-03.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-03">
+  <title>PCRE: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in PCRE, allowing for
+    the execution of arbitrary code and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libpcre glib</product>
+  <announced>2008-07-07</announced>
+  <revised count="01">2008-07-07</revised>
+  <bug>228091</bug>
+  <bug>230039</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre" auto="yes" arch="*">
+      <unaffected range="ge">7.7-r1</unaffected>
+      <vulnerable range="lt">7.7-r1</vulnerable>
+    </package>
+    <package name="dev-libs/glib" auto="yes" arch="*">
+      <unaffected range="ge">2.16.3-r1</unaffected>
+      <unaffected range="lt">2.14.0</unaffected>
+      <vulnerable range="lt">2.16.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PCRE is a Perl-compatible regular expression library. GLib includes a
+    copy of PCRE.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy of the Google Security team reported a heap-based buffer
+    overflow when compiling regular expression patterns containing
+    "Internal Option Settings" such as "<i>(?i)</i>".
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability by sending a
+    specially crafted regular expression to an application making use of
+    the PCRE library, which could possibly lead to the execution of
+    arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PCRE users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-7.7-r1"</code>
+    <p>
+    All GLib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.16.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371">CVE-2008-2371</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-07-07T00:02:02Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-07T00:02:22Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-04.xml b/metadata/glsa/glsa-200807-04.xml
new file mode 100644
index 000000000000..61adb20afe63
--- /dev/null
+++ b/metadata/glsa/glsa-200807-04.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-04">
+  <title>Poppler: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Poppler is affected by a memory management issue, which could lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2008-07-08</announced>
+  <revised count="01">2008-07-08</revised>
+  <bug>229931</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.6.3-r1</unaffected>
+      <vulnerable range="lt">0.6.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Poppler is a cross-platform PDF rendering library originally based on
+    Xpdf.
+    </p>
+  </background>
+  <description>
+    <p>
+    Felipe Andres Manzano reported a memory management issue in the Page
+    class constructor/destructor.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted PDF
+    file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview,
+    or Evince, potentially resulting in the execution of arbitrary code
+    with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All poppler users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.6.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950">CVE-2008-2950</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-07-07T09:09:47Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-08T18:44:36Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-05.xml b/metadata/glsa/glsa-200807-05.xml
new file mode 100644
index 000000000000..a64743c5340f
--- /dev/null
+++ b/metadata/glsa/glsa-200807-05.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-05">
+  <title>OpenOffice.org: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    An integer overflow vulnerability has been reported in OpenOffice.org.
+  </synopsis>
+  <product type="ebuild">openoffice openoffice-bin</product>
+  <announced>2008-07-09</announced>
+  <revised count="01">2008-07-09</revised>
+  <bug>225723</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">2.4.1</unaffected>
+      <vulnerable range="lt">2.4.1</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.4.1</unaffected>
+      <vulnerable range="lt">2.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sean Larsson (iDefense Labs) reported an integer overflow in the
+    function rtl_allocateMemory() in the file
+    sal/rtl/source/alloc_global.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-2.4.1"</code>
+    <p>
+    All OpenOffice.org binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-2.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2152">CVE-2008-2152</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-07T07:24:43Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-07T07:24:50Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-07T11:42:11Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-06.xml b/metadata/glsa/glsa-200807-06.xml
new file mode 100644
index 000000000000..4c8f81534f99
--- /dev/null
+++ b/metadata/glsa/glsa-200807-06.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-06">
+  <title>Apache: Denial of service</title>
+  <synopsis>
+    Multiple vulnerabilities in Apache might lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2008-07-09</announced>
+  <revised count="01">2008-07-09</revised>
+  <bug>222643</bug>
+  <bug>227111</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.2.9</unaffected>
+      <vulnerable range="lt">2.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Apache:
+    </p>
+    <ul>
+    <li>
+    Dustin Kirkland reported that the mod_ssl module can leak memory when
+    the client reports support for a compression algorithm (CVE-2008-1678).
+    </li>
+    <li>
+    Ryujiro Shibuya reported that the ap_proxy_http_process_response()
+    function in the mod_proxy module does not limit the number of forwarded
+    interim responses (CVE-2008-2364).
+    </li>
+    <li>
+    sp3x of SecurityReason reported a Cross-Site Request Forgery
+    vulnerability in the balancer-manager in the mod_proxy_balancer module
+    (CVE-2007-6420).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by connecting to
+    an Apache httpd, by causing an Apache proxy server to connect to a
+    malicious server, or by enticing a balancer administrator to connect to
+    a specially-crafted URL, resulting in a Denial of Service of the Apache
+    daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678">CVE-2008-1678</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-06-14T10:47:39Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-06-16T23:51:04Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-16T23:51:13Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-07.xml b/metadata/glsa/glsa-200807-07.xml
new file mode 100644
index 000000000000..746c41746330
--- /dev/null
+++ b/metadata/glsa/glsa-200807-07.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-07">
+  <title>NX: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    NX uses code from the X.org X11 server which is prone to multiple
+    vulnerabilities.
+  </synopsis>
+  <product type="ebuild">nx, nxnode</product>
+  <announced>2008-07-09</announced>
+  <revised count="01">2008-07-09</revised>
+  <bug>230147</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/nxnode" auto="yes" arch="*">
+      <unaffected range="ge">3.2.0-r3</unaffected>
+      <vulnerable range="lt">3.2.0-r3</vulnerable>
+    </package>
+    <package name="net-misc/nx" auto="yes" arch="*">
+      <unaffected range="ge">3.2.0-r2</unaffected>
+      <vulnerable range="lt">3.2.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NoMachine's NX establishes remote connections to X11 desktops over
+    small bandwidth links. NX and NX Node are the compression core
+    libraries, whereas NX is used by FreeNX and NX Node by the binary-only
+    NX servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple integer overflow and buffer overflow vulnerabilities have been
+    discovered in the X.Org X server as shipped by NX and NX Node (GLSA
+    200806-07).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities via unspecified
+    vectors, leading to the execution of arbitrary code with the privileges
+    of the user on the machine running the NX server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NX Node users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/nxnode-3.2.0-r3"</code>
+    <p>
+    All NX users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/nx-3.2.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200806-07.xml">GLSA 200806-07</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-07-07T00:06:37Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-07T00:06:48Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-08.xml b/metadata/glsa/glsa-200807-08.xml
new file mode 100644
index 000000000000..fed68aba9825
--- /dev/null
+++ b/metadata/glsa/glsa-200807-08.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-08">
+  <title>BIND: Cache poisoning</title>
+  <synopsis>
+    A weakness in the DNS protocol has been reported, which could lead to cache
+    poisoning on recursive resolvers.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2008-07-11</announced>
+  <revised count="01">2008-07-11</revised>
+  <bug>231201</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.4.2_p1</unaffected>
+      <vulnerable range="lt">9.4.2_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC BIND is the Internet Systems Consortium implementation of the
+    Domain Name System (DNS) protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dan Kaminsky of IOActive has reported a weakness in the DNS protocol
+    related to insufficient randomness of DNS transaction IDs and query
+    source ports.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An attacker could exploit this weakness to poison the cache of a
+    recursive resolver and thus spoof DNS traffic, which could e.g. lead to
+    the redirection of web or mail traffic to malicious sites.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BIND users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.4.2_p1"</code>
+    <p>
+    Note: In order to utilize the query port randomization to mitigate the
+    weakness, you need to make sure that your network setup allows the DNS
+    server to use random source ports for query and that you have not set a
+    fixed query port via the "query-source port" directive in the BIND
+    configuration.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-09T08:55:27Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-09T14:42:45Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-11T17:35:39Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-09.xml b/metadata/glsa/glsa-200807-09.xml
new file mode 100644
index 000000000000..81f54c0d7fdb
--- /dev/null
+++ b/metadata/glsa/glsa-200807-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-09">
+  <title>Mercurial: Directory traversal</title>
+  <synopsis>
+    A directory traversal vulnerability in Mercurial allows for the renaming of
+    arbitrary files.
+  </synopsis>
+  <product type="ebuild">mercurial</product>
+  <announced>2008-07-15</announced>
+  <revised count="01">2008-07-15</revised>
+  <bug>230193</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/mercurial" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1-r2</unaffected>
+      <vulnerable range="lt">1.0.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mercurial is a distributed Source Control Management system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jakub Wilk discovered a directory traversal vulnerabilty in the
+    applydiff() function in the mercurial/patch.py file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to import a specially crafted
+    patch, possibly resulting in the renaming of arbitrary files, even
+    outside the repository.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mercurial users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/mercurial-1.0.1-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2942">CVE-2008-2942</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-15T10:37:24Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-15T11:41:04Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-15T11:48:10Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-10.xml b/metadata/glsa/glsa-200807-10.xml
new file mode 100644
index 000000000000..e9abed406344
--- /dev/null
+++ b/metadata/glsa/glsa-200807-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-10">
+  <title>Bacula: Information disclosure</title>
+  <synopsis>
+    A vulnerability in Bacula may allow local attackers to obtain sensitive
+    information.
+  </synopsis>
+  <product type="ebuild">bacula</product>
+  <announced>2008-07-21</announced>
+  <revised count="01">2008-07-21</revised>
+  <bug>196834</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-backup/bacula" auto="yes" arch="*">
+      <unaffected range="ge">2.4.1</unaffected>
+      <vulnerable range="lt">2.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Bacula is a network based backup suite.
+    </p>
+  </background>
+  <description>
+    <p>
+    Matthijs Kooijman reported that the "make_catalog_backup" script uses
+    the MySQL password as a command line argument when invoking other
+    programs.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could list the processes on the local machine when the
+    script is running to obtain the MySQL password. Note: The password
+    could also be disclosed via network sniffing attacks when the script
+    fails, in which case it would be sent via cleartext e-mail.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    A warning about this issue has been added in version 2.4.1, but the
+    issue is still unfixed. We advise not to use the make_catalog_backup
+    script, but to put all MySQL parameters into a dedicated file readable
+    only by the user running Bacula.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5626">CVE-2007-5626</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-15T10:41:52Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-15T11:29:18Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-15T11:29:25Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-11.xml b/metadata/glsa/glsa-200807-11.xml
new file mode 100644
index 000000000000..04326d5dbb3c
--- /dev/null
+++ b/metadata/glsa/glsa-200807-11.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-11">
+  <title>PeerCast: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability in PeerCast may allow for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">peercast</product>
+  <announced>2008-07-21</announced>
+  <revised count="01">2008-07-21</revised>
+  <bug>220281</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/peercast" auto="yes" arch="*">
+      <unaffected range="ge">0.1218-r1</unaffected>
+      <vulnerable range="lt">0.1218-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PeerCast is a client and server for P2P-radio networks.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nico Golde reported a boundary error in the HTTP::getAuthUserPass()
+    function when processing overly long HTTP Basic authentication
+    requests.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted HTTP request to the
+    vulnerable server, possibly resulting in the remote execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PeerCast users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/peercast-0.1218-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2040">CVE-2008-2040</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-08T00:36:04Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-12T19:41:58Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-20T15:19:30Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-12.xml b/metadata/glsa/glsa-200807-12.xml
new file mode 100644
index 000000000000..cfa9395f5591
--- /dev/null
+++ b/metadata/glsa/glsa-200807-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-12">
+  <title>BitchX: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in BitchX may allow for the remote execution of
+    arbitrary code or symlink attacks.
+  </synopsis>
+  <product type="ebuild">bitchx</product>
+  <announced>2008-07-21</announced>
+  <revised count="01">2008-07-21</revised>
+  <bug>190667</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/bitchx" auto="yes" arch="*">
+      <vulnerable range="le">1.1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BitchX is an IRC client.
+    </p>
+  </background>
+  <description>
+    <p>
+    bannedit reported a boundary error when handling overly long IRC MODE
+    messages (CVE-2007-4584). Nico Golde reported an insecure creation of a
+    temporary file within the e_hostname() function (CVE-2007-5839).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious IRC
+    server, resulting in the remote execution of arbitrary code with the
+    privileges of the user running the application. A local attacker could
+    perform symlink attacks to overwrite arbitrary files on the local
+    machine.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Since BitchX is no longer maintained, we recommend that users unmerge
+    the vulnerable package and switch to another IRC client:
+    </p>
+    <code>
+    # emerge --unmerge "net-irc/bitchx"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4584">CVE-2007-4584</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5839">CVE-2007-5839</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-07T22:27:23Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-07T22:27:35Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-17T11:41:45Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-13.xml b/metadata/glsa/glsa-200807-13.xml
new file mode 100644
index 000000000000..63c08c0ddd72
--- /dev/null
+++ b/metadata/glsa/glsa-200807-13.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-13">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in VLC may allow for the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2008-07-31</announced>
+  <revised count="01">2008-07-31</revised>
+  <bug>221959</bug>
+  <bug>230692</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6i</unaffected>
+      <vulnerable range="lt">0.8.6i</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VLC is a cross-platform media player and streaming server.
+    </p>
+  </background>
+  <description>
+    <ul><li>Remi Denis-Courmont reported that VLC loads plugins from the
+    current working directory in an unsafe manner (CVE-2008-2147).</li>
+    <li>Alin Rad Pop (Secunia Research) reported an integer overflow error
+    in the Open() function in the file modules/demux/wav.c
+    (CVE-2008-2430).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted .wav
+    file, and a local attacker could entice a user to run VLC from a
+    directory containing specially crafted modules, possibly resulting in
+    the execution of arbitrary code with the privileges of the user running
+    the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VLC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-0.8.6i"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2147">CVE-2008-2147</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2430">CVE-2008-2430</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-05-22T17:39:12Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-06-03T15:20:33Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-22T11:52:52Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-14.xml b/metadata/glsa/glsa-200807-14.xml
new file mode 100644
index 000000000000..8ef39fd5c1c5
--- /dev/null
+++ b/metadata/glsa/glsa-200807-14.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-14">
+  <title>Linux Audit: Buffer overflow</title>
+  <synopsis>
+    A buffer overflow vulnerability in Linux Audit may allow local attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">audit</product>
+  <announced>2008-07-31</announced>
+  <revised count="01">2008-07-31</revised>
+  <bug>215705</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-process/audit" auto="yes" arch="*">
+      <unaffected range="ge">1.7.3</unaffected>
+      <vulnerable range="lt">1.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Linux Audit is a set of userspace utilities for storing and processing
+    auditing records.
+    </p>
+  </background>
+  <description>
+    <p>
+    A stack-based buffer overflow has been reported in the
+    audit_log_user_command() function in the file lib/audit_logging.c when
+    processing overly long arguments.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could execute a specially crafted command on the host
+    running Linux Audit, possibly resulting in the execution of arbitrary
+    code with the privileges of the user running Linux Audit.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Linux Audit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-process/audit-1.7.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1628">CVE-2008-1628</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-07-21T20:07:20Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-21T20:07:28Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-15.xml b/metadata/glsa/glsa-200807-15.xml
new file mode 100644
index 000000000000..861aa505efd3
--- /dev/null
+++ b/metadata/glsa/glsa-200807-15.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-15">
+  <title>Pan: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability in Pan may allow remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pan</product>
+  <announced>2008-07-31</announced>
+  <revised count="01">2008-07-31</revised>
+  <bug>224051</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nntp/pan" auto="yes" arch="*">
+      <unaffected range="ge">0.132-r3</unaffected>
+      <unaffected range="rge">0.14.2.91-r2</unaffected>
+      <unaffected range="eq">0.14.2</unaffected>
+      <vulnerable range="lt">0.132-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pan is a newsreader for the GNOME desktop.
+    </p>
+  </background>
+  <description>
+    <p>
+    Pavel Polischouk reported a boundary error in the PartsBatch class when
+    processing .nzb files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted .nzb
+    file, possibly resulting in the remote execution of arbitrary code with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pan users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-nntp/pan-0.132-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363">CVE-2008-2363</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-01T08:32:55Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-04T13:13:53Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-22T11:35:24Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200807-16.xml b/metadata/glsa/glsa-200807-16.xml
new file mode 100644
index 000000000000..be7851a9b3b3
--- /dev/null
+++ b/metadata/glsa/glsa-200807-16.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200807-16">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Python may allow for the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2008-07-31</announced>
+  <revised count="02">2009-07-19</revised>
+  <bug>230640</bug>
+  <bug>232137</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="rge">2.4.4-r14</unaffected>
+      <unaffected range="ge">2.5.2-r6</unaffected>
+      <unaffected range="rge">2.4.6</unaffected>
+      <vulnerable range="lt">2.5.2-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented programming
+    language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Python:
+    </p>
+    <ul>
+    <li>
+    David Remahl of Apple Product Security reported several integer
+    overflows in core modules such as stringobject, unicodeobject,
+    bufferobject, longobject, tupleobject, stropmodule, gcmodule,
+    mmapmodule (CVE-2008-2315).
+    </li>
+    <li>
+    David Remahl of Apple Product Security also reported an integer
+    overflow in the hashlib module, leading to unreliable cryptographic
+    digest results (CVE-2008-2316).
+    </li>
+    <li>
+    Justin Ferguson reported multiple buffer overflows in unicode string
+    processing that only affect 32bit systems (CVE-2008-3142).
+    </li>
+    <li>
+    The Google Security Team reported multiple integer overflows
+    (CVE-2008-3143).
+    </li>
+    <li>
+    Justin Ferguson reported multiple integer underflows and overflows in
+    the PyOS_vsnprintf() function, and an off-by-one error when passing
+    zero-length strings, leading to memory corruption (CVE-2008-3144).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities in Python
+    applications or daemons that pass user-controlled input to vulnerable
+    functions. Exploitation might lead to the execution of arbitrary code
+    or a Denial of Service. Vulnerabilities within the hashlib might lead
+    to weakened cryptographic protection of data integrity or authenticity.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Python 2.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.4.4-r14"</code>
+    <p>
+    All Python 2.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.5.2-r6"</code>
+    <p>
+    Please note that Python 2.3 is masked since June 24, and we will not be
+    releasing updates to it. It will be removed from the tree in the near
+    future.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315">CVE-2008-2315</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316">CVE-2008-2316</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142">CVE-2008-3142</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143">CVE-2008-3143</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144">CVE-2008-3144</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-07-31T15:42:37Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-31T15:45:02Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-01.xml b/metadata/glsa/glsa-200808-01.xml
new file mode 100644
index 000000000000..792466a12d26
--- /dev/null
+++ b/metadata/glsa/glsa-200808-01.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-01">
+  <title>xine-lib: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    xine-lib is vulnerable to multiple buffer overflows when processing media
+    streams.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2008-08-06</announced>
+  <revised count="01">2008-08-06</revised>
+  <bug>213039</bug>
+  <bug>214270</bug>
+  <bug>218059</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.13</unaffected>
+      <vulnerable range="lt">1.1.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is the core library package for the xine media player, and
+    other players such as Amarok, Codeine/Dragon Player and Kaffeine.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in xine-lib:
+    </p>
+    <ul>
+    <li>
+    Alin Rad Pop of Secunia reported an array indexing vulnerability in the
+    sdpplin_parse() function in the file input/libreal/sdpplin.c when
+    processing streams from RTSP servers that contain a large "streamid"
+    SDP parameter (CVE-2008-0073).
+    </li>
+    <li>
+    Luigi Auriemma reported multiple integer overflows that result in
+    heap-based buffer overflows when processing ".FLV", ".MOV" ".RM",
+    ".MVE", ".MKV", and ".CAK" files (CVE-2008-1482).
+    </li>
+    <li>
+    Guido Landi reported a stack-based buffer overflow in the
+    demux_nsf_send_chunk() function when handling titles within NES Music
+    (.NSF) files (CVE-2008-1878).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to play a specially crafted video
+    file or stream with a player using xine-lib, potentially resulting in
+    the execution of arbitrary code with the privileges of the user running
+    the player.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.13"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073">CVE-2008-0073</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482">CVE-2008-1482</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878">CVE-2008-1878</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-24T19:44:35Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-04-10T20:23:27Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-04-14T00:56:00Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-02.xml b/metadata/glsa/glsa-200808-02.xml
new file mode 100644
index 000000000000..95ff4e4749f2
--- /dev/null
+++ b/metadata/glsa/glsa-200808-02.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-02">
+  <title>Net-SNMP: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Net-SNMP allow for authentication bypass in
+    snmpd and execution of arbitrary code in Perl applications using Net-SMNP.
+  </synopsis>
+  <product type="ebuild">net-snmp</product>
+  <announced>2008-08-06</announced>
+  <revised count="01">2008-08-06</revised>
+  <bug>222265</bug>
+  <bug>225105</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.4.1.1</unaffected>
+      <vulnerable range="lt">5.4.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Net-SNMP is a collection of tools for generating and retrieving SNMP
+    data. The SNMPv3 protocol uses a keyed-Hash Message Authentication Code
+    (HMAC) to verify data integrity and authenticity of SNMP messages.
+    </p>
+  </background>
+  <description>
+    <p>
+    Wes Hardaker reported that the SNMPv3 HMAC verification relies on the
+    client to specify the HMAC length (CVE-2008-0960). John Kortink
+    reported a buffer overflow in the Perl bindings of Net-SNMP when
+    processing the OCTETSTRING in an attribute value pair (AVP) received by
+    an SNMP agent (CVE-2008-2292).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could send SNMPv3 packets to an instance of snmpd providing
+    a valid user name and an HMAC length value of 1, and easily conduct
+    brute-force attacks to bypass SNMP authentication. An attacker could
+    further entice a user to connect to a malicious SNMP agent with an SNMP
+    client using the Perl bindings, possibly resulting in the execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Net-SNMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/net-snmp-5.4.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960">CVE-2008-0960</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292">CVE-2008-2292</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-02T11:15:36Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-04T13:09:07Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-07T08:46:03Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-03.xml b/metadata/glsa/glsa-200808-03.xml
new file mode 100644
index 000000000000..e4bb67d8eeaf
--- /dev/null
+++ b/metadata/glsa/glsa-200808-03.xml
@@ -0,0 +1,246 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-03">
+  <title>Mozilla products: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mozilla Firefox,
+    Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla-firefox mozilla-firefox-bin mozilla-thunderbird mozilla-thunderbird-bin seamonkey seamonkey-bin xulrunner xulrunner-bin</product>
+  <announced>2008-08-06</announced>
+  <revised count="01">2008-08-06</revised>
+  <bug>204337</bug>
+  <bug>218065</bug>
+  <bug>230567</bug>
+  <bug>231975</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.16</unaffected>
+      <vulnerable range="lt">2.0.0.16</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.16</unaffected>
+      <vulnerable range="lt">2.0.0.16</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.16</unaffected>
+      <vulnerable range="lt">2.0.0.16</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0.16</unaffected>
+      <vulnerable range="lt">2.0.0.16</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">1.1.11</unaffected>
+      <vulnerable range="lt">1.1.11</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.1.11</unaffected>
+      <vulnerable range="lt">1.1.11</vulnerable>
+    </package>
+    <package name="net-libs/xulrunner" auto="yes" arch="*">
+      <unaffected range="ge">1.8.1.16</unaffected>
+      <vulnerable range="lt">1.8.1.16</vulnerable>
+    </package>
+    <package name="net-libs/xulrunner-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.1.16</unaffected>
+      <vulnerable range="lt">1.8.1.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
+    an open-source email client, both from the Mozilla Project. The
+    SeaMonkey project is a community effort to deliver production-quality
+    releases of code derived from the application formerly known as the
+    'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
+    that can be used to bootstrap XUL+XPCOM applications like Firefox and
+    Thunderbird.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were reported in all mentioned Mozilla
+    products:
+    </p>
+    <ul>
+    <li>
+    TippingPoint's Zero Day Initiative reported that an incorrect integer
+    data type is used as a CSS object reference counter, leading to a
+    counter overflow and a free() of in-use memory (CVE-2008-2785).
+    </li>
+    <li>
+    Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the
+    JavaScript engine, possibly triggering memory corruption
+    (CVE-2008-2799).
+    </li>
+    <li>
+    Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes in
+    the layout engine, possibly triggering memory corruption
+    (CVE-2008-2798).
+    </li>
+    <li>
+    moz_bug_r_a4 reported that XUL documents that include a script from a
+    chrome: URI that points to a fastload file would be executed with the
+    privileges specified in the file (CVE-2008-2802).
+    </li>
+    <li>
+    moz_bug_r_a4 reported that the mozIJSSubScriptLoader.LoadScript()
+    function only apply XPCNativeWrappers to scripts loaded from standard
+    "chrome:" URIs, which could be the case in third-party add-ons
+    (CVE-2008-2803).
+    </li>
+    <li>
+    Astabis reported a crash in the block reflow implementation related to
+    large images (CVE-2008-2811).
+    </li>
+    <li>
+    John G. Myers, Frank Benkstein and Nils Toedtmann reported a weakness
+    in the trust model used by Mozilla, that when a user accepts an SSL
+    server certificate on the basis of the CN domain name in the DN field,
+    the certificate is also regarded as accepted for all domain names in
+    subjectAltName:dNSName fields (CVE-2008-2809).
+    </li>
+    </ul> <p>
+    The following vulnerabilities were reported in Firefox, SeaMonkey and
+    XULRunner:
+    </p>
+    <ul>
+    <li>
+    moz_bug_r_a4 reported that the Same Origin Policy is not properly
+    enforced on JavaScript (CVE-2008-2800).
+    </li>
+    <li>
+    Collin Jackson and Adam Barth reported that JAR signing is not properly
+    implemented, allowing injection of JavaScript into documents within a
+    JAR archive (CVE-2008-2801).
+    </li>
+    <li>
+    Opera Software reported an error allowing for arbitrary local file
+    upload (CVE-2008-2805).
+    </li>
+    <li>
+    Daniel Glazman reported that an invalid .properties file for an add-on
+    might lead to the usage of uninitialized memory (CVE-2008-2807).
+    </li>
+    <li>
+    Masahiro Yamada reported that HTML in "file://" URLs in directory
+    listings is not properly escaped (CVE-2008-2808).
+    </li>
+    <li>
+    Geoff reported that the context of Windows Internet shortcut files is
+    not correctly identified (CVE-2008-2810).
+    </li>
+    <li>
+    The crash vulnerability (CVE-2008-1380) that was previously announced
+    in GLSA 200805-18 is now also also resolved in Seamonkey binary
+    ebuilds.
+    </li>
+    </ul> <p>
+    The following vulnerability was reported in Firefox only:
+    </p>
+    <ul>
+    <li>
+    Billy Rios reported that the Pipe character in a command-line URI is
+    identified as a request to open multiple tabs, allowing to open
+    "chrome" and "file" URIs (CVE-2008-2933).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to view a specially crafted web
+    page or email that will trigger one of the vulnerabilities, possibly
+    leading to the execution of arbitrary code or a Denial of Service. It
+    is also possible for an attacker to trick a user to upload arbitrary
+    files or to accept an invalid certificate for a spoofed web site, to
+    read uninitialized memory, to violate Same Origin Policy, or to conduct
+    Cross-Site Scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-2.0.0.16"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-2.0.0.16"</code>
+    <p>
+    All Mozilla Thunderbird users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-2.0.0.16"</code>
+    <p>
+    All Mozilla Thunderbird binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/mozilla-thunderbird-bin-2.0.0.16"</code>
+    <p>
+    All Seamonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.1.11"</code>
+    <p>
+    All Seamonkey binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-1.1.11"</code>
+    <p>
+    All XULRunner users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/xulrunner-1.8.1.16"</code>
+    <p>
+    All XULRunner binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/xulrunner-bin-1.8.1.16"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380">CVE-2008-1380</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785">CVE-2008-2785</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798">CVE-2008-2798</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799">CVE-2008-2799</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800">CVE-2008-2800</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801">CVE-2008-2801</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802">CVE-2008-2802</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803">CVE-2008-2803</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805">CVE-2008-2805</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807">CVE-2008-2807</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808">CVE-2008-2808</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809">CVE-2008-2809</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810">CVE-2008-2810</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811">CVE-2008-2811</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933">CVE-2008-2933</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200805-18.xml">GLSA 200805-18</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-06T18:09:54Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-30T20:08:31Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-06T00:34:26Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-04.xml b/metadata/glsa/glsa-200808-04.xml
new file mode 100644
index 000000000000..56e32abcfdd5
--- /dev/null
+++ b/metadata/glsa/glsa-200808-04.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-04">
+  <title>Wireshark: Denial of service</title>
+  <synopsis>
+    Multiple Denial of Service vulnerabilities have been discovered in
+    Wireshark.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2008-08-06</announced>
+  <revised count="01">2008-08-06</revised>
+  <bug>230411</bug>
+  <bug>231587</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a network protocol analyzer with a graphical front-end.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities related to memory management were discovered
+    in the GSM SMS dissector (CVE-2008-3137), the PANA and KISMET
+    dissectors (CVE-2008-3138), the RTMPT dissector (CVE-2008-3139), the
+    syslog dissector (CVE-2008-3140) and the RMI dissector (CVE-2008-3141)
+    and when reassembling fragmented packets (CVE-2008-3145).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending a
+    specially crafted packet on a network being monitored by Wireshark or
+    enticing a user to read a malformed packet trace file, causing a Denial
+    of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3137">CVE-2008-3137</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3138">CVE-2008-3138</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3139">CVE-2008-3139</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3140">CVE-2008-3140</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3141">CVE-2008-3141</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145">CVE-2008-3145</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-15T10:40:07Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-30T18:25:58Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-30T18:26:07Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-05.xml b/metadata/glsa/glsa-200808-05.xml
new file mode 100644
index 000000000000..eb4a3291baf8
--- /dev/null
+++ b/metadata/glsa/glsa-200808-05.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-05">
+  <title>ISC DHCP: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability was discovered in ISC DHCP.
+  </synopsis>
+  <product type="ebuild">dhcp</product>
+  <announced>2008-08-06</announced>
+  <revised count="01">2008-08-06</revised>
+  <bug>227135</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcp" auto="yes" arch="*">
+      <unaffected range="ge">3.1.1</unaffected>
+      <vulnerable range="lt">3.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC DHCP is ISC's reference implementation of all aspects of the
+    Dynamic Host Configuration Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow error was found in ISC DHCP server, that can only be
+    exploited under unusual server configurations where the DHCP server is
+    configured to provide clients with a large set of DHCP options.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability to cause a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ISC DHCP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcp-3.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062">CVE-2007-0062</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-01T08:33:40Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-04T13:11:49Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-08-01T23:00:13Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-06.xml b/metadata/glsa/glsa-200808-06.xml
new file mode 100644
index 000000000000..f8b5a5fb03a7
--- /dev/null
+++ b/metadata/glsa/glsa-200808-06.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-06">
+  <title>libxslt: Execution of arbitrary code</title>
+  <synopsis>
+    libxslt is affected by a heap-based buffer overflow, possibly leading to
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libxslt</product>
+  <announced>2008-08-06</announced>
+  <revised count="01">2008-08-06</revised>
+  <bug>232172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxslt" auto="yes" arch="*">
+      <unaffected range="ge">1.1.24-r1</unaffected>
+      <unaffected range="lt">1.1.8</unaffected>
+      <vulnerable range="lt">1.1.24-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libxslt is the XSLT C library developed for the GNOME project. XSLT is
+    an XML language to define transformations for XML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans (Google Security) reported that the libexslt library that
+    is part of libxslt is affected by a heap-based buffer overflow in the
+    RC4 encryption/decryption functions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process an XML file using a
+    specially crafted XSLT stylesheet in an application linked against
+    libxslt, possibly leading to the execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libxslt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxslt-1.1.24-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935">CVE-2008-2935</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-31T23:42:58Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-08-01T23:18:29Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-01T23:18:48Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-07.xml b/metadata/glsa/glsa-200808-07.xml
new file mode 100644
index 000000000000..2b2c41143118
--- /dev/null
+++ b/metadata/glsa/glsa-200808-07.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-07">
+  <title>ClamAV: Multiple Denials of Service</title>
+  <synopsis>
+    Multiple vulnerabilities in ClamAV may result in a Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2008-08-08</announced>
+  <revised count="01">2008-08-08</revised>
+  <bug>204340</bug>
+  <bug>227351</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.93.3</unaffected>
+      <vulnerable range="lt">0.93.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a free anti-virus toolkit for UNIX, designed
+    especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    Damian Put has discovered an out-of-bounds memory access while
+    processing Petite files (CVE-2008-2713, CVE-2008-3215). Also, please
+    note that the 0.93 ClamAV branch fixes the first of the two attack
+    vectors of CVE-2007-6595 concerning an insecure creation of temporary
+    files vulnerability. The sigtool attack vector seems still unfixed.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could entice a user or automated system to scan a
+    specially crafted Petite file, possibly resulting in a Denial of
+    Service (daemon crash). Also, the insecure creation of temporary files
+    vulnerability can be triggered by a local user to perform a symlink
+    attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.93.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6595">CVE-2007-6595</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713">CVE-2008-2713</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3215">CVE-2008-3215</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-08-03T21:50:46Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-08-05T21:44:31Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-05T21:46:23Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-08.xml b/metadata/glsa/glsa-200808-08.xml
new file mode 100644
index 000000000000..9d4f009359e7
--- /dev/null
+++ b/metadata/glsa/glsa-200808-08.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-08">
+  <title>stunnel: Security bypass</title>
+  <synopsis>
+    stunnel does not properly prevent the authentication of a revoked
+    certificate which would be published by OCSP.
+  </synopsis>
+  <product type="ebuild">stunnel</product>
+  <announced>2008-08-08</announced>
+  <revised count="02">2009-08-09</revised>
+  <bug>222805</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/stunnel" auto="yes" arch="*">
+      <unaffected range="ge">4.24</unaffected>
+      <unaffected range="lt">4</unaffected>
+      <vulnerable range="lt">4.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The stunnel program is designed to work as an SSL encryption wrapper
+    between a remote client and a local or remote server. OCSP (Online
+    Certificate Status Protocol), as described in RFC 2560, is an internet
+    protocol used for obtaining the revocation status of an X.509 digital
+    certificate.
+    </p>
+  </background>
+  <description>
+    <p>
+    An unspecified bug in the OCSP search functionality of stunnel has been
+    discovered.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker can use a revoked certificate that would be
+    successfully authenticated by stunnel. This issue only concerns the
+    users who have enabled the OCSP validation in stunnel.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All stunnel users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/stunnel-4.24"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2420">CVE-2008-2420</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-08-03T21:53:49Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-08-05T21:07:35Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-05T21:08:30Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-09.xml b/metadata/glsa/glsa-200808-09.xml
new file mode 100644
index 000000000000..1512af883d19
--- /dev/null
+++ b/metadata/glsa/glsa-200808-09.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-09">
+  <title>OpenLDAP: Denial of Service vulnerability</title>
+  <synopsis>
+    A flaw in OpenLDAP allows remote unauthenticated attackers to cause a
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">openldap</product>
+  <announced>2008-08-08</announced>
+  <revised count="01">2008-08-08</revised>
+  <bug>230269</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nds/openldap" auto="yes" arch="*">
+      <unaffected range="ge">2.3.43</unaffected>
+      <vulnerable range="lt">2.3.43</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenLDAP Software is an open source implementation of the Lightweight
+    Directory Access Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Cameron Hotchkies discovered an error within the parsing of ASN.1 BER
+    encoded packets in the "ber_get_next()" function in
+    libraries/liblber/io.c.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote unauthenticated attacker can send a specially crafted ASN.1
+    BER encoded packet which will trigger the error and cause an
+    "assert()", terminating the "slapd" daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenLDAP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-nds/openldap-2.3.43"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952">CVE-2008-2952</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-08-05T20:53:02Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-05T20:54:49Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-10.xml b/metadata/glsa/glsa-200808-10.xml
new file mode 100644
index 000000000000..d92a0acbe0dc
--- /dev/null
+++ b/metadata/glsa/glsa-200808-10.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-10">
+  <title>Adobe Reader: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Adobe Reader is vulnerable to execution of arbitrary code via a crafted
+    PDF.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2008-08-09</announced>
+  <revised count="01">2008-08-09</revised>
+  <bug>233383</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">8.1.2-r3</unaffected>
+      <vulnerable range="lt">8.1.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
+    reader.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Johns Hopkins University Applied Physics Laboratory reported that
+    input to an unspecified JavaScript method is not properly validated.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted PDF
+    document, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-8.1.2-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2641">CVE-2008-2641</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-08-06T23:14:17Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-06T23:14:50Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-11.xml b/metadata/glsa/glsa-200808-11.xml
new file mode 100644
index 000000000000..1af0536e5d0b
--- /dev/null
+++ b/metadata/glsa/glsa-200808-11.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-11">
+  <title>UUDeview: Insecure temporary file creation</title>
+  <synopsis>
+    A vulnerability in UUDeview may allow local attackers to conduct symlink
+    attacks.
+  </synopsis>
+  <product type="ebuild">nzbget uudeview</product>
+  <announced>2008-08-11</announced>
+  <revised count="01">2008-08-11</revised>
+  <bug>222275</bug>
+  <bug>224193</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/uudeview" auto="yes" arch="*">
+      <unaffected range="ge">0.5.20-r1</unaffected>
+      <vulnerable range="lt">0.5.20-r1</vulnerable>
+    </package>
+    <package name="news-nntp/nzbget" auto="yes" arch="*">
+      <unaffected range="ge">0.4.0</unaffected>
+      <vulnerable range="lt">0.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    UUdeview is encoder and decoder supporting various binary formats.
+    NZBGet is a command-line based binary newsgrabber supporting .nzb
+    files.
+    </p>
+  </background>
+  <description>
+    <p>
+    UUdeview makes insecure usage of the tempnam() function when creating
+    temporary files. NZBGet includes a copy of the vulnerable code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to overwrite
+    arbitrary files on the system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All UUDview users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/uudeview-0.5.20-r1"</code>
+    <p>
+    All NZBget users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=news-nntp/nzbget-0.4.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2266">CVE-2008-2266</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-06T18:30:42Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-06T18:32:00Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-07-22T11:22:12Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200808-12.xml b/metadata/glsa/glsa-200808-12.xml
new file mode 100644
index 000000000000..4811e99d62ab
--- /dev/null
+++ b/metadata/glsa/glsa-200808-12.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200808-12">
+  <title>Postfix: Local privilege escalation vulnerability</title>
+  <synopsis>
+    Postfix incorrectly checks the ownership of a mailbox, allowing, in certain
+    circumstances, to append data to arbitrary files on a local system with
+    root privileges.
+  </synopsis>
+  <product type="ebuild">postfix</product>
+  <announced>2008-08-14</announced>
+  <revised count="02">2008-10-23</revised>
+  <bug>232642</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-mta/postfix" auto="yes" arch="*">
+      <unaffected range="rge">2.4.7-r1</unaffected>
+      <unaffected range="ge">2.5.3-r1</unaffected>
+      <unaffected range="rge">2.4.8</unaffected>
+      <unaffected range="ge">2.4.9</unaffected>
+      <vulnerable range="lt">2.5.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Postfix is Wietse Venema's mailer that attempts to be fast, easy to
+    administer, and secure, as an alternative to the widely-used Sendmail
+    program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail
+    to root-owned symlinks in an insecure manner under certain conditions.
+    Normally, Postfix does not deliver mail to symlinks, except to
+    root-owned symlinks, for compatibility with the systems using symlinks
+    in /dev like Solaris. Furthermore, some systems like Linux allow to
+    hardlink a symlink, while the POSIX.1-2001 standard requires that the
+    symlink is followed. Depending on the write permissions and the
+    delivery agent being used, this can lead to an arbitrary local file
+    overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix
+    delivery agent does not properly verify the ownership of a mailbox
+    before delivering mail (CVE-2008-2937).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    The combination of these features allows a local attacker to hardlink a
+    root-owned symlink such that the newly created symlink would be
+    root-owned and would point to a regular file (or another symlink) that
+    would be written by the Postfix built-in local(8) or virtual(8)
+    delivery agents, regardless the ownership of the final destination
+    regular file. Depending on the write permissions of the spool mail
+    directory, the delivery style, and the existence of a root mailbox,
+    this could allow a local attacker to append a mail to an arbitrary file
+    like /etc/passwd in order to gain root privileges.
+    </p>
+    <p>
+    The default configuration of Gentoo Linux does not permit any kind of
+    user privilege escalation.
+    </p>
+    <p>
+    The second vulnerability (CVE-2008-2937) allows a local attacker,
+    already having write permissions to the mail spool directory which is
+    not the case on Gentoo by default, to create a previously nonexistent
+    mailbox before Postfix creates it, allowing to read the mail of another
+    user on the system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    The following conditions should be met in order to be vulnerable to
+    local privilege escalation.
+    </p>
+    <ul>
+    <li>The mail delivery style is mailbox, with the Postfix built-in
+    local(8) or virtual(8) delivery agents.</li>
+    <li>The mail spool directory (/var/spool/mail) is user-writeable.</li>
+    <li>The user can create hardlinks pointing to root-owned symlinks
+    located in other directories.</li>
+    </ul>
+    <p>
+    Consequently, each one of the following workarounds is efficient.
+    </p>
+    <ul>
+    <li>Verify that your /var/spool/mail directory is not writeable by a
+    user. Normally on Gentoo, only the mail group has write access, and no
+    end-user should be granted the mail group ownership.</li>
+    <li>Prevent the local users from being able to create hardlinks
+    pointing outside of the /var/spool/mail directory, e.g. with a
+    dedicated partition.</li>
+    <li>Use a non-builtin Postfix delivery agent, like procmail or
+    maildrop.</li>
+    <li>Use the maildir delivery style of Postfix ("home_mailbox=Maildir/"
+    for example).</li>
+    </ul>
+    <p>
+    Concerning the second vulnerability, check the write permissions of
+    /var/spool/mail, or check that every Unix account already has a
+    mailbox, by using Wietse Venema's Perl script available in the official
+    advisory.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Postfix users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/postfix-2.5.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936">CVE-2008-2936</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937">CVE-2008-2937</uri>
+    <uri link="https://article.gmane.org/gmane.mail.postfix.announce/110">Official Advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-08-14T13:13:26Z">
+    falco
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-14T22:37:03Z">
+    falco
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-01.xml b/metadata/glsa/glsa-200809-01.xml
new file mode 100644
index 000000000000..ca6931d43d5b
--- /dev/null
+++ b/metadata/glsa/glsa-200809-01.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-01">
+  <title>yelp: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability in yelp can lead to the execution of arbitrary code when
+    opening a URI, for example through Firefox.
+  </synopsis>
+  <product type="ebuild">yelp</product>
+  <announced>2008-09-04</announced>
+  <revised count="01">2008-09-04</revised>
+  <bug>234079</bug>
+  <access>remote</access>
+  <affected>
+    <package name="gnome-extra/yelp" auto="yes" arch="*">
+      <unaffected range="ge">2.22.1-r2</unaffected>
+      <unaffected range="rge">2.20.0-r1</unaffected>
+      <vulnerable range="lt">2.22.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    yelp is the default help browser for GNOME.
+    </p>
+  </background>
+  <description>
+    <p>
+    Aaron Grattafiori reported a format string vulnerability in the
+    window_error() function in yelp-window.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can entice a user to open specially crafted "man:" or
+    "ghelp:" URIs in yelp, or an application using yelp such as Firefox or
+    Evolution, and execute arbitrary code with the privileges of that user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All yelp users running GNOME 2.22 should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=gnome-extra/yelp-2.22.1-r2"</code>
+    <p>
+    All yelp users running GNOME 2.20 should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=gnome-extra/yelp-2.20.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3533">CVE-2008-3533</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-08-15T14:25:26Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-08-19T23:34:23Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-19T23:34:31Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-02.xml b/metadata/glsa/glsa-200809-02.xml
new file mode 100644
index 000000000000..8abde9a4731a
--- /dev/null
+++ b/metadata/glsa/glsa-200809-02.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-02">
+  <title>dnsmasq: Denial of Service and DNS spoofing</title>
+  <synopsis>
+    Two vulnerabilities in dnsmasq might allow for a Denial of Service or
+    spoofing of DNS replies.
+  </synopsis>
+  <product type="ebuild">dnsmasq</product>
+  <announced>2008-09-04</announced>
+  <revised count="01">2008-09-04</revised>
+  <bug>231282</bug>
+  <bug>232523</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.45</unaffected>
+      <vulnerable range="lt">2.45</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP
+    server.
+    </p>
+  </background>
+  <description>
+    <ul>
+    <li>
+    Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP
+    source ports when forwarding DNS queries to a recursing DNS server
+    (CVE-2008-1447).
+    </li>
+    <li>
+    Carlos Carvalho reported that dnsmasq in the 2.43 version does not
+    properly handle clients sending inform or renewal queries for unknown
+    DHCP leases, leading to a crash (CVE-2008-3350).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send spoofed DNS response traffic to dnsmasq,
+    possibly involving generating queries via multiple vectors, and spoof
+    DNS replies, which could e.g. lead to the redirection of web or mail
+    traffic to malicious sites. Furthermore, an attacker could generate
+    invalid DHCP traffic and cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All dnsmasq users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.45"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3350">CVE-2008-3350</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-13T19:25:11Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-08-19T23:52:40Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-19T23:52:59Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-03.xml b/metadata/glsa/glsa-200809-03.xml
new file mode 100644
index 000000000000..a0ed48b0863e
--- /dev/null
+++ b/metadata/glsa/glsa-200809-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-03">
+  <title>RealPlayer: Buffer overflow</title>
+  <synopsis>
+    RealPlayer is vulnerable to a buffer overflow allowing for the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">realplayer</product>
+  <announced>2008-09-04</announced>
+  <revised count="01">2008-09-04</revised>
+  <bug>232997</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/realplayer" auto="yes" arch="*">
+      <unaffected range="ge">11.0.0.4028-r1</unaffected>
+      <vulnerable range="lt">11.0.0.4028-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    RealPlayer is a multimedia player capable of handling multiple
+    multimedia file formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dyon Balding of Secunia Research reported an unspecified heap-based
+    buffer overflow in the Shockwave Flash (SWF) frame handling.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    By enticing a user to open a specially crafted SWF (Shockwave Flash)
+    file, a remote attacker could be able to execute arbitrary code with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All RealPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/realplayer-11.0.0.4028-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5400">CVE-2007-5400</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-08-19T23:23:04Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-19T23:23:18Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-04.xml b/metadata/glsa/glsa-200809-04.xml
new file mode 100644
index 000000000000..4756dc3bc843
--- /dev/null
+++ b/metadata/glsa/glsa-200809-04.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-04">
+  <title>MySQL: Privilege bypass</title>
+  <synopsis>
+    A vulnerability in MySQL might allow users to bypass privileges and gain
+    access to other databases.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2008-09-04</announced>
+  <revised count="01">2008-09-04</revised>
+  <bug>220399</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.0.60-r1</unaffected>
+      <vulnerable range="lt">5.0.60-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MySQL is a popular multi-threaded, multi-user SQL server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sergei Golubchik reported that MySQL imposes no restrictions on the
+    specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE
+    TABLE" statements.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An authenticated remote attacker could create MyISAM tables, specifying
+    DATA or INDEX directories that contain future table files by other
+    database users, or existing table files in the MySQL data directory,
+    gaining access to those tables.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MySQL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.0.60-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079">CVE-2008-2079</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-08-20T00:05:23Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-21T15:32:52Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-05.xml b/metadata/glsa/glsa-200809-05.xml
new file mode 100644
index 000000000000..097a48217df4
--- /dev/null
+++ b/metadata/glsa/glsa-200809-05.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-05">
+  <title>Courier Authentication Library: SQL injection vulnerability</title>
+  <synopsis>
+    An SQL injection vulnerability has been discovered in the Courier
+    Authentication Library.
+  </synopsis>
+  <product type="ebuild">courier-authlib</product>
+  <announced>2008-09-05</announced>
+  <revised count="01">2008-09-05</revised>
+  <bug>225407</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/courier-authlib" auto="yes" arch="*">
+      <unaffected range="ge">0.60.6</unaffected>
+      <vulnerable range="lt">0.60.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Courier Authentication Library is a generic authentication API that
+    encapsulates the process of validating account passwords.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been discovered that some input (e.g. the username) passed to
+    the library are not properly sanitised before being used in SQL
+    queries.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could provide specially crafted input to the library,
+    possibly resulting in the remote execution of arbitrary SQL commands.
+    NOTE: Exploitation of this vulnerability requires that a MySQL database
+    is used for authentication and that a Non-Latin character set is
+    selected.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Courier Authentication Library users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/courier-authlib-0.60.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2667">CVE-2008-2667</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-08-11T18:54:58Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-11T18:56:59Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-08-28T21:07:13Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-06.xml b/metadata/glsa/glsa-200809-06.xml
new file mode 100644
index 000000000000..a5a5420ff825
--- /dev/null
+++ b/metadata/glsa/glsa-200809-06.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-06">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities in VLC may lead to the remote execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2008-09-07</announced>
+  <revised count="01">2008-09-07</revised>
+  <bug>235238</bug>
+  <bug>235589</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">0.8.6i-r2</unaffected>
+      <vulnerable range="lt">0.8.6i-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VLC is a cross-platform media player and streaming server.
+    </p>
+  </background>
+  <description>
+    <p>
+    g_ reported the following vulnerabilities:
+    </p>
+    <ul><li>An integer
+    overflow leading to a heap-based buffer overflow in the Open() function
+    in modules/demux/tta.c (CVE-2008-3732).</li>
+    <li>A signedness error
+    leading to a stack-based buffer overflow in the mms_ReceiveCommand()
+    function in modules/access/mms/mmstu.c (CVE-2008-3794).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted file,
+    possibly resulting in the remote execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VLC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-0.8.6i-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3732">CVE-2008-3732</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3794">CVE-2008-3794</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-08-25T18:33:15Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-08-25T18:33:23Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-08-28T20:55:29Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-07.xml b/metadata/glsa/glsa-200809-07.xml
new file mode 100644
index 000000000000..09772342a90b
--- /dev/null
+++ b/metadata/glsa/glsa-200809-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-07">
+  <title>libTIFF: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple buffer underflow vulnerabilities in libTIFF may allow for the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2008-09-08</announced>
+  <revised count="01">2008-09-08</revised>
+  <bug>234080</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">3.8.2-r4</unaffected>
+      <vulnerable range="lt">3.8.2-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libTIFF provides support for reading and manipulating TIFF (Tagged
+    Image File Format) images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Drew Yao (Apple Product Security) and Clay Wood reported multiple
+    buffer underflows in the LZWDecode() and LZWDecodeCompat() functions in
+    tif_lzw.c when processing TIFF files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted TIFF
+    file with an application making use of libTIFF, possibly resulting in
+    the remote execution of arbitrary code with the privileges of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libTIFF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.8.2-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327">CVE-2008-2327</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-02T17:01:52Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-05T22:08:51Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-05T22:08:59Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-08.xml b/metadata/glsa/glsa-200809-08.xml
new file mode 100644
index 000000000000..46abb9d60118
--- /dev/null
+++ b/metadata/glsa/glsa-200809-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-08">
+  <title>Amarok: Insecure temporary file creation</title>
+  <synopsis>
+    Amarok uses temporary files in an insecure manner, allowing for a symlink
+    attack.
+  </synopsis>
+  <product type="ebuild">amarok</product>
+  <announced>2008-09-08</announced>
+  <revised count="01">2008-09-08</revised>
+  <bug>234689</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/amarok" auto="yes" arch="*">
+      <unaffected range="ge">1.4.10</unaffected>
+      <vulnerable range="lt">1.4.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Amarok is an advanced music player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dwayne Litzenberger reported that the
+    MagnatuneBrowser::listDownloadComplete() function in
+    magnatunebrowser/magnatunebrowser.cpp uses the album_info.xml temporary
+    file in an insecure manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform a symlink attack to overwrite arbitrary
+    files on the system with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Amarok users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/amarok-1.4.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699">CVE-2008-3699</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-02T17:05:46Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-05T21:54:43Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-05T21:54:55Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-09.xml b/metadata/glsa/glsa-200809-09.xml
new file mode 100644
index 000000000000..dbcb6a4033c7
--- /dev/null
+++ b/metadata/glsa/glsa-200809-09.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-09">
+  <title>Postfix: Denial of service</title>
+  <synopsis>
+    A memory leak in Postfix might allow local users to cause a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">postfix</product>
+  <announced>2008-09-19</announced>
+  <revised count="01">2008-09-19</revised>
+  <bug>236453</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-mta/postfix" auto="yes" arch="*">
+      <unaffected range="ge">2.4.9</unaffected>
+      <unaffected range="ge">2.5.5</unaffected>
+      <vulnerable range="lt">2.4.9</vulnerable>
+      <vulnerable range="lt">2.5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Postfix is Wietse Venema's mailer that attempts to be fast, easy to
+    administer, and secure, as an alternative to the widely-used Sendmail
+    program.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been discovered than Postfix leaks an epoll file descriptor when
+    executing external commands, e.g. user-controlled $HOME/.forward or
+    $HOME/.procmailrc files. NOTE: This vulnerability only concerns Postfix
+    instances running on Linux 2.6 kernels.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to reduce the
+    performance of Postfix, and possibly trigger an assertion, resulting in
+    a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Allow only trusted users to control delivery to non-Postfix commands.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Postfix 2.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/postfix-2.4.9"</code>
+    <p>
+    All Postfix 2.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-mta/postfix-2.5.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889">CVE-2008-3889</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-03T20:58:07Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-08T18:33:40Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-08T18:33:49Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-10.xml b/metadata/glsa/glsa-200809-10.xml
new file mode 100644
index 000000000000..0dca9d69f51b
--- /dev/null
+++ b/metadata/glsa/glsa-200809-10.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-10">
+  <title>Mantis: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Mantis.
+  </synopsis>
+  <product type="ebuild">mantisbt</product>
+  <announced>2008-09-21</announced>
+  <revised count="02">2008-11-26</revised>
+  <bug>222649</bug>
+  <bug>233336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mantisbt" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2</unaffected>
+      <vulnerable range="lt">1.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mantis is a PHP/MySQL/Web based bugtracking system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Antonio Parata and Francesco Ongaro reported a Cross-Site Request
+    Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a
+    Cross-Site Scripting vulnerability in return_dynamic_filters.php
+    (CVE-2008-3331), and an insufficient input validation in
+    adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability
+    in core/lang_api.php (CVE-2008-3333) has also been reported.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to execute
+    arbitrary HTML and script code, create arbitrary users with
+    administrative privileges, execute arbitrary PHP commands, and include
+    arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mantis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mantisbt-1.1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2276">CVE-2008-2276</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3331">CVE-2008-3331</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3332">CVE-2008-3332</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3333">CVE-2008-3333</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-19T19:55:47Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-19T19:59:03Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-20T21:37:36Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-11.xml b/metadata/glsa/glsa-200809-11.xml
new file mode 100644
index 000000000000..d52daa78b562
--- /dev/null
+++ b/metadata/glsa/glsa-200809-11.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-11">
+  <title>HAVP: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been reported in HAVP.
+  </synopsis>
+  <product type="ebuild">havp</product>
+  <announced>2008-09-21</announced>
+  <revised count="01">2008-09-21</revised>
+  <bug>234715</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/havp" auto="yes" arch="*">
+      <unaffected range="ge">0.89</unaffected>
+      <vulnerable range="lt">0.89</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    HAVP is a HTTP AntiVirus Proxy.
+    </p>
+  </background>
+  <description>
+    <p>
+    Peter Warasin reported an infinite loop in sockethandler.cpp when
+    connecting to a non-responsive HTTP server.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send requests to unavailable servers, resulting
+    in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All HAVP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/havp-0.89"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688">CVE-2008-3688</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-18T21:30:12Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-18T21:30:30Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-19T11:28:47Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-12.xml b/metadata/glsa/glsa-200809-12.xml
new file mode 100644
index 000000000000..302a95c8310d
--- /dev/null
+++ b/metadata/glsa/glsa-200809-12.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-12">
+  <title>Newsbeuter: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Insufficient input validation in newsbeuter may allow remote attackers to
+    execute arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">newsbeuter</product>
+  <announced>2008-09-22</announced>
+  <revised count="01">2008-09-22</revised>
+  <bug>236506</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-news/newsbeuter" auto="yes" arch="*">
+      <unaffected range="ge">1.2</unaffected>
+      <vulnerable range="lt">1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Newsbeuter is a RSS/Atom feed reader for the text console.
+    </p>
+  </background>
+  <description>
+    <p>
+    J.H.M. Dassen reported that the open-in-browser command does not
+    properly escape shell metacharacters in the URL before passing it to
+    system().
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a feed with specially
+    crafted URLs, possibly resulting in the remote execution of arbitrary
+    shell commands with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Newsbeuter users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-news/newsbeuter-1.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3907">CVE-2008-3907</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-11T17:38:14Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-18T21:45:41Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-18T21:45:49Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-13.xml b/metadata/glsa/glsa-200809-13.xml
new file mode 100644
index 000000000000..1800f944f95e
--- /dev/null
+++ b/metadata/glsa/glsa-200809-13.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-13">
+  <title>R: Insecure temporary file creation</title>
+  <synopsis>
+    R is vulnerable to symlink attacks due to an insecure usage of temporary
+    files.
+  </synopsis>
+  <product type="ebuild">R</product>
+  <announced>2008-09-22</announced>
+  <revised count="01">2008-09-22</revised>
+  <bug>235822</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/R" auto="yes" arch="*">
+      <unaffected range="ge">2.7.1</unaffected>
+      <vulnerable range="lt">2.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    R is a GPL licensed implementation of S, a language and environment for
+    statistical computing and graphics.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that the "javareconf" script uses temporary
+    files in an insecure manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to overwrite
+    arbitrary files with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All R users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/R-2.7.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3931">CVE-2008-3931</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-18T21:52:27Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-18T22:01:59Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-19T11:52:28Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-14.xml b/metadata/glsa/glsa-200809-14.xml
new file mode 100644
index 000000000000..bca29ca9f22d
--- /dev/null
+++ b/metadata/glsa/glsa-200809-14.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-14">
+  <title>BitlBee: Security bypass</title>
+  <synopsis>
+    Multiple vulnerabilities in Bitlbee may allow to bypass security
+    restrictions and hijack accounts.
+  </synopsis>
+  <product type="ebuild">bitlbee</product>
+  <announced>2008-09-23</announced>
+  <revised count="01">2008-09-23</revised>
+  <bug>236160</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/bitlbee" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <vulnerable range="lt">1.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BitlBee is an IRC to IM gateway that support multiple IM protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple unspecified vulnerabilities were reported, including a NULL
+    pointer dereference.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities to overwrite
+    existing IM accounts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BitlBee users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/bitlbee-1.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3920">CVE-2008-3920</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3969">CVE-2008-3969</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-05T20:44:15Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-19T20:00:27Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-20T21:14:39Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-15.xml b/metadata/glsa/glsa-200809-15.xml
new file mode 100644
index 000000000000..d4cb45b92fe4
--- /dev/null
+++ b/metadata/glsa/glsa-200809-15.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-15">
+  <title>GNU ed: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability in ed may allow for the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">ed</product>
+  <announced>2008-09-23</announced>
+  <revised count="01">2008-09-23</revised>
+  <bug>236521</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/ed" auto="yes" arch="*">
+      <unaffected range="ge">1.0</unaffected>
+      <vulnerable range="lt">1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU ed is a basic line editor. red is a restricted version of ed that
+    does not allow shell command execution.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alfredo Ortega from Core Security Technologies reported a heap-based
+    buffer overflow in the strip_escapes() function when processing overly
+    long filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process specially crafted
+    commands with ed or red, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU ed users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/ed-1.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916">CVE-2008-3916</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-14T11:31:13Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-18T21:37:26Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-18T21:37:35Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-16.xml b/metadata/glsa/glsa-200809-16.xml
new file mode 100644
index 000000000000..b5859c9934af
--- /dev/null
+++ b/metadata/glsa/glsa-200809-16.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-16">
+  <title>Git: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple buffer overflow vulnerabilities have been discovered in Git.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2008-09-25</announced>
+  <revised count="01">2008-09-25</revised>
+  <bug>234075</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/git" auto="yes" arch="*">
+      <unaffected range="ge">1.5.6.4</unaffected>
+      <vulnerable range="lt">1.5.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Git is a distributed version control system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple boundary errors in the functions diff_addremove() and
+    diff_change() when processing overly long repository path names were
+    reported.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to run commands like "git-diff"
+    or "git-grep" on a specially crafted repository, possibly resulting in
+    the remote execution of arbitrary code with the privileges of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Git users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/git-1.5.6.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546">CVE-2008-3546</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-21T11:13:42Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-21T11:16:38Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-22T11:39:05Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-17.xml b/metadata/glsa/glsa-200809-17.xml
new file mode 100644
index 000000000000..23891f4ab13c
--- /dev/null
+++ b/metadata/glsa/glsa-200809-17.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-17">
+  <title>Wireshark: Multiple Denials of Service</title>
+  <synopsis>
+    Multiple Denial of Service vulnerabilities have been discovered in
+    Wireshark.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2008-09-25</announced>
+  <revised count="01">2008-09-25</revised>
+  <bug>236515</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a network protocol analyzer with a graphical front-end.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were reported:
+    </p>
+    <ul>
+    <li>
+    Multiple buffer overflows in the NCP dissector (CVE-2008-3146).
+    </li>
+    <li>
+    Infinite loop in the NCP dissector (CVE-2008-3932).
+    </li>
+    <li>
+    Invalid read in the tvb_uncompress() function when processing zlib
+    compressed data (CVE-2008-3933).
+    </li>
+    <li>
+    Unspecified error when processing Textronix .rf5 files
+    (CVE-2008-3934).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending
+    specially crafted packets on a network being monitored by Wireshark or
+    by enticing a user to read a malformed packet trace file, causing a
+    Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146">CVE-2008-3146</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932">CVE-2008-3932</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933">CVE-2008-3933</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934">CVE-2008-3934</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-22T12:39:05Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-24T19:29:18Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-24T19:30:10Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200809-18.xml b/metadata/glsa/glsa-200809-18.xml
new file mode 100644
index 000000000000..0b7ecb65da35
--- /dev/null
+++ b/metadata/glsa/glsa-200809-18.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200809-18">
+  <title>ClamAV: Multiple Denials of Service</title>
+  <synopsis>
+    Multiple vulnerabilities in ClamAV may result in a Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2008-09-25</announced>
+  <revised count="01">2008-09-25</revised>
+  <bug>236665</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.94</unaffected>
+      <vulnerable range="lt">0.94</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a free anti-virus toolkit for UNIX, designed
+    especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    Hanno boeck reported an error in libclamav/chmunpack.c when processing
+    CHM files (CVE-2008-1389). Other unspecified vulnerabilities were also
+    reported, including a NULL pointer dereference in libclamav
+    (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913),
+    and file descriptor leaks in libclamav/others.c and libclamav/sis.c
+    (CVE-2008-3914).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to scan a
+    specially crafted CHM, possibly resulting in a Denial of Service
+    (daemon crash). The other attack vectors mentioned above could also
+    result in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.94"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389">CVE-2008-1389</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912">CVE-2008-3912</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913">CVE-2008-3913</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914">CVE-2008-3914</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-18T21:57:14Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-24T19:42:36Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-24T19:42:53Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200810-01.xml b/metadata/glsa/glsa-200810-01.xml
new file mode 100644
index 000000000000..a8998ad6cb8a
--- /dev/null
+++ b/metadata/glsa/glsa-200810-01.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200810-01">
+  <title>WordNet: Execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities were found in WordNet, possibly allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">wordnet</product>
+  <announced>2008-10-07</announced>
+  <revised count="01">2008-10-07</revised>
+  <bug>211491</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-dicts/wordnet" auto="yes" arch="*">
+      <unaffected range="ge">3.0-r2</unaffected>
+      <vulnerable range="lt">3.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WordNet is a large lexical database of English.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jukka Ruohonen initially reported a boundary error within the
+    searchwn() function in src/wn.c. A thorough investigation by the oCERT
+    team revealed several other vulnerabilities in WordNet:
+    </p>
+    <ul>
+    <li>Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary
+    errors within the searchwn() function in src/wn.c, the wngrep()
+    function in lib/search.c, the morphstr() and morphword() functions in
+    lib/morph.c, and the getindex() in lib/search.c, which lead to
+    stack-based buffer overflows.</li>
+    <li>Rob Holland (oCERT) reported two
+    boundary errors within the do_init() function in lib/morph.c, which
+    lead to stack-based buffer overflows via specially crafted
+    "WNSEARCHDIR" or "WNHOME" environment variables.</li>
+    <li>Rob Holland
+    (oCERT) reported multiple boundary errors in the bin_search() and
+    bin_search_key() functions in binsrch.c, which lead to stack-based
+    buffer overflows via specially crafted data files.</li>
+    <li>Rob Holland
+    (oCERT) reported a boundary error within the parse_index() function in
+    lib/search.c, which leads to a heap-based buffer overflow via specially
+    crafted data files.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <ul>
+    <li>In case the application is accessible e.g. via a web server,
+    a remote attacker could pass overly long strings as arguments to the
+    "wm" binary, possibly leading to the execution of arbitrary code.</li>
+    <li>A local attacker could exploit the second vulnerability via
+    specially crafted "WNSEARCHDIR" or "WNHOME" environment variables,
+    possibly leading to the execution of arbitrary code with escalated
+    privileges.</li>
+    <li>A local attacker could exploit the third and
+    fourth vulnerability by making the application use specially crafted
+    data files, possibly leading to the execution of arbitrary code.</li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WordNet users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-dicts/wordnet-3.0-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149">CVE-2008-2149</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3908">CVE-2008-3908</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-21T11:08:59Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-21T11:09:31Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-26T09:37:40Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200810-02.xml b/metadata/glsa/glsa-200810-02.xml
new file mode 100644
index 000000000000..3779ea427d51
--- /dev/null
+++ b/metadata/glsa/glsa-200810-02.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200810-02">
+  <title>Portage: Untrusted search path local root vulnerability</title>
+  <synopsis>
+    A search path vulnerability in Portage allows local attackers to execute
+    commands with root privileges if emerge is called from untrusted
+    directories.
+  </synopsis>
+  <product type="ebuild">portage</product>
+  <announced>2008-10-09</announced>
+  <revised count="01">2008-10-09</revised>
+  <bug>239560</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/portage" auto="yes" arch="*">
+      <unaffected range="ge">2.1.4.5</unaffected>
+      <vulnerable range="lt">2.1.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Portage is Gentoo's package manager which is responsible for
+    installing, compiling and updating all packages on the system through
+    the Gentoo rsync tree.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Gentoo Security Team discovered that several ebuilds, such as
+    sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python
+    code using "python -c", which includes the current working directory in
+    Python's module search path. For several ebuild functions, Portage did
+    not change the working directory from emerge's working directory.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could place a specially crafted Python module in a
+    directory (such as /tmp) and entice the root user to run commands such
+    as "emerge sys-apps/portage" from that directory, resulting in the
+    execution of arbitrary Python code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run "emerge" from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Portage users should upgrade to the latest version:
+    </p>
+    <code>
+    # cd /root
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/portage-2.1.4.5"</code>
+    <p>
+    NOTE: To upgrade to Portage 2.1.4.5 using 2.1.4.4 or prior, you must
+    run emerge from a trusted working directory, such as "/root".
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4394">CVE-2008-4394</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-10-08T16:50:57Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-10-08T16:58:04Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200810-03.xml b/metadata/glsa/glsa-200810-03.xml
new file mode 100644
index 000000000000..78db0dd78f8a
--- /dev/null
+++ b/metadata/glsa/glsa-200810-03.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200810-03">
+  <title>libspf2: DNS response buffer overflow</title>
+  <synopsis>
+    A memory management error in libspf2 might allow for remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">libspf2</product>
+  <announced>2008-10-30</announced>
+  <revised count="01">2008-10-30</revised>
+  <bug>242254</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/libspf2" auto="yes" arch="*">
+      <unaffected range="ge">1.2.8</unaffected>
+      <vulnerable range="lt">1.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libspf2 is a library that implements the Sender Policy Framework,
+    allowing mail transfer agents to make sure that an email is authorized
+    by the domain name that it is coming from. Currently, only the exim MTA
+    uses libspf2 in Gentoo.
+    </p>
+  </background>
+  <description>
+    <p>
+    libspf2 uses a fixed-length buffer to receive DNS responses and does
+    not properly check the length of TXT records, leading to buffer
+    overflows.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could store a specially crafted DNS entry and entice
+    a user or automated system using libspf2 to lookup that SPF entry (e.g.
+    by sending an email to the MTA), possibly allowing for the execution of
+    arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libspf2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-filter/libspf2-1.2.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2469">CVE-2008-2469</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-18T16:51:58Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-10-19T19:27:11Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-10-23T13:43:28Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200811-01.xml b/metadata/glsa/glsa-200811-01.xml
new file mode 100644
index 000000000000..4750703983a3
--- /dev/null
+++ b/metadata/glsa/glsa-200811-01.xml
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200811-01">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Opera, allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2008-11-03</announced>
+  <revised count="01">2008-11-03</revised>
+  <bug>235298</bug>
+  <bug>240500</bug>
+  <bug>243060</bug>
+  <bug>244980</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.62</unaffected>
+      <vulnerable range="lt">9.62</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a fast web browser that is available free of charge.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Opera:
+    </p>
+    <ul>
+    <li>Opera does not restrict the ability of a framed web page to change
+    the address associated with a different frame (CVE-2008-4195).</li>
+    <li>Chris Weber (Casaba Security) discovered a Cross-site scripting
+    vulnerability (CVE-2008-4196).</li>
+    <li>Michael A. Puls II discovered
+    that Opera can produce argument strings that contain uninitialized
+    memory, when processing custom shortcut and menu commands
+    (CVE-2008-4197).</li>
+    <li>Lars Kleinschmidt discovered that Opera, when
+    rendering an HTTP page that has loaded an HTTPS page into a frame,
+    displays a padlock icon and offers a security information dialog
+    reporting a secure connection (CVE-2008-4198).</li>
+    <li>Opera does not
+    prevent use of links from web pages to feed source files on the local
+    disk (CVE-2008-4199).</li>
+    <li>Opera does not ensure that the address
+    field of a news feed represents the feed's actual URL
+    (CVE-2008-4200).</li>
+    <li>Opera does not check the CRL override upon
+    encountering a certificate that lacks a CRL (CVE-2008-4292).</li>
+    <li>Chris (Matasano Security) reported that Opera may crash if it is
+    redirected by a malicious page to a specially crafted address
+    (CVE-2008-4694).</li>
+    <li>Nate McFeters reported that Opera runs Java
+    applets in the context of the local machine, if that applet has been
+    cached and a page can predict the cache path for that applet and load
+    it from the cache (CVE-2008-4695).</li>
+    <li>Roberto Suggi Liverani
+    (Security-Assessment.com) reported that Opera's History Search results
+    does not escape certain constructs correctly, allowing for the
+    injection of scripts into the page (CVE-2008-4696).</li>
+    <li>David
+    Bloom reported that Opera's Fast Forward feature incorrectly executes
+    scripts from a page held in a frame in the outermost page instead of
+    the page the JavaScript URL was located (CVE-2008-4697).</li>
+    <li>David
+    Bloom reported that Opera does not block some scripts when previewing a
+    news feed (CVE-2008-4698).</li>
+    <li>Opera does not correctly sanitize
+    content when certain parameters are passed to Opera's History Search,
+    allowing scripts to be injected into the History Search results page
+    (CVE-2008-4794).</li>
+    <li>Opera's links panel incorrectly causes
+    scripts from a page held in a frame to be executed in the outermost
+    page instead of the page where the URL was located
+    (CVE-2008-4795).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilties allow remote attackers to execute arbitrary code,
+    to run scripts injected into Opera's History Search with elevated
+    privileges, to inject arbitrary web script or HTML into web pages, to
+    manipulate the address bar, to change Opera's preferences, to determine
+    the validity of local filenames, to read cache files, browsing history,
+    and subscribed feeds or to conduct other attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.62"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4195">CVE-2008-4195</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4196">CVE-2008-4196</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197">CVE-2008-4197</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4198">CVE-2008-4198</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4199">CVE-2008-4199</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4200">CVE-2008-4200</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4292">CVE-2008-4292</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4694">CVE-2008-4694</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4695">CVE-2008-4695</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4696">CVE-2008-4696</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4697">CVE-2008-4697</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4698">CVE-2008-4698</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4794">CVE-2008-4794</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4795">CVE-2008-4795</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-10-13T21:25:07Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-03T18:39:54Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200811-02.xml b/metadata/glsa/glsa-200811-02.xml
new file mode 100644
index 000000000000..299ea65e7f1d
--- /dev/null
+++ b/metadata/glsa/glsa-200811-02.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200811-02">
+  <title>Gallery: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Gallery may lead to execution of arbitrary
+    code, disclosure of local files or theft of user's credentials.
+  </synopsis>
+  <product type="ebuild">gallery</product>
+  <announced>2008-11-09</announced>
+  <revised count="02">2009-05-28</revised>
+  <bug>234137</bug>
+  <bug>238113</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/gallery" auto="yes" arch="*">
+      <unaffected range="ge">2.2.6</unaffected>
+      <unaffected range="rge">1.5.9</unaffected>
+      <unaffected range="rge">1.5.10</unaffected>
+      <vulnerable range="lt">2.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Gallery is an open source web based photo album organizer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Gallery 1 and 2:
+    </p>
+    <ul>
+    <li>
+    Digital Security Research Group reported a directory traversal
+    vulnerability in contrib/phpBB2/modules.php in Gallery 1, when
+    register_globals is enabled (CVE-2008-3600).
+    </li>
+    <li>
+    Hanno Boeck reported that Gallery 1 and 2 did not set the secure flag
+    for the session cookie in an HTTPS session (CVE-2008-3662).
+    </li>
+    <li>
+    Alex Ustinov reported that Gallery 1 and 2 does not properly handle ZIP
+    archives containing symbolic links (CVE-2008-4129).
+    </li>
+    <li>
+    The vendor reported a Cross-Site Scripting vulnerability in Gallery 2
+    (CVE-2008-4130).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could send specially crafted requests to a server
+    running Gallery, allowing for the execution of arbitrary code when
+    register_globals is enabled, or read arbitrary files via directory
+    traversals otherwise. Attackers could also entice users to visit
+    crafted links allowing for theft of login credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gallery 2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/gallery-2.2.6"</code>
+    <p>
+    All Gallery 1 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/gallery-1.5.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3600">CVE-2008-3600</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662">CVE-2008-3662</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129">CVE-2008-4129</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130">CVE-2008-4130</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-18T20:31:05Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-10-21T20:22:34Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-10-31T00:12:12Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200811-03.xml b/metadata/glsa/glsa-200811-03.xml
new file mode 100644
index 000000000000..017eabaa0b76
--- /dev/null
+++ b/metadata/glsa/glsa-200811-03.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200811-03">
+  <title>FAAD2: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in FAAD2 might lead to user-assisted execution of
+    arbitrary code via an MP4 file.
+  </synopsis>
+  <product type="ebuild">faad2</product>
+  <announced>2008-11-09</announced>
+  <revised count="01">2008-11-09</revised>
+  <bug>238445</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/faad2" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1-r2</unaffected>
+      <vulnerable range="lt">2.6.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder.
+    </p>
+  </background>
+  <description>
+    <p>
+    The ICST-ERCIS (Peking University) reported a heap-based buffer
+    overflow in the decodeMP4file() function in frontend/main.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    MPEG-4 (MP4) file in an application using FAAD2, possibly leading to
+    the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FAAD2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/faad2-2.6.1-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201">CVE-2008-4201</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-01T21:20:46Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-10-21T20:30:57Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-10-30T23:45:59Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200811-04.xml b/metadata/glsa/glsa-200811-04.xml
new file mode 100644
index 000000000000..a92aa7253354
--- /dev/null
+++ b/metadata/glsa/glsa-200811-04.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200811-04">
+  <title>Graphviz: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in Graphviz might lead to user-assisted execution of
+    arbitrary code via a DOT file.
+  </synopsis>
+  <product type="ebuild">graphviz</product>
+  <announced>2008-11-09</announced>
+  <revised count="01">2008-11-09</revised>
+  <bug>240636</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphviz" auto="yes" arch="*">
+      <unaffected range="ge">2.20.3</unaffected>
+      <vulnerable range="lt">2.20.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Graphviz is an open source graph visualization software.
+    </p>
+  </background>
+  <description>
+    <p>
+    Roee Hay reported a stack-based buffer overflow in the push_subg()
+    function in parser.y when processing a DOT file with a large number of
+    Agraph_t elements.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to open a
+    specially crafted DOT file in an application using Graphviz, possibly
+    leading to the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Graphviz users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphviz-2.20.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555">CVE-2008-4555</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-16T18:49:15Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-10-21T20:26:38Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-10-31T00:00:32Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200811-05.xml b/metadata/glsa/glsa-200811-05.xml
new file mode 100644
index 000000000000..996c6c81ebe6
--- /dev/null
+++ b/metadata/glsa/glsa-200811-05.xml
@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200811-05">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    PHP contains several vulnerabilities including buffer and integer overflows
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2008-11-16</announced>
+  <revised count="01">2008-11-16</revised>
+  <bug>209148</bug>
+  <bug>212211</bug>
+  <bug>215266</bug>
+  <bug>228369</bug>
+  <bug>230575</bug>
+  <bug>234102</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.2.6-r6</unaffected>
+      <vulnerable range="lt">5.2.6-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilitites were found in PHP:
+    </p>
+    <ul>
+    <li>PHP ships a
+    vulnerable version of the PCRE library which allows for the
+    circumvention of security restrictions or even for remote code
+    execution in case of an application which accepts user-supplied regular
+    expressions (CVE-2008-0674).</li>
+    <li>Multiple crash issues in several
+    PHP functions have been discovered.</li>
+    <li>Ryan Permeh reported that
+    the init_request_info() function in sapi/cgi/cgi_main.c does not
+    properly consider operator precedence when calculating the length of
+    PATH_TRANSLATED (CVE-2008-0599).</li>
+    <li>An off-by-one error in the
+    metaphone() function may lead to memory corruption.</li>
+    <li>Maksymilian Arciemowicz of SecurityReason Research reported an
+    integer overflow, which is triggerable using printf() and related
+    functions (CVE-2008-1384).</li>
+    <li>Andrei Nigmatulin reported a
+    stack-based buffer overflow in the FastCGI SAPI, which has unknown
+    attack vectors (CVE-2008-2050).</li>
+    <li>Stefan Esser reported that PHP
+    does not correctly handle multibyte characters inside the
+    escapeshellcmd() function, which is used to sanitize user input before
+    its usage in shell commands (CVE-2008-2051).</li>
+    <li>Stefan Esser
+    reported that a short-coming in PHP's algorithm of seeding the random
+    number generator might allow for predictible random numbers
+    (CVE-2008-2107, CVE-2008-2108).</li>
+    <li>The IMAP extension in PHP uses
+    obsolete c-client API calls making it vulnerable to buffer overflows as
+    no bounds checking can be done (CVE-2008-2829).</li>
+    <li>Tavis Ormandy
+    reported a heap-based buffer overflow in pcre_compile.c in the PCRE
+    version shipped by PHP when processing user-supplied regular
+    expressions (CVE-2008-2371).</li>
+    <li>CzechSec reported that specially
+    crafted font files can lead to an overflow in the imageloadfont()
+    function in ext/gd/gd.c, which is part of the GD extension
+    (CVE-2008-3658).</li>
+    <li>Maksymilian Arciemowicz of SecurityReason
+    Research reported that a design error in PHP's stream wrappers allows
+    to circumvent safe_mode checks in several filesystem-related PHP
+    functions (CVE-2008-2665, CVE-2008-2666).</li>
+    <li>Laurent Gaffie
+    discovered a buffer overflow in the internal memnstr() function, which
+    is used by the PHP function explode() (CVE-2008-3659).</li>
+    <li>An
+    error in the FastCGI SAPI when processing a request with multiple dots
+    preceding the extension (CVE-2008-3660).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities might allow a remote attacker to execute
+    arbitrary code, to cause a Denial of Service, to circumvent security
+    restrictions, to disclose information, and to manipulate files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.2.6-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599">CVE-2008-0599</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674">CVE-2008-0674</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384">CVE-2008-1384</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050">CVE-2008-2050</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051">CVE-2008-2051</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107">CVE-2008-2107</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108">CVE-2008-2108</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371">CVE-2008-2371</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665">CVE-2008-2665</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666">CVE-2008-2666</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829">CVE-2008-2829</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658">CVE-2008-3658</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659">CVE-2008-3659</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660">CVE-2008-3660</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-17T01:12:26Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-10T18:29:08Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-16T16:06:26Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-01.xml b/metadata/glsa/glsa-200812-01.xml
new file mode 100644
index 000000000000..206a24f77b81
--- /dev/null
+++ b/metadata/glsa/glsa-200812-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-01">
+  <title>OptiPNG: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability in OptiPNG might result in user-assisted execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">optipng</product>
+  <announced>2008-12-02</announced>
+  <revised count="01">2008-12-02</revised>
+  <bug>246522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/optipng" auto="yes" arch="*">
+      <unaffected range="ge">0.6.2</unaffected>
+      <vulnerable range="lt">0.6.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OptiPNG is a PNG optimizer that recompresses image files to a smaller
+    size, without losing any information.
+    </p>
+  </background>
+  <description>
+    <p>
+    A buffer overflow in the BMP reader in OptiPNG has been reported.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process a specially crafted
+    BMP image, possibly resulting in the execution of arbitrary code with
+    the privileges of the user running the application, or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OptiPNG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/optipng-0.6.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101">CVE-2008-5101</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-22T17:38:05Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T23:15:20Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T23:15:33Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-02.xml b/metadata/glsa/glsa-200812-02.xml
new file mode 100644
index 000000000000..df43923d35ef
--- /dev/null
+++ b/metadata/glsa/glsa-200812-02.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-02">
+  <title>enscript: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Two buffer overflows in enscript might lead to the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">enscript</product>
+  <announced>2008-12-02</announced>
+  <revised count="02">2008-12-02</revised>
+  <bug>243228</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/enscript" auto="yes" arch="*">
+      <unaffected range="ge">1.6.4-r4</unaffected>
+      <vulnerable range="lt">1.6.4-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    enscript is a powerful ASCII to PostScript file converter.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two stack-based buffer overflows in the read_special_escape() function
+    in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research
+    discovered a vulnerability related to the "setfilename" command
+    (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability
+    related to the "font" escape sequence (CVE-2008-4306).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user or automated system to process
+    specially crafted input with the special escapes processing enabled
+    using the "-e" option, possibly resulting in the execution of arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All enscript users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/enscript-1.6.4-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863">CVE-2008-3863</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306">CVE-2008-4306</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-27T17:28:05Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-27T17:37:26Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-27T17:37:33Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-03.xml b/metadata/glsa/glsa-200812-03.xml
new file mode 100644
index 000000000000..18468b710ee8
--- /dev/null
+++ b/metadata/glsa/glsa-200812-03.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-03">
+  <title>IPsec-Tools: racoon Denial of service</title>
+  <synopsis>
+    IPsec-Tools' racoon is affected by a remote Denial of Service
+    vulnerability.
+  </synopsis>
+  <product type="ebuild">ipsec-tools</product>
+  <announced>2008-12-02</announced>
+  <revised count="01">2008-12-02</revised>
+  <bug>232831</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-firewall/ipsec-tools" auto="yes" arch="*">
+      <unaffected range="ge">0.7.1</unaffected>
+      <vulnerable range="lt">0.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    IPsec-Tools is a port of KAME's implementation of the IPsec utilities.
+    It contains a collection of network monitoring tools, including racoon,
+    ping, and ping6.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two Denial of Service vulnerabilities have been reported in racoon:
+    </p>
+    <ul>
+    <li>
+    The vendor reported a memory leak in racoon/proposal.c that can be
+    triggered via invalid proposals (CVE-2008-3651).
+    </li>
+    <li>
+    Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not
+    remove an "orphaned ph1" (phase 1) handle when it has been initiated
+    remotely (CVE-2008-3652).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit these vulnerabilities to cause a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IPsec-Tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-firewall/ipsec-tools-0.7.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651">CVE-2008-3651</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652">CVE-2008-3652</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-26T18:44:35Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T20:25:15Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T20:25:48Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-04.xml b/metadata/glsa/glsa-200812-04.xml
new file mode 100644
index 000000000000..086810f223be
--- /dev/null
+++ b/metadata/glsa/glsa-200812-04.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-04">
+  <title>lighttpd: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in lighttpd may lead to information disclosure or
+    a Denial of Service.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2008-12-02</announced>
+  <revised count="01">2008-12-02</revised>
+  <bug>238180</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.20</unaffected>
+      <vulnerable range="lt">1.4.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    lighttpd is a lightweight high-performance web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in lighttpd:
+    </p>
+    <ul>
+    <li>
+    Qhy reported a memory leak in the http_request_parse() function in
+    request.c (CVE-2008-4298).
+    </li>
+    <li>
+    Gaetan Bisson reported that URIs are not decoded before applying
+    url.redirect and url.rewrite rules (CVE-2008-4359).
+    </li>
+    <li>
+    Anders1 reported that mod_userdir performs case-sensitive comparisons
+    on filename components in configuration options, which is insufficient
+    when case-insensitive filesystems are used (CVE-2008-4360).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities to cause a Denial
+    of Service, to bypass intended access restrictions, to obtain sensitive
+    information, or to possibly modify data.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All lighttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.4.20"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298">CVE-2008-4298</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359">CVE-2008-4359</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360">CVE-2008-4360</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-26T18:41:57Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T22:38:27Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T22:39:43Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-05.xml b/metadata/glsa/glsa-200812-05.xml
new file mode 100644
index 000000000000..f56d85ebbc08
--- /dev/null
+++ b/metadata/glsa/glsa-200812-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-05">
+  <title>libsamplerate: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability in libsamplerate might lead to the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libsamplerate</product>
+  <announced>2008-12-02</announced>
+  <revised count="01">2008-12-02</revised>
+  <bug>237037</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsamplerate" auto="yes" arch="*">
+      <unaffected range="ge">0.1.4</unaffected>
+      <vulnerable range="lt">0.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for
+    audio.
+    </p>
+  </background>
+  <description>
+    <p>
+    Russell O'Connor reported a buffer overflow in src/src_sinc.c related
+    to low conversion ratios.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to process a
+    specially crafted audio file possibly leading to the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libsamplerate users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libsamplerate-0.1.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008">CVE-2008-5008</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-07T13:51:38Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-27T16:25:38Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-27T16:25:44Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-06.xml b/metadata/glsa/glsa-200812-06.xml
new file mode 100644
index 000000000000..f4971e4eae6b
--- /dev/null
+++ b/metadata/glsa/glsa-200812-06.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-06">
+  <title>libxml2: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in libxml2 might lead to execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2008-12-02</announced>
+  <revised count="01">2008-12-02</revised>
+  <bug>234099</bug>
+  <bug>237806</bug>
+  <bug>239346</bug>
+  <bug>245960</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.7.2-r1</unaffected>
+      <vulnerable range="lt">2.7.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libxml2 is the XML (eXtended Markup Language) C parser and toolkit
+    initially developed for the Gnome project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were reported in libxml2:
+    </p>
+    <ul>
+    <li>
+    Andreas Solberg reported that libxml2 does not properly detect
+    recursion during entity expansion in an attribute value
+    (CVE-2008-3281).
+    </li>
+    <li>
+    A heap-based buffer overflow has been reported in the
+    xmlParseAttValueComplex() function in parser.c (CVE-2008-3529).
+    </li>
+    <li>
+    Christian Weiske reported that predefined entity definitions in
+    entities are not properly handled (CVE-2008-4409).
+    </li>
+    <li>
+    Drew Yao of Apple Product Security reported an integer overflow in the
+    xmlBufferResize() function that can lead to an infinite loop
+    (CVE-2008-4225).
+    </li>
+    <li>
+    Drew Yao of Apple Product Security reported an integer overflow in the
+    xmlSAX2Characters() function leading to a memory corruption
+    (CVE-2008-4226).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to open a
+    specially crafted XML document with an application using libxml2,
+    possibly resulting in the exeution of arbitrary code or a high CPU and
+    memory consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libxml2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.7.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281">CVE-2008-3281</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529">CVE-2008-3529</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409">CVE-2008-4409</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225">CVE-2008-4225</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226">CVE-2008-4226</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-01T21:27:07Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-10-31T00:21:31Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-10-31T00:21:45Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-07.xml b/metadata/glsa/glsa-200812-07.xml
new file mode 100644
index 000000000000..1f4b433cfeab
--- /dev/null
+++ b/metadata/glsa/glsa-200812-07.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-07">
+  <title>Mantis: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Mantis, the most severe of
+    which leading to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mantisbt</product>
+  <announced>2008-12-02</announced>
+  <revised count="01">2008-12-02</revised>
+  <bug>238570</bug>
+  <bug>241940</bug>
+  <bug>242722</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mantisbt" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4-r1</unaffected>
+      <vulnerable range="lt">1.1.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mantis is a PHP/MySQL/Web based bugtracking system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple issues have been reported in Mantis:
+    </p>
+    <ul>
+    <li>
+    EgiX reported that manage_proj_page.php does not correctly sanitize the
+    sort parameter before passing it to create_function() in
+    core/utility_api.php (CVE-2008-4687).
+    </li>
+    <li>
+    Privileges of viewers are not sufficiently checked before composing a
+    link with issue data in the source anchor (CVE-2008-4688).
+    </li>
+    <li>
+    Mantis does not unset the session cookie during logout (CVE-2008-4689).
+    </li>
+    <li>
+    Mantis does not set the secure flag for the session cookie in an HTTPS
+    session (CVE-2008-3102).
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    Remote unauthenticated attackers could exploit these vulnerabilities to
+    execute arbitrary PHP commands, disclose sensitive issue data, or
+    hijack a user's sessions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mantis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/mantisbt-1.1.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3102">CVE-2008-3102</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687">CVE-2008-4687</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688">CVE-2008-4688</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689">CVE-2008-4689</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-31T21:35:00Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T19:39:16Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T19:39:31Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-08.xml b/metadata/glsa/glsa-200812-08.xml
new file mode 100644
index 000000000000..186848d768e3
--- /dev/null
+++ b/metadata/glsa/glsa-200812-08.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-08">
+  <title>Mgetty: Insecure temporary file usage</title>
+  <synopsis>
+    Mgetty uses temporary files in an insecure manner, allowing for symlink
+    attacks.
+  </synopsis>
+  <product type="ebuild">mgetty</product>
+  <announced>2008-12-06</announced>
+  <revised count="02">2008-12-23</revised>
+  <bug>235806</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dialup/mgetty" auto="yes" arch="*">
+      <unaffected range="ge">1.1.36-r3</unaffected>
+      <vulnerable range="lt">1.1.36-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mgetty is a set of fax and voice modem programs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that the "spooldir" directory in
+    fax/faxspool.in is created in an insecure manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to overwrite
+    arbitrary files with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mgetty users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dialup/mgetty-1.1.36-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4936">CVE-2008-4936</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-22T12:40:45Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-23T11:36:13Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-23T11:36:50Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-09.xml b/metadata/glsa/glsa-200812-09.xml
new file mode 100644
index 000000000000..40e3e2b122c0
--- /dev/null
+++ b/metadata/glsa/glsa-200812-09.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-09">
+  <title>OpenSC: Insufficient protection of smart card PIN</title>
+  <synopsis>
+    Smart cards formatted using OpenSC do not sufficiently protect the PIN,
+    allowing attackers to reset it.
+  </synopsis>
+  <product type="ebuild">opensc</product>
+  <announced>2008-12-10</announced>
+  <revised count="01">2008-12-10</revised>
+  <bug>233543</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-libs/opensc" auto="yes" arch="*">
+      <unaffected range="ge">0.11.6</unaffected>
+      <vulnerable range="lt">0.11.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSC is a smart card application that allows reading and writing via
+    PKCS#11.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN
+    file control information of 00) for the 5015 directory on smart cards
+    and USB crypto tokens running Siemens CardOS M4.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A physically proximate attacker can exploit this vulnerability to
+    change the PIN on a smart card and use it for authentication, leading
+    to privilege escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSC users should upgrade to the latest version, and then check
+    and update their smart cards:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/opensc-0.11.6"
+    # pkcs15-tool --test-update
+    # pkcs15-tool --test-update --update</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235">CVE-2008-2235</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-26T18:58:19Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T19:57:21Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T19:57:53Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-10.xml b/metadata/glsa/glsa-200812-10.xml
new file mode 100644
index 000000000000..585e492eb543
--- /dev/null
+++ b/metadata/glsa/glsa-200812-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-10">
+  <title>Archive::Tar: Directory traversal vulnerability</title>
+  <synopsis>
+    A directory traversal vulnerability has been discovered in Archive::Tar.
+  </synopsis>
+  <product type="ebuild">Archive-Tar</product>
+  <announced>2008-12-10</announced>
+  <revised count="01">2008-12-10</revised>
+  <bug>192989</bug>
+  <access>remote</access>
+  <affected>
+    <package name="perl-core/Archive-Tar" auto="yes" arch="*">
+      <unaffected range="ge">1.40</unaffected>
+      <vulnerable range="lt">1.40</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Archive::Tar is a Perl module for creation and manipulation of tar
+    files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jonathan Smith of rPath reported that Archive::Tar does not check for
+    ".." in file names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to extract a
+    specially crafted tar archive, overwriting files at arbitrary locations
+    outside of the specified directory.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Archive::Tar users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=perl-core/Archive-Tar-1.40"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4829">CVE-2007-4829</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-26T18:55:42Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T20:31:02Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T20:31:20Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-11.xml b/metadata/glsa/glsa-200812-11.xml
new file mode 100644
index 000000000000..af956ac4b9dd
--- /dev/null
+++ b/metadata/glsa/glsa-200812-11.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-11">
+  <title>CUPS: Multiple vulnerabilities</title>
+  <synopsis>
+    Several remotely exploitable bugs have been found in CUPS, which allow
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2008-12-10</announced>
+  <revised count="01">2008-12-10</revised>
+  <bug>238976</bug>
+  <bug>249727</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.3.9-r1</unaffected>
+      <vulnerable range="lt">1.3.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CUPS is the Common Unix Printing System.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several buffer overflows were found in:
+    </p>
+    <ul>
+    <li>
+    The read_rle16 function in imagetops (CVE-2008-3639, found by
+    regenrecht, reported via ZDI)
+    </li>
+    <li>
+    The WriteProlog function in texttops (CVE-2008-3640, found by
+    regenrecht, reported via ZDI)
+    </li>
+    <li>
+    The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641,
+    found by regenrecht, reported via iDefense)
+    </li>
+    <li>
+    The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs)
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted input to a vulnerable
+    server, resulting in the remote execution of arbitrary code with the
+    privileges of the user running the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    None this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version.
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.3.9-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639">CVE-2008-3639</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640">CVE-2008-3640</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641">CVE-2008-3641</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286">CVE-2008-5286</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-11-29T10:13:17Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-06T18:09:49Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-12.xml b/metadata/glsa/glsa-200812-12.xml
new file mode 100644
index 000000000000..208a5235c120
--- /dev/null
+++ b/metadata/glsa/glsa-200812-12.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-12">
+  <title>Honeyd: Insecure temporary file creation</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in Honeyd, possibly
+    leading to symlink attacks.
+  </synopsis>
+  <product type="ebuild">honeyd</product>
+  <announced>2008-12-12</announced>
+  <revised count="01">2008-12-12</revised>
+  <bug>237481</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/honeyd" auto="yes" arch="*">
+      <unaffected range="ge">1.5c-r1</unaffected>
+      <vulnerable range="lt">1.5c-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Honeyd is a small daemon that creates virtual hosts on a network.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported an insecure temporary file usage within the
+    "test.sh" script.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks and overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Honeyd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/honeyd-1.5c-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3928">CVE-2008-3928</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-18T20:32:05Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-10-21T20:17:52Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-11T20:14:32Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-13.xml b/metadata/glsa/glsa-200812-13.xml
new file mode 100644
index 000000000000..005e92d8eb5e
--- /dev/null
+++ b/metadata/glsa/glsa-200812-13.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-13">
+  <title>OpenOffice.org: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in OpenOffice.org might allow for user-assisted
+    execution of arbitrary code or symlink attacks.
+  </synopsis>
+  <product type="ebuild">openoffice openoffice-bin</product>
+  <announced>2008-12-12</announced>
+  <revised count="01">2008-12-12</revised>
+  <bug>235824</bug>
+  <bug>244995</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0</unaffected>
+      <vulnerable range="lt">3.0.0</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0</unaffected>
+      <vulnerable range="lt">3.0.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenOffice.org is an open source office productivity suite, including
+    word processing, spreadsheet, presentation, drawing, data charting,
+    formula editing, and file conversion facilities.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two heap-based buffer overflows when processing WMF files
+    (CVE-2008-2237) and EMF files (CVE-2008-2238) were discovered. Dmitry
+    E. Oboukhov also reported an insecure temporary file usage within the
+    senddoc script (CVE-2008-4937).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, resulting in the remote execution of arbitrary code. A local
+    attacker could perform symlink attacks to overwrite arbitrary files on
+    the system. Both cases happen with the privileges of the user running
+    the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenOffice.org users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-3.0.0"</code>
+    <p>
+    All OpenOffice.org binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-3.0.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2237">CVE-2008-2237</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2238">CVE-2008-2238</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4937">CVE-2008-4937</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-08T09:50:25Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-08T09:56:21Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-11T19:46:56Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-14.xml b/metadata/glsa/glsa-200812-14.xml
new file mode 100644
index 000000000000..62f4d6217ea6
--- /dev/null
+++ b/metadata/glsa/glsa-200812-14.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-14">
+  <title>aview: Insecure temporary file usage</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in aview, leading to
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">aview</product>
+  <announced>2008-12-14</announced>
+  <revised count="01">2008-12-14</revised>
+  <bug>235808</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-gfx/aview" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0_rc1-r1</unaffected>
+      <vulnerable range="lt">1.3.0_rc1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    aview is an ASCII image viewer and animation player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that aview uses the "/tmp/aview$$.pgm" file
+    in an insecure manner when processing files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files on the system with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All aview users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/aview-1.3.0_rc1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4935">CVE-2008-4935</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-22T12:39:57Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-10-21T20:48:01Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-11T20:00:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-15.xml b/metadata/glsa/glsa-200812-15.xml
new file mode 100644
index 000000000000..64db3ebee111
--- /dev/null
+++ b/metadata/glsa/glsa-200812-15.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-15">
+  <title>POV-Ray: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    POV-Ray includes a version of libpng that might allow for the execution of
+    arbitrary code when reading a specially crafted PNG file
+  </synopsis>
+  <product type="ebuild">povray</product>
+  <announced>2008-12-14</announced>
+  <revised count="01">2008-12-14</revised>
+  <bug>153538</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-gfx/povray" auto="yes" arch="*">
+      <unaffected range="ge">3.6.1-r4</unaffected>
+      <vulnerable range="lt">3.6.1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    POV-Ray is a well known open-source ray tracer.
+    </p>
+  </background>
+  <description>
+    <p>
+    POV-Ray uses a statically linked copy of libpng to view and output PNG
+    files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964,
+    CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in
+    POV-Ray's build system caused it to load the old version when your
+    installed copy of libpng was &gt;=media-libs/libpng-1.2.10.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could entice a user to load a specially crafted PNG file as
+    a texture, resulting in the execution of arbitrary code with the
+    permissions of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All POV-Ray users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/povray-3.6.1-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0768">CVE-2004-0768</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0481">CVE-2006-0481</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334">CVE-2006-3334</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382">CVE-2008-1382</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964">CVE-2008-3964</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-12-04T23:06:51Z">
+    mabi
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-12-06T15:52:40Z">
+    mabi
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-11T20:06:51Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-16.xml b/metadata/glsa/glsa-200812-16.xml
new file mode 100644
index 000000000000..f092fcce6678
--- /dev/null
+++ b/metadata/glsa/glsa-200812-16.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-16">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in the Dovecot mailserver.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2008-12-14</announced>
+  <revised count="01">2008-12-14</revised>
+  <bug>240409</bug>
+  <bug>244962</bug>
+  <bug>245316</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">1.1.7-r1</unaffected>
+      <vulnerable range="lt">1.1.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dovecot is an IMAP and POP3 server written with security primarily in
+    mind.
+    </p>
+  </background>
+  <description>
+    <p>
+    Several vulnerabilities were found in Dovecot:
+    </p>
+    <ul>
+    <li>The "k"
+    right in the acl_plugin does not work as expected (CVE-2008-4577,
+    CVE-2008-4578)</li>
+    <li>The dovecot.conf is world-readable, providing
+    improper protection for the ssl_key_password setting
+    (CVE-2008-4870)</li>
+    <li>A permanent Denial of Service with broken mail
+    headers is possible (CVE-2008-4907)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities might allow a remote attacker to cause a Denial
+    of Service, to circumvent security restrictions or allow local
+    attackers to disclose the passphrase of the SSL private key.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dovecot users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-1.1.7-r1"</code>
+    <p>
+    Users should be aware that dovecot.conf will still be world-readable
+    after the update. If employing ssl_key_password, it should not be used
+    in dovecot.conf but in a separate file which should be included with
+    "include_try".
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577">CVE-2008-4577</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578">CVE-2008-4578</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4870">CVE-2008-4870</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4907">CVE-2008-4907</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2008-11-29T10:07:16Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-06T18:05:53Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-17.xml b/metadata/glsa/glsa-200812-17.xml
new file mode 100644
index 000000000000..c70431eb3279
--- /dev/null
+++ b/metadata/glsa/glsa-200812-17.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-17">
+  <title>Ruby: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Ruby that allow for
+    attacks including arbitrary code execution and Denial of Service.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2008-12-16</announced>
+  <revised count="01">2008-12-16</revised>
+  <bug>225465</bug>
+  <bug>236060</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">1.8.6_p287-r1</unaffected>
+      <vulnerable range="lt">1.8.6_p287-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is an interpreted object-oriented programming language. The
+    elaborate standard library includes an HTTP server ("WEBRick") and a
+    class for XML parsing ("REXML").
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in the Ruby interpreter
+    and its standard libraries. Drew Yao of Apple Product Security
+    discovered the following flaws:
+    </p>
+    <ul>
+    <li>Arbitrary code execution
+    or Denial of Service (memory corruption) in the rb_str_buf_append()
+    function (CVE-2008-2662).</li>
+    <li>Arbitrary code execution or Denial
+    of Service (memory corruption) in the rb_ary_stor() function
+    (CVE-2008-2663).</li>
+    <li>Memory corruption via alloca in the
+    rb_str_format() function (CVE-2008-2664).</li>
+    <li>Memory corruption
+    ("REALLOC_N") in the rb_ary_splice() and rb_ary_replace() functions
+    (CVE-2008-2725).</li>
+    <li>Memory corruption ("beg + rlen") in the
+    rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726).</li>
+    </ul> <p>
+    Furthermore, several other vulnerabilities have been reported:
+    </p>
+    <ul>
+    <li>Tanaka Akira reported an issue with resolv.rb that enables
+    attackers to spoof DNS responses (CVE-2008-1447).</li>
+    <li>Akira Tagoh
+    of RedHat discovered a Denial of Service (crash) issue in the
+    rb_ary_fill() function in array.c (CVE-2008-2376).</li>
+    <li>Several
+    safe level bypass vulnerabilities were discovered and reported by Keita
+    Yamaguchi (CVE-2008-3655).</li>
+    <li>Christian Neukirchen is credited
+    for discovering a Denial of Service (CPU consumption) attack in the
+    WEBRick HTTP server (CVE-2008-3656).</li>
+    <li>A fault in the dl module
+    allowed the circumvention of taintness checks which could possibly lead
+    to insecure code execution was reported by "sheepman"
+    (CVE-2008-3657).</li>
+    <li>Tanaka Akira again found a DNS spoofing
+    vulnerability caused by the resolv.rb implementation using poor
+    randomness (CVE-2008-3905).</li>
+    <li>Luka Treiber and Mitja Kolsek
+    (ACROS Security) disclosed a Denial of Service (CPU consumption)
+    vulnerability in the REXML module when dealing with recursive entity
+    expansion (CVE-2008-3790).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities allow remote attackers to execute arbitrary code,
+    spoof DNS responses, bypass Ruby's built-in security and taintness
+    checks, and cause a Denial of Service via crash or CPU exhaustion.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.6_p287-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376">CVE-2008-2376</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662">CVE-2008-2662</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663">CVE-2008-2663</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664">CVE-2008-2664</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725">CVE-2008-2725</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726">CVE-2008-2726</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655">CVE-2008-3655</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656">CVE-2008-3656</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657">CVE-2008-3657</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790">CVE-2008-3790</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905">CVE-2008-3905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-21T11:43:41Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-10T18:52:14Z">
+    hoffie
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-27T16:38:46Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-18.xml b/metadata/glsa/glsa-200812-18.xml
new file mode 100644
index 000000000000..435fd14ccab0
--- /dev/null
+++ b/metadata/glsa/glsa-200812-18.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-18">
+  <title>JasPer: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple memory management errors in JasPer might lead to execution of
+    arbitrary code via jpeg2k files.
+  </synopsis>
+  <product type="ebuild">jasper</product>
+  <announced>2008-12-16</announced>
+  <revised count="01">2008-12-16</revised>
+  <bug>222819</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jasper" auto="yes" arch="*">
+      <unaffected range="ge">1.900.1-r3</unaffected>
+      <vulnerable range="lt">1.900.1-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The JasPer Project is an open-source initiative to provide a free
+    software-based reference implementation of the codec specified in the
+    JPEG-2000 Part-1 (jpeg2k) standard.
+    </p>
+  </background>
+  <description>
+    <p>
+    Marc Espie and Christian Weisgerber have discovered multiple
+    vulnerabilities in JasPer:
+    </p>
+    <ul>
+    <li>
+    Multiple integer overflows might allow for insufficient memory
+    allocation, leading to heap-based buffer overflows (CVE-2008-3520).
+    </li>
+    <li>
+    The jas_stream_printf() function in libjasper/base/jas_stream.c uses
+    vsprintf() to write user-provided data to a static to a buffer, leading
+    to an overflow (CVE-2008-3522).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could entice a user or automated system to process
+    specially crafted jpeg2k files with an application using JasPer,
+    possibly leading to the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All JasPer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/jasper-1.900.1-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520">CVE-2008-3520</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522">CVE-2008-3522</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-13T18:51:07Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-10-21T20:38:03Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-15T14:20:28Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-19.xml b/metadata/glsa/glsa-200812-19.xml
new file mode 100644
index 000000000000..6b0d02eb4dae
--- /dev/null
+++ b/metadata/glsa/glsa-200812-19.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-19">
+  <title>PowerDNS: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities have been discovered in PowerDNS, possibly leading to a
+    Denial of Service and easing cache poisoning attacks.
+  </synopsis>
+  <product type="ebuild">pdns</product>
+  <announced>2008-12-19</announced>
+  <revised count="01">2008-12-19</revised>
+  <bug>234032</bug>
+  <bug>247079</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdns" auto="yes" arch="*">
+      <unaffected range="ge">2.9.21.2</unaffected>
+      <vulnerable range="lt">2.9.21.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The PowerDNS Nameserver is an authoritative-only nameserver which uses
+    a flexible backend architecture.
+    </p>
+  </background>
+  <description>
+    <p>
+    Daniel Drown reported an error when receiving a HINFO CH query
+    (CVE-2008-5277). Brian J. Dowling of Simplicity Communications
+    discovered a previously unknown security implication of the PowerDNS
+    behavior to not respond to certain queries it considers malformed
+    (CVE-2008-3337).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted queries to cause a
+    Denial of Service. The second vulnerability in itself does not pose a
+    security risk to PowerDNS Nameserver. However, not answering a query
+    for an invalid DNS record within a valid domain allows for a larger
+    spoofing window on third-party nameservers for domains being hosted by
+    PowerDNS Nameserver itself.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PowerDNS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-2.9.21.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337">CVE-2008-3337</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5277">CVE-2008-5277</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-06T21:05:59Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-06T21:06:12Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-09-10T17:38:51Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-20.xml b/metadata/glsa/glsa-200812-20.xml
new file mode 100644
index 000000000000..1ee47fdc91a6
--- /dev/null
+++ b/metadata/glsa/glsa-200812-20.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-20">
+  <title>phpCollab: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in phpCollab allowing for
+    remote injection of shell commands, PHP code and SQL statements.
+  </synopsis>
+  <product type="ebuild">phpcollab</product>
+  <announced>2008-12-21</announced>
+  <revised count="01">2008-12-21</revised>
+  <bug>235052</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpcollab" auto="yes" arch="*">
+      <vulnerable range="le">2.5_rc3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpCollab is a web-enabled groupware and project management software
+    written in PHP. It uses SQL-based database backends.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been found in phpCollab:
+    </p>
+    <ul>
+    <li>rgod reported that data sent to general/sendpassword.php via the
+    loginForm parameter is not properly sanitized before being used in an
+    SQL statement (CVE-2006-1495).</li>
+    <li>Christian Hoffmann of Gentoo
+    Security discovered multiple vulnerabilities where input is
+    insufficiently sanitized before being used in an SQL statement, for
+    instance in general/login.php via the loginForm parameter.
+    (CVE-2008-4303).</li>
+    <li>Christian Hoffmann also found out that the
+    variable $SSL_CLIENT_CERT in general/login.php is not properly
+    sanitized before being used in a shell command. (CVE-2008-4304).</li>
+    <li>User-supplied data to installation/setup.php is not checked before
+    being written to include/settings.php which is executed later. This
+    issue was reported by Christian Hoffmann as well (CVE-2008-4305).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    These vulnerabilities enable remote attackers to execute arbitrary SQL
+    statements and PHP code. NOTE: Some of the SQL injection
+    vulnerabilities require the php.ini option "magic_quotes_gpc" to be
+    disabled. Furthermore, an attacker might be able to execute arbitrary
+    shell commands if "register_globals" is enabled, "magic_quotes_gpc" is
+    disabled, the PHP OpenSSL extension is not installed or loaded and the
+    file "installation/setup.php" has not been deleted after installation.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    phpCollab has been removed from the Portage tree. We recommend that
+    users unmerge phpCollab:
+    </p>
+    <code>
+    # emerge --unmerge "www-apps/phpcollab"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1495">CVE-2006-1495</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4303">CVE-2008-4303</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4304">CVE-2008-4304</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4305">CVE-2008-4305</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-19T20:05:40Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-12-07T13:16:45Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-10T16:51:12Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-21.xml b/metadata/glsa/glsa-200812-21.xml
new file mode 100644
index 000000000000..d08b8dcc18dd
--- /dev/null
+++ b/metadata/glsa/glsa-200812-21.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-21">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities in ClamAV may allow for the remote execution of
+    arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2008-12-23</announced>
+  <revised count="01">2008-12-23</revised>
+  <bug>245450</bug>
+  <bug>249833</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.94.2</unaffected>
+      <vulnerable range="lt">0.94.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus is a free anti-virus toolkit for UNIX, designed
+    especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    Moritz Jodeit reported an off-by-one error within the
+    get_unicode_name() function in libclamav/vba_extract.c when processing
+    VBA project files (CVE-2008-5050). Ilja van Sprundel reported an
+    infinite recursion error within the cli_check_jpeg_exploit() function
+    in libclamav/special.c when processing JPEG files (CVE-2008-5314).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted VBA or JPEG file to
+    the clamd daemon, possibly resulting in the remote execution of
+    arbitrary code with the privileges of the user running the application
+    or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ClamAV users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.94.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5050">CVE-2008-5050</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314">CVE-2008-5314</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-12-09T22:40:43Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-12-21T18:51:07Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-21T18:56:43Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-22.xml b/metadata/glsa/glsa-200812-22.xml
new file mode 100644
index 000000000000..7bb717773862
--- /dev/null
+++ b/metadata/glsa/glsa-200812-22.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-22">
+  <title>Ampache: Insecure temporary file usage</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in Ampache, allowing for
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">ampache</product>
+  <announced>2008-12-23</announced>
+  <revised count="01">2008-12-23</revised>
+  <bug>237483</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-apps/ampache" auto="yes" arch="*">
+      <unaffected range="ge">3.4.3</unaffected>
+      <vulnerable range="lt">3.4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ampache is a PHP based tool for managing, updating and playing audio
+    files via a web interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported an insecure temporary file usage within the
+    gather-messages.sh script.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ampache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/ampache-3.4.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3929">CVE-2008-3929</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-22T12:37:47Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-12-11T21:03:24Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-11T21:03:37Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-23.xml b/metadata/glsa/glsa-200812-23.xml
new file mode 100644
index 000000000000..cb1476e96027
--- /dev/null
+++ b/metadata/glsa/glsa-200812-23.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-23">
+  <title>Imlib2: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in Imlib2.
+  </synopsis>
+  <product type="ebuild">imlib2</product>
+  <announced>2008-12-23</announced>
+  <revised count="01">2008-12-23</revised>
+  <bug>248057</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/imlib2" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2-r1</unaffected>
+      <vulnerable range="lt">1.4.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Imlib2 is replacement library from the Enlightenment project for
+    libraries like libXpm.
+    </p>
+  </background>
+  <description>
+    <p>
+    Julien Danjou reported a pointer arithmetic error and a heap-based
+    buffer overflow within the load() function of the XPM image loader.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process a specially crafted
+    XPM image, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running the application, or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Imlib2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/imlib2-1.4.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187">CVE-2008-5187</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-12-07T11:53:50Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-12-11T12:38:00Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-11T12:38:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200812-24.xml b/metadata/glsa/glsa-200812-24.xml
new file mode 100644
index 000000000000..90b78b9b718b
--- /dev/null
+++ b/metadata/glsa/glsa-200812-24.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200812-24">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in VLC may lead to the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2008-12-24</announced>
+  <revised count="01">2008-12-24</revised>
+  <bug>245774</bug>
+  <bug>249391</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">0.9.8a</unaffected>
+      <vulnerable range="lt">0.9.8a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    VLC is a cross-platform media player and streaming server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tobias Klein reported the following vulnerabilities:
+    </p>
+    <ul>
+    <li>A
+    stack-based buffer overflow when processing CUE image files in
+    modules/access/vcd/cdrom.c (CVE-2008-5032).</li>
+    <li>A stack-based
+    buffer overflow when processing RealText (.rt) subtitle files in the
+    ParseRealText() function in modules/demux/subtitle.c
+    (CVE-2008-5036).</li>
+    <li>An integer overflow when processing RealMedia
+    (.rm) files in the ReadRealIndex() function in real.c in the Real
+    demuxer plugin, leading to a heap-based buffer overflow
+    (CVE-2008-5276).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted CUE
+    image file, RealMedia file or RealText subtitle file, possibly
+    resulting in the execution of arbitrary code with the privileges of the
+    user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All VLC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-0.9.8a"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5032">CVE-2008-5032</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036">CVE-2008-5036</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5276">CVE-2008-5276</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-12-15T14:05:23Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-12-21T19:55:55Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-21T20:12:40Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-01.xml b/metadata/glsa/glsa-200901-01.xml
new file mode 100644
index 000000000000..84f2815c6137
--- /dev/null
+++ b/metadata/glsa/glsa-200901-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-01">
+  <title>NDISwrapper: Arbitrary remote code execution</title>
+  <synopsis>
+    Multiple buffer overflows might lead to remote execution of arbitrary code
+    with root privileges.
+  </synopsis>
+  <product type="ebuild">ndiswrapper</product>
+  <announced>2009-01-11</announced>
+  <revised count="01">2009-01-11</revised>
+  <bug>239371</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/ndiswrapper" auto="yes" arch="*">
+      <unaffected range="ge">1.53-r1</unaffected>
+      <vulnerable range="lt">1.53-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NDISwrapper is a Linux kernel module that enables the use of Microsoft
+    Windows drivers for wireless network devices.
+    </p>
+  </background>
+  <description>
+    <p>
+    Anders Kaseorg reported multiple buffer overflows related to long
+    ESSIDs.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A physically proximate attacker could send packets over a wireless
+    network that might lead to the execution of arbitrary code with root
+    privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NDISwrapper users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/ndiswrapper-1.53-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4395">CVE-2008-4395</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-06T16:33:13Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T23:45:28Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T23:45:36Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-02.xml b/metadata/glsa/glsa-200901-02.xml
new file mode 100644
index 000000000000..ef6f344fa71a
--- /dev/null
+++ b/metadata/glsa/glsa-200901-02.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-02">
+  <title>JHead: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in JHead might lead to the execution of arbitrary
+    code or data loss.
+  </synopsis>
+  <product type="ebuild">jhead</product>
+  <announced>2009-01-11</announced>
+  <revised count="01">2009-01-11</revised>
+  <bug>242702</bug>
+  <bug>243238</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/jhead" auto="yes" arch="*">
+      <unaffected range="ge">2.84-r1</unaffected>
+      <vulnerable range="lt">2.84-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    JHead is an exif jpeg header manipulation tool.
+    </p>
+  </background>
+  <description>
+    <p>
+    Marc Merlin and John Dong reported multiple vulnerabilities in JHead:
+    </p>
+    <ul>
+    <li>
+    A buffer overflow in the DoCommand() function when processing the cmd
+    argument and related to potential string overflows (CVE-2008-4575).
+    </li>
+    <li>
+    An insecure creation of a temporary file (CVE-2008-4639).
+    </li>
+    <li>
+    A error when unlinking a file (CVE-2008-4640).
+    </li>
+    <li>
+    Insufficient escaping of shell metacharacters (CVE-2008-4641).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly execute arbitrary code by enticing a
+    user or automated system to open a file with a long filename or via
+    unspecified vectors. It is also possible to trick a user into deleting
+    or overwriting files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All JHead users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/jhead-2.84-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4575">CVE-2008-4575</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4639">CVE-2008-4639</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640">CVE-2008-4640</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641">CVE-2008-4641</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-26T18:47:59Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T21:08:46Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-10T17:01:39Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-03.xml b/metadata/glsa/glsa-200901-03.xml
new file mode 100644
index 000000000000..a3c44ce6a969
--- /dev/null
+++ b/metadata/glsa/glsa-200901-03.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-03">
+  <title>pdnsd: Denial of Service and cache poisoning</title>
+  <synopsis>
+    Two errors in pdnsd allow for Denial of Service and cache poisoning.
+  </synopsis>
+  <product type="ebuild">pdnsd</product>
+  <announced>2009-01-11</announced>
+  <revised count="01">2009-01-11</revised>
+  <bug>231285</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdnsd" auto="yes" arch="*">
+      <unaffected range="ge">1.2.7</unaffected>
+      <vulnerable range="lt">1.2.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pdnsd is a proxy DNS server with permanent caching that is designed to
+    cope with unreachable DNS servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two issues have been reported in pdnsd:
+    </p>
+    <ul>
+    <li>
+    The p_exec_query() function in src/dns_query.c does not properly handle
+    many entries in the answer section of a DNS reply, related to a
+    "dangling pointer bug" (CVE-2008-4194).
+    </li>
+    <li>
+    The default value for query_port_start was set to 0, disabling UDP
+    source port randomization for outgoing queries (CVE-2008-1447).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit the second weakness to poison the cache of
+    pdnsd and thus spoof DNS traffic, which could e.g. lead to the
+    redirection of web or mail traffic to malicious sites. The first issue
+    can be exploited by enticing pdnsd to send a query to a malicious DNS
+    server, or using the port randomization weakness, and might lead to a
+    Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Port randomization can be enabled by setting the "query_port_start"
+    option to 1024 which would resolve the CVE-2008-1447 issue.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pdnsd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/pdnsd-1.2.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4194">CVE-2008-4194</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-26T18:15:10Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T23:10:06Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T23:10:19Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-04.xml b/metadata/glsa/glsa-200901-04.xml
new file mode 100644
index 000000000000..216cca9b518a
--- /dev/null
+++ b/metadata/glsa/glsa-200901-04.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-04">
+  <title>D-Bus: Denial of service</title>
+  <synopsis>
+    An error condition can cause D-Bus to crash.
+  </synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2009-01-11</announced>
+  <revised count="01">2009-01-11</revised>
+  <bug>240308</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3-r1</unaffected>
+      <vulnerable range="lt">1.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    D-Bus is a daemon providing a framework for applications to communicate
+    with one another.
+    </p>
+  </background>
+  <description>
+    <p>
+    schelte reported that the dbus_signature_validate() function can
+    trigger a failed assertion when processing a message containing a
+    malformed signature.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local user could send a specially crafted message to the D-Bus
+    daemon, leading to a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All D-Bus users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.2.3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834">CVE-2008-3834</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-26T18:43:42Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T21:51:45Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T21:52:15Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-05.xml b/metadata/glsa/glsa-200901-05.xml
new file mode 100644
index 000000000000..f979c20211fd
--- /dev/null
+++ b/metadata/glsa/glsa-200901-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-05">
+  <title>Streamripper: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple buffer overflows have been discovered in Streamripper, allowing
+    for user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">streamripper</product>
+  <announced>2009-01-11</announced>
+  <revised count="01">2009-01-11</revised>
+  <bug>249039</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/streamripper" auto="yes" arch="*">
+      <unaffected range="ge">1.64.0</unaffected>
+      <vulnerable range="lt">1.64.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Streamripper is a tool for extracting and recording mp3 files from a
+    Shoutcast stream.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Cornelius from Secunia Research reported multiple buffer
+    overflows in the http_parse_sc_header(), http_get_pls() and
+    http_get_m3u() functions in lib/http.c when parsing overly long HTTP
+    headers, or pls and m3u playlists with overly long entries.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious server,
+    possibly resulting in the remote execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Streamripper users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/streamripper-1.64.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4829">CVE-2008-4829</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-12-07T20:23:24Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-12-21T20:28:31Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-21T20:29:17Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-06.xml b/metadata/glsa/glsa-200901-06.xml
new file mode 100644
index 000000000000..03390104f060
--- /dev/null
+++ b/metadata/glsa/glsa-200901-06.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-06">
+  <title>Tremulous: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability has been discovered in Tremulous.
+  </synopsis>
+  <product type="ebuild">tremulous tremulous-bin</product>
+  <announced>2009-01-11</announced>
+  <revised count="01">2009-01-11</revised>
+  <bug>222119</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-fps/tremulous" auto="yes" arch="*">
+      <unaffected range="ge">1.1.0-r2</unaffected>
+      <vulnerable range="lt">1.1.0-r2</vulnerable>
+    </package>
+    <package name="games-fps/tremulous-bin" auto="yes" arch="*">
+      <vulnerable range="lt">1.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tremulous is a team-based First Person Shooter game.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that Tremulous includes a vulnerable version of
+    the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious games
+    server, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Tremulous users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-fps/tremulous-1.1.0-r2"</code>
+    <p>
+    Note: The binary version of Tremulous has been removed from the Portage
+    tree.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2236">CVE-2006-2236</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200605-12.xml">GLSA 200605-12</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-13T16:40:23Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-10T22:54:22Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-10T22:54:33Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-07.xml b/metadata/glsa/glsa-200901-07.xml
new file mode 100644
index 000000000000..b09e46f58ffe
--- /dev/null
+++ b/metadata/glsa/glsa-200901-07.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-07">
+  <title>MPlayer: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary
+    code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">mplayer</product>
+  <announced>2009-01-12</announced>
+  <revised count="01">2009-01-12</revised>
+  <bug>231836</bug>
+  <bug>239130</bug>
+  <bug>251017</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_rc2_p28058-r1 </unaffected>
+      <vulnerable range="lt">1.0_rc2_p28058-r1 </vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPlayer is a media player including support for a wide range of audio
+    and video formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in MPlayer:
+    </p>
+    <ul>
+    <li>A
+    stack-based buffer overflow was found in the str_read_packet() function
+    in libavformat/psxstr.c when processing crafted STR files that
+    interleave audio and video sectors (CVE-2008-3162).</li>
+    <li>Felipe
+    Andres Manzano reported multiple integer underflows in the
+    demux_real_fill_buffer() function in demux_real.c when processing
+    crafted Real Media files that cause the stream_read() function to read
+    or write arbitrary memory (CVE-2008-3827).</li>
+    <li>Tobias Klein
+    reported a stack-based buffer overflow in the demux_open_vqf() function
+    in libmpdemux/demux_vqf.c when processing malformed TwinVQ files
+    (CVE-2008-5616).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted STR,
+    Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPlayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0_rc2_p28058-r1 "</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3162">CVE-2008-3162</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3827">CVE-2008-3827</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616">CVE-2008-5616</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-29T14:10:43Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-11T12:40:15Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-11T14:37:53Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-08.xml b/metadata/glsa/glsa-200901-08.xml
new file mode 100644
index 000000000000..24e73559f1c5
--- /dev/null
+++ b/metadata/glsa/glsa-200901-08.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-08">
+  <title>Online-Bookmarks: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Online-Bookmarks.
+  </synopsis>
+  <product type="ebuild">online-bookmarks</product>
+  <announced>2009-01-12</announced>
+  <revised count="01">2009-01-12</revised>
+  <bug>235053</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/online-bookmarks" auto="yes" arch="*">
+      <unaffected range="ge">0.6.28</unaffected>
+      <vulnerable range="lt">0.6.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Online-Bookmarks is a web-based bookmark management system to store
+    your bookmarks, favorites and links.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were reported:
+    </p>
+    <ul><li>Authentication bypass when directly requesting certain pages
+    (CVE-2004-2155).</li>
+    <li>Insufficient input validation in the login
+    function in auth.inc (CVE-2006-6358).</li>
+    <li>Unspecified cross-site
+    scripting vulnerability (CVE-2006-6359).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities to bypass
+    authentication mechanisms, execute arbitrary SQL statements or inject
+    arbitrary web scripts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Online-Bookmarks users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/online-bookmarks-0.6.28"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2155">CVE-2004-2155</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6358">CVE-2006-6358</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6359">CVE-2006-6359</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-22T12:41:34Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-10T23:26:51Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-10T23:27:06Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-09.xml b/metadata/glsa/glsa-200901-09.xml
new file mode 100644
index 000000000000..adc8a2a25b5b
--- /dev/null
+++ b/metadata/glsa/glsa-200901-09.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-09">
+  <title>Adobe Reader: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Adobe Reader is vulnerable to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2009-01-13</announced>
+  <revised count="01">2009-01-13</revised>
+  <bug>225483</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">8.1.3</unaffected>
+      <vulnerable range="lt">8.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
+    reader.
+    </p>
+  </background>
+  <description>
+    <ul>
+    <li>
+    An unspecified vulnerability can be triggered by a malformed PDF
+    document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549).
+    </li>
+    <li>
+    Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and Greg
+    MacManus reported a stack-based buffer overflow in the util.printf
+    JavaScript function that incorrectly handles the format string argument
+    (CVE-2008-2992).
+    </li>
+    <li>
+    Greg MacManus of iDefense Labs reported an array index error that can
+    be leveraged for an out-of-bounds write, related to parsing of Type 1
+    fonts (CVE-2008-4812).
+    </li>
+    <li>
+    Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day Initiative,
+    reported multiple unspecified memory corruption vulnerabilities
+    (CVE-2008-4813).
+    </li>
+    <li>
+    Thomas Garnier of SkyRecon Systems reported an unspecified
+    vulnerability in a JavaScript method, related to an "input validation
+    issue" (CVE-2008-4814).
+    </li>
+    <li>
+    Josh Bressers of Red Hat reported an untrusted search path
+    vulnerability (CVE-2008-4815).
+    </li>
+    <li>
+    Peter Vreugdenhil reported through iDefense that the Download Manager
+    can trigger a heap corruption via calls to the AcroJS function
+    (CVE-2008-4817).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted PDF
+    document, and local attackers could entice a user to run acroread from
+    an untrusted working directory. Both might result in the execution of
+    arbitrary code with the privileges of the user running the application,
+    or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-8.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549">CVE-2008-2549</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992">CVE-2008-2992</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812">CVE-2008-4812</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813">CVE-2008-4813</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814">CVE-2008-4814</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815">CVE-2008-4815</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817">CVE-2008-4817</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-26T18:53:29Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-26T20:51:39Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-11-26T20:51:48Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-10.xml b/metadata/glsa/glsa-200901-10.xml
new file mode 100644
index 000000000000..aaddcf0a528f
--- /dev/null
+++ b/metadata/glsa/glsa-200901-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-10">
+  <title>GnuTLS: Certificate validation error</title>
+  <synopsis>
+    A certificate validation error in GnuTLS might allow for spoofing attacks.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2009-01-14</announced>
+  <revised count="01">2009-01-14</revised>
+  <bug>245850</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">2.4.1-r2</unaffected>
+      <vulnerable range="lt">2.4.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0.
+    </p>
+  </background>
+  <description>
+    <p>
+    Martin von Gagern reported that the _gnutls_x509_verify_certificate()
+    function in lib/x509/verify.c trusts certificate chains in which the
+    last certificate is an arbitrary trusted, self-signed certificate.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability and spoof arbitrary
+    names to conduct Man-In-The-Middle attacks and intercept sensitive
+    information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuTLS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-2.4.1-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989">CVE-2008-4989</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-30T19:06:26Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-10T23:37:58Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-10T23:38:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-11.xml b/metadata/glsa/glsa-200901-11.xml
new file mode 100644
index 000000000000..4a5984b72073
--- /dev/null
+++ b/metadata/glsa/glsa-200901-11.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-11">
+  <title>Avahi: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability has been discovered in Avahi.
+  </synopsis>
+  <product type="ebuild">avahi</product>
+  <announced>2009-01-14</announced>
+  <revised count="01">2009-01-14</revised>
+  <bug>250913</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/avahi" auto="yes" arch="*">
+      <unaffected range="ge">0.6.24</unaffected>
+      <vulnerable range="lt">0.6.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Avahi is a system that facilitates service discovery on a local
+    network.
+    </p>
+  </background>
+  <description>
+    <p>
+    Hugo Dias reported a failed assertion in the
+    originates_from_local_legacy_unicast_socket() function in
+    avahi-core/server.c when processing mDNS packets with a source port of
+    0.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted packets to the daemon,
+    leading to its crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Avahi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/avahi-0.6.24"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5081">CVE-2008-5081</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T18:41:03Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-12T22:42:38Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-12T22:42:49Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-12.xml b/metadata/glsa/glsa-200901-12.xml
new file mode 100644
index 000000000000..8e812d456612
--- /dev/null
+++ b/metadata/glsa/glsa-200901-12.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-12">
+  <title>noip-updater: Execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in noip-updater can lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">noip-updater</product>
+  <announced>2009-01-18</announced>
+  <revised count="01">2009-01-18</revised>
+  <bug>248709</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/noip-updater" auto="yes" arch="*">
+      <unaffected range="ge">2.1.9</unaffected>
+      <vulnerable range="lt">2.1.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    noip-updater is a tool used for updating IP addresses of dynamic DNS
+    records at no-ip.com.
+    </p>
+  </background>
+  <description>
+    <p>
+    xenomuta found out that the GetNextLine() function in noip2.c misses a
+    length check, leading to a stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to execute arbitrary
+    code by sending a specially crafted HTTP message to the client. NOTE:
+    Successful exploitation requires a man in the middle attack, a DNS
+    spoofing attack or a compromise of no-ip.com servers.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All noip-updater users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/noip-updater-2.1.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5297">CVE-2008-5297</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-12-29T20:15:03Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-02T11:49:22Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-11T18:28:39Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-13.xml b/metadata/glsa/glsa-200901-13.xml
new file mode 100644
index 000000000000..db69bb8680c5
--- /dev/null
+++ b/metadata/glsa/glsa-200901-13.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-13">
+  <title>Pidgin: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Pidgin, allowing for
+    remote arbitrary code execution, Denial of Service and service spoofing.
+  </synopsis>
+  <product type="ebuild">pidgin</product>
+  <announced>2009-01-20</announced>
+  <revised count="01">2009-01-20</revised>
+  <bug>230045</bug>
+  <bug>234135</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/pidgin" auto="yes" arch="*">
+      <unaffected range="ge">2.5.1</unaffected>
+      <vulnerable range="lt">2.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pidgin (formerly Gaim) is an instant messaging client for a variety of
+    instant messaging protocols. It is based on the libpurple instant
+    messaging library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Pidgin and the
+    libpurple library:
+    </p>
+    <ul><li>
+    A participant to the TippingPoint ZDI reported multiple integer
+    overflows in the msn_slplink_process_msg() function in the MSN protocol
+    implementation (CVE-2008-2927).
+    </li>
+    <li>
+    Juan Pablo Lopez Yacubian is credited for reporting a use-after-free
+    flaw in msn_slplink_process_msg() in the MSN protocol implementation
+    (CVE-2008-2955).
+    </li>
+    <li>
+    The included UPnP server does not limit the size of data to be
+    downloaded for UPnP service discovery, according to a report by Andrew
+    Hunt and Christian Grothoff (CVE-2008-2957).
+    </li>
+    <li>
+    Josh Triplett discovered that the NSS plugin for libpurple does not
+    properly verify SSL certificates (CVE-2008-3532).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted messages or files using
+    the MSN protocol which could result in the execution of arbitrary code
+    or crash Pidgin. NOTE: Successful exploitation might require the
+    victim's interaction. Furthermore, an attacker could conduct
+    man-in-the-middle attacks to obtain sensitive information using bad
+    certificates and cause memory and disk resources to exhaust.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pidgin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.5.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927">CVE-2008-2927</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2955">CVE-2008-2955</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2957">CVE-2008-2957</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532">CVE-2008-3532</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-06T18:20:14Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2008-11-29T14:01:14Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-12-02T14:32:53Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-14.xml b/metadata/glsa/glsa-200901-14.xml
new file mode 100644
index 000000000000..37b710926f41
--- /dev/null
+++ b/metadata/glsa/glsa-200901-14.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-14">
+  <title>Scilab: Insecure temporary file usage</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in Scilab, allowing for
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">scilab</product>
+  <announced>2009-01-21</announced>
+  <revised count="01">2009-01-21</revised>
+  <bug>245922</bug>
+  <access>local</access>
+  <affected>
+    <package name="sci-mathematics/scilab" auto="yes" arch="*">
+      <unaffected range="ge">4.1.2-r1</unaffected>
+      <vulnerable range="lt">4.1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Scilab is a scientific software package for numerical computations.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported an insecure temporary file usage within the
+    scilink, scidoc and scidem scripts.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Scilab users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sci-mathematics/scilab-4.1.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983">CVE-2008-4983</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-13T17:29:36Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-13T18:21:32Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-13T18:21:45Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200901-15.xml b/metadata/glsa/glsa-200901-15.xml
new file mode 100644
index 000000000000..f76b93c35a96
--- /dev/null
+++ b/metadata/glsa/glsa-200901-15.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200901-15">
+  <title>Net-SNMP: Denial of service</title>
+  <synopsis>
+    A vulnerability in Net-SNMP could lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">net-snmp</product>
+  <announced>2009-01-21</announced>
+  <revised count="01">2009-01-21</revised>
+  <bug>245306</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.4.2.1</unaffected>
+      <vulnerable range="lt">5.4.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Net-SNMP is a collection of tools for generating and retrieving SNMP
+    data.
+    </p>
+  </background>
+  <description>
+    <p>
+    Oscar Mira-Sanchez reported an integer overflow in the
+    netsnmp_create_subtree_cache() function in agent/snmp_agent.c when
+    processing GETBULK requests.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted request to crash the
+    SNMP server. NOTE: The attacker needs to know the community string to
+    exploit this vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Restrict access to trusted entities only.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Net-SNMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/net-snmp-5.4.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309">CVE-2008-4309</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T17:57:13Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-12T22:12:01Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-12T22:12:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200902-01.xml b/metadata/glsa/glsa-200902-01.xml
new file mode 100644
index 000000000000..2e0c40d38dc3
--- /dev/null
+++ b/metadata/glsa/glsa-200902-01.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200902-01">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>
+    A vulnerability in sudo may allow for privilege escalation.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2009-02-06</announced>
+  <revised count="01">2009-02-06</revised>
+  <bug>256633</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.7.0</unaffected>
+      <vulnerable range="lt">1.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sudo allows a system administrator to give users the ability to run
+    commands as other users.
+    </p>
+  </background>
+  <description>
+    <p>
+    Harald Koenig discovered that sudo incorrectly handles group
+    specifications in Runas_Alias (and related) entries when a group is
+    specified in the list (using %group syntax, to allow a user to run
+    commands as any member of that group) and the user is already a member
+    of that group.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could possibly run commands as an arbitrary system
+    user (including root).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sudo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.7.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034">CVE-2009-0034</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-02-02T22:59:48Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-02T23:20:12Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-06T22:19:55Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200902-02.xml b/metadata/glsa/glsa-200902-02.xml
new file mode 100644
index 000000000000..a6d4e9027ba8
--- /dev/null
+++ b/metadata/glsa/glsa-200902-02.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200902-02">
+  <title>OpenSSL: Certificate validation error</title>
+  <synopsis>
+    An error in the OpenSSL certificate chain validation might allow for
+    spoofing attacks.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2009-02-12</announced>
+  <revised count="01">2009-02-12</revised>
+  <bug>251346</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.8j</unaffected>
+      <vulnerable range="lt">0.9.8j</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+    (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+    purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Google Security Team reported that several functions incorrectly
+    check the result after calling the EVP_VerifyFinal() function, allowing
+    a malformed signature to be treated as a good signature rather than as
+    an error. This issue affects the signature checks on DSA and ECDSA keys
+    used with SSL/TLS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability and spoof arbitrary
+    names to conduct Man-In-The-Middle attacks and intercept sensitive
+    information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8j"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077">CVE-2008-5077</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-13T17:07:15Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-13T17:07:33Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-13T17:14:56Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200902-03.xml b/metadata/glsa/glsa-200902-03.xml
new file mode 100644
index 000000000000..0484ae60b7c1
--- /dev/null
+++ b/metadata/glsa/glsa-200902-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200902-03">
+  <title>Valgrind: Untrusted search path</title>
+  <synopsis>
+    An untrusted search path vulnerability in Valgrind might result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">valgrind</product>
+  <announced>2009-02-12</announced>
+  <revised count="01">2009-02-12</revised>
+  <bug>245317</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-util/valgrind" auto="yes" arch="*">
+      <unaffected range="ge">3.4.0</unaffected>
+      <vulnerable range="lt">3.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Valgrind is an open-source memory debugger.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the
+    current working directory, executing commands specified there.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could prepare a specially crafted .valgrindrc file and
+    entice a user to run Valgrind from the directory containing that file,
+    resulting in the execution of arbitrary code with the privileges of the
+    user running Valgrind.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run "valgrind" from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Valgrind users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/valgrind-3.4.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4865">CVE-2008-4865</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-13T17:33:22Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-13T17:46:15Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-13T17:47:39Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200902-04.xml b/metadata/glsa/glsa-200902-04.xml
new file mode 100644
index 000000000000..3ec865022e06
--- /dev/null
+++ b/metadata/glsa/glsa-200902-04.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200902-04">
+  <title>xterm: User-assisted arbitrary commands execution</title>
+  <synopsis>
+    An error in the processing of special sequences in xterm may lead to
+    arbitrary commands execution.
+  </synopsis>
+  <product type="ebuild">xterm</product>
+  <announced>2009-02-12</announced>
+  <revised count="01">2009-02-12</revised>
+  <bug>253155</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-terms/xterm" auto="yes" arch="*">
+      <unaffected range="ge">239</unaffected>
+      <vulnerable range="lt">239</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xterm is a terminal emulator for the X Window system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Paul Szabo reported an insufficient input sanitization when processing
+    Device Control Request Status String (DECRQSS) sequences.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to display a file containing
+    specially crafted DECRQSS sequences, possibly resulting in the remote
+    execution of arbitrary commands with the privileges of the user viewing
+    the file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xterm users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-terms/xterm-239"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383">CVE-2008-2383</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-28T00:33:40Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-10T10:22:45Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-10T10:22:57Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200902-05.xml b/metadata/glsa/glsa-200902-05.xml
new file mode 100644
index 000000000000..2e59a8816d29
--- /dev/null
+++ b/metadata/glsa/glsa-200902-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200902-05">
+  <title>KTorrent: Multiple vulnerabilitites</title>
+  <synopsis>
+    Two vulnerabilities in the web interface plugin in KTorrent allow for
+    remote execution of code and arbitrary torrent uploads.
+  </synopsis>
+  <product type="ebuild">ktorrent</product>
+  <announced>2009-02-23</announced>
+  <revised count="01">2009-02-23</revised>
+  <bug>244741</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/ktorrent" auto="yes" arch="*">
+      <unaffected range="ge">2.2.8</unaffected>
+      <vulnerable range="lt">2.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    KTorrent is a BitTorrent program for KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    The web interface plugin does not restrict access to the torrent upload
+    functionality (CVE-2008-5905) and does not sanitize request parameters
+    properly (CVE-2008-5906) .
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted parameters to the web
+    interface that would allow for arbitrary torrent uploads and remote
+    code execution with the privileges of the KTorrent process.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disabling the web interface plugin will prevent exploitation of both
+    issues. Click "Plugins" in the configuration menu and uncheck the
+    checkbox left of "WebInterface", then apply the changes.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All KTorrent users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-p2p/ktorrent-2.2.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5905">CVE-2008-5905</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5906">CVE-2008-5906</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-06T20:05:03Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-10T00:24:20Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-01-10T19:16:54Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200902-06.xml b/metadata/glsa/glsa-200902-06.xml
new file mode 100644
index 000000000000..17ccc6041fdb
--- /dev/null
+++ b/metadata/glsa/glsa-200902-06.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200902-06">
+  <title>GNU Emacs, XEmacs: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities were found in GNU Emacs, possibly leading to
+    user-assisted execution of arbitrary code. One also affects edit-utils in
+    XEmacs.
+  </synopsis>
+  <product type="ebuild">emacs edit-utils</product>
+  <announced>2009-02-23</announced>
+  <revised count="01">2009-02-23</revised>
+  <bug>221197</bug>
+  <bug>236498</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/emacs" auto="yes" arch="*">
+      <unaffected range="ge">22.2-r3</unaffected>
+      <unaffected range="rge">21.4-r17</unaffected>
+      <unaffected range="lt">19</unaffected>
+      <vulnerable range="lt">22.2-r3</vulnerable>
+    </package>
+    <package name="app-xemacs/edit-utils" auto="yes" arch="*">
+      <unaffected range="ge">2.39</unaffected>
+      <vulnerable range="lt">2.39</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Emacs and XEmacs are highly extensible and customizable text
+    editors. edit-utils are miscellaneous extensions to XEmacs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Morten Welinder reports about GNU Emacs and edit-utils in XEmacs: By
+    shipping a .flc accompanying a source file (.c for example) and setting
+    font-lock-support-mode to fast-lock-mode in the source file through
+    local variables, any Lisp code in the .flc file is executed without
+    warning (CVE-2008-2142).
+    </p>
+    <p>
+    Romain Francoise reported a security risk in a feature of GNU Emacs
+    related to interacting with Python. The vulnerability arises because
+    Python, by default, prepends the current directory to the module search
+    path, allowing for arbitrary code execution when launched from a
+    specially crafted directory (CVE-2008-3949).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers could entice a user to open a specially crafted file
+    in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp
+    code or arbitrary Python code with the privileges of the user running
+    GNU Emacs or XEmacs.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU Emacs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/emacs-22.2-r3"</code>
+    <p>
+    All edit-utils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-xemacs/edit-utils-2.39"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2142">CVE-2008-2142</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3949">CVE-2008-3949</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-07-06T22:12:00Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-07-12T19:44:28Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-09T22:47:35Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-01.xml b/metadata/glsa/glsa-200903-01.xml
new file mode 100644
index 000000000000..f59e43bccc7d
--- /dev/null
+++ b/metadata/glsa/glsa-200903-01.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-01">
+  <title>Vinagre: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A format string error in Vinagre may allow for the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">vinagre</product>
+  <announced>2009-03-06</announced>
+  <revised count="01">2009-03-06</revised>
+  <bug>250314</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/vinagre" auto="yes" arch="*">
+      <unaffected range="ge">0.5.2</unaffected>
+      <vulnerable range="lt">0.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Vinagre is a VNC Client for the GNOME Desktop.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alfredo Ortega (Core Security Technologies) reported a format string
+    error in the vinagre_utils_show_error() function in
+    src/vinagre-utils.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user into opening a specially crafted
+    .vnc file or connecting to a malicious server, possibly resulting in
+    the remote execution of arbitrary code with the privileges of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Vinagre users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/vinagre-0.5.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5660">CVE-2008-5660</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-12-13T19:36:32Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-24T22:12:27Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-24T22:12:38Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-02.xml b/metadata/glsa/glsa-200903-02.xml
new file mode 100644
index 000000000000..9206198d4460
--- /dev/null
+++ b/metadata/glsa/glsa-200903-02.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-02">
+  <title>ZNC: Privilege escalation</title>
+  <synopsis>
+    A vulnerability in ZNC allows for privilege escalation.
+  </synopsis>
+  <product type="ebuild">znc</product>
+  <announced>2009-03-06</announced>
+  <revised count="01">2009-03-06</revised>
+  <bug>260148</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/znc" auto="yes" arch="*">
+      <unaffected range="ge">0.066</unaffected>
+      <vulnerable range="lt">0.066</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ZNC is an advanced IRC bouncer.
+    </p>
+  </background>
+  <description>
+    <p>
+    cnu discovered multiple CRLF injection vulnerabilities in ZNC's
+    webadmin module.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote authenticated attacker could modify the znc.conf configuration
+    file and gain privileges via newline characters in e.g. the QuitMessage
+    field, and possibly execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ZNC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/znc-0.066"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0759">CVE-2009-0759</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-05T20:11:58Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-05T22:51:15Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-06T22:00:32Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-03.xml b/metadata/glsa/glsa-200903-03.xml
new file mode 100644
index 000000000000..cdaf9d614419
--- /dev/null
+++ b/metadata/glsa/glsa-200903-03.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-03">
+  <title>Audacity: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A boundary error in Audacity allows for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">audacity</product>
+  <announced>2009-03-06</announced>
+  <revised count="01">2009-03-06</revised>
+  <bug>253493</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/audacity" auto="yes" arch="*">
+      <unaffected range="ge">1.3.6</unaffected>
+      <vulnerable range="lt">1.3.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Audacity is a free cross-platform audio editor.
+    </p>
+  </background>
+  <description>
+    <p>
+    Houssamix discovered a boundary error in the
+    String_parse::get_nonspace_quoted() function in
+    lib-src/allegro/strparse.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user into importing a specially
+    crafted *.gro file, resulting in the execution of arbitrary code or a
+    Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Audacity users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/audacity-1.3.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0490">CVE-2009-0490</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-05T20:19:24Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-05T23:00:03Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-06T22:00:48Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-04.xml b/metadata/glsa/glsa-200903-04.xml
new file mode 100644
index 000000000000..f4801b08d167
--- /dev/null
+++ b/metadata/glsa/glsa-200903-04.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-04">
+  <title>DevIL: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple boundary errors in DevIL may allow for the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">devil</product>
+  <announced>2009-03-06</announced>
+  <revised count="01">2009-03-06</revised>
+  <bug>255217</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/devil" auto="yes" arch="*">
+      <unaffected range="ge">1.7.7</unaffected>
+      <vulnerable range="lt">1.7.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Developer's Image Library (DevIL) is a cross-platform image library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Stefan Cornelius (Secunia Research) discovered two boundary errors
+    within the iGetHdrHeader() function in src-IL/src/il_hdr.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    Radiance RGBE file, possibly resulting in the execution of arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All DevIL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/devil-1.7.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5262">CVE-2008-5262</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-05T20:17:56Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-05T23:09:26Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-06T22:07:22Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-05.xml b/metadata/glsa/glsa-200903-05.xml
new file mode 100644
index 000000000000..0aaef4a602a3
--- /dev/null
+++ b/metadata/glsa/glsa-200903-05.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-05">
+  <title>PDFjam: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the PDFjam scripts allow for local privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">pdfjam</product>
+  <announced>2009-03-07</announced>
+  <revised count="01">2009-03-07</revised>
+  <bug>252734</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/pdfjam" auto="yes" arch="*">
+      <unaffected range="ge">1.20-r1</unaffected>
+      <vulnerable range="lt">1.20-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PDFjam is a small collection of shell scripts to edit PDF documents,
+    including pdfnup, pdfjoin and pdf90.
+    </p>
+  </background>
+  <description>
+    <ul>
+    <li>
+    Martin Vaeth reported multiple untrusted search path vulnerabilities
+    (CVE-2008-5843).
+    </li>
+    <li>Marcus Meissner of the SUSE Security Team reported that
+    temporary files are created with a predictable name (CVE-2008-5743).
+    </li>
+    </ul> <p>
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could place a specially crafted Python module in the
+    current working directory or the /var/tmp directory, and entice a user
+    to run the PDFjam scripts, leading to the execution of arbitrary code
+    with the privileges of the user running the application. A local
+    attacker could also leverage symlink attacks to overwrite arbitrary
+    files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PDFjam users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/pdfjam-1.20-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5843">CVE-2008-5843</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5743">CVE-2008-5743</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-23T21:30:23Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T16:57:17Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T16:57:35Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-06.xml b/metadata/glsa/glsa-200903-06.xml
new file mode 100644
index 000000000000..ad6de02e430c
--- /dev/null
+++ b/metadata/glsa/glsa-200903-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-06">
+  <title>nfs-utils: Access restriction bypass</title>
+  <synopsis>
+    An error in nfs-utils allows for bypass of the netgroups restriction.
+  </synopsis>
+  <product type="ebuild">nfs-utils</product>
+  <announced>2009-03-07</announced>
+  <revised count="01">2009-03-07</revised>
+  <bug>242696</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/nfs-utils" auto="yes" arch="*">
+      <unaffected range="ge">1.1.3</unaffected>
+      <vulnerable range="lt">1.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    nfs-utils contains the client and daemon implementations for the NFS
+    protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michele Marcionelli reported that nfs-utils invokes the hosts_ctl()
+    function with the wrong order of arguments, which causes TCP Wrappers
+    to ignore netgroups.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could bypass intended access restrictions, i.e. NFS
+    netgroups, and gain access to restricted services.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All nfs-utils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/nfs-utils-1.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552">CVE-2008-4552</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T18:56:17Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T18:22:47Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T18:23:17Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-07.xml b/metadata/glsa/glsa-200903-07.xml
new file mode 100644
index 000000000000..87550ed7e405
--- /dev/null
+++ b/metadata/glsa/glsa-200903-07.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-07">
+  <title>Samba: Data disclosure</title>
+  <synopsis>
+    A missing boundary check in Samba might lead to the disclosure of memory
+    contents.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2009-03-07</announced>
+  <revised count="01">2009-03-07</revised>
+  <bug>247620</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.33</unaffected>
+      <vulnerable range="lt">3.0.33</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a suite of SMB and CIFS client/server programs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Samba does not properly check memory boundaries when handling trans,
+    rans2, and nttrans requests.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted requests to a Samba
+    daemon, leading to the disclosure of arbitrary memory or to a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.0.33"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T18:43:46Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T18:28:04Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T18:28:16Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-08.xml b/metadata/glsa/glsa-200903-08.xml
new file mode 100644
index 000000000000..3f6b9e6d1290
--- /dev/null
+++ b/metadata/glsa/glsa-200903-08.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-08">
+  <title>gEDA: Insecure temporary file creation</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in gEDA, allowing for
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">geda</product>
+  <announced>2009-03-07</announced>
+  <revised count="01">2009-03-07</revised>
+  <bug>247538</bug>
+  <access>local</access>
+  <affected>
+    <package name="sci-electronics/geda" auto="yes" arch="*">
+      <unaffected range="ge">1.4.0-r1</unaffected>
+      <vulnerable range="lt">1.4.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gEDA is an Electronic Design Automation tool used for electrical
+    circuit design.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported an insecure temporary file usage within the
+    sch2eaglepos.sh script.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gEDA users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sci-electronics/geda-1.4.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5148">CVE-2008-5148</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-13T17:58:50Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T18:01:59Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T18:02:15Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-09.xml b/metadata/glsa/glsa-200903-09.xml
new file mode 100644
index 000000000000..4b68a246aea1
--- /dev/null
+++ b/metadata/glsa/glsa-200903-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-09">
+  <title>OpenTTD: Execution of arbitrary code</title>
+  <synopsis>
+    Multiple buffer overflows in OpenTTD might allow for the execution of
+    arbitrary code in the server.
+  </synopsis>
+  <product type="ebuild">openttd</product>
+  <announced>2009-03-07</announced>
+  <revised count="01">2009-03-07</revised>
+  <bug>233929</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-simulation/openttd" auto="yes" arch="*">
+      <unaffected range="ge">0.6.3</unaffected>
+      <vulnerable range="lt">0.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenTTD is a clone of Transport Tycoon Deluxe.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple buffer overflows have been reported in OpenTTD, when storing
+    long for client names (CVE-2008-3547), in the TruncateString function
+    in src/gfx.cpp (CVE-2008-3576) and in src/openttd.cpp when processing a
+    large filename supplied to the "-g" parameter in the ttd_main function
+    (CVE-2008-3577).
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    An authenticated attacker could exploit these vulnerabilities to
+    execute arbitrary code with the privileges of the OpenTTD server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenTTD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=games-simulation/openttd-0.6.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3547">CVE-2008-3547</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3576">CVE-2008-3576</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3577">CVE-2008-3577</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-02-12T19:13:14Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-13T15:07:08Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-13T15:08:05Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-10.xml b/metadata/glsa/glsa-200903-10.xml
new file mode 100644
index 000000000000..5c42da38112b
--- /dev/null
+++ b/metadata/glsa/glsa-200903-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-10">
+  <title>Irrlicht: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow might lead to the execution of arbitrary code or a Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">irrlicht</product>
+  <announced>2009-03-07</announced>
+  <revised count="01">2009-03-07</revised>
+  <bug>252203</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-games/irrlicht" auto="yes" arch="*">
+      <unaffected range="ge">1.5</unaffected>
+      <vulnerable range="lt">1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Irrlicht Engine is an open source cross-platform high performance
+    realtime 3D engine written in C++.
+    </p>
+  </background>
+  <description>
+    <p>
+    An unspecified component of the B3D loader is vulnerable to a buffer
+    overflow due to missing boundary checks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted .irr
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service
+    (crash).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All irrlicht users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-games/irrlicht-1.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5876">CVE-2008-5876</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-02-12T19:12:26Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-04T23:33:30Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-06T22:13:18Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-11.xml b/metadata/glsa/glsa-200903-11.xml
new file mode 100644
index 000000000000..e1751aab9301
--- /dev/null
+++ b/metadata/glsa/glsa-200903-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-11">
+  <title>PyCrypto: Execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in PyCrypto might lead to the execution of arbitrary code
+    when decrypting using ARC2.
+  </synopsis>
+  <product type="ebuild">pycrypto</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>258049</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pycrypto" auto="yes" arch="*">
+      <unaffected range="ge">2.0.1-r8</unaffected>
+      <vulnerable range="lt">2.0.1-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PyCrypto is the Python Cryptography Toolkit.
+    </p>
+  </background>
+  <description>
+    <p>
+    Mike Wiacek of the Google Security Team reported a buffer overflow in
+    the ARC2 module when processing a large ARC2 key length.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to decrypt an
+    ARC2 stream in an application using PyCrypto, possibly resulting in the
+    execution of arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PyCrypto users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-python/pycrypto-2.0.1-r8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544">CVE-2009-0544</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-07T16:35:09Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-07T18:22:46Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-07T18:24:44Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-12.xml b/metadata/glsa/glsa-200903-12.xml
new file mode 100644
index 000000000000..1548d7156569
--- /dev/null
+++ b/metadata/glsa/glsa-200903-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-12">
+  <title>OptiPNG: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability in OptiPNG might result in user-assisted execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">optipng</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>260265</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/optipng" auto="yes" arch="*">
+      <unaffected range="ge">0.6.2-r1</unaffected>
+      <vulnerable range="lt">0.6.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OptiPNG is a PNG optimizer that recompresses image files to a smaller
+    size, without losing any information.
+    </p>
+  </background>
+  <description>
+    <p>
+    Roy Tam reported a use-after-free vulnerability in the
+    GIFReadNextExtension() function in lib/pngxtern/gif/gifread.c leading
+    to a memory corruption when reading a GIF image.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process a specially crafted
+    GIF image, possibly resulting in the execution of arbitrary code with
+    the privileges of the user running the application, or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OptiPNG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/optipng-0.6.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0749">CVE-2009-0749</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-07T16:36:48Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-07T18:09:51Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-07T18:10:05Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-13.xml b/metadata/glsa/glsa-200903-13.xml
new file mode 100644
index 000000000000..fc0f88cdaa94
--- /dev/null
+++ b/metadata/glsa/glsa-200903-13.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-13">
+  <title>MPFR: Denial of service</title>
+  <synopsis>
+    Multiple buffer overflows in MPFR might lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">mpfr</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>260968</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/mpfr" auto="yes" arch="*">
+      <unaffected range="ge">2.4.1</unaffected>
+      <vulnerable range="lt">2.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MPFR is a library for multiple-precision floating-point computations
+    with exact rounding.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple buffer overflows have been reported in the mpfr_snprintf() and
+    mpfr_vsnprintf() functions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote user could exploit the vulnerability to cause a Denial of
+    Service in an application using MPFR via unknown vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MPRF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/mpfr-2.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0757">CVE-2009-0757</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-07T16:35:53Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-07T18:14:49Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-07T18:14:57Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-14.xml b/metadata/glsa/glsa-200903-14.xml
new file mode 100644
index 000000000000..aa4fcdde3192
--- /dev/null
+++ b/metadata/glsa/glsa-200903-14.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-14">
+  <title>BIND: Incorrect signature verification</title>
+  <synopsis>
+    Incomplete verification of RSA and DSA certificates might lead to spoofed
+    records authenticated using DNSSEC.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>254134</bug>
+  <bug>257949</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.4.3_p1</unaffected>
+      <vulnerable range="lt">9.4.3_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC BIND is the Internet Systems Consortium implementation of the
+    Domain Name System (DNS) protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    BIND does not properly check the return value from the OpenSSL
+    functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265)
+    certificates.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could bypass validation of the certificate chain to
+    spoof DNSSEC-authenticated records.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BIND users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.4.3_p1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025">CVE-2009-0025</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265">CVE-2009-0265</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T17:55:00Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-09T10:41:33Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-09T10:41:40Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-15.xml b/metadata/glsa/glsa-200903-15.xml
new file mode 100644
index 000000000000..48d9475c35db
--- /dev/null
+++ b/metadata/glsa/glsa-200903-15.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-15">
+  <title>git: Multiple vulnerabilties</title>
+  <synopsis>
+    Multiple vulnerabilities in gitweb allow for remote execution of arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>251343</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/git" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0.6</unaffected>
+      <vulnerable range="lt">1.6.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GIT - the stupid content tracker, the revision control system used by
+    the Linux kernel team.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in gitweb that is part of
+    the git package:
+    </p>
+    <ul>
+    <li>
+    Shell metacharacters related to git_search are not properly sanitized
+    (CVE-2008-5516).
+    </li>
+    <li>
+    Shell metacharacters related to git_snapshot and git_object are not
+    properly sanitized (CVE-2008-5517).
+    </li>
+    <li>
+    The diff.external configuration variable as set in a repository can be
+    executed by gitweb (CVE-2008-5916).
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote unauthenticated attacker can execute arbitrary commands via
+    shell metacharacters in a query, remote attackers with write access to
+    a git repository configuration can execute arbitrary commands with the
+    privileges of the user running gitweb by modifying the diff.external
+    configuration variable in the repository and sending a crafted query to
+    gitweb.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All git users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/git-1.6.0.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5516">CVE-2008-5516</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517">CVE-2008-5517</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5916">CVE-2008-5916</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T18:26:05Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T18:42:55Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T18:43:18Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-16.xml b/metadata/glsa/glsa-200903-16.xml
new file mode 100644
index 000000000000..b6927e10f732
--- /dev/null
+++ b/metadata/glsa/glsa-200903-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-16">
+  <title>Epiphany: Untrusted search path</title>
+  <synopsis>
+    An untrusted search path vulnerability in Epiphany might result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">epiphany</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>257000</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-client/epiphany" auto="yes" arch="*">
+      <unaffected range="ge">2.22.3-r2</unaffected>
+      <vulnerable range="lt">2.22.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Epiphany is a GNOME webbrowser based on the Mozilla rendering engine
+    Gecko.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Vega reported an untrusted search path vulnerability in the
+    Python interface.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to run Epiphany from a directory
+    containing a specially crafted python module, resulting in the
+    execution of arbitrary code with the privileges of the user running
+    Epiphany.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run "epiphany" from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Epiphany users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/epiphany-2.22.3-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985">CVE-2008-5985</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-07T16:40:03Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-07T18:06:14Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-07T18:06:33Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-17.xml b/metadata/glsa/glsa-200903-17.xml
new file mode 100644
index 000000000000..94568ee7686c
--- /dev/null
+++ b/metadata/glsa/glsa-200903-17.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-17">
+  <title>Real VNC: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    The Real VNC client is vulnerable to execution of arbitrary code when
+    connecting to a malicious server.
+  </synopsis>
+  <product type="ebuild">vnc</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>255225</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/vnc" auto="yes" arch="*">
+      <unaffected range="ge">4.1.3</unaffected>
+      <vulnerable range="lt">4.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Real VNC is a remote desktop viewer display system.
+    </p>
+  </background>
+  <description>
+    <p>
+    An unspecified vulnerability has been discovered int the
+    CMsgReader::readRect() function in the VNC Viewer component, related to
+    the encoding type of RFB protocol data.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious VNC
+    server, or leverage Man-in-the-Middle attacks, to cause the execution
+    of arbitrary code with the privileges of the user running the VNC
+    viewer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Real VNC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/vnc-4.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770">CVE-2008-4770</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-28T00:30:00Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T16:35:19Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T16:35:29Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-18.xml b/metadata/glsa/glsa-200903-18.xml
new file mode 100644
index 000000000000..4828e60dc151
--- /dev/null
+++ b/metadata/glsa/glsa-200903-18.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-18">
+  <title>Openswan: Insecure temporary file creation</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in Openswan, allowing
+    for symlink attacks.
+  </synopsis>
+  <product type="ebuild">openswan</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>238574</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/openswan" auto="yes" arch="*">
+      <unaffected range="ge">2.4.13-r2</unaffected>
+      <vulnerable range="lt">2.4.13-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Openswan is an implementation of IPsec for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that the IPSEC livetest tool does not
+    handle the ipseclive.conn and ipsec.olts.remote.log temporary files
+    securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to execute arbitrary
+    code and overwrite arbitrary files with the privileges of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Openswan users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openswan-2.4.13-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4190">CVE-2008-4190</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T18:17:28Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T18:08:11Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T18:08:22Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-19.xml b/metadata/glsa/glsa-200903-19.xml
new file mode 100644
index 000000000000..695675b08787
--- /dev/null
+++ b/metadata/glsa/glsa-200903-19.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-19">
+  <title>Xerces-C++: Denial of service</title>
+  <synopsis>
+    An error in Xerces-C++ allows for a Denial of Service via malicious XML
+    schema files.
+  </synopsis>
+  <product type="ebuild">xerces-c</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>240496</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/xerces-c" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0-r1</unaffected>
+      <vulnerable range="lt">3.0.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xerces-C++ is a validating XML parser written in a portable subset of
+    C++.
+    </p>
+  </background>
+  <description>
+    <p>
+    Frank Rast reported that the XML parser in Xerces-C++ does not
+    correctly handle an XML schema definition with a large maxOccurs value,
+    which triggers excessive memory consumption during the validation of an
+    XML file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to validate
+    an XML file using a specially crafted XML schema file, leading to a
+    Denial of Service (stack consumption and crash).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xerces-C++ users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/xerces-c-3.0.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4482">CVE-2008-4482</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T17:39:39Z">
+    falco
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T18:13:38Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T18:13:55Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-20.xml b/metadata/glsa/glsa-200903-20.xml
new file mode 100644
index 000000000000..45c690cc4056
--- /dev/null
+++ b/metadata/glsa/glsa-200903-20.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-20">
+  <title>WebSVN: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in WebSVN allow for file overwrite and information
+    disclosure.
+  </synopsis>
+  <product type="ebuild">websvn</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>243852</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/websvn" auto="yes" arch="*">
+      <unaffected range="ge">2.1.0</unaffected>
+      <vulnerable range="lt">2.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    WebSVN is a web-based browsing tool for Subversion repositories written
+    in PHP.
+    </p>
+  </background>
+  <description>
+    <ul>
+    <li>
+    James Bercegay of GulfTech Security reported a Cross-site scripting
+    (XSS) vulnerability in the getParameterisedSelfUrl() function in
+    index.php (CVE-2008-5918) and a directory traversal vulnerability in
+    rss.php when magic_quotes_gpc is disabled (CVE-2008-5919).
+    </li>
+    <li>
+    Bas van Schaik reported that listing.php does not properly enforce
+    access restrictions when using an SVN authz file to authenticate users
+    (CVE-2009-0240).
+    </li>
+    </ul> <p>
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can exploit these vulnerabilities to overwrite
+    arbitrary files, to read changelogs or diffs for restricted projects
+    and to hijack a user's session.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WebSVN users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/websvn-2.1.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5918">CVE-2008-5918</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5919">CVE-2008-5919</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0240">CVE-2009-0240</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-24T11:43:28Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T17:56:35Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T17:56:41Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-21.xml b/metadata/glsa/glsa-200903-21.xml
new file mode 100644
index 000000000000..24ad5f334079
--- /dev/null
+++ b/metadata/glsa/glsa-200903-21.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-21">
+  <title>cURL: Arbitrary file access</title>
+  <synopsis>
+    A vulnerability in cURL may allow for arbitrary file access.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2009-03-09</announced>
+  <revised count="01">2009-03-09</revised>
+  <bug>260361</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.19.4</unaffected>
+      <vulnerable range="lt">7.19.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cURL is a command line tool for transferring files with URL syntax,
+    supporting numerous protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    David Kierznowski reported that the redirect implementation accepts
+    arbitrary Location values when CURLOPT_FOLLOWLOCATION is enabled.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly exploit this vulnerability to make
+    remote HTTP servers trigger arbitrary requests to intranet servers and
+    read or overwrite arbitrary files via a redirect to a file: URL, or, if
+    the libssh2 USE flag is enabled, execute arbitrary commands via a
+    redirect to an scp: URL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All cURL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.19.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037">CVE-2009-0037</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-05T20:06:34Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-05T23:20:10Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-06T22:09:58Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-22.xml b/metadata/glsa/glsa-200903-22.xml
new file mode 100644
index 000000000000..fc3ea403d36e
--- /dev/null
+++ b/metadata/glsa/glsa-200903-22.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-22">
+  <title>Ganglia: Execution of arbitrary code</title>
+  <synopsis>
+    A buffer-overflow in Ganglia's gmetad might lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">ganglia</product>
+  <announced>2009-03-10</announced>
+  <revised count="01">2009-03-10</revised>
+  <bug>255366</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-cluster/ganglia" auto="yes" arch="*">
+      <unaffected range="ge">3.1.1-r2</unaffected>
+      <vulnerable range="lt">3.1.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ganglia is a scalable distributed monitoring system for clusters and
+    grids.
+    </p>
+  </background>
+  <description>
+    <p>
+    Spike Spiegel reported a stack-based buffer overflow in the
+    process_path() function when processing overly long pathnames in
+    gmetad/server.c.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send a specially crafted request to the gmetad
+    service leading to the execution of arbitrary code or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ganglia users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-cluster/ganglia-3.1.1-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0241">CVE-2009-0241</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-02-03T00:12:46Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T16:26:05Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T16:27:02Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-23.xml b/metadata/glsa/glsa-200903-23.xml
new file mode 100644
index 000000000000..f8b5d333062e
--- /dev/null
+++ b/metadata/glsa/glsa-200903-23.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-23">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been identified, the worst of which allow
+    arbitrary code execution on a user's system via a malicious Flash file.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2009-03-10</announced>
+  <revised count="04">2009-05-28</revised>
+  <bug>239543</bug>
+  <bug>251496</bug>
+  <bug>260264</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">10.0.22.87</unaffected>
+      <vulnerable range="lt">10.0.22.87</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Adobe Flash Player is a renderer for the popular SWF file format,
+    which is commonly used to provide interactive websites, digital
+    experiences and mobile content.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Adobe Flash Player:
+    </p>
+    <ul>
+    <li>The access scope of SystemsetClipboard() allows ActionScript
+    programs to execute the method without user interaction
+    (CVE-2008-3873).</li>
+    <li>The access scope of FileReference.browse() and
+    FileReference.download() allows ActionScript programs to execute the
+    methods without user interaction (CVE-2008-4401).</li>
+    <li>The Settings Manager controls can be disguised as normal graphical
+    elements. This so-called "clickjacking" vulnerability was disclosed by
+    Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security,
+    Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of
+    TopsecTianRongXin (CVE-2008-4503).</li>
+    <li>Adan Barth (UC Berkely) and Collin Jackson (Stanford University)
+    discovered a flaw occurring when interpreting HTTP response headers
+    (CVE-2008-4818).</li>
+    <li>Nathan McFeters and Rob Carter of Ernst and Young's Advanced
+    Security Center are credited for finding an unspecified vulnerability
+    facilitating DNS rebinding attacks (CVE-2008-4819).</li>
+    <li>When used in a Mozilla browser, Adobe Flash Player does not
+    properly interpret jar: URLs, according to a report by Gregory
+    Fleischer of pseudo-flaw.net (CVE-2008-4821).</li>
+    <li>Alex "kuza55" K. reported that Adobe Flash Player does not properly
+    interpret policy files (CVE-2008-4822).</li>
+    <li>The vendor credits Stefano Di Paola of Minded Security for
+    reporting that an ActionScript attribute is not interpreted properly
+    (CVE-2008-4823).</li>
+    <li>Riley Hassell and Josh Zelonis of iSEC Partners reported multiple
+    input validation errors (CVE-2008-4824).</li>
+    <li>The aforementioned researchers also reported that ActionScript 2
+    does not verify a member element's size when performing several known
+    and other unspecified actions, that DefineConstantPool accepts an
+    untrusted input value for a "constant count" and that character
+    elements are not validated when retrieved from a data structure,
+    possibly resulting in a null-pointer dereference (CVE-2008-5361,
+    CVE-2008-5362, CVE-2008-5363).</li>
+    <li>The vendor reported an unspecified arbitrary code execution
+    vulnerability (CVE-2008-5499).</li>
+    <li>Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the
+    Settings Manager related to "clickjacking" (CVE-2009-0114).</li>
+    <li>The vendor credits Roee Hay from IBM Rational Application Security
+    for reporting an input validation error when processing SWF files
+    (CVE-2009-0519).</li>
+    <li>Javier Vicente Vallejo reported via the iDefense VCP that Adobe
+    Flash does not remove object references properly, leading to a freed
+    memory dereference (CVE-2009-0520).</li>
+    <li>Josh Bressers of Red Hat and Tavis Ormandy of the Google Security
+    Team reported an untrusted search path vulnerability
+    (CVE-2009-0521).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted SWF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user or a Denial of Service (crash). Furthermore a
+    remote attacker could gain access to sensitive information, disclose
+    memory contents by enticing a user to open a specially crafted PDF file
+    inside a Flash application, modify the victim's clipboard or render it
+    temporarily unusable, persuade a user into uploading or downloading
+    files, bypass security restrictions with the assistance of the user to
+    gain access to camera and microphone, conduct Cross-Site Scripting and
+    HTTP Header Splitting attacks, bypass the "non-root domain policy" of
+    Flash, and gain escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Flash Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-10.0.22.87"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3873">CVE-2008-3873</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4401">CVE-2008-4401</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4503">CVE-2008-4503</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818">CVE-2008-4818</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819">CVE-2008-4819</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821">CVE-2008-4821</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822">CVE-2008-4822</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823">CVE-2008-4823</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4824">CVE-2008-4824</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5361">CVE-2008-5361</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5362">CVE-2008-5362</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5363">CVE-2008-5363</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5499">CVE-2008-5499</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0114">CVE-2009-0114</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0519">CVE-2009-0519</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0520">CVE-2009-0520</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0521">CVE-2009-0521</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-03-09T11:37:22Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-09T12:37:48Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-24.xml b/metadata/glsa/glsa-200903-24.xml
new file mode 100644
index 000000000000..85a427b32f55
--- /dev/null
+++ b/metadata/glsa/glsa-200903-24.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-24">
+  <title>Shadow: Privilege escalation</title>
+  <synopsis>
+    An insecure temporary file usage in Shadow may allow local users to gain
+    root privileges.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2009-03-10</announced>
+  <revised count="01">2009-03-10</revised>
+  <bug>251320</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.1.2.2</unaffected>
+      <vulnerable range="lt">4.1.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Shadow is a set of tools to deal with user accounts.
+    </p>
+  </background>
+  <description>
+    <p>
+    Paul Szabo reported a race condition in the "login" executable when
+    setting up tty permissions.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker belonging to the "utmp" group could use symlink
+    attacks to overwrite arbitrary files and possibly gain root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Shadow users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.1.2.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5394">CVE-2008-5394</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-02-12T19:41:17Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-08T19:05:06Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-08T19:05:15Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-25.xml b/metadata/glsa/glsa-200903-25.xml
new file mode 100644
index 000000000000..2e4a12149715
--- /dev/null
+++ b/metadata/glsa/glsa-200903-25.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-25">
+  <title>Courier Authentication Library: SQL Injection vulnerability</title>
+  <synopsis>
+    An SQL injection vulnerability has been discovered in the Courier
+    Authentication Library.
+  </synopsis>
+  <product type="ebuild">courier-authlib</product>
+  <announced>2009-03-11</announced>
+  <revised count="01">2009-03-11</revised>
+  <bug>252576</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/courier-authlib" auto="yes" arch="*">
+      <unaffected range="ge">0.62.2</unaffected>
+      <vulnerable range="lt">0.62.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Courier Authentication Library is a generic authentication API that
+    encapsulates the process of validating account passwords.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that some parameters used in SQL queries are not
+    properly sanitized before being processed when using a non-Latin locale
+    Postgres database.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted input to an application
+    using the library, possibly resulting in the execution of arbitrary SQL
+    commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Courier Authentication Library users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/courier-authlib-0.62.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2380">CVE-2008-2380</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-07T18:32:02Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-10T12:55:53Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-11T10:55:30Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-26.xml b/metadata/glsa/glsa-200903-26.xml
new file mode 100644
index 000000000000..1486112ddd9d
--- /dev/null
+++ b/metadata/glsa/glsa-200903-26.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-26">
+  <title>TMSNC: Execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in TMSNC might lead to the execution of arbitrary code
+    when processing an instant message.
+  </synopsis>
+  <product type="ebuild">tmsnc</product>
+  <announced>2009-03-12</announced>
+  <revised count="01">2009-03-12</revised>
+  <bug>229157</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/tmsnc" auto="yes" arch="*">
+      <vulnerable range="le">0.3.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TMSNC is a Textbased client for the MSN instant messaging protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nico Golde reported a stack-based buffer overflow when processing a MSN
+    packet with a UBX command containing a large UBX payload length field.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted message, possibly
+    resulting in the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Since TMSNC is no longer maintained, we recommend that users unmerge
+    the vulnerable package and switch to another console-based MSN client
+    such as CenterIM or Pebrot:
+    </p>
+    <code>
+    # emerge --unmerge "net-im/tmsnc"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2828">CVE-2008-2828</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-10T22:52:54Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-11T12:01:45Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-11T12:02:24Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-27.xml b/metadata/glsa/glsa-200903-27.xml
new file mode 100644
index 000000000000..b9f332c1de2e
--- /dev/null
+++ b/metadata/glsa/glsa-200903-27.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-27">
+  <title>ProFTPD: Multiple vulnerabilities</title>
+  <synopsis>
+    Two vulnerabilities in ProFTPD might allow for SQL injection attacks.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2009-03-12</announced>
+  <revised count="01">2009-03-12</revised>
+  <bug>258450</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.2</unaffected>
+      <vulnerable range="lt">1.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ProFTPD is an advanced and very configurable FTP server.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were reported:
+    </p>
+    <ul><li>
+    Percent characters in the username are not properly handled, which
+    introduces a single quote character during variable substitution by
+    mod_sql (CVE-2009-0542).
+    </li>
+    <li>
+    Some invalid, encoded multibyte characters are not properly handled in
+    mod_sql_mysql and mod_sql_postgres when NLS support is enabled
+    (CVE-2009-0543).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted requests to the server,
+    possibly resulting in the execution of arbitrary SQL statements.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ProFTPD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.3.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0542">CVE-2009-0542</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0543">CVE-2009-0543</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-07T18:36:42Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-12T12:43:00Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-12T12:43:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-28.xml b/metadata/glsa/glsa-200903-28.xml
new file mode 100644
index 000000000000..6de7f3aa014d
--- /dev/null
+++ b/metadata/glsa/glsa-200903-28.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-28">
+  <title>libpng: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in libpng, which might result in the
+    execution of arbitrary code
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2009-03-15</announced>
+  <revised count="01">2009-03-15</revised>
+  <bug>244808</bug>
+  <bug>255231</bug>
+  <bug>259578</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.35</unaffected>
+      <vulnerable range="lt">1.2.35</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is the official PNG reference library used to read, write and
+    manipulate PNG images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in libpng:
+    </p>
+    <ul>
+    <li>A
+    memory leak bug was reported in png_handle_tEXt(), a function that is
+    used while reading PNG images (CVE-2008-6218).</li>
+    <li>A memory
+    overwrite bug was reported by Jon Foster in png_check_keyword(), caused
+    by writing overlong keywords to a PNG file (CVE-2008-5907).</li>
+    <li>A
+    memory corruption issue, caused by an incorrect handling of an out of
+    memory condition has been reported by Tavis Ormandy of the Google
+    Security Team. That vulnerability affects direct uses of
+    png_read_png(), pCAL chunk and 16-bit gamma table handling
+    (CVE-2009-0040).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may execute arbitrary code with the privileges of the
+    user opening a specially crafted PNG file by exploiting the erroneous
+    out-of-memory handling. An attacker may also exploit the
+    png_check_keyword() error to set arbitrary memory locations to 0, if
+    the application allows overlong, user-controlled keywords when writing
+    PNG files. The png_handle_tEXT() vulnerability may be exploited by an
+    attacker to potentially consume all memory on a users system when a
+    specially crafted PNG file is opened.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.35"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907">CVE-2008-5907</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6218">CVE-2008-6218</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040">CVE-2009-0040</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-11T18:45:00Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-13T19:13:22Z">
+    mabi
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-13T19:09:44Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-29.xml b/metadata/glsa/glsa-200903-29.xml
new file mode 100644
index 000000000000..3119c5e2f7ef
--- /dev/null
+++ b/metadata/glsa/glsa-200903-29.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-29">
+  <title>BlueZ: Arbitrary code execution</title>
+  <synopsis>
+    Insufficient input validation in BlueZ may lead to arbitrary code execution
+    or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">bluez-utils bluez-libs</product>
+  <announced>2009-03-16</announced>
+  <revised count="01">2009-03-16</revised>
+  <bug>230591</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-wireless/bluez-utils" auto="yes" arch="*">
+      <unaffected range="ge">3.36</unaffected>
+      <vulnerable range="lt">3.36</vulnerable>
+    </package>
+    <package name="net-wireless/bluez-libs" auto="yes" arch="*">
+      <unaffected range="ge">3.36</unaffected>
+      <vulnerable range="lt">3.36</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    BlueZ is a set of Bluetooth tools and system daemons for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that the Bluetooth packet parser does not validate
+    string length fields in SDP packets.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A physically proximate attacker using a Bluetooth device with an
+    already established trust relationship could send specially crafted
+    requests, possibly leading to arbitrary code execution or a crash.
+    Exploitation may also be triggered by a local attacker registering a
+    service record via a UNIX socket or D-Bus interface.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All bluez-utils users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/bluez-utils-3.36"</code>
+    <p>
+    All bluez-libs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-wireless/bluez-libs-3.36"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374">CVE-2008-2374</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-11T19:03:24Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-11T19:04:53Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-13T12:49:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-30.xml b/metadata/glsa/glsa-200903-30.xml
new file mode 100644
index 000000000000..410dacca8bd1
--- /dev/null
+++ b/metadata/glsa/glsa-200903-30.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-30">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in Opera, the worst of which allow for
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2009-03-16</announced>
+  <revised count="02">2009-03-17</revised>
+  <bug>247229</bug>
+  <bug>261032</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">9.64</unaffected>
+      <vulnerable range="lt">9.64</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Opera is a fast web browser that is available free of charge.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Opera:
+    </p>
+    <ul>
+    <li>Vitaly McLain reported a heap-based buffer overflow when processing
+    host names in file:// URLs (CVE-2008-5178).</li>
+    <li>Alexios Fakos reported a vulnerability in the HTML parsing engine
+    when processing web pages that trigger an invalid pointer calculation
+    and heap corruption (CVE-2008-5679).</li>
+    <li>Red XIII reported that certain text-area contents can be
+    manipulated to cause a buffer overlow (CVE-2008-5680).</li>
+    <li>David Bloom discovered that unspecified "scripted URLs" are not
+    blocked during the feed preview (CVE-2008-5681).</li>
+    <li>Robert Swiecki of the Google Security Team reported a Cross-site
+    scripting vulnerability (CVE-2008-5682).</li>
+    <li>An unspecified vulnerability reveals random data
+    (CVE-2008-5683).</li>
+    <li>Tavis Ormandy of the Google Security Team reported a vulnerability
+    when processing JPEG images that may corrupt memory
+    (CVE-2009-0914).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted JPEG
+    image to cause a Denial of Service or execute arbitrary code, to
+    process an overly long file:// URL or to open a specially crafted web
+    page to execute arbitrary code. He could also read existing
+    subscriptions and force subscriptions to arbitrary feed URLs, as well
+    as inject arbitrary web script or HTML via built-in XSLT templates.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Opera users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/opera-9.64"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5178">CVE-2008-5178</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5679">CVE-2008-5679</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5680">CVE-2008-5680</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5681">CVE-2008-5681</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5682">CVE-2008-5682</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5683">CVE-2008-5683</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0914">CVE-2009-0914</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-07T09:16:02Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-09T15:15:16Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-16T21:43:27Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-31.xml b/metadata/glsa/glsa-200903-31.xml
new file mode 100644
index 000000000000..3d464c328b6c
--- /dev/null
+++ b/metadata/glsa/glsa-200903-31.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-31">
+  <title>libcdaudio: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A vulnerability in libcdaudio might allow for the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">libcdaudio</product>
+  <announced>2009-03-17</announced>
+  <revised count="01">2009-03-17</revised>
+  <bug>245649</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libcdaudio" auto="yes" arch="*">
+      <unaffected range="ge">0.99.12-r1</unaffected>
+      <vulnerable range="lt">0.99.12-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libcdaudio is a library of CD audio related routines.
+    </p>
+  </background>
+  <description>
+    <p>
+    A heap-based buffer overflow has been reported in the
+    cddb_read_disc_data() function in cddb.c when processing overly long
+    CDDB data.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious CDDB
+    server, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libcdaudio users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libcdaudio-0.99.12-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030">CVE-2008-5030</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-03-16T12:45:13Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-16T12:45:24Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-32.xml b/metadata/glsa/glsa-200903-32.xml
new file mode 100644
index 000000000000..42b2dd7c4495
--- /dev/null
+++ b/metadata/glsa/glsa-200903-32.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-32">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of
+    which may allow for remote code execution.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2009-03-18</announced>
+  <revised count="01">2009-03-18</revised>
+  <bug>237781</bug>
+  <bug>244914</bug>
+  <bug>246831</bug>
+  <bug>250752</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.11.9.4</unaffected>
+      <vulnerable range="lt">2.11.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a web-based management tool for MySQL databases.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in phpMyAdmin:
+    </p>
+    <ul>
+    <li>
+    libraries/database_interface.lib.php in phpMyAdmin allows remote
+    authenticated users to execute arbitrary code via a request to
+    server_databases.php with a sort_by parameter containing PHP sequences,
+    which are processed by create_function (CVE-2008-4096).
+    </li>
+    <li>
+    Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote
+    attackers to inject arbitrary web script or HTML via the db parameter,
+    a different vector than CVE-2006-6942 and CVE-2007-5977
+    (CVE-2008-4775).
+    </li>
+    <li>
+    Cross-site request forgery (CSRF) vulnerability in phpMyAdmin allows
+    remote authenticated attackers to perform unauthorized actions as the
+    administrator via a link or IMG tag to tbl_structure.php with a
+    modified table parameter. NOTE: this can be leveraged to conduct SQL
+    injection attacks and execute arbitrary code (CVE-2008-5621).
+    </li>
+    <li>
+    Multiple cross-site request forgery (CSRF) vulnerabilities in
+    phpMyAdmin allow remote attackers to conduct SQL injection attacks via
+    unknown vectors related to the table parameter, a different vector than
+    CVE-2008-5621 (CVE-2008-5622).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker may execute arbitrary code with the rights of the
+    webserver, inject and execute SQL with the rights of phpMyAdmin or
+    conduct XSS attacks against other users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.11.9.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6942">CVE-2006-6942</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5977">CVE-2007-5977</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096">CVE-2008-4096</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4775">CVE-2008-4775</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621">CVE-2008-5621</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622">CVE-2008-5622</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-23T18:59:26Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-14T23:58:57Z">
+    mabi
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-16T21:41:59Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-33.xml b/metadata/glsa/glsa-200903-33.xml
new file mode 100644
index 000000000000..1cd631e0ccc2
--- /dev/null
+++ b/metadata/glsa/glsa-200903-33.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-33">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in FFmpeg may lead to the remote execution of
+    arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">ffmpeg gst-plugins-ffmpeg mplayer</product>
+  <announced>2009-03-19</announced>
+  <revised count="01">2009-03-19</revised>
+  <bug>231831</bug>
+  <bug>231834</bug>
+  <bug>245313</bug>
+  <bug>257217</bug>
+  <bug>257381</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">0.4.9_p20090201</unaffected>
+      <vulnerable range="lt">0.4.9_p20090201</vulnerable>
+    </package>
+    <package name="media-plugins/gst-plugins-ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">0.10.5</unaffected>
+      <vulnerable range="lt">0.10.5</vulnerable>
+    </package>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.0_rc2_p28450</unaffected>
+      <vulnerable range="lt">1.0_rc2_p28450</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FFmpeg is a complete solution to record, convert and stream audio and
+    video. gst-plugins-ffmpeg is a FFmpeg based gstreamer plugin which
+    includes a vulnerable copy of FFmpeg code. Mplayer is a multimedia
+    player which also includes a vulnerable copy of the code.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in FFmpeg:
+    </p>
+    <ul><li>astrange
+    reported a stack-based buffer overflow in the str_read_packet() in
+    libavformat/psxstr.c when processing .str files (CVE-2008-3162).</li>
+    <li>Multiple buffer overflows in libavformat/utils.c
+    (CVE-2008-4866).</li>
+    <li>A buffer overflow in libavcodec/dca.c
+    (CVE-2008-4867).</li>
+    <li>An unspecified vulnerability in the
+    avcodec_close() function in libavcodec/utils.c (CVE-2008-4868).</li>
+    <li>Unspecified memory leaks (CVE-2008-4869).</li>
+    <li>Tobias Klein
+    repoerted a NULL pointer dereference due to an integer signedness error
+    in the fourxm_read_header() function in libavformat/4xm.c
+    (CVE-2009-0385).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted media
+    file, possibly leading to the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FFmpeg users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-0.4.9_p20090201"</code>
+    <p>
+    All gst-plugins-ffmpeg users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-plugins/gst-plugins-ffmpeg-0.10.5"</code>
+    <p>
+    All Mplayer users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.0_rc2_p28450"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3162 ">CVE-2008-3162</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4866">CVE-2008-4866</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867">CVE-2008-4867</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4868">CVE-2008-4868</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869">CVE-2008-4869</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385">CVE-2009-0385</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-10-31T21:30:59Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-17T22:05:30Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-17T22:05:39Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-34.xml b/metadata/glsa/glsa-200903-34.xml
new file mode 100644
index 000000000000..206f4beb9280
--- /dev/null
+++ b/metadata/glsa/glsa-200903-34.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-34">
+  <title>Amarok: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities in Amarok might allow for user-assisted execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">amarok</product>
+  <announced>2009-03-20</announced>
+  <revised count="01">2009-03-20</revised>
+  <bug>254896</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/amarok" auto="yes" arch="*">
+      <unaffected range="ge">1.4.10-r2</unaffected>
+      <vulnerable range="lt">1.4.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Amarok is an advanced music player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tobias Klein has discovered multiple vulnerabilities in Amarok:
+    </p>
+    <ul>
+    <li>Multiple integer overflows in the Audible::Tag::readTag()
+    function in metadata/audible/audibletag.cpp trigger heap-based buffer
+    overflows (CVE-2009-0135).</li>
+    <li>Multiple array index errors in the
+    Audible::Tag::readTag() function in metadata/audible/audibletag.cpp can
+    lead to invalid pointer dereferences, or the writing of a 0x00 byte to
+    an arbitrary memory location after an allocation failure
+    (CVE-2009-0136).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    Audible Audio (.aa) file with a large "nlen" or "vlen" tag value to
+    execute arbitrary code or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Amarok users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/amarok-1.4.10-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0135">CVE-2009-0135</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0136">CVE-2009-0136</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-19T13:02:32Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-20T19:39:32Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-20T19:54:30Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-35.xml b/metadata/glsa/glsa-200903-35.xml
new file mode 100644
index 000000000000..8cd7698b732e
--- /dev/null
+++ b/metadata/glsa/glsa-200903-35.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-35">
+  <title>Muttprint: Insecure temporary file usage</title>
+  <synopsis>
+    An insecure temporary file usage in Muttprint allows for symlink attacks.
+  </synopsis>
+  <product type="ebuild">muttprint</product>
+  <announced>2009-03-23</announced>
+  <revised count="01">2009-03-23</revised>
+  <bug>250554</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-misc/muttprint" auto="yes" arch="*">
+      <unaffected range="ge">0.72d-r1</unaffected>
+      <vulnerable range="lt">0.72d-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Muttprint formats the output of mail clients to a good-looking printing
+    using LaTeX.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported an insecure usage of the temporary file
+    "/tmp/muttprint.log" in the muttprint script.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Muttprint users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-misc/muttprint-0.72d-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5368">CVE-2008-5368</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-22T20:25:26Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-22T21:59:17Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-22T21:59:46Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-36.xml b/metadata/glsa/glsa-200903-36.xml
new file mode 100644
index 000000000000..6c9722eee847
--- /dev/null
+++ b/metadata/glsa/glsa-200903-36.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-36">
+  <title>MLDonkey: Information disclosure</title>
+  <synopsis>
+    A vulnerability in the MLDonkey web interface allows remote attackers to
+    disclose arbitrary files.
+  </synopsis>
+  <product type="ebuild">mldonkey</product>
+  <announced>2009-03-23</announced>
+  <revised count="01">2009-03-23</revised>
+  <bug>260072</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/mldonkey" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0</unaffected>
+      <vulnerable range="lt">3.0.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MLDonkey is a multi-network P2P application written in Ocaml, coming
+    with its own Gtk GUI, web and telnet interface.
+    </p>
+  </background>
+  <description>
+    <p>
+    Michael Peselnik reported that src/utils/lib/url.ml in the web
+    interface of MLDonkey does not handle file names with leading double
+    slashes properly.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could gain access to arbitrary files readable by the
+    user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable the web interface or restrict access to it.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MLDonkey users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-p2p/mldonkey-3.0.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0753">CVE-2009-0753</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-22T20:26:47Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-22T20:38:08Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-22T22:00:11Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-37.xml b/metadata/glsa/glsa-200903-37.xml
new file mode 100644
index 000000000000..b90cecc2f600
--- /dev/null
+++ b/metadata/glsa/glsa-200903-37.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-37">
+  <title>Ghostscript: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflows in the Ghostscript ICC library might allow for
+    user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ghostscript-gpl ghostscript-esp ghostscript-gnu</product>
+  <announced>2009-03-23</announced>
+  <revised count="01">2009-03-23</revised>
+  <bug>261087</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">8.64-r2</unaffected>
+      <vulnerable range="lt">8.64-r2</vulnerable>
+    </package>
+    <package name="app-text/ghostscript-gnu" auto="yes" arch="*">
+      <unaffected range="ge">8.62.0</unaffected>
+      <vulnerable range="lt">8.62.0</vulnerable>
+    </package>
+    <package name="app-text/ghostscript-esp" auto="yes" arch="*">
+      <vulnerable range="le">8.15.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ghostscript is an interpreter for the PostScript language and the
+    Portable Document Format (PDF).
+    </p>
+  </background>
+  <description>
+    <p>
+    Jan Lieskovsky from the Red Hat Security Response Team discovered the
+    following vulnerabilities in Ghostscript's ICC Library:
+    </p>
+    <ul>
+    <li>Multiple integer overflows (CVE-2009-0583).</li>
+    <li>Multiple
+    insufficient bounds checks on certain variable sizes
+    (CVE-2009-0584).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    PostScript file containing images and a malicious ICC profile, possibly
+    resulting in the execution of arbitrary code with the privileges of the
+    user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GPL Ghostscript users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-8.64-r2"</code>
+    <p>
+    All GNU Ghostscript users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gnu-8.62.0"</code>
+    <p>
+    We recommend that users unmerge ESP Ghostscript and use GPL or GNU
+    Ghostscript instead:
+    </p>
+    <code>
+    # emerge --unmerge "app-text/ghostscript-esp"</code>
+    <p>
+    For installation instructions, see above.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583">CVE-2009-0583</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584">CVE-2009-0584</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-22T20:18:05Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-22T21:04:31Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-23T13:39:36Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-38.xml b/metadata/glsa/glsa-200903-38.xml
new file mode 100644
index 000000000000..cbd4b4ac0f99
--- /dev/null
+++ b/metadata/glsa/glsa-200903-38.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-38">
+  <title>Squid: Multiple Denial of Service vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in Squid which allow for remote
+    Denial of Service attacks.
+  </synopsis>
+  <product type="ebuild">Squid</product>
+  <announced>2009-03-24</announced>
+  <revised count="01">2009-03-24</revised>
+  <bug>216319</bug>
+  <bug>257585</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">2.7.6</unaffected>
+      <vulnerable range="lt">2.7.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Squid is a full-featured web proxy cache.
+    </p>
+  </background>
+  <description>
+    <ul>
+    <li>The arrayShrink function in lib/Array.c can cause an array to
+    shrink to 0 entries, which triggers an assert error. NOTE: this issue
+    is due to an incorrect fix for CVE-2007-6239 (CVE-2008-1612).</li>
+    <li>An invalid version number in a HTTP request may trigger an
+    assertion in HttpMsg.c and HttpStatusLine.c (CVE-2009-0478).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    The issues allows for Denial of Service attacks against the service via
+    an HTTP request with an invalid version number and other specially
+    crafted requests.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Squid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-2.7.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239">CVE-2007-6239</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612">CVE-2008-1612</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0478">CVE-2009-0478</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200801-05.xml">GLSA-200801-05</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-09T14:14:34Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-16T14:25:11Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-24T16:45:49Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-39.xml b/metadata/glsa/glsa-200903-39.xml
new file mode 100644
index 000000000000..9ccec2a588fc
--- /dev/null
+++ b/metadata/glsa/glsa-200903-39.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-39">
+  <title>pam_krb5: Privilege escalation</title>
+  <synopsis>
+    Two vulnerabilities in pam_krb5 might allow local users to elevate their
+    privileges or overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">pam_krb5</product>
+  <announced>2009-03-25</announced>
+  <revised count="01">2009-03-25</revised>
+  <bug>257075</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-auth/pam_krb5" auto="yes" arch="*">
+      <unaffected range="ge">3.12</unaffected>
+      <vulnerable range="lt">3.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    pam_krb5 is a a Kerberos v5 PAM module.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were discovered:
+    </p>
+    <ul><li>pam_krb5
+    does not properly initialize the Kerberos libraries for setuid use
+    (CVE-2009-0360).</li>
+    <li>Derek Chan reported that calls to
+    pam_setcred() are not properly handled when running setuid
+    (CVE-2009-0361).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could set an environment variable to point to a
+    specially crafted Kerberos configuration file and launch a PAM-based
+    setuid application to elevate privileges, or change ownership and
+    overwrite arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All pam_krb5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-auth/pam_krb5-3.12"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360">CVE-2009-0360</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0361">CVE-2009-0361</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-05T20:23:59Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-09T12:57:24Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-09T12:57:36Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-40.xml b/metadata/glsa/glsa-200903-40.xml
new file mode 100644
index 000000000000..2cebd0751ef6
--- /dev/null
+++ b/metadata/glsa/glsa-200903-40.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-40">
+  <title>Analog: Denial of service</title>
+  <synopsis>
+    A Denial of Service vulnerability was discovered in Analog.
+  </synopsis>
+  <product type="ebuild">analog</product>
+  <announced>2009-03-29</announced>
+  <revised count="01">2009-03-29</revised>
+  <bug>249140</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/analog" auto="yes" arch="*">
+      <unaffected range="ge">6.0-r2</unaffected>
+      <vulnerable range="lt">6.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Analog is a a webserver log analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Diego E. Petteno reported that the Analog package in Gentoo is built
+    with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA
+    200804-02).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could place specially crafted log files into a log
+    directory being analyzed by analog, e.g. /var/log/apache, resulting in
+    a crash when being processed by the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Analog users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/analog-6.0-r2"</code>
+    <p>
+    NOTE: Analog is now linked against the system bzip2 library.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372">CVE-2008-1372</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200804-02.xml">GLSA 200804-02</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-12-21T20:13:59Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-26T12:22:59Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-26T12:23:07Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200903-41.xml b/metadata/glsa/glsa-200903-41.xml
new file mode 100644
index 000000000000..054f68d8a8eb
--- /dev/null
+++ b/metadata/glsa/glsa-200903-41.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200903-41">
+  <title>gedit: Untrusted search path</title>
+  <synopsis>
+    A vulnerability in gedit might allow local attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">gedit</product>
+  <announced>2009-03-30</announced>
+  <revised count="01">2009-03-30</revised>
+  <bug>257004</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-editors/gedit" auto="yes" arch="*">
+      <unaffected range="rge">2.22.3-r1</unaffected>
+      <unaffected range="ge">2.24.3</unaffected>
+      <vulnerable range="lt">2.24.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gedit is a text editor for the GNOME desktop.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Vega reported that gedit uses the current working directory when
+    searching for python modules, a vulnerability related to CVE-2008-5983.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to open gedit from a specially
+    crafted environment, possibly resulting in the execution of arbitrary
+    code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run gedit from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gedit 2.22.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/gedit-2.22.3-r1"</code>
+    <p>
+    All gedit 2.24.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/gedit-2.24.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983">CVE-2008-5983</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0314">CVE-2009-0314</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-03-23T09:17:57Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-30T11:46:10Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-30T11:46:20Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-01.xml b/metadata/glsa/glsa-200904-01.xml
new file mode 100644
index 000000000000..707d657c141d
--- /dev/null
+++ b/metadata/glsa/glsa-200904-01.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-01">
+  <title>Openfire: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were discovered in Openfire, the worst of which
+    may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openfire</product>
+  <announced>2009-04-02</announced>
+  <revised count="01">2009-04-02</revised>
+  <bug>246008</bug>
+  <bug>254309</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/openfire" auto="yes" arch="*">
+      <unaffected range="ge">3.6.3</unaffected>
+      <vulnerable range="lt">3.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ignite Realtime Openfire is a fast real-time collaboration server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two vulnerabilities have been reported by Federico Muttis, from CORE
+    IMPACT's Exploit Writing Team:
+    </p>
+    <ul>
+    <li>
+    Multiple missing or incomplete input validations in several .jsps
+    (CVE-2009-0496).
+    </li>
+    <li>
+    Incorrect input validation of the "log" parameter in log.jsp
+    (CVE-2009-0497).
+    </li>
+    </ul> <p>
+    Multiple vulnerabilities have been reported by Andreas Kurtz:
+    </p>
+    <ul>
+    <li>
+    Erroneous built-in exceptions to input validation in login.jsp
+    (CVE-2008-6508).
+    </li>
+    <li>
+    Unsanitized user input to the "type" parameter in
+    sipark-log-summary.jsp used in SQL statement. (CVE-2008-6509)
+    </li>
+    <li>
+    A Cross-Site-Scripting vulnerability due to unsanitized input to the
+    "url" parameter. (CVE-2008-6510, CVE-2008-6511)
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could execute arbitrary code on clients' systems by
+    uploading a specially crafted plugin, bypassing authentication.
+    Additionally, an attacker could read arbitrary files on the server or
+    execute arbitrary SQL statements. Depending on the server's
+    configuration the attacker might also execute code on the server via an
+    SQL injection.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Openfire users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/openfire-3.6.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6508">CVE-2008-6508</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6509">CVE-2008-6509</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6510">CVE-2008-6510</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6511">CVE-2008-6511</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0496">CVE-2009-0496</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0497">CVE-2009-0497</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-03-21T10:46:26Z">
+    mabi
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-21T11:36:24Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-02.xml b/metadata/glsa/glsa-200904-02.xml
new file mode 100644
index 000000000000..4c436ba51cda
--- /dev/null
+++ b/metadata/glsa/glsa-200904-02.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-02">
+  <title>GLib: Execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflows might allow for the execution of arbitrary code
+    when performing base64 conversion.
+  </synopsis>
+  <product type="ebuild">glib</product>
+  <announced>2009-04-03</announced>
+  <revised count="02">2009-04-05</revised>
+  <bug>249214</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/glib" auto="yes" arch="*">
+      <unaffected range="ge">2.18.4-r1</unaffected>
+      <unaffected range="rge">2.16.6-r1</unaffected>
+      <unaffected range="lt">2</unaffected>
+      <vulnerable range="lt">2.18.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GLib is a library of C routines that is used by a multitude of
+    programs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Diego E. Petteno` reported multiple integer overflows in glib/gbase64.c
+    when converting a long string from or to a base64 representation.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to perform a
+    base64 conversion via an application using GLib, possibly resulting in
+    the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GLib 2.18 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.18.4-r1"</code>
+    <p>
+    All GLib 2.16 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.16.6-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316">CVE-2008-4316</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-02T12:01:03Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-02T12:09:57Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-02T12:10:20Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-03.xml b/metadata/glsa/glsa-200904-03.xml
new file mode 100644
index 000000000000..8cc6a2e33e45
--- /dev/null
+++ b/metadata/glsa/glsa-200904-03.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-03">
+  <title>Gnumeric: Untrusted search path</title>
+  <synopsis>
+    An untrusted search path vulnerability in Gnumeric might result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gnumeric</product>
+  <announced>2009-04-03</announced>
+  <revised count="01">2009-04-03</revised>
+  <bug>257012</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-office/gnumeric" auto="yes" arch="*">
+      <unaffected range="ge">1.8.4-r1</unaffected>
+      <vulnerable range="lt">1.8.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Gnumeric spreadsheet is a versatile application developed as part
+    of the GNOME Office project.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Vega reported an untrusted search path vulnerability in the
+    GObject Python interpreter wrapper in Gnumeric.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to run Gnumeric from a directory
+    containing a specially crafted python module, resulting in the
+    execution of arbitrary code with the privileges of the user running
+    Gnumeric.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run "gnumeric" from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Gnumeric users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-office/gnumeric-1.8.4-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0318">CVE-2009-0318</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-04-02T12:39:58Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-02T12:40:05Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-04.xml b/metadata/glsa/glsa-200904-04.xml
new file mode 100644
index 000000000000..872ca9feab6c
--- /dev/null
+++ b/metadata/glsa/glsa-200904-04.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-04">
+  <title>WeeChat: Denial of service</title>
+  <synopsis>
+    A processing error in WeeChat might lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">weechat</product>
+  <announced>2009-04-04</announced>
+  <revised count="01">2009-04-04</revised>
+  <bug>262997</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/weechat" auto="yes" arch="*">
+      <unaffected range="ge">0.2.6.1</unaffected>
+      <vulnerable range="lt">0.2.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wee Enhanced Environment for Chat (WeeChat) is a light and extensible
+    console IRC client.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastien Helleu reported an array out-of-bounds error in the colored
+    message handling.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted PRIVMSG command,
+    possibly leading to a Denial of Service (application crash).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All WeeChat users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/weechat-0.2.6.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0661">CVE-2009-0661</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-04T15:10:01Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-04T15:21:46Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-04T17:18:54Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-05.xml b/metadata/glsa/glsa-200904-05.xml
new file mode 100644
index 000000000000..309667769794
--- /dev/null
+++ b/metadata/glsa/glsa-200904-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-05">
+  <title>ntp: Certificate validation error</title>
+  <synopsis>
+    An error in the OpenSSL certificate chain validation in ntp might allow for
+    spoofing attacks.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2009-04-05</announced>
+  <revised count="01">2009-04-05</revised>
+  <bug>254098</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4_p6</unaffected>
+      <vulnerable range="lt">4.2.4_p6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ntp contains the client and daemon implementations for the Network Time
+    Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    It has been reported that ntp incorrectly checks the return value of
+    the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA
+    200902-02).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability to spoof arbitrary
+    names to conduct Man-In-The-Middle attacks and intercept sensitive
+    information.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ntp users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.4_p6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077">CVE-2008-5077</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021">CVE-2009-0021</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200902-02.xml">GLSA 200902-02</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-03-31T11:41:38Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-31T11:41:46Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-06.xml b/metadata/glsa/glsa-200904-06.xml
new file mode 100644
index 000000000000..1de01cbb364d
--- /dev/null
+++ b/metadata/glsa/glsa-200904-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-06">
+  <title>Eye of GNOME: Untrusted search path</title>
+  <synopsis>
+    An untrusted search path vulnerability in the Eye of GNOME might result in
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">eog</product>
+  <announced>2009-04-06</announced>
+  <revised count="01">2009-04-06</revised>
+  <bug>257002</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-gfx/eog" auto="yes" arch="*">
+      <unaffected range="ge">2.22.3-r3</unaffected>
+      <vulnerable range="lt">2.22.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Eye of GNOME is the official image viewer for the GNOME Desktop
+    environment.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Vega reported an untrusted search path vulnerability in the
+    GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy
+    related to CVE-2008-5983.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to run the Eye of GNOME from a
+    directory containing a specially crafted python module, resulting in
+    the execution of arbitrary code with the privileges of the user running
+    the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run "eog" from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Eye of GNOME users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/eog-2.22.3-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983">CVE-2008-5983</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5987">CVE-2008-5987</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-04-06T11:38:51Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-06T11:40:09Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-07.xml b/metadata/glsa/glsa-200904-07.xml
new file mode 100644
index 000000000000..25a8bd462acd
--- /dev/null
+++ b/metadata/glsa/glsa-200904-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-07">
+  <title>Xpdf: Untrusted search path</title>
+  <synopsis>
+    A vulnerability in Xpdf might allow local attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">xpdf</product>
+  <announced>2009-04-07</announced>
+  <revised count="01">2009-04-07</revised>
+  <bug>242930</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <unaffected range="ge">3.02-r2</unaffected>
+      <vulnerable range="lt">3.02-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Xpdf is a PDF file viewer that runs under the X Window System.
+    </p>
+  </background>
+  <description>
+    <p>
+    Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc"
+    file from the current working directory if it cannot find a ".xpdfrc"
+    file in the user's home directory. This is caused by a missing
+    definition of the SYSTEM_XPDFRC macro when compiling a repackaged
+    version of Xpdf.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to run "xpdf" from a directory
+    containing a specially crafted "xpdfrc" file, resulting in the
+    execution of arbitrary code when attempting to, e.g., print a file.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run Xpdf from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Xpdf users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/xpdf-3.02-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1144">CVE-2009-1144</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-04T12:41:57Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-04T12:52:05Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-04T12:52:11Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-08.xml b/metadata/glsa/glsa-200904-08.xml
new file mode 100644
index 000000000000..fc552913629c
--- /dev/null
+++ b/metadata/glsa/glsa-200904-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-08">
+  <title>OpenSSL: Denial of service</title>
+  <synopsis>
+    An error in OpenSSL might allow for a Denial of Service when printing
+    certificate details.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2009-04-07</announced>
+  <revised count="01">2009-04-07</revised>
+  <bug>263751</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.8k</unaffected>
+      <vulnerable range="lt">0.9.8k</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+    (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+    purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>
+    The ASN1_STRING_print_ex() function does not properly check the
+    provided length of a BMPString or UniversalString, leading to an
+    invalid memory access.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to print a
+    specially crafted certificate, possibly leading to a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8k"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590">CVE-2009-0590</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-04T13:16:21Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-04T13:41:11Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-04T13:41:45Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-09.xml b/metadata/glsa/glsa-200904-09.xml
new file mode 100644
index 000000000000..2561ac28b618
--- /dev/null
+++ b/metadata/glsa/glsa-200904-09.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-09">
+  <title>MIT Kerberos 5: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in MIT Kerberos 5 might allow remote
+    unauthenticated users to execute arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2009-04-08</announced>
+  <revised count="01">2009-04-08</revised>
+  <bug>262736</bug>
+  <bug>263398</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r6</unaffected>
+      <vulnerable range="lt">1.6.3-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    MIT Kerberos 5 is a suite of applications that implement the Kerberos
+    network protocol. kadmind is the MIT Kerberos 5 administration daemon,
+    KDC is the Key Distribution Center.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in MIT Kerberos 5:
+    </p>
+    <ul>
+    <li>A free() call on an uninitialized pointer in the ASN.1 decoder
+    when decoding an invalid encoding (CVE-2009-0846).</li>
+    <li>A buffer
+    overread in the SPNEGO GSS-API application, reported by Apple Product
+    Security (CVE-2009-0844).</li>
+    <li>A NULL pointer dereference in the
+    SPNEGO GSS-API application, reported by Richard Evans
+    (CVE-2009-0845).</li>
+    <li>An incorrect length check inside an ASN.1
+    decoder leading to spurious malloc() failures (CVE-2009-0847).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote unauthenticated attacker could exploit the first vulnerability
+    to cause a Denial of Service or, in unlikely circumstances, execute
+    arbitrary code on the host running krb5kdc or kadmind with root
+    privileges and compromise the Kerberos key database. Exploitation of
+    the other vulnerabilities might lead to a Denial of Service in kadmind,
+    krb5kdc, or other daemons performing authorization against Kerberos
+    that utilize GSS-API or an information disclosure.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All MIT Kerberos 5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.6.3-r6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844">CVE-2009-0844</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845">CVE-2009-0845</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846">CVE-2009-0846</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847">CVE-2009-0847</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-04-08T01:07:26Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-08T18:19:31Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-10.xml b/metadata/glsa/glsa-200904-10.xml
new file mode 100644
index 000000000000..fcb96cd0ec23
--- /dev/null
+++ b/metadata/glsa/glsa-200904-10.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-10">
+  <title>Avahi: Denial of service</title>
+  <synopsis>
+    An error in Avahi might lead to a Denial of Service via network and CPU
+    consumption.
+  </synopsis>
+  <product type="ebuild">avahi</product>
+  <announced>2009-04-08</announced>
+  <revised count="01">2009-04-08</revised>
+  <bug>260971</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/avahi" auto="yes" arch="*">
+      <unaffected range="ge">0.6.24-r2</unaffected>
+      <vulnerable range="lt">0.6.24-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Avahi is a system that facilitates service discovery on a local
+    network.
+    </p>
+  </background>
+  <description>
+    <p>
+    Rob Leslie reported that the
+    originates_from_local_legacy_unicast_socket() function in
+    avahi-core/server.c does not account for the network byte order of a
+    port number when processing incoming multicast packets, leading to a
+    multicast packet storm.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted legacy unicast mDNS
+    query packets to the Avahi daemon, resulting in a Denial of Service due
+    to network bandwidth and CPU consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Avahi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/avahi-0.6.24-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0758">CVE-2009-0758</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-04T13:49:21Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-04T13:56:36Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-04T13:57:02Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-11.xml b/metadata/glsa/glsa-200904-11.xml
new file mode 100644
index 000000000000..4e63c3595cd9
--- /dev/null
+++ b/metadata/glsa/glsa-200904-11.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-11">
+  <title>Tor: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Tor might allow for heap corruption, Denial of
+    Service, escalation of privileges and information disclosure.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2009-04-08</announced>
+  <revised count="01">2009-04-08</revised>
+  <bug>250018</bug>
+  <bug>256078</bug>
+  <bug>258833</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.2.0.34</unaffected>
+      <vulnerable range="lt">0.2.0.34</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tor is an implementation of second generation Onion Routing, a
+    connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <ul>
+    <li>
+    Theo de Raadt reported that the application does not properly drop
+    privileges to the primary groups of the user specified via the "User"
+    configuration option (CVE-2008-5397).
+    </li>
+    <li>
+    rovv reported that the "ClientDNSRejectInternalAddresses" configuration
+    option is not always enforced (CVE-2008-5398).
+    </li>
+    <li>
+    Ilja van Sprundel reported a heap-corruption vulnerability that might
+    be remotely triggerable on some platforms (CVE-2009-0414).
+    </li>
+    <li>
+    It has been reported that incomplete IPv4 addresses are treated as
+    valid, violating the specification (CVE-2009-0939).
+    </li>
+    <li>
+    Three unspecified vulnerabilities have also been reported
+    (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938).
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could escalate privileges by leveraging unintended
+    supplementary group memberships of the Tor process. A remote attacker
+    could exploit these vulnerabilities to cause a heap corruption with
+    unknown impact and attack vectors, to cause a Denial of Service via CPU
+    consuption or daemon crash, and to weaken anonymity provided by the
+    service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tor users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.2.0.34"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397">CVE-2008-5397</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5398">CVE-2008-5398</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0414">CVE-2009-0414</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0936">CVE-2009-0936</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0937">CVE-2009-0937</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0938">CVE-2009-0938</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0939">CVE-2009-0939</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-25T14:41:40Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-02-12T16:48:01Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-02-12T16:48:17Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-12.xml b/metadata/glsa/glsa-200904-12.xml
new file mode 100644
index 000000000000..85d58955ac47
--- /dev/null
+++ b/metadata/glsa/glsa-200904-12.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-12">
+  <title>Wicd: Information disclosure</title>
+  <synopsis>
+    A vulnerability in Wicd may allow for disclosure of sensitive information.
+  </synopsis>
+  <product type="ebuild">wicd</product>
+  <announced>2009-04-10</announced>
+  <revised count="01">2009-04-10</revised>
+  <bug>258596</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/wicd" auto="yes" arch="*">
+      <unaffected range="ge">1.5.9</unaffected>
+      <vulnerable range="lt">1.5.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wicd is an open source wired and wireless network manager for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tiziano Mueller of Gentoo discovered that the DBus configuration file
+    for Wicd allows arbitrary users to own the org.wicd.daemon object.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could exploit this vulnerability to receive messages
+    that were intended for the Wicd daemon, possibly including credentials
+    e.g. for wireless networks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wicd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/wicd-1.5.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0489">CVE-2009-0489</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-08T22:52:50Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-09T11:29:45Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-09T21:59:43Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-13.xml b/metadata/glsa/glsa-200904-13.xml
new file mode 100644
index 000000000000..ae0a94d91eaf
--- /dev/null
+++ b/metadata/glsa/glsa-200904-13.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-13">
+  <title>Ventrilo: Denial of service</title>
+  <synopsis>
+    A vulnerability has been discovered in Ventrilo, allowing for a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">ventrilo-server-bin</product>
+  <announced>2009-04-14</announced>
+  <revised count="01">2009-04-14</revised>
+  <bug>234819</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/ventrilo-server-bin" auto="yes" arch="*">
+      <unaffected range="ge">3.0.3</unaffected>
+      <vulnerable range="lt">3.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ventrilo is a Voice over IP group communication server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Luigi Auriemma reported a NULL pointer dereference in Ventrilo when
+    processing packets with an invalid version number followed by another
+    packet.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted packets to the server,
+    resulting in a crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ventrilo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/ventrilo-server-bin-3.0.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3680">CVE-2008-3680</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-04-14T12:02:23Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-14T12:03:30Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-14.xml b/metadata/glsa/glsa-200904-14.xml
new file mode 100644
index 000000000000..f892497a7dca
--- /dev/null
+++ b/metadata/glsa/glsa-200904-14.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-14">
+  <title>F-PROT Antivirus: Multiple Denial of Service vulnerabilities</title>
+  <synopsis>
+    Multiple errors in F-PROT Antivirus may lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">f-prot</product>
+  <announced>2009-04-14</announced>
+  <revised count="04">2009-04-17</revised>
+  <bug>232665</bug>
+  <bug>253497</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/f-prot" auto="yes" arch="*">
+      <unaffected range="ge">6.0.2</unaffected>
+      <vulnerable range="lt">6.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    F-PROT Antivirus is a multi-platform virus scanner for workstations and
+    mail servers.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found:
+    </p>
+    <ul>
+    <li>Multiple errors when processing UPX, ASPack or Microsoft Office
+    files (CVE-2008-3243).</li>
+    <li>Infinite Sergio Alvarez of n.runs AG reported an invalid memory
+    access when processing a CHM file with a large nb_dir value
+    (CVE-2008-3244).</li>
+    <li>Jonathan Brossard from iViZ Techno Solutions reported that F-PROT
+    Antivirus does not correctly process ELF binaries with corrupted
+    headers (CVE-2008-5747).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to scan a
+    specially crafted file, leading to a crash or infinite loop.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All F-PROT Antivirus users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/f-prot-6.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3243">CVE-2008-3243</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3244">CVE-2008-3244</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5747">CVE-2008-5747</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-08T22:38:56Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-10T21:12:22Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-10T21:13:03Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-15.xml b/metadata/glsa/glsa-200904-15.xml
new file mode 100644
index 000000000000..a596516b9c86
--- /dev/null
+++ b/metadata/glsa/glsa-200904-15.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-15">
+  <title>mpg123: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    An error in mpg123 might allow for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mpg123</product>
+  <announced>2009-04-16</announced>
+  <revised count="01">2009-04-16</revised>
+  <bug>265342</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mpg123" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2</unaffected>
+      <vulnerable range="lt">1.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and
+    3.
+    </p>
+  </background>
+  <description>
+    <p>
+    The vendor reported a signedness error in the store_id3_text() function
+    in id3.c, allowing for out-of-bounds memory access.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open an MPEG-1 Audio Layer 3
+    (MP3) file containing a specially crafted ID3 tag, possibly resulting
+    in the execution of arbitrary code with the privileges of the user
+    running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All mpg123 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/mpg123-1.7.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301">CVE-2009-1301</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-11T20:51:15Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-11T21:15:29Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-16T21:52:59Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-16.xml b/metadata/glsa/glsa-200904-16.xml
new file mode 100644
index 000000000000..271fbdbc74cb
--- /dev/null
+++ b/metadata/glsa/glsa-200904-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-16">
+  <title>libsndfile: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow vulnerability in libsndfile might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libsndfile</product>
+  <announced>2009-04-17</announced>
+  <revised count="01">2009-04-17</revised>
+  <bug>261173</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsndfile" auto="yes" arch="*">
+      <unaffected range="ge">1.0.19</unaffected>
+      <vulnerable range="lt">1.0.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libsndfile is a C library for reading and writing files containing
+    sampled sound.
+    </p>
+  </background>
+  <description>
+    <p>
+    Alin Rad Pop from Secunia Research reported an integer overflow when
+    processing CAF description chunks, leading to a heap-based buffer
+    overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted CAF
+    file, resulting in the remote execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libsndfile users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libsndfile-1.0.19"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0186">CVE-2009-0186</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-15T20:06:42Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-16T18:44:04Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-16T18:44:13Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-17.xml b/metadata/glsa/glsa-200904-17.xml
new file mode 100644
index 000000000000..10bf37865ade
--- /dev/null
+++ b/metadata/glsa/glsa-200904-17.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-17">
+  <title>Adobe Reader: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Adobe Reader is vulnerable to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2009-04-18</announced>
+  <revised count="01">2009-04-18</revised>
+  <bug>259992</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">8.1.4</unaffected>
+      <vulnerable range="lt">8.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
+    reader.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Adobe Reader:
+    </p>
+    <ul>
+    <li>
+    Alin Rad Pop of Secunia Research reported a heap-based buffer overflow
+    when processing PDF files containing a malformed JBIG2 symbol
+    dictionary segment (CVE-2009-0193).
+    </li>
+    <li>
+    A buffer overflow related to a non-JavaScript function call and
+    possibly an embedded JBIG2 image stream has been reported
+    (CVE-2009-0658).
+    </li>
+    <li>
+    Tenable Network Security reported a stack-based buffer overflow that
+    can be triggered via a crafted argument to the getIcon() method of a
+    Collab object (CVE-2009-0927).
+    </li>
+    <li>
+    Sean Larsson of iDefense Labs reported a heap-based buffer overflow
+    when processing a PDF file containing a JBIG2 stream with a size
+    inconsistency related to an unspecified table (CVE-2009-0928).
+    </li>
+    <li>
+    Jonathan Brossard of the iViZ Security Research Team reported an
+    unspecified vulnerability related to JBIG2 and input validation
+    (CVE-2009-1061).
+    </li>
+    <li>
+    Will Dormann of CERT/CC reported a vulnerability lading to memory
+    corruption related to JBIG2 (CVE-2009-1062).
+    </li>
+    </ul> <p>
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted PDF
+    document, possibly leading to the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-8.1.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0193">CVE-2009-0193</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658">CVE-2009-0658</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0927">CVE-2009-0927</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0928">CVE-2009-0928</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1061">CVE-2009-1061</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1062">CVE-2009-1062</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-14T12:25:56Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-16T22:30:05Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-16T22:30:15Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-18.xml b/metadata/glsa/glsa-200904-18.xml
new file mode 100644
index 000000000000..5b506cd40efa
--- /dev/null
+++ b/metadata/glsa/glsa-200904-18.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-18">
+  <title>udev: Multiple vulnerabilities</title>
+  <synopsis>
+    Two errors in udev allow for a local root compromise and a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">udev</product>
+  <announced>2009-04-18</announced>
+  <revised count="01">2009-04-18</revised>
+  <bug>266290</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/udev" auto="yes" arch="*">
+      <unaffected range="ge">124-r2</unaffected>
+      <vulnerable range="lt">124-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    udev is the device manager used in the Linux 2.6 kernel series.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sebastian Krahmer of SUSE discovered the following two vulnerabilities:
+    </p>
+    <ul>
+    <li>udev does not verify the origin of NETLINK messages
+    properly (CVE-2009-1185).</li>
+    <li>A buffer overflow exists in the
+    util_path_encode() function in lib/libudev-util.c (CVE-2009-1186).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could gain root privileges by sending specially
+    crafted NETLINK messages to udev or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All udev users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-fs/udev-124-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185">CVE-2009-1185</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186">CVE-2009-1186</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-16T09:13:51Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-16T09:38:24Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-18T18:32:47Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-19.xml b/metadata/glsa/glsa-200904-19.xml
new file mode 100644
index 000000000000..b051e724a9a6
--- /dev/null
+++ b/metadata/glsa/glsa-200904-19.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-19">
+  <title>LittleCMS: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple errors in LittleCMS allow for attacks including the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">littlecms</product>
+  <announced>2009-04-19</announced>
+  <revised count="01">2009-04-19</revised>
+  <bug>260269</bug>
+  <bug>264604</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/lcms" auto="yes" arch="*">
+      <unaffected range="ge">1.18-r1</unaffected>
+      <vulnerable range="lt">1.18-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LittleCMS, or short lcms, is a color management system for working with
+    ICC profiles. It is used by many applications including GIMP and
+    Firefox.
+    </p>
+  </background>
+  <description>
+    <p>
+    RedHat reported a null-pointer dereference flaw while processing
+    monochrome ICC profiles (CVE-2009-0793).
+    </p>
+    <p>
+    Chris Evans of Google discovered the following vulnerabilities:
+    </p>
+    <ul>
+    <li>LittleCMS contains severe memory leaks (CVE-2009-0581).</li>
+    <li>LittleCMS is prone to multiple integer overflows, leading to a
+    heap-based buffer overflow (CVE-2009-0723).</li>
+    <li>The
+    ReadSetOfCurves() function is vulnerable to stack-based buffer
+    overflows when called from code paths without a bounds check on channel
+    counts (CVE-2009-0733).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to open a
+    specially crafted file containing a malicious ICC profile, possibly
+    resulting in the execution of arbitrary code with the privileges of the
+    user running the application or memory exhaustion, leading to a Denial
+    of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All LittleCMS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/lcms-1.18-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581">CVE-2009-0581</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723">CVE-2009-0723</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733">CVE-2009-0733</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793">CVE-2009-0793</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-12T15:32:46Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-18T22:41:26Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-19T12:36:20Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200904-20.xml b/metadata/glsa/glsa-200904-20.xml
new file mode 100644
index 000000000000..ab15eacdae14
--- /dev/null
+++ b/metadata/glsa/glsa-200904-20.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200904-20">
+  <title>CUPS: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple errors in CUPS might allow for the remote execution of arbitrary
+    code or DNS rebinding attacks.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2009-04-23</announced>
+  <revised count="01">2009-04-23</revised>
+  <bug>263070</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.3.10</unaffected>
+      <vulnerable range="lt">1.3.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CUPS, the Common Unix Printing System, is a full-featured print server.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following issues were reported in CUPS:
+    </p>
+    <ul>
+    <li>iDefense
+    reported an integer overflow in the _cupsImageReadTIFF() function in
+    the "imagetops" filter, leading to a heap-based buffer overflow
+    (CVE-2009-0163).</li>
+    <li>Aaron Siegel of Apple Product Security
+    reported that the CUPS web interface does not verify the content of the
+    "Host" HTTP header properly (CVE-2009-0164).</li>
+    <li>Braden Thomas and
+    Drew Yao of Apple Product Security reported that CUPS is vulnerable to
+    CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf
+    and poppler.</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might send or entice a user to send a specially
+    crafted print job to CUPS, possibly resulting in the execution of
+    arbitrary code with the privileges of the configured CUPS user -- by
+    default this is "lp", or a Denial of Service. Furthermore, the web
+    interface could be used to conduct DNS rebinding attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CUPS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.3.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146">CVE-2009-0146</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147">CVE-2009-0147</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163">CVE-2009-0163</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164">CVE-2009-0164</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166">CVE-2009-0166</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-20T08:43:52Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-20T11:20:52Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-21T19:42:53Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-01.xml b/metadata/glsa/glsa-200905-01.xml
new file mode 100644
index 000000000000..99f7b8099d91
--- /dev/null
+++ b/metadata/glsa/glsa-200905-01.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-01">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in Asterisk allowing for Denial of
+    Service and username disclosure.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2009-05-02</announced>
+  <revised count="01">2009-05-02</revised>
+  <bug>218966</bug>
+  <bug>224835</bug>
+  <bug>232696</bug>
+  <bug>232698</bug>
+  <bug>237476</bug>
+  <bug>250748</bug>
+  <bug>254304</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.32</unaffected>
+      <vulnerable range="lt">1.2.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Asterisk is an open source telephony engine and toolkit.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in the IAX2 channel
+    driver when performing the 3-way handshake (CVE-2008-1897), when
+    handling a large number of POKE requests (CVE-2008-3263), when handling
+    authentication attempts (CVE-2008-5558) and when handling firmware
+    download (FWDOWNL) requests (CVE-2008-3264). Asterisk does also not
+    correctly handle SIP INVITE messages that lack a "From" header
+    (CVE-2008-2119), and responds differently to a failed login attempt
+    depending on whether the user account exists (CVE-2008-3903,
+    CVE-2009-0041).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote unauthenticated attackers could send specially crafted data to
+    Asterisk, possibly resulting in a Denial of Service via a daemon crash,
+    call-number exhaustion, CPU or traffic consumption. Remote
+    unauthenticated attackers could furthermore enumerate valid usernames
+    to facilitate brute force login attempts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Asterisk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.2.32"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897">CVE-2008-1897</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2119">CVE-2008-2119</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3263">CVE-2008-3263</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3264">CVE-2008-3264</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903">CVE-2008-3903</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5558">CVE-2008-5558</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041">CVE-2009-0041</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-04-02T12:17:04Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-04-02T12:31:27Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-04-02T12:32:59Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-02.xml b/metadata/glsa/glsa-200905-02.xml
new file mode 100644
index 000000000000..08753e4d1a99
--- /dev/null
+++ b/metadata/glsa/glsa-200905-02.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-02">
+  <title>Cscope: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities in Cscope might allow for the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">cscope</product>
+  <announced>2009-05-24</announced>
+  <revised count="01">2009-05-24</revised>
+  <bug>263023</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/cscope" auto="yes" arch="*">
+      <unaffected range="ge">15.7a</unaffected>
+      <vulnerable range="lt">15.7a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cscope is a developer's tool for browsing source code.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Peach of Apple discovered a stack-based buffer overflow in
+    cscope's handling of long file system paths (CVE-2009-0148). Multiple
+    stack-based buffer overflows were reported in the putstring function
+    when processing an overly long function name or symbol in a source code
+    file (CVE-2009-1577).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    source file, possibly resulting in the remote execution of arbitrary
+    code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cscope users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/cscope-15.7a"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0148">CVE-2009-0148</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1577">CVE-2009-1577</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-05-03T18:51:15Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-05-04T12:25:17Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-05-04T12:25:25Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-03.xml b/metadata/glsa/glsa-200905-03.xml
new file mode 100644
index 000000000000..df09584c4182
--- /dev/null
+++ b/metadata/glsa/glsa-200905-03.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-03">
+  <title>IPSec Tools: Denial of service</title>
+  <synopsis>
+    Multiple errors in the IPSec Tools racoon daemon might allow remote
+    attackers to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">ipsec-tools</product>
+  <announced>2009-05-24</announced>
+  <revised count="01">2009-05-24</revised>
+  <bug>267135</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-firewall/ipsec-tools" auto="yes" arch="*">
+      <unaffected range="ge">0.7.2</unaffected>
+      <vulnerable range="lt">0.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6
+    IPsec implementation. They include racoon, an Internet Key Exchange
+    daemon for automatically keying IPsec connections.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities have been found in the racoon daemon as
+    shipped with IPSec Tools:
+    </p>
+    <ul>
+    <li>Neil Kettle reported that
+    racoon/isakmp_frag.c is prone to a null-pointer dereference
+    (CVE-2009-1574).</li>
+    <li>Multiple memory leaks exist in (1) the
+    eay_check_x509sign() function in racoon/crypto_openssl.c and (2)
+    racoon/nattraversal.c (CVE-2009-1632).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted fragmented ISAKMP
+    packets without a payload or exploit vectors related to X.509
+    certificate authentication and NAT traversal, possibly resulting in a
+    crash of the racoon daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IPSec Tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-firewall/ipsec-tools-0.7.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574">CVE-2009-1574</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632">CVE-2009-1632</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-05-06T21:47:03Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-05-07T10:56:09Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-05-23T07:52:41Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-04.xml b/metadata/glsa/glsa-200905-04.xml
new file mode 100644
index 000000000000..b09ffd549df6
--- /dev/null
+++ b/metadata/glsa/glsa-200905-04.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-04">
+  <title>GnuTLS: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in GnuTLS might result in a Denial of Service,
+    spoofing or the generation of invalid keys.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2009-05-24</announced>
+  <revised count="01">2009-05-24</revised>
+  <bug>267774</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">2.6.6</unaffected>
+      <vulnerable range="lt">2.6.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0
+    protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found in GnuTLS:
+    </p>
+    <ul>
+    <li>Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not
+    properly handle corrupt DSA signatures, possibly leading to a
+    double-free vulnerability (CVE-2009-1415).</li>
+    <li>Simon Josefsson
+    reported that GnuTLS generates RSA keys stored in DSA structures when
+    creating a DSA key (CVE-2009-1416).</li>
+    <li>Romain Francoise reported
+    that the _gnutls_x509_verify_certificate() function in
+    lib/x509/verify.c does not perform time checks, resulting in the
+    "gnutls-cli" program accepting X.509 certificates with validity times
+    in the past or future (CVE-2009-1417).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to process a
+    specially crafted DSA certificate, possibly resulting in a Denial of
+    Service condition. NOTE: This issue might have other unspecified impact
+    including the execution of arbitrary code. Furthermore, a remote
+    attacker could spoof signatures on certificates and the "gnutls-cli"
+    application can be tricked into accepting an invalid certificate.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GnuTLS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-2.6.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415">CVE-2009-1415</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416">CVE-2009-1416</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417">CVE-2009-1417</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-05-06T18:48:21Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-05-07T11:40:21Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-05-24T11:17:39Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-05.xml b/metadata/glsa/glsa-200905-05.xml
new file mode 100644
index 000000000000..d768e100c1fb
--- /dev/null
+++ b/metadata/glsa/glsa-200905-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-05">
+  <title>FreeType: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple integer overflows in FreeType might allow for the remote execution
+    of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2009-05-24</announced>
+  <revised count="02">2009-05-25</revised>
+  <bug>263032</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.3.9-r1</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.3.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeType is a high-quality and portable font engine.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy reported multiple integer overflows in the
+    cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and
+    the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly
+    leading to heap or stack-based buffer overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to open a
+    specially crafted font file, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running the application,
+    or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeType users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.3.9-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946">CVE-2009-0946</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-05-06T18:49:58Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-05-07T11:07:09Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-05-24T13:55:28Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-06.xml b/metadata/glsa/glsa-200905-06.xml
new file mode 100644
index 000000000000..714676172cbe
--- /dev/null
+++ b/metadata/glsa/glsa-200905-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-06">
+  <title>acpid: Denial of service</title>
+  <synopsis>
+    An error in acpid might allow remote attackers to cause a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">acpid</product>
+  <announced>2009-05-24</announced>
+  <revised count="01">2009-05-24</revised>
+  <bug>268079</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-power/acpid" auto="yes" arch="*">
+      <unaffected range="ge">1.0.10</unaffected>
+      <vulnerable range="lt">1.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    acpid is a daemon for the Advanced Configuration and Power Interface
+    (ACPI).
+    </p>
+  </background>
+  <description>
+    <p>
+    The acpid daemon allows opening a large number of UNIX sockets without
+    closing them, triggering an infinite loop.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Remote attackers can cause a Denial of Service (CPU consumption and
+    connectivity loss).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All acpid users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-power/acpid-1.0.10"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0798">CVE-2009-0798</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-05-24T00:11:41Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-05-24T00:29:02Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-05-24T18:05:05Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-07.xml b/metadata/glsa/glsa-200905-07.xml
new file mode 100644
index 000000000000..60c03b904896
--- /dev/null
+++ b/metadata/glsa/glsa-200905-07.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-07">
+  <title>Pidgin: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Pidgin might allow for the remote execution of
+    arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">pidgin</product>
+  <announced>2009-05-25</announced>
+  <revised count="01">2009-05-25</revised>
+  <bug>270811</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/pidgin" auto="yes" arch="*">
+      <unaffected range="ge">2.5.6</unaffected>
+      <vulnerable range="lt">2.5.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pidgin (formerly Gaim) is an instant messaging client for a variety of
+    instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Pidgin:
+    </p>
+    <ul>
+    <li>Veracode reported a boundary error in the "XMPP SOCKS5 bytestream
+    server" when initiating an outgoing file transfer (CVE-2009-1373).</li>
+    <li>Ka-Hing Cheung reported a heap corruption flaw in the QQ protocol
+    handler (CVE-2009-1374).</li>
+    <li>A memory corruption flaw in
+    "PurpleCircBuffer" was disclosed by Josef Andrysek
+    (CVE-2009-1375).</li>
+    <li>The previous fix for CVE-2008-2927 contains a
+    cast from uint64 to size_t, possibly leading to an integer overflow
+    (CVE-2009-1376, GLSA 200901-13).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted messages or files using
+    the MSN, XMPP or QQ protocols, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running the application,
+    or a Denial of Service. NOTE: Successful exploitation might require the
+    victim's interaction.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pidgin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.5.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373">CVE-2009-1373</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374">CVE-2009-1374</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375">CVE-2009-1375</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376">CVE-2009-1376</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200901-13.xml">GLSA 200901-13</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-05-25T17:46:41Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-05-25T17:46:49Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-08.xml b/metadata/glsa/glsa-200905-08.xml
new file mode 100644
index 000000000000..fbf716ccd539
--- /dev/null
+++ b/metadata/glsa/glsa-200905-08.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-08">
+  <title>NTP: Remote execution of arbitrary code</title>
+  <synopsis>
+    Multiple errors in the NTP client and server programs might allow for the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2009-05-26</announced>
+  <revised count="01">2009-05-26</revised>
+  <bug>263033</bug>
+  <bug>268962</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4_p7</unaffected>
+      <vulnerable range="lt">4.2.4_p7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NTP contains the client and daemon implementations for the Network Time
+    Protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been found in the programs included in
+    the NTP package:
+    </p>
+    <ul>
+    <li>Apple Product Security reported a
+    boundary error in the cookedprint() function in ntpq/ntpq.c, possibly
+    leading to a stack-based buffer overflow (CVE-2009-0159).</li>
+    <li>Chris Ries of CMU reported a boundary error within the
+    crypto_recv() function in ntpd/ntp_crypto.c, possibly leading to a
+    stack-based buffer overflow (CVE-2009-1252).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker might send a specially crafted package to a machine
+    running ntpd, possibly resulting in the remote execution of arbitrary
+    code with the privileges of the user running the daemon, or a Denial of
+    Service. NOTE: Successful exploitation requires the "autokey" feature
+    to be enabled. This feature is only available if NTP was built with the
+    'ssl' USE flag.
+    </p>
+    <p>
+    Furthermore, a remote attacker could entice a user into connecting to a
+    malicious server using ntpq, possibly resulting in the remote execution
+    of arbitrary code with the privileges of the user running the
+    application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You can protect against CVE-2009-1252 by disabling the 'ssl' USE flag
+    and recompiling NTP.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NTP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.4_p7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159">CVE-2009-0159</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252">CVE-2009-1252</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-05-25T17:26:27Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-05-25T17:27:05Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200905-09.xml b/metadata/glsa/glsa-200905-09.xml
new file mode 100644
index 000000000000..d93563174531
--- /dev/null
+++ b/metadata/glsa/glsa-200905-09.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200905-09">
+  <title>libsndfile: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple heap-based buffer overflow vulnerabilities in libsndfile might
+    allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libsndfile</product>
+  <announced>2009-05-27</announced>
+  <revised count="01">2009-05-27</revised>
+  <bug>269863</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsndfile" auto="yes" arch="*">
+      <unaffected range="ge">1.0.20</unaffected>
+      <vulnerable range="lt">1.0.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libsndfile is a C library for reading and writing files containing
+    sampled sound.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities have been found in libsndfile:
+    </p>
+    <ul>
+    <li>Tobias Klein reported that the header_read() function in
+    src/common.c uses user input for calculating a buffer size, possibly
+    leading to a heap-based buffer overflow (CVE-2009-1788).</li>
+    <li>The
+    vendor reported a boundary error in the aiff_read_header() function in
+    src/aiff.c, possibly leading to a heap-based buffer overflow
+    (CVE-2009-1791).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted AIFF
+    or VOC file in a program using libsndfile, possibly resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libsndfile users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libsndfile-1.0.20"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1788">CVE-2009-1788</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1791">CVE-2009-1791</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-05-22T17:42:40Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-05-25T09:17:01Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-05-25T11:57:08Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200906-01.xml b/metadata/glsa/glsa-200906-01.xml
new file mode 100644
index 000000000000..c033355927d9
--- /dev/null
+++ b/metadata/glsa/glsa-200906-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200906-01">
+  <title>libpng: Information disclosure</title>
+  <synopsis>
+    A vulnerability has been discovered in libpng that allows for information
+    disclosure.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2009-06-27</announced>
+  <revised count="01">2009-06-27</revised>
+  <bug>272970</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.2.37</unaffected>
+      <vulnerable range="lt">1.2.37</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libpng is the official PNG reference library used to read, write and
+    manipulate PNG images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Jeff Phillips discovered that libpng does not properly parse 1-bit
+    interlaced images with width values that are not divisible by 8, which
+    causes libpng to include uninitialized bits in certain rows of a PNG
+    file.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker might entice a user to open a specially crafted PNG
+    file, possibly resulting in the disclosure of sensitive memory
+    portions.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libpng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.37"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042">CVE-2009-2042</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-21T18:15:41Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-06-21T18:23:22Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-06-27T23:12:55Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200906-02.xml b/metadata/glsa/glsa-200906-02.xml
new file mode 100644
index 000000000000..257a1415bd69
--- /dev/null
+++ b/metadata/glsa/glsa-200906-02.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200906-02">
+  <title>Ruby: Denial of service</title>
+  <synopsis>
+    A flaw in the Ruby standard library might allow remote attackers to cause a
+    Denial of Service attack.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2009-06-28</announced>
+  <revised count="01">2009-06-28</revised>
+  <bug>273213</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">1.8.6_p369</unaffected>
+      <vulnerable range="lt">1.8.6_p369</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is an interpreted object-oriented programming language. The
+    elaborate standard library includes the "BigDecimal" class.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tadayoshi Funaba reported that BigDecimal in
+    ext/bigdecimal/bigdecimal.c does not properly handle string arguments
+    containing overly long numbers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this issue to remotely cause a Denial
+    of Service attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.6_p369"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904">CVE-2009-1904</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-06-21T14:29:50Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-06-28T21:32:27Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200906-03.xml b/metadata/glsa/glsa-200906-03.xml
new file mode 100644
index 000000000000..e7a151a98018
--- /dev/null
+++ b/metadata/glsa/glsa-200906-03.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200906-03">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple errors in phpMyAdmin might allow the remote execution of arbitrary
+    code or a Cross-Site Scripting attack.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2009-06-29</announced>
+  <revised count="01">2009-06-29</revised>
+  <bug>263711</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.11.9.5</unaffected>
+      <vulnerable range="lt">2.11.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    phpMyAdmin is a web-based management tool for MySQL databases.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in phpMyAdmin:
+    </p>
+    <ul>
+    <li>Greg Ose discovered that the setup script does not sanitize input
+    properly, leading to the injection of arbitrary PHP code into the
+    configuration file (CVE-2009-1151).</li>
+    <li>Manuel Lopez Gallego and
+    Santiago Rodriguez Collazo reported that data from cookies used in the
+    "Export" page is not properly sanitized (CVE-2009-1150).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote unauthorized attacker could exploit the first vulnerability to
+    execute arbitrary code with the privileges of the user running
+    phpMyAdmin and conduct Cross-Site Scripting attacks using the second
+    vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Removing the "scripts/setup.php" file protects you from CVE-2009-1151.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All phpMyAdmin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-2.11.9.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150">CVE-2009-1150</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151">CVE-2009-1151</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-06-27T20:32:40Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-06-29T22:35:56Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200906-04.xml b/metadata/glsa/glsa-200906-04.xml
new file mode 100644
index 000000000000..8597aa633fbf
--- /dev/null
+++ b/metadata/glsa/glsa-200906-04.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200906-04">
+  <title>Apache Tomcat JK Connector: Information disclosure</title>
+  <synopsis>
+    An error in the Apache Tomcat JK Connector might allow for an information
+    disclosure flaw.
+  </synopsis>
+  <product type="ebuild">mod_jk</product>
+  <announced>2009-06-29</announced>
+  <revised count="01">2009-06-29</revised>
+  <bug>265455</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_jk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.27</unaffected>
+      <vulnerable range="lt">1.2.27</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache Tomcat JK Connector (aka mod_jk) connects the Tomcat
+    application server with the Apache HTTP Server.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Red Hat Security Response Team discovered that mod_jk does not
+    properly handle (1) requests setting the "Content-Length" header while
+    not providing data and (2) clients sending repeated requests very
+    quickly.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A remote attacker could send specially crafted requests or a large
+    number of requests at a time, possibly resulting in the disclosure of a
+    response intended for another client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache Tomcat JK Connector users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_jk-1.2.27"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519">CVE-2008-5519</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-24T16:46:40Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-06-28T12:27:09Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-06-29T22:42:43Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200906-05.xml b/metadata/glsa/glsa-200906-05.xml
new file mode 100644
index 000000000000..c2ea511bb932
--- /dev/null
+++ b/metadata/glsa/glsa-200906-05.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200906-05">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Wireshark which allow for
+    Denial of Service or remote code execution.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2009-06-30</announced>
+  <revised count="02">2009-06-30</revised>
+  <bug>242996</bug>
+  <bug>248425</bug>
+  <bug>258013</bug>
+  <bug>264571</bug>
+  <bug>271062</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8</unaffected>
+      <vulnerable range="lt">1.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a versatile network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Wireshark:
+    </p>
+    <ul>
+    <li>
+    David Maciejak discovered a vulnerability in packet-usb.c in the USB
+    dissector via a malformed USB Request Block (URB) (CVE-2008-4680).
+    </li>
+    <li>
+    Florent Drouin and David Maciejak reported an unspecified vulnerability
+    in the Bluetooth RFCOMM dissector (CVE-2008-4681).
+    </li>
+    <li>
+    A malformed Tamos CommView capture file (aka .ncf file) with an
+    "unknown/unexpected packet type" triggers a failed assertion in wtap.c
+    (CVE-2008-4682).
+    </li>
+    <li>
+    An unchecked packet length parameter in the dissect_btacl() function in
+    packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous
+    tvb_memcpy() call (CVE-2008-4683).
+    </li>
+    <li>
+    A vulnerability where packet-frame does not properly handle exceptions
+    thrown by post dissectors caused by a certain series of packets
+    (CVE-2008-4684).
+    </li>
+    <li>
+    Mike Davies reported a use-after-free vulnerability in the
+    dissect_q931_cause_ie() function in packet-q931.c in the Q.931
+    dissector via certain packets that trigger an exception
+    (CVE-2008-4685).
+    </li>
+    <li>
+    The Security Vulnerability Research Team of Bkis reported that the SMTP
+    dissector could consume excessive amounts of CPU and memory
+    (CVE-2008-5285).
+    </li>
+    <li>
+    The vendor reported that the WLCCP dissector could go into an infinite
+    loop (CVE-2008-6472).
+    </li>
+    <li>
+    babi discovered a buffer overflow in wiretap/netscreen.c via a
+    malformed NetScreen snoop file (CVE-2009-0599).
+    </li>
+    <li>
+    A specially crafted Tektronix K12 text capture file can cause an
+    application crash (CVE-2009-0600).
+    </li>
+    <li>
+    A format string vulnerability via format string specifiers in the HOME
+    environment variable (CVE-2009-0601).
+    </li>
+    <li>THCX Labs reported a format string vulnerability in the
+    PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string
+    specifiers in the station name (CVE-2009-1210).
+    </li>
+    <li>An unspecified vulnerability with unknown impact and attack vectors
+    (CVE-2009-1266).
+    </li>
+    <li>
+    Marty Adkins and Chris Maynard discovered a parsing error in the
+    dissector for the Check Point High-Availability Protocol (CPHAP)
+    (CVE-2009-1268).
+    </li>
+    <li>
+    Magnus Homann discovered a parsing error when loading a Tektronix .rf5
+    file (CVE-2009-1269).
+    </li>
+    <li>The vendor reported that the PCNFSD dissector could crash
+    (CVE-2009-1829).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending
+    specially crafted packets on a network being monitored by Wireshark or
+    by enticing a user to read a malformed packet trace file which can
+    trigger a Denial of Service (application crash or excessive CPU and
+    memory usage) and possibly allow for the execution of arbitrary code
+    with the privileges of the user running Wireshark.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.0.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680">CVE-2008-4680</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681">CVE-2008-4681</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682">CVE-2008-4682</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683">CVE-2008-4683</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684">CVE-2008-4684</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685">CVE-2008-4685</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285">CVE-2008-5285</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472">CVE-2008-6472</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599">CVE-2009-0599</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600">CVE-2009-0600</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601">CVE-2009-0601</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210">CVE-2009-1210</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266">CVE-2009-1266</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268">CVE-2009-1268</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269">CVE-2009-1269</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829">CVE-2009-1829</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-05-22T11:33:22Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-06-29T22:09:27Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-01.xml b/metadata/glsa/glsa-200907-01.xml
new file mode 100644
index 000000000000..44fde5df3d9c
--- /dev/null
+++ b/metadata/glsa/glsa-200907-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-01">
+  <title>libwmf: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    libwmf bundles an old GD version which contains a "use-after-free"
+    vulnerability.
+  </synopsis>
+  <product type="ebuild">libwmf</product>
+  <announced>2009-07-02</announced>
+  <revised count="01">2009-07-02</revised>
+  <bug>268161</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libwmf" auto="yes" arch="*">
+      <unaffected range="ge">0.2.8.4-r3</unaffected>
+      <vulnerable range="lt">0.2.8.4-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libwmf is a library for converting WMF files.
+    </p>
+  </background>
+  <description>
+    <p>
+    The embedded fork of the GD library introduced a "use-after-free"
+    vulnerability in a modification which is specific to libwmf.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted WMF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libwmf users should upgrade to the latest version which no longer
+    builds the GD library:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libwmf-0.2.8.4-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364">CVE-2009-1364</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-05-22T17:28:39Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-05-24T00:52:28Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-06-29T22:09:20Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-02.xml b/metadata/glsa/glsa-200907-02.xml
new file mode 100644
index 000000000000..beec6bcaba1b
--- /dev/null
+++ b/metadata/glsa/glsa-200907-02.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-02">
+  <title>ModSecurity: Denial of service</title>
+  <synopsis>
+    Two vulnerabilities in ModSecurity might lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">mod_security</product>
+  <announced>2009-07-02</announced>
+  <revised count="01">2009-07-02</revised>
+  <bug>262302</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_security" auto="yes" arch="*">
+      <unaffected range="ge">2.5.9</unaffected>
+      <vulnerable range="lt">2.5.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ModSecurity is a popular web application firewall for the Apache HTTP
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in ModSecurity:
+    </p>
+    <ul>
+    <li>Juan Galiana Lara of ISecAuditors discovered a NULL pointer
+    dereference when processing multipart requests without a part header
+    name (CVE-2009-1902).</li>
+    <li>Steve Grubb of Red Hat reported that the
+    "PDF XSS protection" feature does not properly handle HTTP requests to
+    a PDF file that do not use the GET method (CVE-2009-1903).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might send requests containing specially crafted
+    multipart data or send certain requests to access a PDF file, possibly
+    resulting in a Denial of Service (crash) of the Apache HTTP daemon.
+    NOTE: The PDF XSS protection is not enabled by default.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ModSecurity users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_security-2.5.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902">CVE-2009-1902</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1903">CVE-2009-1903</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-12T22:17:27Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-06-27T20:29:14Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-02T11:54:37Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-03.xml b/metadata/glsa/glsa-200907-03.xml
new file mode 100644
index 000000000000..f1b91acb9e73
--- /dev/null
+++ b/metadata/glsa/glsa-200907-03.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-03">
+  <title>APR Utility Library: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the Apache Portable Runtime Utility Library
+    might enable remote attackers to cause a Denial of Service or disclose
+    sensitive information.
+  </synopsis>
+  <product type="ebuild">apr-util</product>
+  <announced>2009-07-04</announced>
+  <revised count="01">2009-07-04</revised>
+  <bug>268643</bug>
+  <bug>272260</bug>
+  <bug>274193</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/apr-util" auto="yes" arch="*">
+      <unaffected range="ge">1.3.7</unaffected>
+      <vulnerable range="lt">1.3.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache Portable Runtime Utility Library (aka apr-util) provides an
+    interface to functionality such as XML parsing, string matching and
+    databases connections.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in the APR Utility
+    Library:
+    </p>
+    <ul>
+    <li>Matthew Palmer reported a heap-based buffer
+    underflow while compiling search patterns in the
+    apr_strmatch_precompile() function in strmatch/apr_strmatch.c
+    (CVE-2009-0023).</li>
+    <li>kcope reported that the expat XML parser in
+    xml/apr_xml.c does not limit the amount of XML entities expanded
+    recursively (CVE-2009-1955).</li>
+    <li>C. Michael Pilato reported an
+    off-by-one error in the apr_brigade_vprintf() function in
+    buckets/apr_brigade.c (CVE-2009-1956).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities to cause a Denial
+    of Service (crash or memory exhaustion) via an Apache HTTP server
+    running mod_dav or mod_dav_svn, or using several configuration files.
+    Additionally, a remote attacker could disclose sensitive information or
+    cause a Denial of Service by sending a specially crafted input. NOTE:
+    Only big-endian architectures such as PPC and HPPA are affected by the
+    latter flaw.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache Portable Runtime Utility Library users should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/apr-util-1.3.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023">CVE-2009-0023</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955">CVE-2009-1955</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956">CVE-2009-1956</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-26T08:48:34Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-06-28T12:16:58Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-04T07:45:32Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-04.xml b/metadata/glsa/glsa-200907-04.xml
new file mode 100644
index 000000000000..0dc903f4a477
--- /dev/null
+++ b/metadata/glsa/glsa-200907-04.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-04">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the Apache HTTP daemon allow for local
+    privilege escalation, information disclosure or Denial of Service attacks.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2009-07-12</announced>
+  <revised count="01">2009-07-12</revised>
+  <bug>268154</bug>
+  <bug>271470</bug>
+  <bug>276426</bug>
+  <bug>276792</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.2.11-r2</unaffected>
+      <vulnerable range="lt">2.2.11-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache HTTP server is one of the most popular web servers on the
+    Internet.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in the Apache HTTP
+    server:
+    </p>
+    <ul>
+    <li>Jonathan Peatfield reported that the
+    "Options=IncludesNoEXEC" argument to the "AllowOverride" directive is
+    not processed properly (CVE-2009-1195).</li>
+    <li>Sander de Boer
+    discovered that the AJP proxy module (mod_proxy_ajp) does not correctly
+    handle POST requests that do not contain a request body
+    (CVE-2009-1191).</li>
+    <li>The vendor reported that the HTTP proxy
+    module (mod_proxy_http), when being used as a reverse proxy, does not
+    properly handle requests containing more data as stated in the
+    "Content-Length" header (CVE-2009-1890).</li>
+    <li>Francois Guerraz
+    discovered that mod_deflate does not abort the compression of large
+    files even when the requesting connection is closed prematurely
+    (CVE-2009-1891).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could circumvent restrictions put up by the server
+    administrator and execute arbitrary commands with the privileges of the
+    user running the Apache server. A remote attacker could send multiple
+    requests to a server with the AJP proxy module, possibly resulting in
+    the disclosure of a request intended for another client, or cause a
+    Denial of Service by sending specially crafted requests to servers
+    running mod_proxy_http or mod_deflate.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Remove "include", "proxy_ajp", "proxy_http" and "deflate" from
+    APACHE2_MODULES in make.conf and rebuild Apache, or disable the
+    aforementioned modules in the Apache configuration.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.11-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195">CVE-2009-1195</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191">CVE-2009-1191</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890">CVE-2009-1890</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891">CVE-2009-1891</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-11T20:22:24Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-11T21:34:40Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-12T15:17:06Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-05.xml b/metadata/glsa/glsa-200907-05.xml
new file mode 100644
index 000000000000..d506ec04c3a6
--- /dev/null
+++ b/metadata/glsa/glsa-200907-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-05">
+  <title>git: git-daemon Denial of service</title>
+  <synopsis>
+    An error in git-daemon might lead to a Denial of Service via resource
+    consumption.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2009-07-12</announced>
+  <revised count="01">2009-07-12</revised>
+  <bug>273905</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/git" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3.3</unaffected>
+      <vulnerable range="lt">1.6.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    git - the stupid content tracker, the revision control system used by
+    the Linux kernel team.
+    </p>
+  </background>
+  <description>
+    <p>
+    Shawn O. Pearce reported that git-daemon runs into an infinite loop
+    when handling requests that contain unrecognized arguments.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote unauthenticated attacker could send a specially crafted
+    request to git-daemon, possibly leading to a Denial of Service (CPU
+    consumption).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All git users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/git-1.6.3.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2108">CVE-2009-2108</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T18:02:51Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-11T00:41:19Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-11T00:41:24Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-06.xml b/metadata/glsa/glsa-200907-06.xml
new file mode 100644
index 000000000000..b6152304eda3
--- /dev/null
+++ b/metadata/glsa/glsa-200907-06.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-06">
+  <title>Adobe Reader: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Adobe Reader is vulnerable to remote code execution via crafted PDF files.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2009-07-12</announced>
+  <revised count="01">2009-07-12</revised>
+  <bug>267846</bug>
+  <bug>273908</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">8.1.6</unaffected>
+      <vulnerable range="lt">8.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Reader is a PDF reader released by Adobe.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in Adobe Reader:
+    </p>
+    <ul>
+    <li>Alin Rad Pop of Secunia Research reported a heap-based buffer
+    overflow in the JBIG2 filter (CVE-2009-0198).
+    </li>
+    <li>Mark Dowd of the IBM Internet Security Systems X-Force and
+    Nicolas Joly of VUPEN Security reported multiple heap-based buffer
+    overflows in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510,
+    CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889)
+    </li>
+    <li>Arr1val reported that multiple methods in the JavaScript API
+    might lead to memory corruption when called with crafted arguments
+    (CVE-2009-1492, CVE-2009-1493).
+    </li>
+    <li>
+    An anonymous researcher reported a stack-based buffer overflow related
+    to U3D model files with a crafted extension block (CVE-2009-1855).
+    </li>
+    <li>
+    Jun Mao and Ryan Smith of iDefense Labs reported an integer overflow
+    related to the FlateDecode filter, which triggers a heap-based buffer
+    overflow (CVE-2009-1856).
+    </li>
+    <li>
+    Haifei Li of Fortinet's FortiGuard Global Security Research Team
+    reported a memory corruption vulnerability related to TrueType fonts
+    (CVE-2009-1857).
+    </li>
+    <li>
+    The Apple Product Security Team reported a memory corruption
+    vulnerability in the JBIG2 filter (CVE-2009-1858).
+    </li>
+    <li>
+    Matthew Watchinski of Sourcefire VRT reported an unspecified memory
+    corruption (CVE-2009-1859).
+    </li>
+    <li>
+    Will Dormann of CERT reported multiple heap-based buffer overflows when
+    processing JPX (aka JPEG2000) stream that trigger heap memory
+    corruption (CVE-2009-1861).
+    </li>
+    <li>
+    Multiple unspecified vulnerabilities have been discovered
+    (CVE-2009-2028).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    document, possibly resulting in the execution of arbitrary code with
+    the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-8.1.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0198">CVE-2009-0198</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0509">CVE-2009-0509</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0510">CVE-2009-0510</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0511">CVE-2009-0511</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0512">CVE-2009-0512</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0888">CVE-2009-0888</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0889">CVE-2009-0889</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492">CVE-2009-1492</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493">CVE-2009-1493</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1855">CVE-2009-1855</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1856">CVE-2009-1856</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1857">CVE-2009-1857</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1858">CVE-2009-1858</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1859">CVE-2009-1859</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1861">CVE-2009-1861</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2028">CVE-2009-2028</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-21T19:11:36Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-09T17:45:58Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-09T17:47:39Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-07.xml b/metadata/glsa/glsa-200907-07.xml
new file mode 100644
index 000000000000..da66bbc8e065
--- /dev/null
+++ b/metadata/glsa/glsa-200907-07.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-07">
+  <title>ModPlug: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    ModPlug contains several buffer overflows that could lead to the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libmodplug gst-plugins-bad</product>
+  <announced>2009-07-12</announced>
+  <revised count="01">2009-07-12</revised>
+  <bug>266913</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libmodplug" auto="yes" arch="*">
+      <unaffected range="ge">0.8.7</unaffected>
+      <vulnerable range="lt">0.8.7</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-bad" auto="yes" arch="*">
+      <unaffected range="ge">0.10.11</unaffected>
+      <vulnerable range="lt">0.10.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ModPlug is a library for playing MOD-like music.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two vulnerabilities have been reported in ModPlug:
+    </p>
+    <ul>
+    <li>
+    dummy reported an integer overflow in the CSoundFile::ReadMed()
+    function when processing a MED file with a crafted song comment or song
+    name, which triggers a heap-based buffer overflow (CVE-2009-1438).
+    </li>
+    <li>
+    Manfred Tremmel and Stanislav Brabec reported a buffer overflow in the
+    PATinst() function when processing a long instrument name
+    (CVE-2009-1513).
+    </li>
+    </ul> <p>
+    The GStreamer Bad plug-ins (gst-plugins-bad) before 0.10.11 built a
+    vulnerable copy of ModPlug.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to read specially crafted files,
+    possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ModPlug users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libmodplug-0.8.7"</code>
+    <p>
+    gst-plugins-bad 0.10.11 and later versions do not include the ModPlug
+    plug-in (it has been moved to media-plugins/gst-plugins-modplug). All
+    gst-plugins-bad users should upgrade to the latest version and install
+    media-plugins/gst-plugins-modplug:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/gst-plugins-bad-0.10.11"
+    # emerge --ask --verbose "media-plugins/gst-plugins-modplug"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1438">CVE-2009-1438</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1513">CVE-2009-1513</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T13:45:14Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-11T01:50:33Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-11T01:50:38Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-08.xml b/metadata/glsa/glsa-200907-08.xml
new file mode 100644
index 000000000000..0bbc66b42ed7
--- /dev/null
+++ b/metadata/glsa/glsa-200907-08.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-08">
+  <title>Multiple Ralink wireless drivers: Execution of arbitrary code</title>
+  <synopsis>
+    An integer overflow in multiple Ralink wireless drivers might lead to the
+    execution of arbitrary code with elevated privileges.
+  </synopsis>
+  <product type="ebuild">rt2400 rt2500 rt2570 rt61 ralink-rt61</product>
+  <announced>2009-07-12</announced>
+  <revised count="01">2009-07-12</revised>
+  <bug>257023</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/rt2400" auto="yes" arch="*">
+      <vulnerable range="le">1.2.2_beta3</vulnerable>
+    </package>
+    <package name="net-wireless/rt2500" auto="yes" arch="*">
+      <vulnerable range="le">1.1.0_pre2007071515</vulnerable>
+    </package>
+    <package name="net-wireless/rt2570" auto="yes" arch="*">
+      <vulnerable range="le">20070209</vulnerable>
+    </package>
+    <package name="net-wireless/rt61" auto="yes" arch="*">
+      <vulnerable range="le">1.1.0_beta2</vulnerable>
+    </package>
+    <package name="net-wireless/ralink-rt61" auto="yes" arch="*">
+      <vulnerable range="le">1.1.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    All listed packages are external kernel modules that provide drivers
+    for multiple Ralink devices. ralink-rt61 is released by ralinktech.com,
+    the other packages by the rt2x00.serialmonkey.com project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Aviv reported an integer overflow in multiple Ralink wireless card
+    drivers when processing a probe request packet with a long SSID,
+    possibly related to an integer signedness error.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A physically proximate attacker could send specially crafted packets to
+    a user who has wireless networking enabled, possibly resulting in the
+    execution of arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Unload the kernel modules.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All external kernel modules have been masked and we recommend that
+    users unmerge those drivers. The Linux mainline kernel has equivalent
+    support for these devices and the vulnerability has been resolved in
+    stable versions of sys-kernel/gentoo-sources.
+    </p>
+    <code>
+    # emerge --unmerge "net-wireless/rt2400"
+    # emerge --unmerge "net-wireless/rt2500"
+    # emerge --unmerge "net-wireless/rt2570"
+    # emerge --unmerge "net-wireless/rt61"
+    # emerge --unmerge "net-wireless/ralink-rt61"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0282">CVE-2009-0282</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-09T18:18:38Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-09T18:30:24Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-12T15:41:07Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-09.xml b/metadata/glsa/glsa-200907-09.xml
new file mode 100644
index 000000000000..1029dd171114
--- /dev/null
+++ b/metadata/glsa/glsa-200907-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-09">
+  <title>Cyrus-SASL: Execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in Cyrus-SASL might allow for the execution of arbitrary
+    code in applications or daemons that authenticate using SASL.
+  </synopsis>
+  <product type="ebuild">cyrus-sasl</product>
+  <announced>2009-07-12</announced>
+  <revised count="01">2009-07-12</revised>
+  <bug>270261</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/cyrus-sasl" auto="yes" arch="*">
+      <unaffected range="ge">2.1.23</unaffected>
+      <vulnerable range="lt">2.1.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Cyrus-SASL is an implementation of the Simple Authentication and
+    Security Layer.
+    </p>
+  </background>
+  <description>
+    <p>
+    James Ralston reported that in certain situations, Cyrus-SASL does not
+    properly terminate strings which can result in buffer overflows when
+    performing Base64 encoding.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote unauthenticated user might send specially crafted packets to a
+    daemon using Cyrus-SASL, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running the daemon or a
+    Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Cyrus-SASL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/cyrus-sasl-2.1.23"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688">CVE-2009-0688</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-09T18:32:29Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-09T21:10:28Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-10T10:41:22Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-10.xml b/metadata/glsa/glsa-200907-10.xml
new file mode 100644
index 000000000000..c34df33ef351
--- /dev/null
+++ b/metadata/glsa/glsa-200907-10.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-10">
+  <title>Syslog-ng: Chroot escape</title>
+  <synopsis>
+    Syslog-ng does not properly initialize its chroot jail allowing for an
+    escape if a separate vulnerability in Syslog-ng is exploited.
+  </synopsis>
+  <product type="ebuild">syslog-ng</product>
+  <announced>2009-07-12</announced>
+  <revised count="01">2009-07-12</revised>
+  <bug>247278</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/syslog-ng" auto="yes" arch="*">
+      <unaffected range="rge">2.0.10</unaffected>
+      <unaffected range="ge">2.1.3</unaffected>
+      <vulnerable range="lt">2.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Syslog-ng is a flexible and scalable system logger.
+    </p>
+  </background>
+  <description>
+    <p>
+    Florian Grandel reported that Syslog-ng does not call chdir() before
+    chroot() which leads to an inherited file descriptor to the current
+    working directory.
+    </p>
+  </description>
+  <impact type="low">
+    <p>
+    A local attacker might exploit a separate vulnerability in Syslog-ng
+    and use this vulnerability to escape the chroot jail.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Syslog-ng 2.0 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/syslog-ng-2.0.10"</code>
+    <p>
+    All Syslog-ng 2.1 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/syslog-ng-2.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110">CVE-2008-5110</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T11:11:22Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-10T11:21:31Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-10T11:21:44Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-11.xml b/metadata/glsa/glsa-200907-11.xml
new file mode 100644
index 000000000000..8ace1b89d832
--- /dev/null
+++ b/metadata/glsa/glsa-200907-11.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-11">
+  <title>GStreamer plug-ins: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities in multiple GStreamer plug-ins might allow for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gst-plugins-good gst-plugins-base gst-plugins-libpng</product>
+  <announced>2009-07-12</announced>
+  <revised count="01">2009-07-12</revised>
+  <bug>256096</bug>
+  <bug>261594</bug>
+  <bug>272972</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gst-plugins-good" auto="yes" arch="*">
+      <unaffected range="ge">0.10.14</unaffected>
+      <vulnerable range="lt">0.10.14</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-base" auto="yes" arch="*">
+      <unaffected range="ge">0.10.22</unaffected>
+      <vulnerable range="lt">0.10.22</vulnerable>
+    </package>
+    <package name="media-plugins/gst-plugins-libpng" auto="yes" arch="*">
+      <unaffected range="ge">0.10.14-r1</unaffected>
+      <vulnerable range="lt">0.10.14-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GStreamer plug-ins provide decoders to the GStreamer open source
+    media framework.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in several GStreamer
+    plug-ins:
+    </p>
+    <ul>
+    <li>
+    Tobias Klein reported two heap-based buffer overflows and an array
+    index error in the qtdemux_parse_samples() function in gst-plugins-good
+    when processing a QuickTime media .mov file (CVE-2009-0386,
+    CVE-2009-0387, CVE-2009-0397).
+    </li>
+    <li>
+    Thomas Hoger of the Red Hat Security Response Team reported an integer
+    overflow that can lead to a heap-based buffer overflow in the
+    gst_vorbis_tag_add_coverart() function in gst-plugins-base when
+    processing COVERART tags (CVE-2009-0586).
+    </li>
+    <li>
+    Tielei Wang of ICST-ERCIS, Peking University reported multiple integer
+    overflows leading to buffer overflows in gst-plugins-libpng when
+    processing a PNG file (CVE-2009-1932).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system using a
+    GStreamer plug-in to process a specially crafted file, resulting in the
+    execution of arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gst-plugins-good users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/gst-plugins-good-0.10.14"</code>
+    <p>
+    All gst-plugins-base users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/gst-plugins-base-0.10.22"</code>
+    <p>
+    All gst-plugins-libpng users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-plugins/gst-plugins-libpng-0.10.14-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0386">CVE-2009-0386</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0387">CVE-2009-0387</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397">CVE-2009-0397</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0586">CVE-2009-0586</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932">CVE-2009-1932</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T13:44:55Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-11T01:19:25Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-11T01:21:49Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-12.xml b/metadata/glsa/glsa-200907-12.xml
new file mode 100644
index 000000000000..5eedb548c693
--- /dev/null
+++ b/metadata/glsa/glsa-200907-12.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-12">
+  <title>ISC DHCP: dhcpclient Remote execution of arbitrary code</title>
+  <synopsis>
+    A buffer overflow in dhclient as included in the ISC DHCP implementation
+    allows for the remote execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">dhcp</product>
+  <announced>2009-07-14</announced>
+  <revised count="01">2009-07-14</revised>
+  <bug>277729</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcp" auto="yes" arch="*">
+      <unaffected range="ge">3.1.1-r1</unaffected>
+      <vulnerable range="lt">3.1.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC DHCP is the reference implementation of the Dynamic Host
+    Configuration Protocol as specified in RFC 2131.
+    </p>
+  </background>
+  <description>
+    <p>
+    The Mandriva Linux Engineering Team has reported a stack-based buffer
+    overflow in the subnet-mask handling of dhclient.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker might set up a rogue DHCP server in a victim's local
+    network, possibly leading to the execution of arbitrary code with root
+    privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ISC DHCP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcp-3.1.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692">CVE-2009-0692</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-12T14:21:43Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-12T14:58:48Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-14T17:38:51Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-13.xml b/metadata/glsa/glsa-200907-13.xml
new file mode 100644
index 000000000000..ae781938229d
--- /dev/null
+++ b/metadata/glsa/glsa-200907-13.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-13">
+  <title>PulseAudio: Local privilege escalation</title>
+  <synopsis>
+    A vulnerability in PulseAudio may allow a local user to execute code with
+    escalated privileges.
+  </synopsis>
+  <product type="ebuild">pulseaudio</product>
+  <announced>2009-07-16</announced>
+  <revised count="01">2009-07-16</revised>
+  <bug>276986</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/pulseaudio" auto="yes" arch="*">
+      <unaffected range="ge">0.9.9-r54</unaffected>
+      <vulnerable range="lt">0.9.9-r54</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PulseAudio is a network-enabled sound server with an advanced plug-in
+    system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tavis Ormandy and Julien Tinnes of the Google Security Team discovered
+    that the pulseaudio binary is installed setuid root, and does not drop
+    privileges before re-executing itself. The vulnerability has
+    independently been reported to oCERT by Yorick Koster.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local user who has write access to any directory on the file system
+    containing /usr/bin can exploit this vulnerability using a race
+    condition to execute arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Ensure that the file system holding /usr/bin does not contain
+    directories that are writable for unprivileged users.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PulseAudio users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/pulseaudio-0.9.9-r54"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1894">CVE-2009-1894</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-09T16:33:42Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-09T16:51:52Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-16T14:13:15Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-14.xml b/metadata/glsa/glsa-200907-14.xml
new file mode 100644
index 000000000000..d9eb29017962
--- /dev/null
+++ b/metadata/glsa/glsa-200907-14.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-14">
+  <title>Rasterbar libtorrent: Directory traversal</title>
+  <synopsis>
+    A directory traversal vulnerability in Rasterbar libtorrent might allow a
+    remote attacker to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">rb_libtorrent deluge</product>
+  <announced>2009-07-17</announced>
+  <revised count="01">2009-07-17</revised>
+  <bug>273156</bug>
+  <bug>273961</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/rb_libtorrent" auto="yes" arch="*">
+      <unaffected range="ge">0.13-r1</unaffected>
+      <vulnerable range="lt">0.13-r1</vulnerable>
+    </package>
+    <package name="net-p2p/deluge" auto="yes" arch="*">
+      <unaffected range="ge">1.1.9</unaffected>
+      <vulnerable range="lt">1.1.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Rasterbar libtorrent is a C++ BitTorrent implementation focusing on
+    efficiency and scalability. Deluge is a BitTorrent client that ships a
+    copy of libtorrent.
+    </p>
+  </background>
+  <description>
+    <p>
+    census reported a directory traversal vulnerability in
+    src/torrent_info.cpp that can be triggered via .torrent files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system using
+    Rasterbar libtorrent to load a specially crafted BitTorrent file to
+    create or overwrite arbitrary files using dot dot sequences in
+    filenames.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Rasterbar libtorrent users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/rb_libtorrent-0.13-r1"</code>
+    <p>
+    All Deluge users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-p2p/deluge-1.1.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1760">CVE-2009-1760</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T10:55:00Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-11T02:02:27Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-17T06:51:09Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-15.xml b/metadata/glsa/glsa-200907-15.xml
new file mode 100644
index 000000000000..096d96030c77
--- /dev/null
+++ b/metadata/glsa/glsa-200907-15.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-15">
+  <title>Nagios: Execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities in Nagios may lead to the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">nagios-core</product>
+  <announced>2009-07-19</announced>
+  <revised count="01">2009-07-19</revised>
+  <bug>245887</bug>
+  <bug>249876</bug>
+  <bug>275288</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/nagios-core" auto="yes" arch="*">
+      <unaffected range="ge">3.0.6-r2</unaffected>
+      <vulnerable range="lt">3.0.6-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Nagios is an open source host, service and network monitoring program.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in Nagios:
+    </p>
+    <ul>
+    <li>
+    Paul reported that statuswml.cgi does not properly sanitize shell
+    metacharacters in the (1) ping and (2) traceroute parameters
+    (CVE-2009-2288).
+    </li>
+    <li>
+    Nagios does not properly verify whether an authenticated user is
+    authorized to run certain commands (CVE-2008-5027).
+    </li>
+    <li>
+    Andreas Ericsson reported that Nagios does not perform validity checks
+    to verify HTTP requests, leading to Cross-Site Request Forgery
+    (CVE-2008-5028).
+    </li>
+    <li>
+    An unspecified vulnerability in Nagios related to CGI programs,
+    "adaptive external commands," and "writing newlines and submitting
+    service comments" has been reported (CVE-2008-6373).
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote authenticated or unauthenticated attacker may exploit these
+    vulnerabilities to execute arbitrary commands or elevate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Nagios users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nagios-core-3.0.6-r2"</code>
+    <p>
+    NOTE: Users of the Nagios 2 branch can update to version 2.12-r1 which
+    contains a patch to fix CVE-2009-2288. However, that branch is not
+    supported upstream or in Gentoo and we are unaware whether the other
+    vulnerabilities affect 2.x installations.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027">CVE-2008-5027</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028">CVE-2008-5028</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6373">CVE-2008-6373</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288">CVE-2009-2288</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T13:14:06Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-19T15:48:17Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-19T15:48:53Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200907-16.xml b/metadata/glsa/glsa-200907-16.xml
new file mode 100644
index 000000000000..5bb26beb0767
--- /dev/null
+++ b/metadata/glsa/glsa-200907-16.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200907-16">
+  <title>Python: Integer overflows</title>
+  <synopsis>
+    Multiple integer overflows in Python have an unspecified impact.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2009-07-19</announced>
+  <revised count="01">2009-07-19</revised>
+  <bug>246991</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">2.5.4-r2</unaffected>
+      <unaffected range="rge">2.4.6</unaffected>
+      <vulnerable range="lt">2.5.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Python is an interpreted, interactive, object-oriented programming
+    language.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Evans reported multiple integer overflows in the expandtabs
+    method, as implemented by (1) the string_expandtabs function in
+    Objects/stringobject.c and (2) the unicode_expandtabs function in
+    Objects/unicodeobject.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities in Python
+    applications or daemons that pass user-controlled input to vulnerable
+    functions. The security impact is currently unknown but may include the
+    execution of arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Python 2.5 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.5.4-r2"</code>
+    <p>
+    All Python 2.4 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.4.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031">CVE-2008-5031</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T13:26:22Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-19T15:28:36Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-07-19T15:28:41Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-01.xml b/metadata/glsa/glsa-200908-01.xml
new file mode 100644
index 000000000000..9e2d24bdfd9a
--- /dev/null
+++ b/metadata/glsa/glsa-200908-01.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-01">
+  <title>OpenSC: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in OpenSC.
+  </synopsis>
+  <product type="ebuild">opensc</product>
+  <announced>2009-08-01</announced>
+  <revised count="01">2009-08-01</revised>
+  <bug>260514</bug>
+  <bug>269920</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-libs/opensc" auto="yes" arch="*">
+      <unaffected range="ge">0.11.8</unaffected>
+      <vulnerable range="lt">0.11.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSC provides a set of libraries and utilities to access smart cards.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in OpenSC:
+    </p>
+    <ul>
+    <li>b.badrignans discovered that OpenSC incorrectly initialises private
+    data objects (CVE-2009-0368).</li>
+    <li>Miquel Comas Marti discovered
+    that src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used
+    with unspecified third-party PKCS#11 modules, generates RSA keys with
+    incorrect public exponents (CVE-2009-1603).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    The first vulnerabilty allows physically proximate attackers to bypass
+    intended PIN requirements and read private data objects. The second
+    vulnerability allows attackers to read the cleartext form of messages
+    that were intended to be encrypted.
+    </p>
+    <p>
+    NOTE: Smart cards which were initialised using an affected version of
+    OpenSC need to be modified or re-initialised. See the vendor's advisory
+    for details.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/opensc-0.11.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0368">CVE-2009-0368</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603">CVE-2009-1603</uri>
+    <uri link="http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html">OpenSC Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-24T16:49:20Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-29T17:15:19Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-01T12:35:17Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-02.xml b/metadata/glsa/glsa-200908-02.xml
new file mode 100644
index 000000000000..77eac4fc16cb
--- /dev/null
+++ b/metadata/glsa/glsa-200908-02.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-02">
+  <title>BIND: Denial of service</title>
+  <synopsis>
+    Dynamic Update packets can cause a Denial of Service in the BIND daemon.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2009-08-01</announced>
+  <revised count="01">2009-08-01</revised>
+  <bug>279508</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.4.3_p3</unaffected>
+      <vulnerable range="lt">9.4.3_p3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC BIND is the Internet Systems Consortium implementation of the
+    Domain Name System (DNS) protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Matthias Urlichs reported that the dns_db_findrdataset() function fails
+    when the prerequisite section of the dynamic update message contains a
+    record of type "ANY" and where at least one RRset for this FQDN exists
+    on the server.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote unauthenticated attacker could send a specially crafted
+    dynamic update message to the BIND daemon (named), leading to a Denial
+    of Service (daemon crash). This vulnerability affects all primary
+    (master) servers -- it is not limited to those that are configured to
+    allow dynamic updates.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Configure a firewall that performs Deep Packet Inspection to prevent
+    nsupdate messages from reaching named. Alternatively, expose only
+    secondary (slave) servers to untrusted networks.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BIND users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.4.3_p3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696">CVE-2009-0696</uri>
+    <uri link="https://www.isc.org/node/474">ISC advisory</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-07-28T21:43:47Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-01T20:00:21Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-03.xml b/metadata/glsa/glsa-200908-03.xml
new file mode 100644
index 000000000000..d87f71d7be5a
--- /dev/null
+++ b/metadata/glsa/glsa-200908-03.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-03">
+  <title>libTIFF: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple boundary checking vulnerabilities in libTIFF may allow for the
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2009-08-07</announced>
+  <revised count="01">2009-08-07</revised>
+  <bug>276339</bug>
+  <bug>276988</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">3.8.2-r8</unaffected>
+      <vulnerable range="lt">3.8.2-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libTIFF provides support for reading and manipulating TIFF (Tagged
+    Image File Format) images.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two vulnerabilities have been reported in libTIFF:
+    </p>
+    <ul>
+    <li>
+    wololo reported a buffer underflow in the LZWDecodeCompat() function
+    (CVE-2009-2285).
+    </li>
+    <li>
+    Tielei Wang of ICST-ERCIS, Peking University reported two integer
+    overflows leading to heap-based buffer overflows in the tiff2rgba and
+    rgb2ycbcr tools (CVE-2009-2347).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted TIFF
+    file with an application making use of libTIFF or the tiff2rgba and
+    rgb2ycbcr tools, possibly resulting in the execution of arbitrary code
+    with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libTIFF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.8.2-r8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285">CVE-2009-2285</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347">CVE-2009-2347</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-09T08:33:26Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-11T02:17:53Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-05T13:20:56Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-04.xml b/metadata/glsa/glsa-200908-04.xml
new file mode 100644
index 000000000000..df1c253259a4
--- /dev/null
+++ b/metadata/glsa/glsa-200908-04.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-04">
+  <title>Adobe products: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Adobe Reader and Adobe Flash Player allow for
+    attacks including the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash acroread</product>
+  <announced>2009-08-07</announced>
+  <revised count="01">2009-08-07</revised>
+  <bug>278813</bug>
+  <bug>278819</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">10.0.32.18</unaffected>
+      <vulnerable range="lt">10.0.32.18</vulnerable>
+    </package>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">9.1.3</unaffected>
+      <vulnerable range="lt">9.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Flash Player is a closed-source playback software for Flash SWF
+    files. Adobe Reader is a closed-source PDF reader that plays Flash
+    content as well.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in Adobe Flash Player:
+    </p>
+    <ul>
+    <li>lakehu of Tencent Security Center reported an unspecified
+    memory corruption vulnerability (CVE-2009-1862).</li>
+    <li>Mike Wroe
+    reported an unspecified vulnerability, related to "privilege
+    escalation" (CVE-2009-1863).</li>
+    <li>An anonymous researcher through
+    iDefense reported an unspecified heap-based buffer overflow
+    (CVE-2009-1864).</li>
+    <li>Chen Chen of Venustech reported an
+    unspecified "null pointer vulnerability" (CVE-2009-1865).</li>
+    <li>Chen
+    Chen of Venustech reported an unspecified stack-based buffer overflow
+    (CVE-2009-1866).</li>
+    <li>Joran Benker reported that Adobe Flash Player
+    facilitates "clickjacking" attacks (CVE-2009-1867).</li>
+    <li>Jun Mao of
+    iDefense reported a heap-based buffer overflow, related to URL parsing
+    (CVE-2009-1868).</li>
+    <li>Roee Hay of IBM Rational Application Security
+    reported an unspecified integer overflow (CVE-2009-1869).</li>
+    <li>Gareth Heyes and Microsoft Vulnerability Research reported that the
+    sandbox in Adobe Flash Player allows for information disclosure, when
+    "SWFs are saved to the hard drive" (CVE-2009-1870).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted PDF
+    file or web site containing Adobe Flash (SWF) contents, possibly
+    resulting in the execution of arbitrary code with the privileges of the
+    user running the application, or a Denial of Service (application
+    crash). Furthermore, a remote attacker could trick a user into clicking
+    a button on a dialog by supplying a specially crafted SWF file and
+    disclose sensitive information by exploiting a sandbox issue.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Flash Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-10.0.32.18"</code>
+    <p>
+    All Adobe Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.1.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862">CVE-2009-1862</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1863">CVE-2009-1863</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1864">CVE-2009-1864</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1865">CVE-2009-1865</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1866">CVE-2009-1866</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1867">CVE-2009-1867</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1868">CVE-2009-1868</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1869">CVE-2009-1869</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1870">CVE-2009-1870</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-01T14:34:28Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-05T13:16:39Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-05T13:32:24Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-05.xml b/metadata/glsa/glsa-200908-05.xml
new file mode 100644
index 000000000000..2ca005d9004a
--- /dev/null
+++ b/metadata/glsa/glsa-200908-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-05">
+  <title>Subversion: Remote execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflows, leading to heap-based buffer overflows in the
+    Subversion client and server might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">subversion</product>
+  <announced>2009-08-18</announced>
+  <revised count="01">2009-08-18</revised>
+  <bug>280494</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.6.4</unaffected>
+      <vulnerable range="lt">1.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Subversion is a versioning system designed to be a replacement for CVS.
+    </p>
+  </background>
+  <description>
+    <p>
+    Matt Lewis of Google reported multiple integer overflows in the
+    libsvn_delta library, possibly leading to heap-based buffer overflows.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker with commit access could exploit this vulnerability
+    by sending a specially crafted commit to a Subversion server, or a
+    remote attacker could entice a user to check out or update a repository
+    from a malicious Subversion server, possibly resulting in the execution
+    of arbitrary code with the privileges of the user running the server or
+    client.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Subversion users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-util/subversion-1.6.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411">CVE-2009-2411</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-09T20:48:04Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-18T19:08:11Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-18T21:24:46Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-06.xml b/metadata/glsa/glsa-200908-06.xml
new file mode 100644
index 000000000000..03bfa120b8e1
--- /dev/null
+++ b/metadata/glsa/glsa-200908-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-06">
+  <title>CDF: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple heap-based buffer overflows in CDF might result in the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cdf</product>
+  <announced>2009-08-18</announced>
+  <revised count="01">2009-08-18</revised>
+  <bug>278679</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sci-libs/cdf" auto="yes" arch="*">
+      <unaffected range="ge">3.3.0</unaffected>
+      <vulnerable range="lt">3.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CDF is a library for the Common Data Format which is a self-describing
+    data format for the storage and manipulation of scalar and
+    multidimensional data. It is developed by the NASA.
+    </p>
+  </background>
+  <description>
+    <p>
+    Leon Juranic reported multiple heap-based buffer overflows for instance
+    in the ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), and
+    CDFsel64() functions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted CDF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CDF users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sci-libs/cdf-3.3.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2850">CVE-2009-2850</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-09T15:21:56Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-14T16:20:48Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-18T21:24:15Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-07.xml b/metadata/glsa/glsa-200908-07.xml
new file mode 100644
index 000000000000..5a3d87de1b7c
--- /dev/null
+++ b/metadata/glsa/glsa-200908-07.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-07">
+  <title>Perl Compress::Raw modules: Denial of service</title>
+  <synopsis>
+    An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might
+    lead to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">Compress-Raw-Zlib Compress-Raw-Bzip2</product>
+  <announced>2009-08-18</announced>
+  <revised count="01">2009-08-18</revised>
+  <bug>273141</bug>
+  <bug>281955</bug>
+  <access>remote</access>
+  <affected>
+    <package name="perl-core/Compress-Raw-Zlib" auto="yes" arch="*">
+      <unaffected range="ge">2.020</unaffected>
+      <vulnerable range="lt">2.020</vulnerable>
+    </package>
+    <package name="perl-core/Compress-Raw-Bzip2" auto="yes" arch="*">
+      <unaffected range="ge">2.020</unaffected>
+      <vulnerable range="lt">2.020</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level
+    interfaces to the zlib and bzip2 compression libraries.
+    </p>
+  </background>
+  <description>
+    <p>
+    Leo Bergolth reported an off-by-one error in the inflate() function in
+    Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer
+    overflow (CVE-2009-1391).
+    </p>
+    <p>
+    Paul Marquess discovered a similar vulnerability in the bzinflate()
+    function in Bzip2.xs of Compress::Raw::Bzip2 (CVE-2009-1884).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might entice a user or automated system (for instance
+    running SpamAssassin or AMaViS) to process specially crafted files,
+    possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Compress::Raw::Zlib users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=perl-core/Compress-Raw-Zlib-2.020"</code>
+    <p>
+    All Compress::Raw::Bzip2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=perl-core/Compress-Raw-Bzip2-2.020"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1391">CVE-2009-1391</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1884">CVE-2009-1884</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-19T17:33:05Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-04T18:43:38Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-05T13:32:50Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-08.xml b/metadata/glsa/glsa-200908-08.xml
new file mode 100644
index 000000000000..4b5a418e2861
--- /dev/null
+++ b/metadata/glsa/glsa-200908-08.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-08">
+  <title>ISC DHCP: dhcpd Denial of service</title>
+  <synopsis>
+    dhcpd as included in the ISC DHCP implementation does not properly handle
+    special conditions, leading to a Denial of Service.
+  </synopsis>
+  <product type="ebuild">dhcp</product>
+  <announced>2009-08-18</announced>
+  <revised count="01">2009-08-18</revised>
+  <bug>275231</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcp" auto="yes" arch="*">
+      <unaffected range="ge">3.1.2_p1</unaffected>
+      <vulnerable range="lt">3.1.2_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC DHCP is the reference implementation of the Dynamic Host
+    Configuration Protocol as specified in RFC 2131.
+    </p>
+  </background>
+  <description>
+    <p>
+    Christoph Biedl discovered that dhcpd does not properly handle certain
+    DHCP requests when configured both using "dhcp-client-identifier" and
+    "hardware ethernet".
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might send a specially crafted request to dhcpd,
+    possibly resulting in a Denial of Service (daemon crash).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ISC DHCP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcp-3.1.2_p1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892">CVE-2009-1892</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-28T17:01:31Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-04T19:40:02Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-05T13:32:31Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-09.xml b/metadata/glsa/glsa-200908-09.xml
new file mode 100644
index 000000000000..b53f86497ec8
--- /dev/null
+++ b/metadata/glsa/glsa-200908-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-09">
+  <title>DokuWiki: Local file inclusion</title>
+  <synopsis>
+    An input sanitation error in DokuWiki might lead to the dislosure of local
+    files or even the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">dokuwiki</product>
+  <announced>2009-08-18</announced>
+  <revised count="02">2009-08-19</revised>
+  <bug>272431</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/dokuwiki" auto="yes" arch="*">
+      <unaffected range="ge">20090214b</unaffected>
+      <vulnerable range="lt">20090214b</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    DokuWiki is a standards compliant Wiki system written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    girex reported that data from the "config_cascade" parameter in
+    inc/init.php is not properly sanitized before being used.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability to execute PHP code
+    from arbitrary local, or, when the used PHP version supports ftp://
+    URLs, also from remote files via FTP. Furthermore, it is possible to
+    disclose the contents of local files. NOTE: Successful exploitation
+    requires the PHP option "register_globals" to be enabled.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Disable "register_globals" in php.ini.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All DokuWiki users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/dokuwiki-2009-02-14b"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1960">CVE-2009-1960</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-19T18:47:33Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-04T19:07:45Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-05T13:32:43Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200908-10.xml b/metadata/glsa/glsa-200908-10.xml
new file mode 100644
index 000000000000..d90550cc01ae
--- /dev/null
+++ b/metadata/glsa/glsa-200908-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200908-10">
+  <title>Dillo: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    An integer overflow in the PNG handling of Dillo might result in the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">dillo</product>
+  <announced>2009-08-18</announced>
+  <revised count="01">2009-08-18</revised>
+  <bug>276432</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/dillo" auto="yes" arch="*">
+      <unaffected range="ge">2.1.1</unaffected>
+      <vulnerable range="lt">2.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dillo is a graphical web browser known for its speed and small
+    footprint.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tilei Wang reported an integer overflow in the Png_datainfo_callback()
+    function, possibly leading to a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open an HTML document
+    containing a specially crafted, large PNG image, possibly resulting in
+    the execution of arbitrary code with the privileges of the user running
+    the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dillo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/dillo-2.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2294">CVE-2009-2294</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-28T16:58:47Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-04T19:13:24Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-05T13:32:35Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-01.xml b/metadata/glsa/glsa-200909-01.xml
new file mode 100644
index 000000000000..10d40cce0007
--- /dev/null
+++ b/metadata/glsa/glsa-200909-01.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-01">
+  <title>Linux-PAM: Privilege escalation</title>
+  <synopsis>
+    An error in the handling of user names of Linux-PAM might allow remote
+    attackers to cause a Denial of Service or escalate privileges.
+  </synopsis>
+  <product type="ebuild">pam</product>
+  <announced>2009-09-07</announced>
+  <revised count="01">2009-09-07</revised>
+  <bug>261512</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/pam" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4</unaffected>
+      <vulnerable range="lt">1.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Linux-PAM (Pluggable Authentication Modules) is an architecture
+    allowing the separation of the development of privilege granting
+    software from the development of secure and appropriate authentication
+    schemes.
+    </p>
+  </background>
+  <description>
+    <p>
+    Marcus Granado repoted that Linux-PAM does not properly handle user
+    names that contain Unicode characters. This is related to integer
+    signedness errors in the pam_StrTok() function in libpam/pam_misc.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit this vulnerability to cause a Denial of
+    Service. A remote authenticated attacker could exploit this
+    vulnerability to log in to a system with the account of a user that has
+    a similar user name, but with non-ASCII characters.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Linux-PAM users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-libs/pam-1.0.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887">CVE-2009-0887</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T18:01:34Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T16:33:27Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:38:46Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-02.xml b/metadata/glsa/glsa-200909-02.xml
new file mode 100644
index 000000000000..4981326f16fc
--- /dev/null
+++ b/metadata/glsa/glsa-200909-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-02">
+  <title>libvorbis: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A processing error in libvorbis might result in the execution of arbitrary
+    code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libvorbis</product>
+  <announced>2009-09-07</announced>
+  <revised count="01">2009-09-07</revised>
+  <bug>280590</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libvorbis" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <vulnerable range="lt">1.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libvorbis is the reference implementation of the Xiph.org Ogg Vorbis
+    audio file format. It is used by many applications for playback of Ogg
+    Vorbis files.
+    </p>
+  </background>
+  <description>
+    <p>
+    Lucas Adamski reported that libvorbis does not correctly process file
+    headers, related to static mode headers and encoding books.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to play a specially crafted OGG
+    Vorbis file using an application that uses libvorbis, possibly
+    resulting in the execution of arbitrary code with the privileges of the
+    user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libvorbis users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libvorbis-1.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663">CVE-2009-2663</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-31T02:17:32Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-31T02:42:12Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:38:56Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-03.xml b/metadata/glsa/glsa-200909-03.xml
new file mode 100644
index 000000000000..c69f31395917
--- /dev/null
+++ b/metadata/glsa/glsa-200909-03.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-03">
+  <title>Apache Portable Runtime, APR Utility Library: Execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflows in the Apache Portable Runtime and its Utility
+    Library might allow for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">apr apr-util</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>280514</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/apr" auto="yes" arch="*">
+      <unaffected range="ge">1.3.8</unaffected>
+      <vulnerable range="lt">1.3.8</vulnerable>
+    </package>
+    <package name="dev-libs/apr-util" auto="yes" arch="*">
+      <unaffected range="ge">1.3.9</unaffected>
+      <vulnerable range="lt">1.3.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Apache Portable Runtime (aka APR) provides a set of APIs for
+    creating platform-independent applications. The Apache Portable Runtime
+    Utility Library (aka APR-Util) provides an interface to functionality
+    such as XML parsing, string matching and databases connections.
+    </p>
+  </background>
+  <description>
+    <p>
+    Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(),
+    apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of
+    APR-Util and in memory/unix/apr_pools.c of APR, both occurring when
+    aligning memory blocks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect to a malicious server
+    with software that uses the APR or act as a malicious client to a
+    server that uses the APR (such as Subversion or Apache servers),
+    possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Apache Portable Runtime users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/apr-1.3.8"</code>
+    <p>
+    All APR Utility Library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/apr-util-1.3.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412">CVE-2009-2412</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-06T13:32:21Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-06T13:46:29Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-24T20:40:13Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-04.xml b/metadata/glsa/glsa-200909-04.xml
new file mode 100644
index 000000000000..0961acb94636
--- /dev/null
+++ b/metadata/glsa/glsa-200909-04.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-04">
+  <title>Clam AntiVirus: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in ClamAV allow for the remote execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>264834</bug>
+  <bug>265545</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.95.2</unaffected>
+      <vulnerable range="lt">0.95.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX,
+    designed especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been found in ClamAV:
+    </p>
+    <ul>
+    <li>The
+    vendor reported a Divide-by-zero error in the PE ("Portable
+    Executable"; Windows .exe) file handling of ClamAV
+    (CVE-2008-6680).</li>
+    <li>Jeffrey Thomas Peckham found a flaw in
+    libclamav/untar.c, possibly resulting in an infinite loop when
+    processing TAR archives in clamd and clamscan (CVE-2009-1270).</li>
+    <li>Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro
+    in libclamav/others.h, when processing UPack archives
+    (CVE-2009-1371).</li>
+    <li>Nigel disclosed a stack-based buffer overflow
+    in the "cli_url_canon()" function in libclamav/phishcheck.c when
+    processing URLs (CVE-2009-1372).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to process a
+    specially crafted UPack archive or a file containing a specially
+    crafted URL, possibly resulting in the remote execution of arbitrary
+    code with the privileges of the user running the application, or a
+    Denial of Service. Furthermore, a remote attacker could cause a Denial
+    of Service by supplying a specially crafted TAR archive or PE
+    executable to a Clam AntiVirus instance.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Clam AntiVirus users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.95.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680">CVE-2008-6680</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270">CVE-2009-1270</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371">CVE-2009-1371</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372">CVE-2009-1372</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-01T22:30:28Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T09:13:38Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:38:38Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-05.xml b/metadata/glsa/glsa-200909-05.xml
new file mode 100644
index 000000000000..a398bc011ea5
--- /dev/null
+++ b/metadata/glsa/glsa-200909-05.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-05">
+  <title>Openswan: Denial of service</title>
+  <synopsis>
+    Multiple vulnerabilities in the pluto IKE daemon of Openswan might allow
+    remote attackers to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">openswan</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>264346</bug>
+  <bug>275233</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openswan" auto="yes" arch="*">
+      <unaffected range="ge">2.4.15</unaffected>
+      <vulnerable range="lt">2.4.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Openswan is an implementation of IPsec for Linux.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Openswan:
+    </p>
+    <ul>
+    <li>Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer
+    Detection of the pluto IKE daemon as included in Openswan
+    (CVE-2009-0790).</li>
+    <li>The Orange Labs vulnerability research team
+    discovered multiple vulnerabilities in the ASN.1 parser
+    (CVE-2009-2185).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending
+    specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially
+    crafted X.509 certificate containing a malicious Relative Distinguished
+    Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial
+    of Service of the pluto IKE daemon.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Openswan users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/openswan-2.4.15"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0790">CVE-2009-0790</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2185">CVE-2009-2185</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-12T22:25:11Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T16:52:25Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:39:02Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-06.xml b/metadata/glsa/glsa-200909-06.xml
new file mode 100644
index 000000000000..b2147e3be086
--- /dev/null
+++ b/metadata/glsa/glsa-200909-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-06">
+  <title>aMule: Parameter injection</title>
+  <synopsis>
+    An input validation error in aMule enables remote attackers to pass
+    arbitrary parameters to a victim's media player.
+  </synopsis>
+  <product type="ebuild">amule</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>268163</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/amule" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5</unaffected>
+      <vulnerable range="lt">2.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    aMule is an eMule-like client for the eD2k and Kademlia networks,
+    supporting multiple platforms.
+    </p>
+  </background>
+  <description>
+    <p>
+    Sam Hocevar discovered that the aMule preview function does not
+    properly sanitize file names.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to download a file with a
+    specially crafted file name to inject arbitrary arguments to the
+    victim's video player.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All aMule users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-p2p/amule-2.2.5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1440">CVE-2009-1440</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-28T16:58:04Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T08:22:54Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:38:32Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-07.xml b/metadata/glsa/glsa-200909-07.xml
new file mode 100644
index 000000000000..095d8a10c5eb
--- /dev/null
+++ b/metadata/glsa/glsa-200909-07.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-07">
+  <title>TkMan: Insecure temporary file usage</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in TkMan, allowing for
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">tkman</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>247540</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-text/tkman" auto="yes" arch="*">
+      <unaffected range="ge">2.2-r1</unaffected>
+      <vulnerable range="lt">2.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    TkMan is a graphical, hypertext manual page and Texinfo browser for
+    UNIX.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that TkMan does not handle the
+    "/tmp/tkman#####" and "/tmp/ll" temporary files securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All TkMan users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/tkman-2.2-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5137">CVE-2008-5137</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-19T18:23:29Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T07:32:36Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:37:41Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-08.xml b/metadata/glsa/glsa-200909-08.xml
new file mode 100644
index 000000000000..269d593386c3
--- /dev/null
+++ b/metadata/glsa/glsa-200909-08.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-08">
+  <title>C* music player: Insecure temporary file usage</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in the C* music player,
+    allowing for symlink attacks.
+  </synopsis>
+  <product type="ebuild">cmus</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>250474</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/cmus" auto="yes" arch="*">
+      <unaffected range="ge">2.2.0-r1</unaffected>
+      <vulnerable range="lt">2.2.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The C* Music Player (cmus) is a modular and very configurable
+    ncurses-based audio player.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that cmus-status-display does not handle
+    the "/tmp/cmus-status" temporary file securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All C* music player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-sound/cmus-2.2.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5375">CVE-2008-5375</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-23T20:29:45Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T07:44:23Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:37:47Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-09.xml b/metadata/glsa/glsa-200909-09.xml
new file mode 100644
index 000000000000..929503bca685
--- /dev/null
+++ b/metadata/glsa/glsa-200909-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-09">
+  <title>Screenie: Insecure temporary file usage</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in Screenie, allowing
+    for symlink attacks.
+  </synopsis>
+  <product type="ebuild">screenie</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>250476</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-misc/screenie" auto="yes" arch="*">
+      <unaffected range="ge">1.30.0-r1</unaffected>
+      <vulnerable range="lt">1.30.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Screenie is a small screen frontend that is designed to be a session
+    handler.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that Screenie does not handle
+    "/tmp/.screenie.#####" temporary files securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Screenie users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-misc/screenie-1.30.0-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5371">CVE-2008-5371</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-12T22:09:23Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T07:52:34Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:37:54Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-10.xml b/metadata/glsa/glsa-200909-10.xml
new file mode 100644
index 000000000000..d3594abb8468
--- /dev/null
+++ b/metadata/glsa/glsa-200909-10.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-10">
+  <title>LMBench: Insecure temporary file usage</title>
+  <synopsis>
+    Multiple insecure temporary file usage issues have been reported in
+    LMBench, allowing for symlink attacks.
+  </synopsis>
+  <product type="ebuild">lmbench</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>246015</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-benchmarks/lmbench" auto="yes" arch="*">
+      <vulnerable range="le">3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    LMBench is a suite of simple, portable benchmarks for UNIX platforms.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not
+    handle "/tmp/sdiff.#####" temporary files securely. NOTE: There might
+    be further occurances of insecure temporary file usage.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    LMBench has been removed from Portage. We recommend that users unmerge
+    LMBench:
+    </p>
+    <code>
+    # emerge --unmerge app-benchmarks/lmbench</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4968">CVE-2008-4968</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T10:54:15Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T07:58:27Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:38:05Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-11.xml b/metadata/glsa/glsa-200909-11.xml
new file mode 100644
index 000000000000..e6e285d27cc1
--- /dev/null
+++ b/metadata/glsa/glsa-200909-11.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-11">
+  <title>GCC-XML: Insecure temporary file usage</title>
+  <synopsis>
+    An insecure temporary file usage has been reported in GCC-XML allowing for
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">gccxml</product>
+  <announced>2009-09-09</announced>
+  <revised count="01">2009-09-09</revised>
+  <bug>245765</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-cpp/gccxml" auto="yes" arch="*">
+      <unaffected range="ge">0.9.0_pre20090516</unaffected>
+      <vulnerable range="lt">0.9.0_pre20090516</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GCC-XML is an XML output extension to the C++ front-end of GCC.
+    </p>
+  </background>
+  <description>
+    <p>
+    Dmitry E. Oboukhov reported that find_flags in GCC-XML does not handle
+    "/tmp/*.cxx" temporary files securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could perform symlink attacks to overwrite arbitrary
+    files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GCC-XML users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-cpp/gccxml-0.9.0_pre20090516"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4957">CVE-2008-4957</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-05-25T20:39:27Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T08:04:45Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:38:17Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-12.xml b/metadata/glsa/glsa-200909-12.xml
new file mode 100644
index 000000000000..7198c7d30bd0
--- /dev/null
+++ b/metadata/glsa/glsa-200909-12.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-12">
+  <title>HTMLDOC: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple insecure calls to the sscanf() function in HTMLDOC might result in
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">htmldoc</product>
+  <announced>2009-09-12</announced>
+  <revised count="01">2009-09-12</revised>
+  <bug>278186</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/htmldoc" auto="yes" arch="*">
+      <unaffected range="ge">1.8.27-r1</unaffected>
+      <vulnerable range="lt">1.8.27-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    HTMLDOC is a HTML indexer and HTML to PS and PDF converter.
+    </p>
+  </background>
+  <description>
+    <p>
+    ANTHRAX666 reported an insecure call to the sscanf() function in the
+    set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian
+    Security Team found two more insecure calls in the write_type1()
+    function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in
+    htmldoc/htmllib.cxx.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to process a specially crafted
+    HTML file using htmldoc, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    NOTE: Additional vectors via specially crafted AFM font metric files do
+    not cross trust boundaries, as the files can only be modified by
+    privileged users.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All HTMLDOC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/htmldoc-1.8.27-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3050">CVE-2009-3050</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-26T18:35:26Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-26T18:45:17Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-09-06T09:53:24Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-13.xml b/metadata/glsa/glsa-200909-13.xml
new file mode 100644
index 000000000000..b4b2c7ac5180
--- /dev/null
+++ b/metadata/glsa/glsa-200909-13.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-13">
+  <title>irssi: Execution of arbitrary code</title>
+  <synopsis>
+    A remotely exploitable off-by-one error leading to a heap overflow was
+    found in irssi which might result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">irssi</product>
+  <announced>2009-09-12</announced>
+  <revised count="01">2009-09-12</revised>
+  <bug>271875</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/irssi" auto="yes" arch="*">
+      <unaffected range="ge">0.8.13-r1</unaffected>
+      <vulnerable range="lt">0.8.13-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    irssi is a modular textUI IRC client with IPv6 support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Nemo discovered an off-by-one error leading to a heap overflow in
+    irssi's event_wallops() parsing function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker might entice a user to connect to a malicious IRC
+    server, use a man-in-the-middle attack to redirect a user to such a
+    server or use ircop rights to send a specially crafted WALLOPS message,
+    which might result in the execution of arbitrary code with the
+    privileges of the user running irssi.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All irssi users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/irssi-0.8.13-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1959">CVE-2009-1959</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-10T19:45:21Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-07-02T19:15:53Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-09-12T16:10:35Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-14.xml b/metadata/glsa/glsa-200909-14.xml
new file mode 100644
index 000000000000..22a7c6e1181c
--- /dev/null
+++ b/metadata/glsa/glsa-200909-14.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-14">
+  <title>Horde: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Horde and two modules,
+    allowing for the execution of arbitrary code, information disclosure, or
+    Cross-Site Scripting.
+  </synopsis>
+  <product type="ebuild">horde horde-imp horde-passwd</product>
+  <announced>2009-09-12</announced>
+  <revised count="01">2009-09-12</revised>
+  <bug>256125</bug>
+  <bug>262976</bug>
+  <bug>262978</bug>
+  <bug>277294</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde" auto="yes" arch="*">
+      <unaffected range="ge">3.3.4</unaffected>
+      <vulnerable range="lt">3.3.4</vulnerable>
+    </package>
+    <package name="www-apps/horde-imp" auto="yes" arch="*">
+      <unaffected range="ge">4.3.4</unaffected>
+      <vulnerable range="lt">4.3.4</vulnerable>
+    </package>
+    <package name="www-apps/horde-passwd" auto="yes" arch="*">
+      <unaffected range="ge">3.1.1</unaffected>
+      <vulnerable range="lt">3.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Horde is a web application framework written in PHP. Horde IMP, the
+    "Internet Messaging Program", is a Webmail module and Horde Passwd is a
+    password changing module for Horde.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Horde:
+    </p>
+    <ul>
+    <li>Gunnar Wrobel reported an input sanitation and directory traversal
+    flaw in framework/Image/Image.php, related to the "Horde_Image driver
+    name" (CVE-2009-0932).</li>
+    <li>Gunnar Wrobel reported that data sent
+    to horde/services/portal/cloud_search.php is not properly sanitized
+    before used in the output (CVE-2009-0931).</li>
+    <li>It was reported
+    that data sent to framework/Text_Filter/Filter/xss.php is not properly
+    sanitized before used in the output (CVE-2008-5917).</li>
+    </ul> <p>
+    Horde Passwd: David Wharton reported that data sent via the "backend"
+    parameter to passwd/main.php is not properly sanitized before used in
+    the output (CVE-2009-2360).
+    </p>
+    <p>
+    Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php,
+    and message.php is not properly sanitized before used in the output
+    (CVE-2009-0930).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote authenticated attacker could exploit these vulnerabilities to
+    execute arbitrary PHP files on the server, or disclose the content of
+    arbitrary files, both only if the file is readable to the web server. A
+    remote authenticated attacker could conduct Cross-Site Scripting
+    attacks. NOTE: Some Cross-Site Scripting vectors are limited to the
+    usage of Microsoft Internet Explorer.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-3.3.4"</code>
+    <p>
+    All Horde IMP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-imp-4.3.4"</code>
+    <p>
+    All Horde Passwd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-passwd-3.1.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917">CVE-2008-5917</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0930">CVE-2009-0930</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0931">CVE-2009-0931</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0932">CVE-2009-0932</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2360">CVE-2009-2360</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-09-02T04:40:46Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-09-02T04:40:52Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-15.xml b/metadata/glsa/glsa-200909-15.xml
new file mode 100644
index 000000000000..8b93c5eb41cb
--- /dev/null
+++ b/metadata/glsa/glsa-200909-15.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-15">
+  <title>Lynx: Arbitrary command execution</title>
+  <synopsis>
+    An incomplete fix for an issue related to the Lynx URL handler might allow
+    for the remote execution of arbitrary commands.
+  </synopsis>
+  <product type="ebuild">lynx</product>
+  <announced>2009-09-12</announced>
+  <revised count="01">2009-09-12</revised>
+  <bug>243058</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/lynx" auto="yes" arch="*">
+      <unaffected range="ge">2.8.6-r4</unaffected>
+      <vulnerable range="lt">2.8.6-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Lynx is a fully-featured WWW client for users running
+    cursor-addressable, character-cell display devices such as vt100
+    terminals and terminal emulators.
+    </p>
+  </background>
+  <description>
+    <p>
+    Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09)
+    only disabled the lynxcgi:// handler when not using the advanced mode.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker can entice a user to access a malicious HTTP server,
+    causing Lynx to execute arbitrary commands. NOTE: The advanced mode is
+    not enabled by default. Successful exploitation requires the
+    "lynxcgi://" protocol to be registered with lynx on the victim's
+    system.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Lynx users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/lynx-2.8.6-r4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2929">CVE-2005-2929</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4690">CVE-2008-4690</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200511-09.xml">GLSA 200511-09</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-07T11:47:31Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-28T08:16:43Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T03:37:19Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-16.xml b/metadata/glsa/glsa-200909-16.xml
new file mode 100644
index 000000000000..64761d810ec6
--- /dev/null
+++ b/metadata/glsa/glsa-200909-16.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-16">
+  <title>Wireshark: Denial of service</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Wireshark which allow for
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2009-09-13</announced>
+  <revised count="01">2009-09-13</revised>
+  <bug>278564</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a versatile network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Wireshark:
+    </p>
+    <ul>
+    <li>A
+    buffer overflow in the IPMI dissector related to an array index error
+    (CVE-2009-2559).</li>
+    <li>Multiple unspecified vulnerabilities in the
+    Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560).</li>
+    <li>An unspecified vulnerability in the sFlow dissector
+    (CVE-2009-2561).</li>
+    <li>An unspecified vulnerability in the AFS
+    dissector (CVE-2009-2562).</li>
+    <li>An unspecified vulnerability in the
+    Infiniband dissector when running on unspecified platforms
+    (CVE-2009-2563).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending
+    specially crafted packets on a network being monitored by Wireshark or
+    by enticing a user to read a malformed packet trace file to cause a
+    Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.2.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2559">CVE-2009-2559</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560">CVE-2009-2560</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2561">CVE-2009-2561</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562">CVE-2009-2562</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563">CVE-2009-2563</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-25T10:03:54Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-25T13:10:41Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-25T13:28:12Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-17.xml b/metadata/glsa/glsa-200909-17.xml
new file mode 100644
index 000000000000..a81251a69eb1
--- /dev/null
+++ b/metadata/glsa/glsa-200909-17.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-17">
+  <title>ZNC: Directory traversal</title>
+  <synopsis>
+    A directory traversal was found in ZNC, allowing for overwriting of
+    arbitrary files.
+  </synopsis>
+  <product type="ebuild">znc</product>
+  <announced>2009-09-13</announced>
+  <revised count="01">2009-09-13</revised>
+  <bug>278684</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/znc" auto="yes" arch="*">
+      <unaffected range="ge">0.074</unaffected>
+      <vulnerable range="lt">0.074</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ZNC is an advanced IRC bouncer.
+    </p>
+  </background>
+  <description>
+    <p>
+    The vendor reported a directory traversal vulnerability when processing
+    DCC SEND requests.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote, authenticated user could send a specially crafted DCC SEND
+    request to overwrite arbitrary files with the privileges of the user
+    running ZNC, and possibly cause the execution of arbitrary code e.g. by
+    uploading a malicious ZNC module.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ZNC users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/znc-0.074"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2658">CVE-2009-2658</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-14T18:19:47Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-14T18:28:31Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-08-31T08:50:23Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-18.xml b/metadata/glsa/glsa-200909-18.xml
new file mode 100644
index 000000000000..aa68098240dc
--- /dev/null
+++ b/metadata/glsa/glsa-200909-18.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-18">
+  <title>nginx: Remote execution of arbitrary code</title>
+  <synopsis>
+    A buffer underflow vulnerability in the request URI processing of nginx
+    might enable remote attackers to execute arbitrary code or cause a Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">nginx</product>
+  <announced>2009-09-18</announced>
+  <revised count="01">2009-09-18</revised>
+  <bug>285162</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="rge">0.5.38</unaffected>
+      <unaffected range="rge">0.6.39</unaffected>
+      <unaffected range="ge">0.7.62</unaffected>
+      <vulnerable range="lt">0.7.62</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    nginx is a robust, small and high performance HTTP and reverse proxy
+    server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Chris Ries reported a heap-based buffer underflow in the
+    ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when
+    parsing the request URI.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker might send a specially crafted request URI to a nginx
+    server, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running the server, or a Denial of
+    Service. NOTE: By default, nginx runs as the "nginx" user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All nginx 0.5.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-0.5.38"</code>
+    <p>
+    All nginx 0.6.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-0.6.39"</code>
+    <p>
+    All nginx 0.7.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-0.7.62"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629">CVE-2009-2629</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-09-14T19:21:09Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-09-14T19:51:52Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-09-18T19:40:49Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-19.xml b/metadata/glsa/glsa-200909-19.xml
new file mode 100644
index 000000000000..726f48f2a9b5
--- /dev/null
+++ b/metadata/glsa/glsa-200909-19.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-19">
+  <title>Dnsmasq: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Dnsmasq might result in the remote execution of
+    arbitrary code, or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">dnsmasq</product>
+  <announced>2009-09-20</announced>
+  <revised count="01">2009-09-20</revised>
+  <bug>282653</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.5.0</unaffected>
+      <vulnerable range="lt">2.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
+    server. It includes support for Trivial FTP (TFTP).
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in the TFTP functionality
+    included in Dnsmasq:
+    </p>
+    <ul>
+    <li>Pablo Jorge and Alberto Solino
+    discovered a heap-based buffer overflow (CVE-2009-2957).</li>
+    <li>An
+    anonymous researcher reported a NULL pointer reference
+    (CVE-2009-2958).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker in the local network could exploit these
+    vulnerabilities by sending specially crafted TFTP requests to a machine
+    running Dnsmasq, possibly resulting in the remote execution of
+    arbitrary code with the privileges of the user running the daemon, or a
+    Denial of Service. NOTE: The TFTP server is not enabled by default.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    You can disable the TFTP server either at buildtime by not enabling the
+    "tftp" USE flag, or at runtime. Make sure "--enable-tftp" is not set in
+    the DNSMASQ_OPTS variable in the /etc/conf.d/dnsmasq file and
+    "enable-tftp" is not set in /etc/dnsmasq.conf, either of which would
+    enable TFTP support if it is compiled in.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Dnsmasq users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.5.0"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957">CVE-2009-2957</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2958">CVE-2009-2958</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-09-01T10:28:12Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-09-20T18:56:49Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200909-20.xml b/metadata/glsa/glsa-200909-20.xml
new file mode 100644
index 000000000000..7dfafdb4ecce
--- /dev/null
+++ b/metadata/glsa/glsa-200909-20.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200909-20">
+  <title>cURL: Certificate validation error</title>
+  <synopsis>
+    An error in the X.509 certificate handling of cURL might enable remote
+    attackers to conduct man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2009-09-25</announced>
+  <revised count="01">2009-09-25</revised>
+  <bug>281515</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.19.6</unaffected>
+      <vulnerable range="lt">7.19.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    cURL is a command line tool for transferring files with URL syntax,
+    supporting numerous protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Scott Cantor reported that cURL does not properly handle fields in
+    X.509 certificates that contain an ASCII NUL (\0) character.
+    Specifically, the processing of such fields is stopped at the first
+    occurence of a NUL character. This type of vulnerability was recently
+    discovered by Dan Kaminsky and Moxie Marlinspike.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might employ a specially crafted X.509 certificate
+    (that for instance contains a NUL character in the Common Name field)
+    to conduct man-in-the-middle attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All cURL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.19.6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417">CVE-2009-2417</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-09-13T18:08:24Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-09-14T12:08:01Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-09-25T18:22:08Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200910-01.xml b/metadata/glsa/glsa-200910-01.xml
new file mode 100644
index 000000000000..d4df7bf7a921
--- /dev/null
+++ b/metadata/glsa/glsa-200910-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200910-01">
+  <title>Wget: Certificate validation error</title>
+  <synopsis>
+    An error in the X.509 certificate handling of Wget might enable remote
+    attackers to conduct man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2009-10-20</announced>
+  <revised count="01">2009-10-20</revised>
+  <bug>286058</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.12</unaffected>
+      <vulnerable range="lt">1.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GNU Wget is a free software package for retrieving files using HTTP,
+    HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    The vendor reported that Wget does not properly handle Common Name (CN)
+    fields in X.509 certificates that contain an ASCII NUL (\0) character.
+    Specifically, the processing of such fields is stopped at the first
+    occurrence of a NUL character. This type of vulnerability was recently
+    discovered by Dan Kaminsky and Moxie Marlinspike.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might employ a specially crafted X.509 certificate,
+    containing a NUL character in the Common Name field to conduct
+    man-in-the-middle attacks on SSL connections made using Wget.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wget users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.12"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3490">CVE-2009-3490</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-10-07T19:10:37Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-10-07T19:14:43Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-10-20T19:38:52Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200910-02.xml b/metadata/glsa/glsa-200910-02.xml
new file mode 100644
index 000000000000..78f489794397
--- /dev/null
+++ b/metadata/glsa/glsa-200910-02.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200910-02">
+  <title>Pidgin: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Pidgin, leading to the
+    remote execution of arbitrary code, unauthorized information disclosure, or
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">pidgin</product>
+  <announced>2009-10-22</announced>
+  <revised count="01">2009-10-22</revised>
+  <bug>276000</bug>
+  <bug>281545</bug>
+  <bug>283324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/pidgin" auto="yes" arch="*">
+      <unaffected range="ge">2.5.9-r1</unaffected>
+      <vulnerable range="lt">2.5.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Pidgin is a client for a variety of instant messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in Pidgin:
+    </p>
+    <ul>
+    <li>Yuriy
+    Kaminskiy reported that the OSCAR protocol implementation in Pidgin
+    misinterprets the ICQWebMessage message type as the ICQSMS message
+    type, triggering an allocation of a large amount of memory
+    (CVE-2009-1889).</li>
+    <li>Federico Muttis of Core Security Technologies
+    reported that the msn_slplink_process_msg() function in
+    libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin
+    doesn't properly process incoming SLP messages, triggering an overwrite
+    of an arbitrary memory location (CVE-2009-2694). NOTE: This issue
+    reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA
+    200905-07).</li>
+    <li>bugdave reported that protocols/jabber/auth.c in
+    libpurple as used in Pidgin does not follow the "require TSL/SSL"
+    preference when connecting to older Jabber servers that do not follow
+    the XMPP specification, resulting in a connection to the server without
+    the expected encryption (CVE-2009-3026).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send specially crafted SLP (via MSN) or ICQ web
+    messages, possibly leading to execution of arbitrary code with the
+    privileges of the user running Pidgin, unauthorized information
+    disclosure, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Pidgin users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.5.9-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376">CVE-2009-1376</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1889">CVE-2009-1889</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694">CVE-2009-2694</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026">CVE-2009-3026</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200905-07.xml">GLSA 200905-07</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-31T02:16:12Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-31T07:10:07Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-10-22T19:06:35Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200910-03.xml b/metadata/glsa/glsa-200910-03.xml
new file mode 100644
index 000000000000..c54cd5718e5c
--- /dev/null
+++ b/metadata/glsa/glsa-200910-03.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200910-03">
+  <title>Adobe Reader: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Adobe Reader might result in the execution of
+    arbitrary code, or other attacks.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2009-10-25</announced>
+  <revised count="01">2009-10-25</revised>
+  <bug>289016</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">9.2</unaffected>
+      <vulnerable range="lt">9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
+    reader.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Adobe Reader. For further
+    information please consult the CVE entries and the Adobe Security
+    Bulletin referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might entice a user to open a specially crafted PDF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, Denial of Service, the
+    creation of arbitrary files on the victim's system, "Trust Manager"
+    bypass, or social engineering attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb09-15.html">APSB09-15</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045">CVE-2007-0045</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048">CVE-2007-0048</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979">CVE-2009-2979</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980">CVE-2009-2980</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981">CVE-2009-2981</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982">CVE-2009-2982</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983">CVE-2009-2983</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985">CVE-2009-2985</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986">CVE-2009-2986</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988">CVE-2009-2988</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990">CVE-2009-2990</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991">CVE-2009-2991</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993">CVE-2009-2993</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994">CVE-2009-2994</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996">CVE-2009-2996</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997">CVE-2009-2997</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998">CVE-2009-2998</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431">CVE-2009-3431</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458">CVE-2009-3458</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459">CVE-2009-3459</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462">CVE-2009-3462</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-10-24T18:48:21Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-10-24T23:09:06Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-10-24T23:09:17Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200911-01.xml b/metadata/glsa/glsa-200911-01.xml
new file mode 100644
index 000000000000..3906bddb1803
--- /dev/null
+++ b/metadata/glsa/glsa-200911-01.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200911-01">
+  <title>Horde: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the Horde Application Framework can allow for
+    arbitrary files to be overwritten and cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">horde horde-webmail horde-groupware</product>
+  <announced>2009-11-06</announced>
+  <revised count="01">2009-11-06</revised>
+  <bug>285052</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/horde" auto="yes" arch="*">
+      <unaffected range="ge">3.3.5</unaffected>
+      <vulnerable range="lt">3.3.5</vulnerable>
+    </package>
+    <package name="www-apps/horde-webmail" auto="yes" arch="*">
+      <unaffected range="ge">1.2.4</unaffected>
+      <vulnerable range="lt">1.2.4</vulnerable>
+    </package>
+    <package name="www-apps/horde-groupware" auto="yes" arch="*">
+      <unaffected range="ge">1.2.4</unaffected>
+      <vulnerable range="lt">1.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Horde is a web application framework written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Horde:
+    </p>
+    <ul>
+    <li>Stefan Esser of Sektion1 reported an error within the form library
+    when handling image form fields (CVE-2009-3236).</li>
+    <li>Martin
+    Geisler and David Wharton reported that an error exists in the MIME
+    viewer library when viewing unknown text parts and the preferences
+    system in services/prefs.php when handling number preferences
+    (CVE-2009-3237).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote authenticated attacker could exploit these vulnerabilities to
+    overwrite arbitrary files on the server, provided that the user has
+    write permissions. A remote authenticated attacker could conduct
+    Cross-Site Scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Horde users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-3.3.5"</code>
+    <p>
+    All Horde webmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-webmail-1.2.4"</code>
+    <p>
+    All Horde groupware users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/horde-groupware-1.2.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3236">CVE-2009-3236</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3237">CVE-2009-3237</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-10-20T19:14:03Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-10-28T17:35:14Z">
+    chainsaw
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-11-06T12:02:09Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200911-02.xml b/metadata/glsa/glsa-200911-02.xml
new file mode 100644
index 000000000000..e89f9700b6e0
--- /dev/null
+++ b/metadata/glsa/glsa-200911-02.xml
@@ -0,0 +1,237 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200911-02">
+  <title>Sun JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks,
+    including the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java blackdown-jre blackdown-jdk</product>
+  <announced>2009-11-17</announced>
+  <revised count="01">2009-11-17</revised>
+  <bug>182824</bug>
+  <bug>231337</bug>
+  <bug>250012</bug>
+  <bug>263810</bug>
+  <bug>280409</bug>
+  <bug>291817</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="rge">1.5.0.22</unaffected>
+      <unaffected range="ge">1.6.0.17</unaffected>
+      <vulnerable range="lt">1.6.0.17</vulnerable>
+    </package>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="rge">1.5.0.22</unaffected>
+      <unaffected range="ge">1.6.0.17</unaffected>
+      <vulnerable range="lt">1.6.0.17</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jre" auto="yes" arch="*">
+      <vulnerable range="le">1.4.2.03-r14</vulnerable>
+    </package>
+    <package name="dev-java/blackdown-jdk" auto="yes" arch="*">
+      <vulnerable range="le">1.4.2.03-r16</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
+      <unaffected range="rge">1.5.0.22</unaffected>
+      <unaffected range="ge">1.6.0.17</unaffected>
+      <vulnerable range="lt">1.6.0.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
+    (JRE) provide the Sun Java platform.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in the Sun Java
+    implementation. Please review the CVE identifiers referenced below and
+    the associated Sun Alerts for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted JAR
+    archive, applet, or Java Web Start application, possibly resulting in
+    the execution of arbitrary code with the privileges of the user running
+    the application. Furthermore, a remote attacker could cause a Denial of
+    Service affecting multiple services via several vectors, disclose
+    information and memory contents, write or execute local files, conduct
+    session hijacking attacks via GIFAR files, steal cookies, bypass the
+    same-origin policy, load untrusted JAR files, establish network
+    connections to arbitrary hosts and posts via several vectors, modify
+    the list of supported graphics configurations, bypass HMAC-based
+    authentication systems, escalate privileges via several vectors and
+    cause applet code to be executed with older, possibly vulnerable
+    versions of the JRE.
+    </p>
+    <p>
+    NOTE: Some vulnerabilities require a trusted environment, user
+    interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Sun JRE 1.5.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.5.0.22"</code>
+    <p>
+    All Sun JRE 1.6.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.6.0.17"</code>
+    <p>
+    All Sun JDK 1.5.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.5.0.22"</code>
+    <p>
+    All Sun JDK 1.6.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.6.0.17"</code>
+    <p>
+    All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-java-1.5.0.22"</code>
+    <p>
+    All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-java-1.6.0.17"</code>
+    <p>
+    All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and
+    precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge
+    Java 1.4:
+    </p>
+    <code>
+    # emerge --unmerge =app-emulation/emul-linux-x86-java-1.4*
+    # emerge --unmerge =dev-java/sun-jre-bin-1.4*
+    # emerge --unmerge =dev-java/sun-jdk-1.4*
+    # emerge --unmerge dev-java/blackdown-jdk
+    # emerge --unmerge dev-java/blackdown-jre</code>
+    <p>
+    Gentoo is ceasing support for the 1.4 generation of the Sun Java
+    Platform in accordance with upstream. All 1.4 JRE and JDK versions are
+    masked and will be removed shortly.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086">CVE-2008-2086</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103">CVE-2008-3103</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104">CVE-2008-3104</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105">CVE-2008-3105</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106">CVE-2008-3106</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107">CVE-2008-3107</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108">CVE-2008-3108</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109">CVE-2008-3109</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110">CVE-2008-3110</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111">CVE-2008-3111</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112">CVE-2008-3112</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113">CVE-2008-3113</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114">CVE-2008-3114</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3115">CVE-2008-3115</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339">CVE-2008-5339</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340">CVE-2008-5340</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341">CVE-2008-5341</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342">CVE-2008-5342</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343">CVE-2008-5343</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344">CVE-2008-5344</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345">CVE-2008-5345</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346">CVE-2008-5346</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347">CVE-2008-5347</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348">CVE-2008-5348</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349">CVE-2008-5349</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350">CVE-2008-5350</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351">CVE-2008-5351</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352">CVE-2008-5352</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353">CVE-2008-5353</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354">CVE-2008-5354</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5355">CVE-2008-5355</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356">CVE-2008-5356</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357">CVE-2008-5357</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358">CVE-2008-5358</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359">CVE-2008-5359</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360">CVE-2008-5360</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093">CVE-2009-1093</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094">CVE-2009-1094</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095">CVE-2009-1095</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096">CVE-2009-1096</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097">CVE-2009-1097</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098">CVE-2009-1098</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099">CVE-2009-1099</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100">CVE-2009-1100</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101">CVE-2009-1101</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102">CVE-2009-1102</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103">CVE-2009-1103</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104">CVE-2009-1104</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105">CVE-2009-1105</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106">CVE-2009-1106</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107">CVE-2009-1107</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409">CVE-2009-2409</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2475">CVE-2009-2475</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2476">CVE-2009-2476</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670">CVE-2009-2670</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671">CVE-2009-2671</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672">CVE-2009-2672</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673">CVE-2009-2673</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2674">CVE-2009-2674</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675">CVE-2009-2675</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676">CVE-2009-2676</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2689">CVE-2009-2689</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2690">CVE-2009-2690</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716">CVE-2009-2716</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718">CVE-2009-2718</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719">CVE-2009-2719</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720">CVE-2009-2720</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721">CVE-2009-2721</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722">CVE-2009-2722</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723">CVE-2009-2723</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724">CVE-2009-2724</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728">CVE-2009-3728</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3729">CVE-2009-3729</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3865">CVE-2009-3865</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3866">CVE-2009-3866</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867">CVE-2009-3867</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3868">CVE-2009-3868</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869">CVE-2009-3869</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871">CVE-2009-3871</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3872">CVE-2009-3872</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873">CVE-2009-3873</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874">CVE-2009-3874</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875">CVE-2009-3875</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876">CVE-2009-3876</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877">CVE-2009-3877</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879">CVE-2009-3879</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880">CVE-2009-3880</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881">CVE-2009-3881</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882">CVE-2009-3882</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883">CVE-2009-3883</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884">CVE-2009-3884</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3886">CVE-2009-3886</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-04-07T06:55:57Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-11-17T19:42:31Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200911-03.xml b/metadata/glsa/glsa-200911-03.xml
new file mode 100644
index 000000000000..7bb7298de6c7
--- /dev/null
+++ b/metadata/glsa/glsa-200911-03.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200911-03">
+  <title>UW IMAP toolkit: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been found in the UW IMAP toolkit and the
+    c-client library, the worst of which leading to the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">c-client uw-imap</product>
+  <announced>2009-11-25</announced>
+  <revised count="01">2009-11-25</revised>
+  <bug>245425</bug>
+  <bug>252567</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/c-client" auto="yes" arch="*">
+      <unaffected range="ge">2007e</unaffected>
+      <vulnerable range="lt">2007e</vulnerable>
+    </package>
+    <package name="net-mail/uw-imap" auto="yes" arch="*">
+      <unaffected range="ge">2007e</unaffected>
+      <vulnerable range="lt">2007e</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The UW IMAP toolkit is a daemon for the IMAP and POP3 network mail
+    protocols. The c-client library provides an API for IMAP, POP3 and
+    other protocols.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in the UW IMAP toolkit:
+    </p>
+    <ul>
+    <li>Aron Andersson and Jan Sahlin of Bitsec reported boundary errors in
+    the "tmail" and "dmail" utilities when processing overly long mailbox
+    names, leading to stack-based buffer overflows (CVE-2008-5005).</li>
+    <li>An error in smtp.c in the c-client library was found, leading to a
+    NULL pointer dereference vulnerability (CVE-2008-5006).</li>
+    <li>Ludwig
+    Nussel reported an off-by-one error in the rfc822_output_char()
+    function in the RFC822BUFFER routines in the c-client library, as used
+    by the UW IMAP toolkit (CVE-2008-5514).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could send an e-mail to a destination mailbox name
+    composed of a username and '+' character followed by a long string,
+    possibly leading to the execution of arbitrary code. A local attacker
+    could gain privileges by specifying a long folder extension argument to
+    the tmail or dmail program. Furthermore, a remote attacker could send a
+    specially crafted mail message to the UW IMAP toolkit or another daemon
+    using the c-client library, leading to a Denial of Service. A remote
+    SMTP server could respond to the QUIT command with a close of the TCP
+    connection instead of the expected 221 response code, possibly leading
+    to a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All c-client library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/c-client-2007e"</code>
+    <p>
+    All UW IMAP toolkit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/uw-imap-2007e"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005">CVE-2008-5005</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5006">CVE-2008-5006</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514">CVE-2008-5514</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-01-13T17:17:18Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-01-13T17:27:25Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-11-25T13:23:47Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200911-04.xml b/metadata/glsa/glsa-200911-04.xml
new file mode 100644
index 000000000000..4717c875c46e
--- /dev/null
+++ b/metadata/glsa/glsa-200911-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200911-04">
+  <title>dstat: Untrusted search path</title>
+  <synopsis>
+    An untrusted search path vulnerability in the dstat might result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">dstat</product>
+  <announced>2009-11-25</announced>
+  <revised count="01">2009-11-25</revised>
+  <bug>293497</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dstat" auto="yes" arch="*">
+      <unaffected range="ge">0.6.9-r1</unaffected>
+      <vulnerable range="lt">0.6.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    dstat is a versatile system resource monitor written in Python.
+    </p>
+  </background>
+  <description>
+    <p>
+    Robert Buchholz of the Gentoo Security Team reported that dstat
+    includes the current working directory and subdirectories in the Python
+    module search path (sys.path) before calling "import".
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to run "dstat" from a directory
+    containing a specially crafted Python module, resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run "dstat" from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All dstat users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/dstat-0.6.9-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3894">CVE-2009-3894</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-17T12:30:20Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-11-17T12:35:21Z">
+    rbu
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-11-25T13:40:09Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200911-05.xml b/metadata/glsa/glsa-200911-05.xml
new file mode 100644
index 000000000000..932e58d9f27e
--- /dev/null
+++ b/metadata/glsa/glsa-200911-05.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200911-05">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Wireshark, allowing for
+    the remote execution of arbitrary code, or Denial of Service.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2009-11-25</announced>
+  <revised count="01">2009-11-25</revised>
+  <bug>285280</bug>
+  <bug>290710</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <vulnerable range="lt">1.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a versatile network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Wireshark:
+    </p>
+    <ul><li>Ryan Giobbi reported an integer overflow in wiretap/erf.c
+    (CVE-2009-3829).</li>
+    <li>The vendor reported multiple unspecified
+    vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors
+    (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in
+    the GSM A RR dissector (CVE-2009-3242), in the TLS dissector
+    (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the
+    DCERPC/NT dissector (CVE-2009-3550), and in the
+    dissect_negprot_response() function in packet-smb.c in the SMB
+    dissector (CVE-2009-3551).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted "erf"
+    file using Wireshark, possibly resulting in the execution of arbitrary
+    code with the privileges of the user running the application. A remote
+    attacker could furthermore send specially crafted packets on a network
+    being monitored by Wireshark or entice a user to open a malformed
+    packet trace file using Wireshark, possibly resulting in a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.2.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560">CVE-2009-2560</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241">CVE-2009-3241</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242">CVE-2009-3242</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3243">CVE-2009-3243</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3549">CVE-2009-3549</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3550">CVE-2009-3550</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3551">CVE-2009-3551</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3829">CVE-2009-3829</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-04T23:06:15Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-11-04T23:24:04Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-11-25T15:36:13Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200911-06.xml b/metadata/glsa/glsa-200911-06.xml
new file mode 100644
index 000000000000..2f5292317958
--- /dev/null
+++ b/metadata/glsa/glsa-200911-06.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200911-06">
+  <title>PEAR Net_Traceroute: Command injection</title>
+  <synopsis>
+    An input sanitation error in PEAR Net_Traceroute might allow remote
+    attackers to execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">PEAR-Net_Traceroute</product>
+  <announced>2009-11-26</announced>
+  <revised count="01">2009-11-26</revised>
+  <bug>294264</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/PEAR-Net_Traceroute" auto="yes" arch="*">
+      <unaffected range="ge">0.21.2</unaffected>
+      <vulnerable range="lt">0.21.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PEAR Net_Traceroute is an OS independent wrapper class for executing
+    traceroute calls from PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Pasquale Imperato reported that the $host parameter to the traceroute()
+    function in Traceroute.php is not properly sanitized before being
+    passed to exec().
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit this vulnerability when user input is
+    passed directly to PEAR Net_Traceroute in a PHP script, possibly
+    resulting in the remote execution of arbitrary shell commands with the
+    privileges of the user running the affected PHP script.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Ensure that all data that is passed to the traceroute() function is
+    properly shell escaped (for instance using the escapeshellcmd()
+    function).
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PEAR Net_Traceroute users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-Net_Traceroute-0.21.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4025">CVE-2009-4025</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-26T07:38:17Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-11-26T07:53:00Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-11-26T19:14:35Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200912-01.xml b/metadata/glsa/glsa-200912-01.xml
new file mode 100644
index 000000000000..5e572235c10e
--- /dev/null
+++ b/metadata/glsa/glsa-200912-01.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200912-01">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in OpenSSL might allow remote attackers to conduct
+    multiple attacks, including the injection of arbitrary data into encrypted
+    byte streams.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2009-12-01</announced>
+  <revised count="02">2009-12-02</revised>
+  <bug>270305</bug>
+  <bug>280591</bug>
+  <bug>292022</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">0.9.8l-r2</unaffected>
+      <vulnerable range="lt">0.9.8l-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+    (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+    purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in OpenSSL:
+    </p>
+    <ul>
+    <li>Marsh Ray of PhoneFactor and Martin Rex of SAP independently
+    reported that the TLS protocol does not properly handle session
+    renegotiation requests (CVE-2009-3555).</li>
+    <li>The MD2 hash algorithm is no longer considered to be
+    cryptographically strong, as demonstrated by Dan Kaminsky. Certificates
+    using this algorithm are no longer accepted (CVE-2009-2409).</li>
+    <li>Daniel Mentz and Robin Seggelmann reported the following
+    vulnerabilities related to DTLS: A use-after-free flaw (CVE-2009-1379)
+    and a NULL pointer dereference (CVE-2009-1387) in the
+    dtls1_retrieve_buffered_fragment() function in src/d1_both.c, multiple
+    memory leaks in the dtls1_process_out_of_seq_message() function in
+    src/d1_both.c (CVE-2009-1378), and a processing error related to a
+    large amount of DTLS records with a future epoch in the
+    dtls1_buffer_record() function in ssl/d1_pkt.c
+    (CVE-2009-1377).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote unauthenticated attacker, acting as a Man in the Middle, could
+    inject arbitrary plain text into a TLS session, possibly leading to the
+    ability to send requests as if authenticated as the victim. A remote
+    attacker could furthermore send specially crafted DTLS packages to a
+    service using OpenSSL for DTLS support, possibly resulting in a Denial
+    of Service. Also, a remote attacker might be able to create rogue
+    certificates, facilitated by a MD2 collision. NOTE: The amount of
+    computation needed for this attack is still very large.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenSSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8l-r2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377">CVE-2009-1377</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378">CVE-2009-1378</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379">CVE-2009-1379</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387">CVE-2009-1387</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409">CVE-2009-2409</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-23T21:29:47Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-11-30T13:42:39Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-12-01T21:28:40Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-200912-02.xml b/metadata/glsa/glsa-200912-02.xml
new file mode 100644
index 000000000000..3dbddc4033f2
--- /dev/null
+++ b/metadata/glsa/glsa-200912-02.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200912-02">
+  <title>Ruby on Rails: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been discovered in Rails, the worst of which
+    leading to the execution of arbitrary SQL statements.
+  </synopsis>
+  <product type="ebuild">rails</product>
+  <announced>2009-12-20</announced>
+  <revised count="01">2009-12-20</revised>
+  <bug>200159</bug>
+  <bug>237385</bug>
+  <bug>247549</bug>
+  <bug>276279</bug>
+  <bug>283396</bug>
+  <bug>294797</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/rails" auto="yes" arch="*">
+      <unaffected range="ge">2.3.5</unaffected>
+      <unaffected range="rge">2.2.3-r1</unaffected>
+      <vulnerable range="lt">2.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby on Rails is a web-application and persistence framework.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were discovered:
+    </p>
+    <ul>
+    <li>sameer
+    reported that lib/action_controller/cgi_process.rb removes the
+    :cookie_only attribute from the default session options
+    (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA
+    200711-17).</li>
+    <li>Tobias Schlottke reported that the :limit and
+    :offset parameters of ActiveRecord::Base.find() are not properly
+    sanitized before being processed (CVE-2008-4094).</li>
+    <li>Steve from
+    Coderrr reported that the CRSF protection in protect_from_forgery()
+    does not parse the text/plain MIME format (CVE-2008-7248).</li>
+    <li>Nate reported a documentation error that leads to the assumption
+    that a block returning nil passed to
+    authenticate_or_request_with_http_digest() would deny access to the
+    requested resource (CVE-2009-2422).</li>
+    <li>Brian Mastenbrook reported
+    an input sanitation flaw, related to multibyte characters
+    (CVE-2009-3009).</li>
+    <li>Gabe da Silveira reported an input sanitation
+    flaw in the strip_tags() function (CVE-2009-4214).</li>
+    <li>Coda Hale
+    reported an information disclosure vulnerability related to HMAC
+    digests (CVE-2009-3086).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted requests to a vulnerable
+    application, possibly leading to the execution of arbitrary SQL
+    statements or a circumvention of access control. A remote attacker
+    could also conduct session fixation attacks to hijack a user's session
+    or bypass the CSRF protection mechanism, or furthermore conduct
+    Cross-Site Scripting attacks or forge a digest via multiple attempts.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby on Rails 2.3.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rails-2.3.5"</code>
+    <p>
+    All Ruby on Rails 2.2.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "=dev-ruby/rails-2.2.3-r1"</code>
+    <p>
+    NOTE: All applications using Ruby on Rails should also be configured to
+    use the latest version available by running "rake rails:update" inside
+    the application directory.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380">CVE-2007-5380</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077">CVE-2007-6077</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094">CVE-2008-4094</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248">CVE-2008-7248</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422">CVE-2009-2422</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009">CVE-2009-3009</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086">CVE-2009-3086</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214">CVE-2009-4214</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-17.xml">GLSA 200711-17</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-30T18:11:48Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-03-11T19:07:59Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-03-19T12:17:35Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-01.xml b/metadata/glsa/glsa-201001-01.xml
new file mode 100644
index 000000000000..a46349146899
--- /dev/null
+++ b/metadata/glsa/glsa-201001-01.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-01">
+  <title>NTP: Denial of service</title>
+  <synopsis>
+    A Denial of Service condition in ntpd can cause excessive CPU or bandwidth
+    consumption.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2010-01-03</announced>
+  <revised count="01">2010-01-03</revised>
+  <bug>290881</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4_p7-r1</unaffected>
+      <vulnerable range="lt">4.2.4_p7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    NTP is a set of the Network Time Protocol programs.
+    </p>
+  </background>
+  <description>
+    <p>
+    Robin Park and Dmitri Vinokurov discovered that ntp_request.c in ntpd
+    does not handle MODE_PRIVATE packets correctly, causing a continuous
+    exchange of MODE_PRIVATE error responses between two NTP daemons or
+    causing high CPU load on a single host.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote, unauthenticated attacker could send a specially crafted
+    MODE_PRIVATE packet, allowing for a Denial of Service condition (CPU
+    and bandwidth consumption).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All NTP users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.4_p7-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563">CVE-2009-3563</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-12-10T20:02:44Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-12-30T15:53:37Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-01-03T00:05:58Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-02.xml b/metadata/glsa/glsa-201001-02.xml
new file mode 100644
index 000000000000..0264448a8d78
--- /dev/null
+++ b/metadata/glsa/glsa-201001-02.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Adobe Flash Player might allow remote attackers
+    to execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2010-01-03</announced>
+  <revised count="01">2010-01-03</revised>
+  <bug>296407</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">10.0.42.34</unaffected>
+      <vulnerable range="lt">10.0.42.34</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Adobe Flash Player is a renderer for the SWF file format, which is
+    commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Adobe Flash Player:
+    </p>
+    <ul><li>An anonymous researcher working with the Zero Day
+    Initiative reported that Adobe Flash Player does not properly process
+    JPEG files (CVE-2009-3794).</li>
+    <li>Jim Cheng of EffectiveUI reported
+    an unspecified data injection vulnerability (CVE-2009-3796).</li>
+    <li>Bing Liu of Fortinet's FortiGuard Labs reported multiple
+    unspecified memory corruption vulnerabilities (CVE-2009-3797,
+    CVE-2009-3798).</li>
+    <li>Damian Put reported an integer overflow in the
+    Verifier::parseExceptionHandlers() function (CVE-2009-3799).</li>
+    <li>Will Dormann of CERT reported multiple unspecified Denial of
+    Service vulnerabilities (CVE-2009-3800).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted SWF
+    file, possibly resulting in the remote execution of arbitrary code with
+    the privileges of the user running the application, or a Denial of
+    Service via unknown vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Flash Player users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-10.0.42.34"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3794">CVE-2009-3794</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796">CVE-2009-3796</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3797">CVE-2009-3797</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3798">CVE-2009-3798</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3799">CVE-2009-3799</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3800">CVE-2009-3800</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-12-18T01:11:11Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-12-31T14:21:28Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-01-03T17:18:41Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-03.xml b/metadata/glsa/glsa-201001-03.xml
new file mode 100644
index 000000000000..b266d780a29c
--- /dev/null
+++ b/metadata/glsa/glsa-201001-03.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-03">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in PHP, the worst of which leading to
+    the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2010-01-05</announced>
+  <revised count="01">2010-01-05</revised>
+  <bug>249875</bug>
+  <bug>255121</bug>
+  <bug>260576</bug>
+  <bug>261192</bug>
+  <bug>266125</bug>
+  <bug>274670</bug>
+  <bug>280602</bug>
+  <bug>285434</bug>
+  <bug>292132</bug>
+  <bug>293888</bug>
+  <bug>297369</bug>
+  <bug>297370</bug>
+  <access>local remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.2.12</unaffected>
+      <vulnerable range="lt">5.2.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    PHP is a widely-used general-purpose scripting language that is
+    especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in PHP. Please review the
+    CVE identifiers referenced below and the associated PHP release notes
+    for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A context-dependent attacker could execute arbitrary code via a
+    specially crafted string containing an HTML entity when the mbstring
+    extension is enabled. Furthermore a remote attacker could execute
+    arbitrary code via a specially crafted GD graphics file.
+    </p>
+    <p>
+    A remote attacker could also cause a Denial of Service via a malformed
+    string passed to the json_decode() function, via a specially crafted
+    ZIP file passed to the php_zip_make_relative_path() function, via a
+    malformed JPEG image passed to the exif_read_data() function, or via
+    temporary file exhaustion. It is also possible for an attacker to spoof
+    certificates, bypass various safe_mode and open_basedir restrictions
+    when certain criteria are met, perform Cross-site scripting attacks,
+    more easily perform SQL injection attacks, manipulate settings of other
+    virtual hosts on the same server via a malicious .htaccess entry when
+    running on Apache, disclose memory portions, and write arbitrary files
+    via a specially crafted ZIP archive. Some vulnerabilities with unknown
+    impact and attack vectors have been reported as well.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All PHP users should upgrade to the latest version. As PHP is
+    statically linked against a vulnerable version of the c-client library
+    when the imap or kolab USE flag is enabled (GLSA 200911-03), users
+    should upgrade net-libs/c-client beforehand:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-libs/c-client-2007e"
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.2.12"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498">CVE-2008-5498</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514">CVE-2008-5514</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557">CVE-2008-5557</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5624">CVE-2008-5624</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5625">CVE-2008-5625</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5658">CVE-2008-5658</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5814">CVE-2008-5814</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5844">CVE-2008-5844</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7002">CVE-2008-7002</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754">CVE-2009-0754</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1271">CVE-2009-1271</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1272">CVE-2009-1272</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2626">CVE-2009-2626</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687">CVE-2009-2687</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291">CVE-2009-3291</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292">CVE-2009-3292</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293">CVE-2009-3293</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546">CVE-2009-3546</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557">CVE-2009-3557</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558">CVE-2009-3558</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017">CVE-2009-4017</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142">CVE-2009-4142</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143">CVE-2009-4143</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200911-03.xml">GLSA 200911-03</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-11-06T10:26:06Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-11-26T09:22:21Z">
+    rbu
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-04.xml b/metadata/glsa/glsa-201001-04.xml
new file mode 100644
index 000000000000..aa1f176917b2
--- /dev/null
+++ b/metadata/glsa/glsa-201001-04.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-04">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in VirtualBox were found, the worst of which
+    allowing for privilege escalation.
+  </synopsis>
+  <product type="ebuild">virtualbox-bin virtualbox-ose virtualbox-guest-additions virtualbox-ose-additions</product>
+  <announced>2010-01-13</announced>
+  <revised count="01">2010-01-13</revised>
+  <bug>288836</bug>
+  <bug>294678</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
+      <unaffected range="ge">3.0.12</unaffected>
+      <vulnerable range="lt">3.0.12</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-ose" auto="yes" arch="*">
+      <unaffected range="ge">3.0.12</unaffected>
+      <vulnerable range="lt">3.0.12</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-guest-additions" auto="yes" arch="*">
+      <unaffected range="ge">3.0.12</unaffected>
+      <vulnerable range="lt">3.0.12</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-ose-additions" auto="yes" arch="*">
+      <unaffected range="ge">3.0.12</unaffected>
+      <vulnerable range="lt">3.0.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The VirtualBox family provides powerful x86 virtualization products.
+    </p>
+  </background>
+  <description>
+    <p>
+    Thomas Biege of SUSE discovered multiple vulnerabilities:
+    </p>
+    <ul><li>A shell metacharacter injection in popen() (CVE-2009-3692) and
+    a possible buffer overflow in strncpy() in the VBoxNetAdpCtl
+    configuration tool.</li>
+    <li>An unspecified vulnerability in VirtualBox
+    Guest Additions (CVE-2009-3940).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A local, unprivileged attacker with the permission to run VirtualBox
+    could gain root privileges. A guest OS local user could cause a Denial
+    of Service (memory consumption) on the guest OS via unknown vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All users of the binary version of VirtualBox should upgrade to the
+    latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-bin-3.0.12"</code>
+    <p>
+    All users of the Open Source version of VirtualBox should upgrade to
+    the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-ose-3.0.12"</code>
+    <p>
+    All users of the binary VirtualBox Guest Additions should upgrade to
+    the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-guest-additions-3.0.12"</code>
+    <p>
+    All users of the Open Source VirtualBox Guest Additions should upgrade
+    to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-ose-additions-3.0.12"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692">CVE-2009-3692</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940">CVE-2009-3940</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-09T23:19:24Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-01-05T20:50:17Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-01-10T19:41:20Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-05.xml b/metadata/glsa/glsa-201001-05.xml
new file mode 100644
index 000000000000..b21678e76661
--- /dev/null
+++ b/metadata/glsa/glsa-201001-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-05">
+  <title>net-snmp: Authorization bypass</title>
+  <synopsis>
+    A remote attacker can bypass the tcp-wrappers client authorization in
+    net-snmp.
+  </synopsis>
+  <product type="ebuild">net-snmp</product>
+  <announced>2010-01-13</announced>
+  <revised count="01">2010-01-13</revised>
+  <bug>250429</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.4.2.1-r1</unaffected>
+      <vulnerable range="lt">5.4.2.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    net-snmp bundles software for generating and retrieving SNMP data.
+    </p>
+  </background>
+  <description>
+    <p>
+    The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when
+    using TCP wrappers for client authorization, does not properly parse
+    hosts.allow rules.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote, unauthenticated attacker could bypass the ACL filtering,
+    possibly resulting in the execution of arbitrary SNMP queries.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    If possible, protect net-snmp with custom iptables rules:
+    </p>
+    <code>
+    iptables -s [client] -d [host] -p udp --dport 161 -j ACCEPT
+    iptables -s 0.0.0.0/0 -d [host] -p udp --dport 161 -j DROP</code>
+  </workaround>
+  <resolution>
+    <p>
+    All net-snmp users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/net-snmp-5.4.2.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123">CVE-2008-6123</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-09-28T18:16:15Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-01-05T21:17:32Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-01-10T19:40:57Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-06.xml b/metadata/glsa/glsa-201001-06.xml
new file mode 100644
index 000000000000..57a31cc9e5e8
--- /dev/null
+++ b/metadata/glsa/glsa-201001-06.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-06">
+  <title>aria2: Multiple vulnerabilities</title>
+  <synopsis>
+    A buffer overflow and a format string vulnerability in aria2 allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">aria2</product>
+  <announced>2010-01-13</announced>
+  <revised count="01">2010-01-13</revised>
+  <bug>288291</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/aria2" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3</unaffected>
+      <vulnerable range="lt">1.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    aria2 is a download utility with resuming and segmented downloading
+    with HTTP/HTTPS/FTP/BitTorrent support.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tatsuhiro Tsujikawa reported a buffer overflow in
+    DHTRoutingTableDeserializer.cc (CVE-2009-3575) and a format string
+    vulnerability in the AbstractCommand::onAbort() function in
+    src/AbstractCommand.cc (CVE-2009-3617).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote, unauthenticated attacker could possibly execute arbitrary
+    code with the privileges of the user running the application or cause a
+    Denial of Service (application crash).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not use DHT (CVE-2009-3575) and disable logging (CVE-2009-3617).
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All aria2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/aria2-1.6.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3575">CVE-2009-3575</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3617">CVE-2009-3617</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-06T09:27:41Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-01-05T21:05:40Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-01-10T19:40:46Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-07.xml b/metadata/glsa/glsa-201001-07.xml
new file mode 100644
index 000000000000..9ba9be6975f1
--- /dev/null
+++ b/metadata/glsa/glsa-201001-07.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-07">
+  <title>Blender: Untrusted search path</title>
+  <synopsis>
+    An untrusted search path vulnerability in Blender might result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">blender</product>
+  <announced>2010-01-13</announced>
+  <revised count="01">2010-01-13</revised>
+  <bug>245310</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-gfx/blender" auto="yes" arch="*">
+      <unaffected range="ge">2.48a-r3</unaffected>
+      <vulnerable range="lt">2.48a-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Blender is a 3D Creation/Animation/Publishing System.
+    </p>
+  </background>
+  <description>
+    <p>
+    Steffen Joeris reported that Blender's BPY_interface calls
+    PySys_SetArgv() in such a way that Python prepends sys.path with an
+    empty string.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could entice a user to run "blender" from a directory
+    containing a specially crafted Python module, resulting in the
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Blender users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/blender-2.48a-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4863">CVE-2008-4863</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-11-30T19:04:32Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-01-05T21:25:09Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-01-10T19:40:27Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-08.xml b/metadata/glsa/glsa-201001-08.xml
new file mode 100644
index 000000000000..755296e05f0e
--- /dev/null
+++ b/metadata/glsa/glsa-201001-08.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-08">
+  <title>SquirrelMail: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in SquirrelMail of which the worst
+    results in remote code execution.
+  </synopsis>
+  <product type="ebuild">squirrelmail</product>
+  <announced>2010-01-13</announced>
+  <revised count="01">2010-01-13</revised>
+  <bug>269567</bug>
+  <bug>270671</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <unaffected range="ge">1.4.19</unaffected>
+      <vulnerable range="lt">1.4.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SquirrelMail is a standards-based webmail package written in PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in SquirrelMail:
+    </p>
+    <ul><li>Niels
+    Teusink reported multiple input sanitation flaws in certain encrypted
+    strings in e-mail headers, related to contrib/decrypt_headers.php,
+    PHP_SELF and the query string (aka QUERY_STRING) (CVE-2009-1578).
+    </li>
+    <li>Niels Teusink also reported that the map_yp_alias() function
+    in functions/imap_general.php does not filter shell metacharacters in a
+    username and that the original patch was incomplete (CVE-2009-1381,
+    CVE-2009-1579).
+    </li>
+    <li>Tomas Hoger discovered an unspecified session fixation
+    vulnerability (CVE-2009-1580).
+    </li>
+    <li>Luc Beurton reported that functions/mime.php does not protect
+    the application's content from Cascading Style Sheets (CSS) positioning
+    in HTML e-mail messages (CVE-2009-1581).
+    </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    The vulnerabilities allow remote attackers to execute arbitrary code
+    with the privileges of the user running the web server, to hijack web
+    sessions via a crafted cookie, to spoof the user interface and to
+    conduct Cross-Site Scripting and phishing attacks, via a specially
+    crafted message.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SquirrelMail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-client/squirrelmail-1.4.19"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1381">CVE-2009-1381</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1578">CVE-2009-1578</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1579">CVE-2009-1579</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1580">CVE-2009-1580</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1581">CVE-2009-1581</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2010-01-05T21:49:10Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-01-13T21:54:28Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201001-09.xml b/metadata/glsa/glsa-201001-09.xml
new file mode 100644
index 000000000000..f224ab27dfa8
--- /dev/null
+++ b/metadata/glsa/glsa-201001-09.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201001-09">
+  <title>Ruby: Terminal Control Character Injection</title>
+  <synopsis>
+    An input sanitation flaw in the WEBrick HTTP server included in Ruby might
+    allow remote attackers to inject arbitrary control characters into terminal
+    sessions.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2010-01-14</announced>
+  <revised count="01">2010-01-14</revised>
+  <bug>300468</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">1.8.7_p249</unaffected>
+      <unaffected range="rge">1.8.6_p388</unaffected>
+      <vulnerable range="lt">1.8.7_p249</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Ruby is an interpreted scripting language for quick and easy
+    object-oriented programming. It comes bundled with a HTTP server
+    ("WEBrick").
+    </p>
+  </background>
+  <description>
+    <p>
+    Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported
+    that WEBrick does not filter terminal control characters, for instance
+    when handling HTTP logs.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send a specially crafted HTTP request to a
+    WEBrick server to inject arbitrary terminal control characters,
+    possibly resulting in the execution of arbitrary commands, data loss,
+    or other unspecified impact. This could also be used to facilitate
+    other attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Ruby 1.8.7 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.7_p249"</code>
+    <p>
+    All Ruby 1.8.6 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.8.6_p388"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4492">CVE-2009-4492</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-01-13T19:56:42Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-01-13T20:40:12Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-01-13T20:40:18Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201003-01.xml b/metadata/glsa/glsa-201003-01.xml
new file mode 100644
index 000000000000..8ac9d533a467
--- /dev/null
+++ b/metadata/glsa/glsa-201003-01.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201003-01">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>
+    Two vulnerabilities in sudo might allow local users to escalate privileges
+    and execute arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2010-03-03</announced>
+  <revised count="01">2010-03-03</revised>
+  <bug>306865</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2_p4</unaffected>
+      <vulnerable range="lt">1.7.2_p4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sudo allows a system administrator to give users the ability to run
+    commands as other users.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in sudo:
+    </p>
+    <ul>
+    <li>Glenn Waller and neonsignal reported that sudo does not properly
+    handle access control of the "sudoedit" pseudo-command
+    (CVE-2010-0426).</li>
+    <li>Harald Koenig reported that sudo does not
+    properly set supplementary groups when using the "runas_default" option
+    (CVE-2010-0427).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker with privileges to use "sudoedit" or the privilege to
+    execute commands with the "runas_default" setting enabled could
+    leverage these vulnerabilities to execute arbitrary code with elevated
+    privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    CVE-2010-0426: Revoke all "sudoedit" privileges, or use the full path
+    to sudoedit. CVE-2010-0427: Remove all occurrences of the
+    "runas_default" setting.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sudo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.7.2_p4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426">CVE-2010-0426</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427">CVE-2010-0427</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-03-02T19:53:26Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-03-02T20:22:07Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-03-03T16:28:38Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-01.xml b/metadata/glsa/glsa-201006-01.xml
new file mode 100644
index 000000000000..6860bc5abba2
--- /dev/null
+++ b/metadata/glsa/glsa-201006-01.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-01">
+  <title>FreeType 1: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities in FreeType might result in the remote execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>271234</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">1.4_pre20080316-r2</unaffected>
+      <vulnerable range="lt">1.4_pre20080316-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    FreeType is a True Type Font rendering library.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple issues found in FreeType 2 were also discovered in FreeType 1.
+    For details on these issues, please review the Gentoo Linux Security
+    Advisories and CVE identifiers referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted TTF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running FreeType.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All FreeType 1 users should upgrade to an unaffected version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-1.4_pre20080316-r2"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since May 27, 2009. It is likely that your system is already
+    no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861">CVE-2006-1861</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754">CVE-2007-2754</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200607-02.xml">GLSA 200607-02</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200705-22.xml">GLSA 200705-22</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-01T22:26:35Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-30T10:59:47Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-30T15:32:56Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-02.xml b/metadata/glsa/glsa-201006-02.xml
new file mode 100644
index 000000000000..a56744b5cd67
--- /dev/null
+++ b/metadata/glsa/glsa-201006-02.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-02">
+  <title>CamlImages: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflows in CamlImages might result in the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">camlimages</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>276235</bug>
+  <bug>290222</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ml/camlimages" auto="yes" arch="*">
+      <unaffected range="ge">3.0.2</unaffected>
+      <vulnerable range="lt">3.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    CamlImages is an image processing library for Objective Caml.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tielei Wang reported multiple integer overflows, possibly leading to
+    heap-based buffer overflows in the (1) read_png_file() and
+    read_png_file_as_rgb24() functions, when processing a PNG image
+    (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing
+    GIF or JPEG images (CVE-2009-2660).
+    </p>
+    <p>
+    Other integer overflows were also found in tiffread.c (CVE-2009-3296).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted,
+    overly large PNG, GIF, TIFF, or JPEG image using an application that
+    uses the CamlImages library, possibly resulting in the execution of
+    arbitrary code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All CamlImages users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose =dev-ml/camlimages-3.0.2</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2295">CVE-2009-2295</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2660">CVE-2009-2660</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3296">CVE-2009-3296</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-09T15:21:06Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2009-08-14T12:48:53Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-06-01T09:26:19Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-03.xml b/metadata/glsa/glsa-201006-03.xml
new file mode 100644
index 000000000000..65bc4721d7b7
--- /dev/null
+++ b/metadata/glsa/glsa-201006-03.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-03">
+  <title>ImageMagick: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    An integer overflow in ImageMagick might allow remote attackers to cause
+    the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>271502</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.5.2.9</unaffected>
+      <vulnerable range="lt">6.5.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ImageMagick is a collection of tools and libraries for manipulating
+    various image formats.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tielei Wang has discovered that the XMakeImage() function in
+    magick/xwindow.c is prone to an integer overflow, possibly leading to a
+    buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    image, possibly resulting in the remote execution of arbitrary code
+    with the privileges of the user running the application, or a Denial of
+    Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All ImageMagick users should upgrade to an unaffected version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.5.2.9"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since June 4, 2009. It is likely that your system is already
+    no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882">CVE-2009-1882</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-03T18:15:07Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-30T11:23:27Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-30T15:32:51Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-04.xml b/metadata/glsa/glsa-201006-04.xml
new file mode 100644
index 000000000000..4e906c60db98
--- /dev/null
+++ b/metadata/glsa/glsa-201006-04.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-04">
+  <title>xine-lib: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple vulnerabilities in xine-lib might result in the remote execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xine-lib</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>234777</bug>
+  <bug>249041</bug>
+  <bug>260069</bug>
+  <bug>265250</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.16.3</unaffected>
+      <vulnerable range="lt">1.1.16.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    xine-lib is the core library package for the xine media player, and
+    other players such as Amarok, Codeine/Dragon Player and Kaffeine.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in xine-lib. Please review
+    the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to play a specially crafted video
+    file or stream with a player using xine-lib, potentially resulting in
+    the execution of arbitrary code with the privileges of the user running
+    the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All xine-lib users should upgrade to an unaffected version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.16.3"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since April 10, 2009. It is likely that your system is
+    already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3231">CVE-2008-3231</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5233">CVE-2008-5233</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5234">CVE-2008-5234</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5235">CVE-2008-5235</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5236">CVE-2008-5236</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5237">CVE-2008-5237</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5238">CVE-2008-5238</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5239">CVE-2008-5239</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5240">CVE-2008-5240</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5241">CVE-2008-5241</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5242">CVE-2008-5242</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5243">CVE-2008-5243</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244">CVE-2008-5244</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5245">CVE-2008-5245</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5246">CVE-2008-5246</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5247">CVE-2008-5247</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5248">CVE-2008-5248</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0698">CVE-2009-0698</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1274">CVE-2009-1274</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-09-03T18:16:02Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-30T10:31:16Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-30T15:39:41Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-05.xml b/metadata/glsa/glsa-201006-05.xml
new file mode 100644
index 000000000000..6abd877389f6
--- /dev/null
+++ b/metadata/glsa/glsa-201006-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-05">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in Wireshark.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>297388</bug>
+  <bug>318935</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.2.8-r1</unaffected>
+      <vulnerable range="lt">1.2.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Wireshark is a versatile network protocol analyzer.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in the Daintree SNA file parser,
+    the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information
+    please consult the CVE entries referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause a Denial of Service and possibly execute
+    arbitrary code via crafted packets or malformed packet trace files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Wireshark users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.2.8-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4376">CVE-2009-4376</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377">CVE-2009-4377</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4378">CVE-2009-4378</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1455">CVE-2010-1455</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-01-08T17:26:37Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-27T13:48:39Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-27T17:50:20Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-06.xml b/metadata/glsa/glsa-201006-06.xml
new file mode 100644
index 000000000000..ba1d4a885cce
--- /dev/null
+++ b/metadata/glsa/glsa-201006-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-06">
+  <title>Transmission: Multiple vulnerabilities</title>
+  <synopsis>
+    Stack-based buffer overflows in Transmission may allow for remote execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">transmission</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>309831</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/transmission" auto="yes" arch="*">
+      <unaffected range="ge">1.92</unaffected>
+      <vulnerable range="lt">1.92</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Transmission is a cross-platform BitTorrent client.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple stack-based buffer overflows in the tr_magnetParse() function
+    in libtransmission/magnet.c have been discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could cause a Denial of Service or possibly execute
+    arbitrary code via a crafted magnet URL with a large number of tr or ws
+    links.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Transmission users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-p2p/transmission-1.92"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1853">CVE-2010-1853</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-05-22T11:12:44Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-27T13:42:12Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-27T17:53:20Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-07.xml b/metadata/glsa/glsa-201006-07.xml
new file mode 100644
index 000000000000..2d9c9083c744
--- /dev/null
+++ b/metadata/glsa/glsa-201006-07.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-07">
+  <title>SILC: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client,
+    the worst of which allowing for execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">silc-toolkit silc-client</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>284561</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/silc-toolkit" auto="yes" arch="*">
+      <unaffected range="ge">1.1.10</unaffected>
+      <vulnerable range="lt">1.1.10</vulnerable>
+    </package>
+    <package name="net-im/silc-client" auto="yes" arch="*">
+      <unaffected range="ge">1.1.8</unaffected>
+      <vulnerable range="lt">1.1.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SILC (Secure Internet Live Conferencing protocol) Toolkit is a software
+    development kit for use in clients, and SILC Client is an IRSSI-based
+    text client.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in SILC Toolkit and SILC
+    Client. For further information please consult the CVE entries
+    referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could overwrite stack locations and possibly execute
+    arbitrary code via a crafted OID value, Content-Length header or format
+    string specifiers in a nickname field or channel name.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SILC Toolkit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/silc-toolkit-1.1.10"</code>
+    <p>
+    All SILC Client users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-im/silc-client-1.1.8"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7159">CVE-2008-7159</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7160">CVE-2008-7160</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3051">CVE-2009-3051</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3163">CVE-2009-3163</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-05-22T11:17:59Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-27T13:36:35Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-27T17:55:42Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-08.xml b/metadata/glsa/glsa-201006-08.xml
new file mode 100644
index 000000000000..37261cddd38e
--- /dev/null
+++ b/metadata/glsa/glsa-201006-08.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-08">
+  <title>nano: Multiple vulnerabilities</title>
+  <synopsis>
+    Race conditions when editing files could lead to symlink attacks or changes
+    of ownerships of important files.
+  </synopsis>
+  <product type="ebuild">nano</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>315355</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-editors/nano" auto="yes" arch="*">
+      <unaffected range="ge">2.2.4</unaffected>
+      <vulnerable range="lt">2.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    nano is a GNU GPL'd Pico clone with more functionality.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple race condition vulnerabilities have been discovered in nano.
+    For further information please consult the CVE entries referenced
+    below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Under certain conditions, a local, user-assisted attacker could
+    possibly overwrite arbitrary files via a symlink attack on an
+    attacker-owned file that is being edited by the victim, or change the
+    ownership of arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All nano users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/nano-2.2.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1160">CVE-2010-1160</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1161">CVE-2010-1161</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-04-30T14:22:38Z">
+    chiiph
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-27T14:24:42Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-27T17:43:51Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-09.xml b/metadata/glsa/glsa-201006-09.xml
new file mode 100644
index 000000000000..67507246b158
--- /dev/null
+++ b/metadata/glsa/glsa-201006-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-09">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>
+    A flaw in sudo's -e option may allow local attackers to execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>321697</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2_p6</unaffected>
+      <vulnerable range="lt">1.7.2_p6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sudo allows a system administrator to give users the ability to run
+    commands as other users.
+    </p>
+  </background>
+  <description>
+    <p>
+    The command matching functionality does not properly handle when a file
+    in the current working directory has the same name as a pseudo-command
+    in the sudoers file and the PATH contains an entry for ".".
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker with the permission to run sudoedit could, under
+    certain circumstances, execute arbitrary commands as whichever user he
+    has permission to run sudoedit as, typically root.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sudo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.7.2_p6"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163">CVE-2010-1163</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-05-29T20:27:33Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-30T14:58:46Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-30T18:08:55Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-10.xml b/metadata/glsa/glsa-201006-10.xml
new file mode 100644
index 000000000000..26e05f79f2b4
--- /dev/null
+++ b/metadata/glsa/glsa-201006-10.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-10">
+  <title>multipath-tools: World-writeable socket</title>
+  <synopsis>
+    multipath-tools does not set correct permissions on the socket file, making
+    it possible to send arbitrary commands to the multipath daemon for local
+    users.
+  </synopsis>
+  <product type="ebuild">multipath-tools</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>264564</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/multipath-tools" auto="yes" arch="*">
+      <unaffected range="ge">0.4.8-r1</unaffected>
+      <vulnerable range="lt">0.4.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    multipath-tools are used to drive the Device Mapper multipathing
+    driver.
+    </p>
+  </background>
+  <description>
+    <p>
+    multipath-tools uses world-writable permissions for the socket file
+    (/var/run/multipathd.sock).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    Local users could send arbitrary commands to the multipath daemon,
+    causing cluster failures and data loss.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    chmod o-rwx /var/run/multipath.sock
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All multipath-tools users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-fs/multipath-tools-0.4.8-r1"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since November 13, 2009. It is likely that your system is
+    already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115">CVE-2009-0115</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-01-29T23:30:44Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-09T17:36:36Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-06-01T12:41:09Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-11.xml b/metadata/glsa/glsa-201006-11.xml
new file mode 100644
index 000000000000..8b5a5621ce69
--- /dev/null
+++ b/metadata/glsa/glsa-201006-11.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-11">
+  <title>BIND: Multiple vulnerabilities</title>
+  <synopsis>
+    Several cache poisoning vulnerabilities have been found in BIND.
+  </synopsis>
+  <product type="ebuild">BIND</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>301548</bug>
+  <bug>308035</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.4.3_p5</unaffected>
+      <vulnerable range="lt">9.4.3_p5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    ISC BIND is the Internet Systems Consortium implementation of the
+    Domain Name System (DNS) protocol.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple cache poisoning vulnerabilities were discovered in BIND. For
+    further information please consult the CVE entries and the ISC Security
+    Bulletin referenced below.
+    </p>
+    <p>
+    Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete
+    fix and a regression for CVE-2009-4022.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker could exploit this weakness to poison the cache of a
+    recursive resolver and thus spoof DNS traffic, which could e.g. lead to
+    the redirection of web or mail traffic to malicious sites.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All BIND users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.4.3_p5"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.isc.org/advisories/CVE2009-4022">ISC Advisory</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022">CVE-2009-4022</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097">CVE-2010-0097</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290">CVE-2010-0290</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382">CVE-2010-0382</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-03-29T22:15:31Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-09T17:11:37Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-27T18:23:04Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-12.xml b/metadata/glsa/glsa-201006-12.xml
new file mode 100644
index 000000000000..66ac9eed7ffa
--- /dev/null
+++ b/metadata/glsa/glsa-201006-12.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-12">
+  <title>Fetchmail: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Fetchmail, allowing remote
+    attackers to execute arbitrary code or to conduct Man-in-the-Middle
+    attacks.
+  </synopsis>
+  <product type="ebuild">fetchmail</product>
+  <announced>2010-06-01</announced>
+  <revised count="01">2010-06-01</revised>
+  <bug>280537</bug>
+  <bug>307761</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/fetchmail" auto="yes" arch="*">
+      <unaffected range="ge">6.3.14</unaffected>
+      <vulnerable range="lt">6.3.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Fetchmail is a remote mail retrieval and forwarding utility.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in Fetchmail:
+    </p>
+    <ul>
+    <li>The sdump() function might trigger a heap-based buffer overflow
+    during the escaping of non-printable characters with the high bit set
+    from an X.509 certificate (CVE-2010-0562).</li>
+    <li>The vendor reported
+    that Fetchmail does not properly handle Common Name (CN) fields in
+    X.509 certificates that contain an ASCII NUL character. Specifically,
+    the processing of such fields is stopped at the first occurrence of a
+    NUL character. This type of vulnerability was recently discovered by
+    Dan Kaminsky and Moxie Marlinspike (CVE-2009-2666).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to connect with Fetchmail to a
+    specially crafted SSL-enabled server in verbose mode, possibly
+    resulting in the execution of arbitrary code with the privileges of the
+    user running the application. NOTE: The issue is only existent on
+    platforms on which char is signed.
+    </p>
+    <p>
+    Furthermore, a remote attacker might employ a specially crafted X.509
+    certificate, containing a NUL character in the Common Name field to
+    conduct man-in-the-middle attacks on SSL connections made using
+    Fetchmail.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Fetchmail users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-mail/fetchmail-6.3.14"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0562">CVE-2010-0562</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666">CVE-2009-2666</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-03-29T22:13:20Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-11T12:34:40Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-27T17:49:00Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-13.xml b/metadata/glsa/glsa-201006-13.xml
new file mode 100644
index 000000000000..9b61d5366717
--- /dev/null
+++ b/metadata/glsa/glsa-201006-13.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-13">
+  <title>Smarty: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in the Smarty template engine might allow remote
+    attackers to execute arbitrary PHP code.
+  </synopsis>
+  <product type="ebuild">smarty</product>
+  <announced>2010-06-02</announced>
+  <revised count="01">2010-06-02</revised>
+  <bug>212147</bug>
+  <bug>243856</bug>
+  <bug>270494</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/smarty" auto="yes" arch="*">
+      <unaffected range="ge">2.6.23</unaffected>
+      <vulnerable range="lt">2.6.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Smarty is a template engine for PHP.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been discovered in Smarty:
+    </p>
+    <ul>
+    <li>The vendor reported that the modifier.regex_replace.php plug-in
+    contains an input sanitation flaw related to the ASCII NUL character
+    (CVE-2008-1066).</li>
+    <li>The vendor reported that the
+    _expand_quoted_text() function in libs/Smarty_Compiler.class.php
+    contains an input sanitation flaw via multiple vectors (CVE-2008-4810,
+    CVE-2008-4811).</li>
+    <li>Nine:Situations:Group::bookoo reported that
+    the smarty_function_math() function in libs/plugins/function.math.php
+    contains input sanitation flaw (CVE-2009-1669).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    These issues might allow a remote attacker to execute arbitrary PHP
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Smarty users should upgrade to an unaffected version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-php/smarty-2.6.23"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since June 2, 2009. It is likely that your system is already
+    no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066">CVE-2008-1066</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4810">CVE-2008-4810</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4811">CVE-2008-4811</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1669">CVE-2009-1669</uri>
+  </references>
+  <metadata tag="requester" timestamp="2008-03-15T21:06:13Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2008-09-19T19:51:21Z">
+    p-y
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-30T11:16:44Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-14.xml b/metadata/glsa/glsa-201006-14.xml
new file mode 100644
index 000000000000..7647e0789e39
--- /dev/null
+++ b/metadata/glsa/glsa-201006-14.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-14">
+  <title>Newt: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    A heap-based buffer overflow in the Newt library might allow remote,
+    user-assisted attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">newt</product>
+  <announced>2010-06-02</announced>
+  <revised count="01">2010-06-02</revised>
+  <bug>285854</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/newt" auto="yes" arch="*">
+      <unaffected range="ge">0.52.10-r1</unaffected>
+      <vulnerable range="lt">0.52.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Newt is a library for displaying text mode user interfaces.
+    </p>
+  </background>
+  <description>
+    <p>
+    Miroslav Lichvar reported that Newt is prone to a heap-based buffer
+    overflow in textbox.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to enter a specially crafted
+    string into a text dialog box rendered by Newt, possibly resulting in
+    the remote execution of arbitrary code with the privileges of the user
+    running the application, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Newt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/newt-0.52.10-r1"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since October 26, 2009. It is likely that your system is
+    already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905">CVE-2009-2905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-06T09:28:48Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-31T05:47:34Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-31T05:47:41Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-15.xml b/metadata/glsa/glsa-201006-15.xml
new file mode 100644
index 000000000000..505bbd971b1d
--- /dev/null
+++ b/metadata/glsa/glsa-201006-15.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-15">
+  <title>XEmacs: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple integer overflow errors in XEmacs might allow remote,
+    user-assisted attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xemacs</product>
+  <announced>2010-06-03</announced>
+  <revised count="01">2010-06-03</revised>
+  <bug>275397</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/xemacs" auto="yes" arch="*">
+      <unaffected range="ge">21.4.22-r1</unaffected>
+      <vulnerable range="lt">21.4.22-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    XEmacs is a highly extensible and customizable text editor.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tielei Wang reported multiple integer overflow vulnerabilities in the
+    tiff_instantiate(), png_instantiate() and jpeg_instantiate() functions
+    in glyphs-eimage.c, all possibly leading to heap-based buffer
+    overflows.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted TIFF,
+    JPEG or PNG file using XEmacs, possibly resulting in the remote
+    execution of arbitrary code with the privileges of the user running the
+    application, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All XEmacs users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-editors/xemacs-21.4.22-r1"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since July 26, 2009. It is likely that your system is already
+    no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2688">CVE-2009-2688</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-30T20:43:44Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-31T06:40:54Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-31T06:41:02Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-16.xml b/metadata/glsa/glsa-201006-16.xml
new file mode 100644
index 000000000000..099d9dc2c6f8
--- /dev/null
+++ b/metadata/glsa/glsa-201006-16.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-16">
+  <title>GD: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    The GD library is prone to a buffer overflow vulnerability.
+  </synopsis>
+  <product type="ebuild">gd</product>
+  <announced>2010-06-03</announced>
+  <revised count="01">2010-06-03</revised>
+  <bug>292130</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gd" auto="yes" arch="*">
+      <unaffected range="ge">2.0.35-r1</unaffected>
+      <vulnerable range="lt">2.0.35-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    GD is a graphic library for fast image creation.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tomas Hoger reported that the _gdGetColors() function in gd_gd.c does
+    not properly verify the colorsTotal struct member, possibly leading to
+    a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted image
+    file with a program using the GD library, possibly resulting in the
+    remote execution of arbitrary code with the privileges of the user
+    running the application, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GD users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/gd-2.0.35-r1"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since November 21, 2009. It is likely that your system is
+    already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546">CVE-2009-3546</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-12-18T02:08:27Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-31T05:59:40Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-31T05:59:48Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-17.xml b/metadata/glsa/glsa-201006-17.xml
new file mode 100644
index 000000000000..32888ad18ae2
--- /dev/null
+++ b/metadata/glsa/glsa-201006-17.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-17">
+  <title>lighttpd: Denial of service</title>
+  <synopsis>
+    A processing error in lighttpd might result in a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2010-06-03</announced>
+  <revised count="01">2010-06-03</revised>
+  <bug>303213</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.25-r1</unaffected>
+      <vulnerable range="lt">1.4.25-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    lighttpd is a lightweight high-performance web server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Li Ming reported that lighttpd does not properly process packets that
+    are sent overly slow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might send specially crafted packets to a server
+    running lighttpd, possibly resulting in a Denial of Service condition
+    via host memory exhaustion.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All lighttpd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.4.25-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0295">CVE-2010-0295</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-03-15T14:19:51Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-31T15:20:53Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-31T15:20:59Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-18.xml b/metadata/glsa/glsa-201006-18.xml
new file mode 100644
index 000000000000..bbd423cef309
--- /dev/null
+++ b/metadata/glsa/glsa-201006-18.xml
@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-18">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>
+    The Oracle JDK and JRE are vulnerable to multiple unspecified
+    vulnerabilities.
+  </synopsis>
+  <product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java</product>
+  <announced>2010-06-04</announced>
+  <revised count="01">2010-06-04</revised>
+  <bug>306579</bug>
+  <bug>314531</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0.20</unaffected>
+      <vulnerable range="lt">1.6.0.20</vulnerable>
+    </package>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0.20</unaffected>
+      <vulnerable range="lt">1.6.0.20</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0.20</unaffected>
+      <vulnerable range="lt">1.6.0.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
+    the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
+    provide the Oracle Java platform (formerly known as Sun Java Platform).
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in the Oracle Java
+    implementation. Please review the CVE identifiers referenced below and
+    the associated Oracle Critical Patch Update Advisory for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities to cause
+    unspecified impact, possibly including remote execution of arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Oracle JRE 1.6.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.6.0.20"</code>
+    <p>
+    All Oracle JDK 1.6.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.6.0.20"</code>
+    <p>
+    All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to
+    the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-emulation/emul-linux-x86-java-1.6.0.20"</code>
+    <p>
+    All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle
+    JRE 1.5.x users are strongly advised to unmerge Java 1.5:
+    </p>
+    <code>
+    # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*
+    # emerge --unmerge =dev-java/sun-jre-bin-1.5*
+    # emerge --unmerge =dev-java/sun-jdk-1.5*</code>
+    <p>
+    Gentoo is ceasing support for the 1.5 generation of the Oracle Java
+    Platform in accordance with upstream. All 1.5 JRE versions are masked
+    and will be removed shortly. All 1.5 JDK versions are marked as
+    "build-only" and will be masked for removal shortly. Users are advised
+    to change their default user and system Java implementation to an
+    unaffected version. For example:
+    </p>
+    <code>
+    # java-config --set-system-vm sun-jdk-1.6</code>
+    <p>
+    For more information, please consult the Gentoo Linux Java
+    documentation.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082">CVE-2010-0082</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084">CVE-2010-0084</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085">CVE-2010-0085</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087">CVE-2010-0087</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088">CVE-2010-0088</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089">CVE-2010-0089</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090">CVE-2010-0090</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091">CVE-2010-0091</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092">CVE-2010-0092</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093">CVE-2010-0093</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094">CVE-2010-0094</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095">CVE-2010-0095</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837">CVE-2010-0837</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838">CVE-2010-0838</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839">CVE-2010-0839</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840">CVE-2010-0840</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841">CVE-2010-0841</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842">CVE-2010-0842</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843">CVE-2010-0843</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844">CVE-2010-0844</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845">CVE-2010-0845</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846">CVE-2010-0846</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847">CVE-2010-0847</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848">CVE-2010-0848</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849">CVE-2010-0849</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri>
+    <uri link="https://wiki.gentoo.org/wiki/Java">Gentoo Linux Java documentation</uri>
+    <uri link="https://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-04-02T09:43:04Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-02T09:59:07Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-06-04T05:06:52Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-19.xml b/metadata/glsa/glsa-201006-19.xml
new file mode 100644
index 000000000000..06418c9c76c3
--- /dev/null
+++ b/metadata/glsa/glsa-201006-19.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-19">
+  <title>Bugzilla: Multiple vulnerabilities</title>
+  <synopsis>
+    Bugzilla is prone to multiple medium severity vulnerabilities.
+  </synopsis>
+  <product type="ebuild">bugzilla</product>
+  <announced>2010-06-04</announced>
+  <revised count="02">2010-06-04</revised>
+  <bug>239564</bug>
+  <bug>258592</bug>
+  <bug>264572</bug>
+  <bug>284824</bug>
+  <bug>303437</bug>
+  <bug>303725</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/bugzilla" auto="yes" arch="*">
+      <unaffected range="ge">3.2.6</unaffected>
+      <vulnerable range="lt">3.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Bugzilla is a bug tracking system from the Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in Bugzilla. Please review
+    the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might be able to disclose local files, bug
+    information, passwords, and other data under certain circumstances.
+    Furthermore, a remote attacker could conduct SQL injection, Cross-Site
+    Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via
+    various vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Bugzilla users should upgrade to an unaffected version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-apps/bugzilla-3.2.6"</code>
+    <p>
+    Bugzilla 2.x and 3.0 have reached their end of life. There will be no
+    more security updates. All Bugzilla 2.x and 3.0 users should update to
+    a supported Bugzilla 3.x version.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4437">CVE-2008-4437</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6098">CVE-2008-6098</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0481">CVE-2009-0481</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0482">CVE-2009-0482</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0483">CVE-2009-0483</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0484">CVE-2009-0484</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0485">CVE-2009-0485</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0486">CVE-2009-0486</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1213">CVE-2009-1213</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3125">CVE-2009-3125</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3165">CVE-2009-3165</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3166">CVE-2009-3166</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3387">CVE-2009-3387</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3989">CVE-2009-3989</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2009-02-14T18:17:01Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2009-10-10T16:01:17Z">
+    jaervosz
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-20.xml b/metadata/glsa/glsa-201006-20.xml
new file mode 100644
index 000000000000..e87de39d2049
--- /dev/null
+++ b/metadata/glsa/glsa-201006-20.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-20">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Asterisk might allow remote attackers to cause
+    a Denial of Service condition, or conduct other attacks.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2010-06-04</announced>
+  <revised count="01">2010-06-04</revised>
+  <bug>281107</bug>
+  <bug>283624</bug>
+  <bug>284892</bug>
+  <bug>295270</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.37</unaffected>
+      <vulnerable range="lt">1.2.37</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Asterisk is an open source telephony engine and toolkit.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in Asterisk:
+    </p>
+    <ul>
+    <li>Nick Baggott reported that Asterisk does not properly process
+    overly long ASCII strings in various packets (CVE-2009-2726).</li>
+    <li>Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol
+    implementation (CVE-2009-2346).</li>
+    <li>amorsen reported an input
+    processing error in the RTP protocol implementation
+    (CVE-2009-4055).</li>
+    <li>Patrik Karlsson reported an information
+    disclosure flaw related to the REGISTER message (CVE-2009-3727).</li>
+    <li>A vulnerability was found in the bundled Prototype JavaScript
+    library, related to AJAX calls (CVE-2008-7220).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could exploit these vulnerabilities by sending a
+    specially crafted package, possibly causing a Denial of Service
+    condition, or resulting in information disclosure.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Asterisk users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.2.37"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since January 5, 2010. It is likely that your system is
+    already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726">CVE-2009-2726</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346">CVE-2009-2346</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055">CVE-2009-4055</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727">CVE-2009-3727</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220">CVE-2008-7220</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-06T13:21:43Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-31T15:08:16Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-31T15:08:22Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201006-21.xml b/metadata/glsa/glsa-201006-21.xml
new file mode 100644
index 000000000000..942db0490784
--- /dev/null
+++ b/metadata/glsa/glsa-201006-21.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201006-21">
+  <title>UnrealIRCd: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in UnrealIRCd might allow remote attackers to
+    compromise the "unrealircd" account, or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">unrealircd</product>
+  <announced>2010-06-14</announced>
+  <revised count="02">2010-06-14</revised>
+  <bug>260806</bug>
+  <bug>323691</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/unrealircd" auto="yes" arch="*">
+      <unaffected range="ge">3.2.8.1-r1</unaffected>
+      <vulnerable range="lt">3.2.8.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    UnrealIRCd is an Internet Relay Chat (IRC) daemon.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in UnrealIRCd:
+    </p>
+    <ul>
+    <li>The vendor reported a buffer overflow in the user authorization
+    code (CVE-2009-4893).</li>
+    <li>The vendor reported that the distributed source code of UnrealIRCd
+    was compromised and altered to include a system() call that could be
+    called with arbitrary user input (CVE-2010-2075).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A remote attacker could exploit these vulnerabilities to cause the
+    execution of arbitrary commands with the privileges of the user running
+    UnrealIRCd, or a Denial of Service condition. NOTE: By default
+    UnrealIRCd on Gentoo is run with the privileges of the "unrealircd"
+    user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All UnrealIRCd users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-irc/unrealircd-3.2.8.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt">UnrealIRCd Security Advisory 20090413</uri>
+    <uri link="http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt">UnrealIRCd Security Advisory 20100612</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4893">CVE-2009-4893</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2075">CVE-2010-2075</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-06-12T21:31:31Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-06-14T17:00:57Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-06-14T17:17:46Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-01.xml b/metadata/glsa/glsa-201009-01.xml
new file mode 100644
index 000000000000..4a9068ec8d8a
--- /dev/null
+++ b/metadata/glsa/glsa-201009-01.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-01">
+  <title>wxGTK: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    An integer overflow vulnerability in wxGTK might enable remote attackers to
+    cause the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">wxGTK</product>
+  <announced>2010-09-02</announced>
+  <revised count="01">2010-09-02</revised>
+  <bug>277722</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/wxGTK" auto="yes" arch="*">
+      <unaffected range="rge">2.6.4.0-r5</unaffected>
+      <unaffected range="ge">2.8.10.1-r1</unaffected>
+      <vulnerable range="lt">2.8.10.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    wxGTK is the GTK+ version of wxWidgets, a cross-platform C++ GUI
+    toolkit.
+    </p>
+  </background>
+  <description>
+    <p>
+    wxGTK is prone to an integer overflow error in the wxImage::Create()
+    function in src/common/image.cpp, possibly leading to a heap-based
+    buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might entice a user to open a specially crafted JPEG
+    file using a program that uses wxGTK, possibly resulting in the remote
+    execution of arbitrary code with the privileges of the user running the
+    application.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All wxGTK 2.6 users should upgrade to an updated version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/wxGTK-2.6.4.0-r5"</code>
+    <p>
+    All wxGTK 2.8 users should upgrade to an updated version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=x11-libs/wxGTK-2.8.10.1-r1"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since August 9, 2009. It is likely that your system is
+    already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2369">CVE-2009-2369</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-10-04T23:41:42Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-06-01T12:09:45Z">
+    a3li
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-06-01T14:53:47Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-02.xml b/metadata/glsa/glsa-201009-02.xml
new file mode 100644
index 000000000000..b430ea186ec6
--- /dev/null
+++ b/metadata/glsa/glsa-201009-02.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-02">
+  <title>Maildrop: privilege escalation</title>
+  <synopsis>
+    Insecure permission handling in maildrop might allow local attackers to
+    elevate their privileges.
+  </synopsis>
+  <product type="ebuild">maildrop</product>
+  <announced>2010-09-06</announced>
+  <revised count="01">2010-09-06</revised>
+  <bug>308043</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-filter/maildrop" auto="yes" arch="*">
+      <unaffected range="ge">2.4.2</unaffected>
+      <vulnerable range="lt">2.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    maildrop is the mail filter/mail delivery agent that is used by the
+    Courier Mail Server.
+    </p>
+  </background>
+  <description>
+    <p>
+    Christoph Anton Mitterer reported that maildrop does not properly drop
+    its privileges when run as root.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could create a specially crafted .mailfilter file,
+    possibly leading to the execution of arbitrary commands with the "root"
+    group privileges. NOTE: Successful exploitation requires that maildrop
+    is run as root with the -d option.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All maildrop users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=mail-filter/maildrop-2.4.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0301">CVE-2010-0301</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-08-29T09:32:26Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-09-03T21:46:47Z">
+    p-y
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-09-03T21:46:57Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-03.xml b/metadata/glsa/glsa-201009-03.xml
new file mode 100644
index 000000000000..9665057e2c2e
--- /dev/null
+++ b/metadata/glsa/glsa-201009-03.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-03">
+  <title>sudo: Privilege Escalation</title>
+  <synopsis>
+    The secure path feature and group handling in sudo allow local attackers to
+    escalate privileges.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2010-09-07</announced>
+  <revised count="01">2010-09-07</revised>
+  <bug>322517</bug>
+  <bug>335381</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.7.4_p3-r1</unaffected>
+      <vulnerable range="lt">1.7.4_p3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    sudo allows a system administrator to give users the ability to run
+    commands as other users.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities have been reported in sudo:
+    </p>
+    <ul>
+    <li>Evan
+    Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo
+    'secure path' feature does not properly handle multiple PATH variables
+    (CVE-2010-1646).</li>
+    <li>Markus Wuethrich of Swiss Post reported that
+    sudo fails to restrict access when using Runas groups and the group
+    (-g) command line option (CVE-2010-2956).</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could exploit these vulnerabilities to gain the
+    ability to run certain commands with the privileges of other users,
+    including root, depending on the configuration.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All sudo users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.7.4_p3-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1646">CVE-2010-1646</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956">CVE-2010-2956</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-06-13T19:16:17Z">
+    vorlon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-06-13T19:16:52Z">
+    vorlon
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-09-07T11:40:54Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-04.xml b/metadata/glsa/glsa-201009-04.xml
new file mode 100644
index 000000000000..4b33ca3223ac
--- /dev/null
+++ b/metadata/glsa/glsa-201009-04.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-04">
+  <title>SARG: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Multiple stack-based buffer overflow vulnerabilities were discovered in
+    SARG allowing for remote code execution.
+  </synopsis>
+  <product type="ebuild">SARG sarg</product>
+  <announced>2010-09-07</announced>
+  <revised count="01">2010-09-07</revised>
+  <bug>222121</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/sarg" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5-r5</unaffected>
+      <vulnerable range="lt">2.2.5-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    SARG is the Squid Analysis Report Generator.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in SARG. For further
+    information please consult the CVE entries referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities might allow attackers to execute arbitrary code
+    via unknown vectors.
+    </p>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since April 18, 2009. It is likely that your system is
+    already no longer affected by this issue.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All SARG users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/sarg-2.2.5-r5"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1922">CVE-2008-1922</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-12T23:13:31Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-10T02:16:14Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-09-03T21:21:35Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-05.xml b/metadata/glsa/glsa-201009-05.xml
new file mode 100644
index 000000000000..3f537f7126a3
--- /dev/null
+++ b/metadata/glsa/glsa-201009-05.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-05">
+  <title>Adobe Reader: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Adobe Reader might result in the execution of
+    arbitrary code or other attacks.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2010-09-07</announced>
+  <revised count="01">2010-09-07</revised>
+  <bug>297385</bug>
+  <bug>306429</bug>
+  <bug>313343</bug>
+  <bug>322857</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">9.3.4</unaffected>
+      <vulnerable range="lt">9.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
+    reader.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Adobe Reader. For further
+    information please consult the CVE entries and the Adobe Security
+    Bulletins referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might entice a user to open a specially crafted PDF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, or bypass intended
+    sandbox restrictions, make cross-domain requests, inject arbitrary web
+    script or HTML, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Reader users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.3.4"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.adobe.com/support/security/advisories/apsa10-01.html">APSA10-01</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-02.html">APSB10-02</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-07.html">APSB10-07</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-09.html">APSB10-09</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-14.html">APSB10-14</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-16.html">APSB10-16</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953">CVE-2009-3953</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324">CVE-2009-4324</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186">CVE-2010-0186</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188">CVE-2010-0188</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190">CVE-2010-0190</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191">CVE-2010-0191</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192">CVE-2010-0192</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193">CVE-2010-0193</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194">CVE-2010-0194</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195">CVE-2010-0195</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196">CVE-2010-0196</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197">CVE-2010-0197</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198">CVE-2010-0198</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199">CVE-2010-0199</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201">CVE-2010-0201</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202">CVE-2010-0202</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203">CVE-2010-0203</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204">CVE-2010-0204</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241">CVE-2010-1241</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285">CVE-2010-1285</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295">CVE-2010-1295</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297">CVE-2010-1297</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168">CVE-2010-2168</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201">CVE-2010-2201</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202">CVE-2010-2202</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203">CVE-2010-2203</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204">CVE-2010-2204</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205">CVE-2010-2205</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206">CVE-2010-2206</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207">CVE-2010-2207</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208">CVE-2010-2208</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209">CVE-2010-2209</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210">CVE-2010-2210</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211">CVE-2010-2211</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212">CVE-2010-2212</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-03-05T19:31:53Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-09T16:55:00Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-09-03T21:24:06Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-06.xml b/metadata/glsa/glsa-201009-06.xml
new file mode 100644
index 000000000000..43bbcc144e07
--- /dev/null
+++ b/metadata/glsa/glsa-201009-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-06">
+  <title>Clam AntiVirus: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Clam AntiVirus.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2010-09-07</announced>
+  <revised count="01">2010-09-07</revised>
+  <bug>314087</bug>
+  <bug>321157</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.96.1</unaffected>
+      <vulnerable range="lt">0.96.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX,
+    designed especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Clam AntiVirus. For further
+    information, please consult the CVE entries referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could possibly bypass virus detection or cause a
+    Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Clam AntiVirus users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.96.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0098">CVE-2010-0098</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1311">CVE-2010-1311</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1639">CVE-2010-1639</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1640">CVE-2010-1640</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-05-22T11:19:32Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-27T13:26:38Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-08-11T20:31:24Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-07.xml b/metadata/glsa/glsa-201009-07.xml
new file mode 100644
index 000000000000..1500716099c6
--- /dev/null
+++ b/metadata/glsa/glsa-201009-07.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-07">
+  <title>libxml2: Denial of service</title>
+  <synopsis>
+    Multiple Denial of Services vulnerabilities were found in libxml2.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2010-09-21</announced>
+  <revised count="01">2010-09-21</revised>
+  <bug>280617</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.7.3-r2</unaffected>
+      <vulnerable range="lt">2.7.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libxml2 is a library to manipulate XML files.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were reported after a test with the
+    Codenomicon XML fuzzing framework:
+    </p>
+    <ul>
+    <li>
+    Two use-after-free vulnerabilities are possible when parsing a XML file
+    with Notation or Enumeration attribute types (CVE-2009-2416).
+    </li>
+    <li>
+    A stack consumption vulnerability can be triggered via a large depth of
+    element declarations in a DTD, related to a function recursion
+    (CVE-2009-2414).
+    </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user or automated system to open a
+    specially crafted XML document with an application using libxml2
+    resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libxml2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.7.3-r2"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since August 30, 2009. It is likely that your system is
+    already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414">CVE-2009-2414</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416">CVE-2009-2416</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-08-31T02:15:14Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-11T13:13:48Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-30T18:03:32Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-08.xml b/metadata/glsa/glsa-201009-08.xml
new file mode 100644
index 000000000000..77cde99ce2a6
--- /dev/null
+++ b/metadata/glsa/glsa-201009-08.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-08">
+  <title>python-updater: Untrusted search path</title>
+  <synopsis>
+    An untrusted search path vulnerability in python-updater might result in
+    the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">python-updater</product>
+  <announced>2010-09-21</announced>
+  <revised count="01">2010-09-21</revised>
+  <bug>288361</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/python-updater" auto="yes" arch="*">
+      <unaffected range="ge">0.7-r1</unaffected>
+      <vulnerable range="lt">0.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    python-updater is a script used to remerge python packages when
+    changing Python version.
+    </p>
+  </background>
+  <description>
+    <p>
+    Robert Buchholz of the Gentoo Security Team reported that
+    python-updater includes the current working directory and
+    subdirectories in the Python module search path (sys.path) before
+    calling "import".
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could entice the root user to run "python-updater"
+    from a directory containing a specially crafted Python module,
+    resulting in the execution of arbitrary code with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    Do not run "python-updater" from untrusted working directories.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All python-updater users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-admin/python-updater-0.7-r1"</code>
+  </resolution>
+  <references/>
+  <metadata tag="requester" timestamp="2010-03-18T00:20:22Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-09T16:48:48Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-09-03T20:36:47Z">
+    craig
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201009-09.xml b/metadata/glsa/glsa-201009-09.xml
new file mode 100644
index 000000000000..79779774b268
--- /dev/null
+++ b/metadata/glsa/glsa-201009-09.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201009-09">
+  <title>fence: Multiple symlink vulnerabilities</title>
+  <synopsis>
+    fence contains multiple programs containing vulnerabilities that may allow
+    local users to overwrite arbitrary files via a symlink attack.
+  </synopsis>
+  <product type="ebuild">fence</product>
+  <announced>2010-09-29</announced>
+  <revised count="01">2010-09-29</revised>
+  <bug>240576</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-cluster/fence" auto="yes" arch="*">
+      <vulnerable range="lt">2.03.09</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    fence is an I/O group fencing system.
+    </p>
+  </background>
+  <description>
+    <p>
+    The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual
+    (CVE-2008-4580) programs contain symlink vulnerabilities.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    These vulnerabilities may allow arbitrary files to be overwritten with
+    root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    Gentoo discontinued support for fence. All fence users should uninstall
+    and choose another software that provides the same functionality.
+    </p>
+    <code>
+    # emerge --unmerge sys-cluster/fence</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4579">CVE-2008-4579</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4580">CVE-2008-4580</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T11:03:13Z">
+    rbu
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-10T02:06:28Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-31T15:37:24Z">
+    a3li
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201010-01.xml b/metadata/glsa/glsa-201010-01.xml
new file mode 100644
index 000000000000..6bca30a3fa4a
--- /dev/null
+++ b/metadata/glsa/glsa-201010-01.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201010-01">
+  <title>Libpng: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in libpng might lead to privilege
+    escalation or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2010-10-05</announced>
+  <revised count="9">2017-01-03</revised>
+  <bug>307637</bug>
+  <bug>324153</bug>
+  <bug>335887</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3</unaffected>
+      <unaffected range="ge" slot="1.2">1.2.46</unaffected>
+      <vulnerable range="lt">1.4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpng is a standard library used to process PNG (Portable Network
+      Graphics) images. It is used by several programs, including web browsers
+      and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities were found in libpng:</p>
+    
+    <ul>
+      <li>The png_decompress_chunk() function in pngrutil.c does not properly
+        handle certain type of compressed data (CVE-2010-0205)
+      </li>
+      <li>A buffer overflow in pngread.c when using progressive applications
+        (CVE-2010-1205)
+      </li>
+      <li>A memory leak in pngrutil.c when dealing with a certain type of
+        chunks (CVE-2010-2249)
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>An attacker could exploit these vulnerabilities to cause programs linked
+      against the library to crash or execute arbitrary code with the
+      permissions of the user running the vulnerable program, which could be
+      the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+    
+  </workaround>
+  <resolution>
+    <p>All libpng 1.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.4.3"
+    </code>
+    
+    <p>All libpng 1.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.46"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205">
+      CVE-2010-0205
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205">
+      CVE-2010-1205
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249">
+      CVE-2010-2249
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T22:32:46Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2017-01-03T04:37:30Z">system</metadata>
+  <metadata tag="bugReady" timestamp="2017-01-03T04:37:31Z">system</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201011-01.xml b/metadata/glsa/glsa-201011-01.xml
new file mode 100644
index 000000000000..e608aacad5e4
--- /dev/null
+++ b/metadata/glsa/glsa-201011-01.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201011-01">
+  <title>GNU C library: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities were found in glibc, the worst of which allowing
+    local attackers to execute arbitrary code as root.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2010-11-15</announced>
+  <revised count="01">2010-11-15</revised>
+  <bug>285818</bug>
+  <bug>325555</bug>
+  <bug>330923</bug>
+  <bug>335871</bug>
+  <bug>341755</bug>
+  <access>local remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.11.2-r3</unaffected>
+      <vulnerable range="lt">2.11.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The GNU C library is the standard C library used by Gentoo Linux
+    systems.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in glibc, amongst others the
+    widely-known recent LD_AUDIT and $ORIGIN issues. For further
+    information please consult the CVE entries referenced below.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    A local attacker could execute arbitrary code as root, cause a Denial
+    of Service, or gain privileges. Additionally, a user-assisted remote
+    attacker could cause the execution of arbitrary code, and a
+    context-dependent attacker could cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All GNU C library users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.11.2-r3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4880">CVE-2009-4880</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4881">CVE-2009-4881</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296">CVE-2010-0296</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830">CVE-2010-0830</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847">CVE-2010-3847</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856">CVE-2010-3856</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-11-23T17:50:04Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-11-14T19:59:41Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-11-15T21:29:42Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201012-01.xml b/metadata/glsa/glsa-201012-01.xml
new file mode 100644
index 000000000000..4e56041828a0
--- /dev/null
+++ b/metadata/glsa/glsa-201012-01.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201012-01">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities have been reported in Chromium, some of which may
+    allow user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2010-12-17</announced>
+  <revised count="01">2010-12-17</revised>
+  <bug>325451</bug>
+  <bug>326717</bug>
+  <bug>330003</bug>
+  <bug>333559</bug>
+  <bug>335750</bug>
+  <bug>338204</bug>
+  <bug>341797</bug>
+  <bug>344201</bug>
+  <bug>347625</bug>
+  <bug>348651</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">8.0.552.224</unaffected>
+      <vulnerable range="lt">8.0.552.224</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Chromium is an open-source web browser project.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were found in Chromium. For further
+    information please consult the release notes referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could trick a user to perform a set of UI actions
+    that trigger a possibly exploitable crash, leading to execution of
+    arbitrary code or a Denial of Service.
+    </p>
+    <p>
+    It was also possible for an attacker to entice a user to visit a
+    specially-crafted web page that would trigger one of the
+    vulnerabilities, leading to execution of arbitrary code within the
+    confines of the sandbox, successful Cross-Site Scripting attacks,
+    violation of the same-origin policy, successful website spoofing
+    attacks, information leak, or a Denial of Service. An attacker could
+    also trick a user to perform a set of UI actions that might result in a
+    successful website spoofing attack.
+    </p>
+    <p>
+    Multiple bugs in the sandbox could result in a sandbox escape.
+    </p>
+    <p>
+    Multiple UI bugs could lead to information leak and successful website
+    spoofing attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Chromium users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/chromium-8.0.552.224"</code>
+  </resolution>
+  <references>
+    <uri link="https://googlechromereleases.blogspot.com/2010/06/stable-channel-update_24.html">Release Notes 5.0.375.86</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html">Release Notes 5.0.375.99</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html">Release Notes 5.0.375.125</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html">Release Notes 5.0.375.127</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html">Release Notes 6.0.472.59</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html">Release Notes 6.0.472.62</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html">Release Notes 7.0.517.41</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html">Release Notes 7.0.517.44</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html">Release Notes 8.0.552.215</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html">Release Notes 8.0.552.224</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-07-06T21:33:07Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-11-20T20:16:17Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-12-17T14:59:00Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-01.xml b/metadata/glsa/glsa-201101-01.xml
new file mode 100644
index 000000000000..6431f1b5253a
--- /dev/null
+++ b/metadata/glsa/glsa-201101-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-01">
+  <title>gif2png: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    gif2png contains a stack overflow vulnerability when parsing command line
+    arguments.
+  </synopsis>
+  <product type="ebuild">gif2png</product>
+  <announced>2011-01-05</announced>
+  <revised count="01">2011-01-05</revised>
+  <bug>346501</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gif2png" auto="yes" arch="*">
+      <unaffected range="ge">2.5.1-r1</unaffected>
+      <vulnerable range="lt">2.5.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    gif2png is a command line program that converts image files from the
+    Graphics Interchange Format (GIF) format to the Portable Network
+    Graphics (PNG) format.
+    </p>
+  </background>
+  <description>
+    <p>
+    gif2png contains a command line parsing vulnerability that may result
+    in a stack overflow due to an unexpectedly long input filename.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted
+    image, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service.
+    Note that applications relying on gif2png to process images can also
+    trigger the vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All gif2png users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-gfx/gif2png-2.5.1-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5018">CVE-2009-5018</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-12-10T20:36:18Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2011-01-04T04:34:18Z">
+    underling
+  </metadata>
+  <metadata tag="bugReady" timestamp="2011-01-04T17:46:37Z">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-02.xml b/metadata/glsa/glsa-201101-02.xml
new file mode 100644
index 000000000000..dc19a3180fde
--- /dev/null
+++ b/metadata/glsa/glsa-201101-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-02">
+  <title>Tor: Remote heap-based buffer overflow</title>
+  <synopsis>
+    Tor is vulnerable to a heap-based buffer overflow that may allow arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">Tor</product>
+  <announced>2011-01-15</announced>
+  <revised count="01">2011-01-15</revised>
+  <bug>349312</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.2.1.28</unaffected>
+      <vulnerable range="lt">0.2.1.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Tor is an implementation of second generation Onion Routing, a
+    connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>
+    Tor contains a heap-based buffer overflow in the processing of user or
+    attacker supplied data. No additional information is available.
+    </p>
+  </description>
+  <impact type="high">
+    <p>
+    Successful exploitation of this vulnerability may allow an
+    unauthenticated remote attacker to execute arbitrary code with the
+    permissions of the Tor user, or to cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Tor users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.2.1.28"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1676">CVE-2010-1676</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-01-07T23:48:00Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2011-01-08T05:24:30Z">
+    underling
+  </metadata>
+  <metadata tag="bugReady" timestamp="2011-01-08T05:24:40Z">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-03.xml b/metadata/glsa/glsa-201101-03.xml
new file mode 100644
index 000000000000..620011350246
--- /dev/null
+++ b/metadata/glsa/glsa-201101-03.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-03">
+  <title>libvpx: User-assisted execution of arbitrary code</title>
+  <synopsis>
+    Timothy B. Terriberry discovered that libvpx contains an integer overflow
+    vulnerability in the processing of video streams that may allow
+    user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libvpx</product>
+  <announced>2011-01-15</announced>
+  <revised count="01">2011-01-15</revised>
+  <bug>345559</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libvpx" auto="yes" arch="*">
+      <unaffected range="ge">0.9.5</unaffected>
+      <vulnerable range="lt">0.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    libvpx is the VP8 codec SDK used to encode and decode video streams,
+    typically within a WebM format media file.
+    </p>
+  </background>
+  <description>
+    <p>
+    libvpx is vulnerable to an integer overflow vulnerability when
+    processing crafted VP8 video streams.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted media
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All libvpx users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=media-libs/libvpx-0.9.5"</code>
+    <p>
+    Packages which depend on this library may need to be recompiled. Tools
+    such as revdep-rebuild may assist in identifying some of these
+    packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4203">CVE-2010-4203</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-12-13T01:15:02Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2011-01-05T05:26:31Z">
+    underling
+  </metadata>
+  <metadata tag="bugReady" timestamp="2011-01-07T16:42:00Z">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-04.xml b/metadata/glsa/glsa-201101-04.xml
new file mode 100644
index 000000000000..ebea82283511
--- /dev/null
+++ b/metadata/glsa/glsa-201101-04.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-04">
+  <title>aria2: Directory traversal</title>
+  <synopsis>
+    A directory traversal vulnerability has been found in aria2.
+  </synopsis>
+  <product type="ebuild">aria2</product>
+  <announced>2011-01-15</announced>
+  <revised count="01">2011-01-15</revised>
+  <bug>320975</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/aria2" auto="yes" arch="*">
+      <unaffected range="ge">1.9.3</unaffected>
+      <vulnerable range="lt">1.9.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    aria2 is a download utility with resuming and segmented downloading
+    with HTTP/HTTPS/FTP/BitTorrent support.
+    </p>
+  </background>
+  <description>
+    <p>
+    A directory traversal vulnerability was discovered in aria2.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to download from a specially
+    crafted metalink file, resulting in the creation of arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All aria2 users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-misc/aria2-1.9.3"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1512">CVE-2010-1512</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-05-23T20:17:09Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-05-27T13:19:55Z">
+    keytoaster
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-05-30T18:46:48Z">
+    vorlon
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-05.xml b/metadata/glsa/glsa-201101-05.xml
new file mode 100644
index 000000000000..f70ec4434ad1
--- /dev/null
+++ b/metadata/glsa/glsa-201101-05.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-05">
+  <title>OpenAFS: Arbitrary code execution</title>
+  <synopsis>
+    The cache manager of OpenAFS contains several bugs resulting in remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">OpenAFS</product>
+  <announced>2011-01-16</announced>
+  <revised count="01">2011-01-16</revised>
+  <bug>265538</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/openafs" auto="yes" arch="*">
+      <unaffected range="ge">1.4.9</unaffected>
+      <vulnerable range="lt">1.4.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    OpenAFS is a distributed file system.
+    </p>
+  </background>
+  <description>
+    <p>
+    Two vulnerabilities were discovered:
+    </p>
+    <ul><li>
+    Simon Wilkinson discovered from a bug report by Toby Blake that the
+    cache manager of OpenAFS contains a heap-based buffer overflow which is
+    related to the use of the ERR_PTR macro (CVE-2009-1250).</li>
+    <li>A
+    pointer dereference bug when using XDR arrays was discovered by Simon
+    Wilkinson, with assistance from Derrick Brashear and Jeffrey Altman.
+    (CVE-2009-1251).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>
+    The vulnerabilities might allow remote unauthenticated attackers to
+    cause a Denial of Service (system crash) and possibly execute arbitrary
+    code.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All OpenAFS users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-fs/openafs-1.4.9"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250">CVE-2009-1250</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1251">CVE-2009-1251</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2010-06-01T20:56:43Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-09-21T20:07:41Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-06.xml b/metadata/glsa/glsa-201101-06.xml
new file mode 100644
index 000000000000..12d53fb909dd
--- /dev/null
+++ b/metadata/glsa/glsa-201101-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-06">
+  <title>IO::Socket::SSL: Certificate validation error</title>
+  <synopsis>
+    An error in the hostname matching of IO::Socket::SSL might enable remote
+    attackers to conduct man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">IO::Socket::SSL</product>
+  <announced>2011-01-16</announced>
+  <revised count="01">2011-01-16</revised>
+  <bug>276360</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/IO-Socket-SSL" auto="yes" arch="*">
+      <unaffected range="ge">1.26</unaffected>
+      <vulnerable range="lt">1.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    IO::Socket::SSL is a Perl class implementing an object oriented
+    interface to SSL sockets.
+    </p>
+  </background>
+  <description>
+    <p>
+    The vendor reported that IO::Socket::SSL does not properly handle
+    Common Name (CN) fields.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might employ a specially crafted certificate to
+    conduct man-in-the-middle attacks on SSL connections made using
+    IO::Socket::SSL.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All IO::Socket::SSL users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=dev-perl/IO-Socket-SSL-1.26"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3024">CVE-2009-3024</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-07-10T18:07:06Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-11T12:25:53Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-09-22T19:52:04Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-07.xml b/metadata/glsa/glsa-201101-07.xml
new file mode 100644
index 000000000000..d516587c278e
--- /dev/null
+++ b/metadata/glsa/glsa-201101-07.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-07">
+  <title>Prewikka: password disclosure</title>
+  <synopsis>
+    Due to a world-readable file, a local attacker can obtain the SQL database
+    password used by Prewikka.
+  </synopsis>
+  <product type="ebuild">Prewikka</product>
+  <announced>2011-01-16</announced>
+  <revised count="01">2011-01-16</revised>
+  <bug>270056</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/prewikka" auto="yes" arch="*">
+      <unaffected range="ge">0.9.14-r2</unaffected>
+      <vulnerable range="lt">0.9.14-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Prewikka is a graphical front-end analysis console for the Prelude
+    Hybrid IDS Framework.
+    </p>
+  </background>
+  <description>
+    <p>
+    The permissions of the prewikka.conf file are set world readable.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could obtain the SQL database password used by
+    Prewikka.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Prewikka users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=net-analyzer/prewikka-0.9.14-r2"</code>
+    <p>
+    NOTE: This is a legacy GLSA. Updates for all affected architectures are
+    available since May 18, 2009 . It is likely that your system is already
+    no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2058">CVE-2010-2058</uri>
+  </references>
+  <metadata tag="requester" timestamp="2009-06-23T20:26:04Z">
+    craig
+  </metadata>
+  <metadata tag="submitter" timestamp="2010-04-11T12:57:02Z">
+    craig
+  </metadata>
+  <metadata tag="bugReady" timestamp="2010-09-21T20:08:51Z">
+    p-y
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-08.xml b/metadata/glsa/glsa-201101-08.xml
new file mode 100644
index 000000000000..5753e0a5d0ef
--- /dev/null
+++ b/metadata/glsa/glsa-201101-08.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-08">
+  <title>Adobe Reader: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Adobe Reader might result in the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2011-01-21</announced>
+  <revised count="02">2011-01-21</revised>
+  <bug>336508</bug>
+  <bug>343091</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">9.4.1</unaffected>
+      <vulnerable range="lt">9.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
+    reader.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Adobe Reader. For further
+    information please consult the CVE entries and the Adobe Security
+    Bulletins referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker might entice a user to open a specially crafted PDF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Reader users should upgrade to the latest stable version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.4.1"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-21.html">APSB10-21</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-28.html">APSB10-28</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883">CVE-2010-2883</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884">CVE-2010-2884</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887">CVE-2010-2887</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889">CVE-2010-2889</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890">CVE-2010-2890</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619">CVE-2010-3619</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620">CVE-2010-3620</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621">CVE-2010-3621</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622">CVE-2010-3622</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625">CVE-2010-3625</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626">CVE-2010-3626</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627">CVE-2010-3627</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628">CVE-2010-3628</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629">CVE-2010-3629</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630">CVE-2010-3630</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632">CVE-2010-3632</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654">CVE-2010-3654</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656">CVE-2010-3656</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657">CVE-2010-3657</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658">CVE-2010-3658</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091">CVE-2010-4091</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-10-11T13:07:56Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2011-01-15T16:33:24Z">
+    underling
+  </metadata>
+  <metadata tag="bugReady" timestamp="2011-01-15T16:35:28Z">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201101-09.xml b/metadata/glsa/glsa-201101-09.xml
new file mode 100644
index 000000000000..d573e0d94f64
--- /dev/null
+++ b/metadata/glsa/glsa-201101-09.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201101-09">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>
+    Multiple vulnerabilities in Adobe Flash Player might allow remote attackers
+    to execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2011-01-21</announced>
+  <revised count="01">2011-01-21</revised>
+  <bug>307749</bug>
+  <bug>322855</bug>
+  <bug>332205</bug>
+  <bug>337204</bug>
+  <bug>343089</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">10.1.102.64</unaffected>
+      <vulnerable range="lt">10.1.102.64</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    The Adobe Flash Player is a renderer for the SWF file format, which is
+    commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>
+    Multiple vulnerabilities were discovered in Adobe Flash Player. For
+    further information please consult the CVE entries and the Adobe
+    Security Bulletins referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could entice a user to open a specially crafted SWF
+    file, possibly resulting in the execution of arbitrary code with the
+    privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Adobe Flash Player users should upgrade to the latest stable
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-plugins/adobe-flash-10.1.102.64"</code>
+  </resolution>
+  <references>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-06.html">APSB10-06</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-14.html">APSB10-14</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-16.html">APSB10-16</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-22.html">APSB10-22</uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb10-26.html">APSB10-26</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546">CVE-2008-4546</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793">CVE-2009-3793</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186">CVE-2010-0186</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187">CVE-2010-0187</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209">CVE-2010-0209</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297">CVE-2010-1297</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160">CVE-2010-2160</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161">CVE-2010-2161</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162">CVE-2010-2162</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163">CVE-2010-2163</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164">CVE-2010-2164</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165">CVE-2010-2165</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166">CVE-2010-2166</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167">CVE-2010-2167</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169">CVE-2010-2169</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170">CVE-2010-2170</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171">CVE-2010-2171</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172">CVE-2010-2172</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173">CVE-2010-2173</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174">CVE-2010-2174</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175">CVE-2010-2175</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176">CVE-2010-2176</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177">CVE-2010-2177</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178">CVE-2010-2178</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179">CVE-2010-2179</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180">CVE-2010-2180</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181">CVE-2010-2181</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182">CVE-2010-2182</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183">CVE-2010-2183</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184">CVE-2010-2184</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185">CVE-2010-2185</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186">CVE-2010-2186</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187">CVE-2010-2187</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188">CVE-2010-2188</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189">CVE-2010-2189</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213">CVE-2010-2213</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214">CVE-2010-2214</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215">CVE-2010-2215</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216">CVE-2010-2216</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884">CVE-2010-2884</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636">CVE-2010-3636</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639">CVE-2010-3639</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640">CVE-2010-3640</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641">CVE-2010-3641</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642">CVE-2010-3642</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643">CVE-2010-3643</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644">CVE-2010-3644</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645">CVE-2010-3645</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646">CVE-2010-3646</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647">CVE-2010-3647</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648">CVE-2010-3648</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649">CVE-2010-3649</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650">CVE-2010-3650</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652">CVE-2010-3652</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654">CVE-2010-3654</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976">CVE-2010-3976</uri>
+  </references>
+  <metadata tag="requester" timestamp="2010-08-12T07:58:07Z">
+    a3li
+  </metadata>
+  <metadata tag="submitter" timestamp="2011-01-15T16:16:21Z">
+    underling
+  </metadata>
+  <metadata tag="bugReady" timestamp="2011-01-15T16:16:33Z">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-01.xml b/metadata/glsa/glsa-201110-01.xml
new file mode 100644
index 000000000000..0f2a9e77cede
--- /dev/null
+++ b/metadata/glsa/glsa-201110-01.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-01">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in OpenSSL, allowing for the
+    execution of arbitrary code and other attacks.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2011-10-09</announced>
+  <revised count="13">2015-06-06</revised>
+  <bug>303739</bug>
+  <bug>308011</bug>
+  <bug>322575</bug>
+  <bug>332027</bug>
+  <bug>345767</bug>
+  <bug>347623</bug>
+  <bug>354139</bug>
+  <bug>382069</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0e</unaffected>
+      <unaffected range="rge">0.9.8r</unaffected>
+      <unaffected range="rge">0.9.8s</unaffected>
+      <unaffected range="rge">0.9.8t</unaffected>
+      <unaffected range="rge">0.9.8u</unaffected>
+      <unaffected range="rge">0.9.8v</unaffected>
+      <unaffected range="rge">0.9.8w</unaffected>
+      <unaffected range="rge">0.9.8x</unaffected>
+      <unaffected range="rge">0.9.8y</unaffected>
+      <unaffected range="rge">0.9.8z_p1</unaffected>
+      <unaffected range="rge">0.9.8z_p2</unaffected>
+      <unaffected range="rge">0.9.8z_p3</unaffected>
+      <unaffected range="rge">0.9.8z_p4</unaffected>
+      <unaffected range="rge">0.9.8z_p5</unaffected>
+      <unaffected range="rge">0.9.8z_p6</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.0e</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker could cause a Denial of Service, possibly
+      execute arbitrary code, bypass intended key requirements, force the
+      downgrade to unintended ciphers, bypass the need for knowledge of shared
+      secrets and successfully authenticate, bypass CRL validation, or obtain
+      sensitive information in applications that use OpenSSL.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.0e"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since September 17, 2011. It is likely that your system is
+      already no longer affected by most of these issues.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245">CVE-2009-3245</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355">CVE-2009-4355</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433">CVE-2010-0433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740">CVE-2010-0740</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742">CVE-2010-0742</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633">CVE-2010-1633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939">CVE-2010-2939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864">CVE-2010-3864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180">CVE-2010-4180</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252">CVE-2010-4252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014">CVE-2011-0014</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207">CVE-2011-3207</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210">CVE-2011-3210</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:03Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2015-06-06T23:06:31Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-02.xml b/metadata/glsa/glsa-201110-02.xml
new file mode 100644
index 000000000000..af6d556017ac
--- /dev/null
+++ b/metadata/glsa/glsa-201110-02.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-02">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Wireshark allow for the remote
+    execution of arbitrary code, or a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2011-10-09</announced>
+  <revised count="1">2011-10-09</revised>
+  <bug>323859</bug>
+  <bug>330479</bug>
+  <bug>339401</bug>
+  <bug>346191</bug>
+  <bug>350551</bug>
+  <bug>354197</bug>
+  <bug>357237</bug>
+  <bug>363895</bug>
+  <bug>369683</bug>
+  <bug>373961</bug>
+  <bug>381551</bug>
+  <bug>383823</bug>
+  <bug>386179</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.4.9</unaffected>
+      <vulnerable range="lt">1.4.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a versatile network protocol analyzer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send specially crafted packets on a network
+      being monitored by Wireshark, entice a user to open a malformed packet
+      trace file using Wireshark, or deploy a specially crafted Lua script for
+      use by Wireshark, possibly resulting in the execution of arbitrary code,
+      or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.4.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2283">CVE-2010-2283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2284">CVE-2010-2284</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2285">CVE-2010-2285</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2286">CVE-2010-2286</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2287">CVE-2010-2287</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2992">CVE-2010-2992</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2993">CVE-2010-2993</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2994">CVE-2010-2994</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2995">CVE-2010-2995</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3133">CVE-2010-3133</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3445">CVE-2010-3445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4300">CVE-2010-4300</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4301">CVE-2010-4301</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4538">CVE-2010-4538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0024">CVE-2011-0024</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0444">CVE-2011-0444</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0445">CVE-2011-0445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0538">CVE-2011-0538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0713">CVE-2011-0713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1138">CVE-2011-1138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1139">CVE-2011-1139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1140">CVE-2011-1140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1141">CVE-2011-1141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1142">CVE-2011-1142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1143">CVE-2011-1143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1590">CVE-2011-1590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1591">CVE-2011-1591</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1592">CVE-2011-1592</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1956">CVE-2011-1956</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1957">CVE-2011-1957</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1958">CVE-2011-1958</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1959">CVE-2011-1959</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2174">CVE-2011-2174</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2175">CVE-2011-2175</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2597">CVE-2011-2597</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2698">CVE-2011-2698</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3266">CVE-2011-3266</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3360">CVE-2011-3360</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3482">CVE-2011-3482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3483">CVE-2011-3483</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:44Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-09T15:48:24Z" tag="submitter">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-03.xml b/metadata/glsa/glsa-201110-03.xml
new file mode 100644
index 000000000000..ccd0c69915d8
--- /dev/null
+++ b/metadata/glsa/glsa-201110-03.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-03">
+  <title>Bugzilla: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Bugzilla, the worst of which
+    leading to privilege escalation.
+  </synopsis>
+  <product type="ebuild">bugzilla</product>
+  <announced>2011-10-10</announced>
+  <revised count="1">2011-10-10</revised>
+  <bug>352781</bug>
+  <bug>380255</bug>
+  <bug>386203</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-apps/bugzilla" auto="yes" arch="*">
+      <unaffected range="ge">3.6.6</unaffected>
+      <vulnerable range="lt">3.6.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bugzilla is the bug-tracking system from the Mozilla project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Bugzilla. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could conduct cross-site scripting attacks, conduct
+      script insertion and spoofing attacks, hijack the authentication of
+      arbitrary users, inject arbitrary HTTP headers, obtain access to
+      arbitrary accounts, disclose the existence of confidential groups and its
+      names, or inject arbitrary e-mail headers.
+    </p>
+    
+    <p>A local attacker could disclose the contents of temporarfy files for
+      uploaded attachments.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bugzilla users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/bugzilla-3.6.6"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 27, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2761">CVE-2010-2761</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3172">CVE-2010-3172</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3764">CVE-2010-3764</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4411">CVE-2010-4411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4567">CVE-2010-4567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4568">CVE-2010-4568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4569">CVE-2010-4569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4570">CVE-2010-4570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4572">CVE-2010-4572</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0046">CVE-2011-0046</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0048">CVE-2011-0048</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2379">CVE-2011-2379</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2380">CVE-2011-2380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2381">CVE-2011-2381</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2976">CVE-2011-2976</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2977">CVE-2011-2977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2978">CVE-2011-2978</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2979">CVE-2011-2979</uri>
+  </references>
+  <metadata timestamp="2011-10-08T21:15:32Z" tag="requester">
+    keytoaster
+  </metadata>
+  <metadata timestamp="2011-10-10T19:51:47Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-04.xml b/metadata/glsa/glsa-201110-04.xml
new file mode 100644
index 000000000000..1f11c0fe74aa
--- /dev/null
+++ b/metadata/glsa/glsa-201110-04.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-04">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Dovecot, the worst of which
+    allowing for remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Dovecot</product>
+  <announced>2011-10-10</announced>
+  <revised count="2">2011-10-10</revised>
+  <bug>286844</bug>
+  <bug>293954</bug>
+  <bug>314533</bug>
+  <bug>368653</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="rge">1.2.17</unaffected>
+      <unaffected range="ge">2.0.13</unaffected>
+      <vulnerable range="lt">2.0.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an IMAP and POP3 server written with security primarily in
+      mind.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dovecot. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could exploit these vulnerabilities to cause the
+      remote execution of arbitrary code, or a Denial of Service condition, to
+      conduct directory traversal attacks, corrupt data, or disclose
+      information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot 1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-1.2.17"
+    </code>
+    
+    <p>All Dovecot 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.0.13"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since May 28, 2011. It is likely that your system is already no
+      longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3235">CVE-2009-3235</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3897">CVE-2009-3897</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0745">CVE-2010-0745</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3304">CVE-2010-3304</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3706">CVE-2010-3706</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3707">CVE-2010-3707</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3779">CVE-2010-3779</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3780">CVE-2010-3780</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1929">CVE-2011-1929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2166">CVE-2011-2166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2167">CVE-2011-2167</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:19Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-10T20:22:02Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-05.xml b/metadata/glsa/glsa-201110-05.xml
new file mode 100644
index 000000000000..29b6446cca84
--- /dev/null
+++ b/metadata/glsa/glsa-201110-05.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-05">
+  <title>GnuTLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in GnuTLS, allowing for easier
+    man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2011-10-10</announced>
+  <revised count="1">2011-10-10</revised>
+  <bug>281224</bug>
+  <bug>292025</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">2.10.0</unaffected>
+      <vulnerable range="lt">2.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0
+      protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GnuTLS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could perform man-in-the-middle attacks to spoof arbitrary
+      SSL servers via a crafted certificate issued by a legitimate
+      Certification Authority or to inject an arbitrary amount of chosen
+      plaintext into the beginning of the application protocol stream, allowing
+      for further exploitation.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-2.10.0"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 6, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2730">CVE-2009-2730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555">CVE-2009-3555</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:18Z" tag="requester">
+    keytoaster
+  </metadata>
+  <metadata timestamp="2011-10-10T20:33:39Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-06.xml b/metadata/glsa/glsa-201110-06.xml
new file mode 100644
index 000000000000..7e74c6b998e8
--- /dev/null
+++ b/metadata/glsa/glsa-201110-06.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-06">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in PHP, the worst of which
+    leading to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2011-10-10</announced>
+  <revised count="2">2011-10-10</revised>
+  <bug>306939</bug>
+  <bug>332039</bug>
+  <bug>340807</bug>
+  <bug>350908</bug>
+  <bug>355399</bug>
+  <bug>358791</bug>
+  <bug>358975</bug>
+  <bug>369071</bug>
+  <bug>372745</bug>
+  <bug>373965</bug>
+  <bug>380261</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.3.8</unaffected>
+      <vulnerable range="lt">5.3.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker could execute arbitrary code, obtain
+      sensitive information from process memory, bypass intended access
+      restrictions, or cause a Denial of Service in various ways.
+    </p>
+    
+    <p>A remote attacker could cause a Denial of Service in various ways,
+      bypass spam detections, or bypass open_basedir restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.3.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243">CVE-2006-7243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016">CVE-2009-5016</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128">CVE-2010-1128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129">CVE-2010-1129</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130">CVE-2010-1130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860">CVE-2010-1860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861">CVE-2010-1861</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862">CVE-2010-1862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864">CVE-2010-1864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866">CVE-2010-1866</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868">CVE-2010-1868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914">CVE-2010-1914</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915">CVE-2010-1915</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917">CVE-2010-1917</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093">CVE-2010-2093</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094">CVE-2010-2094</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097">CVE-2010-2097</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100">CVE-2010-2100</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101">CVE-2010-2101</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190">CVE-2010-2190</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191">CVE-2010-2191</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225">CVE-2010-2225</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484">CVE-2010-2484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531">CVE-2010-2531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950">CVE-2010-2950</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062">CVE-2010-3062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063">CVE-2010-3063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064">CVE-2010-3064</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065">CVE-2010-3065</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436">CVE-2010-3436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709">CVE-2010-3709</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709">CVE-2010-3709</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710">CVE-2010-3710</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710">CVE-2010-3710</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870">CVE-2010-3870</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150">CVE-2010-4150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409">CVE-2010-4409</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645">CVE-2010-4645</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697">CVE-2010-4697</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698">CVE-2010-4698</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699">CVE-2010-4699</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700">CVE-2010-4700</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420">CVE-2011-0420</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421">CVE-2011-0421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708">CVE-2011-0708</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752">CVE-2011-0752</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753">CVE-2011-0753</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755">CVE-2011-0755</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092">CVE-2011-1092</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148">CVE-2011-1148</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153">CVE-2011-1153</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464">CVE-2011-1464</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466">CVE-2011-1466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467">CVE-2011-1467</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468">CVE-2011-1468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469">CVE-2011-1469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470">CVE-2011-1470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471">CVE-2011-1471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657">CVE-2011-1657</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938">CVE-2011-1938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202">CVE-2011-2202</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483">CVE-2011-2483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182">CVE-2011-3182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189">CVE-2011-3189</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267">CVE-2011-3267</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268">CVE-2011-3268</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:20Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-10T21:51:57Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-07.xml b/metadata/glsa/glsa-201110-07.xml
new file mode 100644
index 000000000000..8d7182803f22
--- /dev/null
+++ b/metadata/glsa/glsa-201110-07.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-07">
+  <title>vsftpd: Denial of service</title>
+  <synopsis>A Denial of Service vulnerability was found in vsftpd.</synopsis>
+  <product type="ebuild">vsftpd</product>
+  <announced>2011-10-10</announced>
+  <revised count="1">2011-10-10</revised>
+  <bug>357001</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/vsftpd" auto="yes" arch="*">
+      <unaffected range="ge">2.3.4</unaffected>
+      <vulnerable range="lt">2.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>vsftpd is a very secure FTP daemon written with speed, size and security
+      in mind.
+    </p>
+  </background>
+  <description>
+    <p>A Denial of Service vulnerability was discovered in vsftpd. Please
+      review the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker could cause a Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All vsftpd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/vsftpd-2.3.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0762">CVE-2011-0762</uri>
+  </references>
+  <metadata timestamp="2011-10-08T21:54:37Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-10T20:41:01Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-08.xml b/metadata/glsa/glsa-201110-08.xml
new file mode 100644
index 000000000000..a7e6b3aa2109
--- /dev/null
+++ b/metadata/glsa/glsa-201110-08.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-08">
+  <title>feh: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in feh, the worst of which
+    leading to remote passive code execution.
+  </synopsis>
+  <product type="ebuild">feh</product>
+  <announced>2011-10-13</announced>
+  <revised count="2">2011-10-13</revised>
+  <bug>325531</bug>
+  <bug>354063</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-gfx/feh" auto="yes" arch="*">
+      <unaffected range="ge">1.12</unaffected>
+      <vulnerable range="lt">1.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>feh is a fast, lightweight imageviewer using imlib2.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in feh. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A malicious entity might entice a user to visit a URL using the
+      --wget-timestamp option, thus executing arbitrary commands via shell
+      metacharacters; a malicious local user could perform a symlink attack and
+      overwrite arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All feh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/feh-1.12"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2246">CVE-2010-2246</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0702">CVE-2011-0702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1031">CVE-2011-1031</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:47Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-13T21:10:09Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-09.xml b/metadata/glsa/glsa-201110-09.xml
new file mode 100644
index 000000000000..f853a02796ca
--- /dev/null
+++ b/metadata/glsa/glsa-201110-09.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-09">
+  <title>Conky: Privilege escalation</title>
+  <synopsis>A privilege escalation vulnerability was found in Conky.</synopsis>
+  <product type="ebuild">Conky</product>
+  <announced>2011-10-13</announced>
+  <revised count="1">2011-10-13</revised>
+  <bug>354061</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/conky" auto="yes" arch="*">
+      <unaffected range="ge">1.8.1-r2</unaffected>
+      <vulnerable range="lt">1.8.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Conky is an advanced, highly configurable system monitor for X.</p>
+  </background>
+  <description>
+    <p>A privilege escalation vulnerability due to an insecure temporary file
+      was found in Conky.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly overwrite arbitrary files with the
+      privileges of the user running Conky.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Conky users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/conky-1.8.1-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3616">CVE-2011-3616</uri>
+  </references>
+  <metadata timestamp="2011-10-08T22:34:39Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-13T21:46:29Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-10.xml b/metadata/glsa/glsa-201110-10.xml
new file mode 100644
index 000000000000..90f697472e52
--- /dev/null
+++ b/metadata/glsa/glsa-201110-10.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-10">
+  <title>Wget: User-assisted file creation or overwrite</title>
+  <synopsis>Insecure usage of server provided filenames may allow the creation
+    or overwriting of local files.
+  </synopsis>
+  <product type="ebuild">Wget</product>
+  <announced>2011-10-13</announced>
+  <revised count="1">2011-10-13</revised>
+  <bug>329941</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.12-r2</unaffected>
+      <vulnerable range="lt">1.12-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols. 
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Wget was unsafely trusting server-provided
+      filenames. This allowed attackers to overwrite or create files on the
+      user's system by sending a redirect from the expected URL to another URL
+      specifying the targeted file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker may be able to create or overwrite
+      local files by enticing the user to open an attacker controlled URL,
+      possibly leading to execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.12-r2"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since September 19, 2010. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2252">CVE-2010-2252</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:55Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-13T23:47:06Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-11.xml b/metadata/glsa/glsa-201110-11.xml
new file mode 100644
index 000000000000..55382bbee98f
--- /dev/null
+++ b/metadata/glsa/glsa-201110-11.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-11">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Adobe Flash Player might allow remote
+    attackers to execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">Adobe Flash Player</product>
+  <announced>2011-10-13</announced>
+  <revised count="1">2011-10-13</revised>
+  <bug>354207</bug>
+  <bug>359019</bug>
+  <bug>363179</bug>
+  <bug>367031</bug>
+  <bug>370215</bug>
+  <bug>372899</bug>
+  <bug>378637</bug>
+  <bug>384017</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">10.3.183.10</unaffected>
+      <vulnerable range="lt">10.3.183.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers and Adobe Security Advisories and
+      Bulletins referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>By enticing a user to open a specially crafted SWF file a remote
+      attacker could cause a Denial of Service or the execution of arbitrary
+      code with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-10.3.183.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://www.adobe.com/support/security/advisories/apsa11-01.html">
+      APSA11-01
+    </uri>
+    <uri link="https://www.adobe.com/support/security/advisories/apsa11-02.html">
+      APSA11-02
+    </uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb11-02.html">
+      APSB11-02
+    </uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb11-12.html">
+      APSB11-12
+    </uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb11-13.html">
+      APSB11-13
+    </uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb11-21.html">
+      APSB11-21
+    </uri>
+    <uri link="https://www.adobe.com/support/security/bulletins/apsb11-26.html">
+      APSB11-26
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558">CVE-2011-0558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559">CVE-2011-0559</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560">CVE-2011-0560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561">CVE-2011-0561</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571">CVE-2011-0571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572">CVE-2011-0572</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573">CVE-2011-0573</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574">CVE-2011-0574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575">CVE-2011-0575</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577">CVE-2011-0577</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578">CVE-2011-0578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579">CVE-2011-0579</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589">CVE-2011-0589</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607">CVE-2011-0607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608">CVE-2011-0608</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609">CVE-2011-0609</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611">CVE-2011-0611</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618">CVE-2011-0618</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619">CVE-2011-0619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620">CVE-2011-0620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621">CVE-2011-0621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622">CVE-2011-0622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623">CVE-2011-0623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624">CVE-2011-0624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625">CVE-2011-0625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626">CVE-2011-0626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627">CVE-2011-0627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628">CVE-2011-0628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107">CVE-2011-2107</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110">CVE-2011-2110</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135">CVE-2011-2125</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130">CVE-2011-2130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134">CVE-2011-2134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136">CVE-2011-2136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137">CVE-2011-2137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138">CVE-2011-2138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139">CVE-2011-2139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140">CVE-2011-2140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414">CVE-2011-2414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415">CVE-2011-2415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416">CVE-2011-2416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417">CVE-2011-2417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424">CVE-2011-2424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425">CVE-2011-2425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426">CVE-2011-2426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427">CVE-2011-2427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428">CVE-2011-2428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429">CVE-2011-2429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430">CVE-2011-2430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444">CVE-2011-2444</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:02Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-13T23:52:05Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-12.xml b/metadata/glsa/glsa-201110-12.xml
new file mode 100644
index 000000000000..90c706220115
--- /dev/null
+++ b/metadata/glsa/glsa-201110-12.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-12">
+  <title>Unbound: Denial of service</title>
+  <synopsis>Multiple Denial of Service vulnerabilities were found in Unbound.</synopsis>
+  <product type="ebuild">unbound</product>
+  <announced>2011-10-15</announced>
+  <revised count="1">2011-10-15</revised>
+  <bug>309117</bug>
+  <bug>368981</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/unbound" auto="yes" arch="*">
+      <unaffected range="ge">1.4.10</unaffected>
+      <vulnerable range="lt">1.4.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Unbound is a validating, recursive, and caching DNS resolver.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in unbound. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Unbound users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/unbound-1.4.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0969">CVE-2010-0969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1922">CVE-2011-1922</uri>
+  </references>
+  <metadata timestamp="2011-10-08T22:09:43Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-15T09:21:34Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-13.xml b/metadata/glsa/glsa-201110-13.xml
new file mode 100644
index 000000000000..53162fc6b4a0
--- /dev/null
+++ b/metadata/glsa/glsa-201110-13.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-13">
+  <title>Tor: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Tor, the most severe of
+    which may allow a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">Tor</product>
+  <announced>2011-10-18</announced>
+  <revised count="1">2011-10-18</revised>
+  <bug>351920</bug>
+  <bug>359789</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.2.1.30</unaffected>
+      <vulnerable range="lt">0.2.1.30</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tor is an implementation of second generation Onion Routing, a
+      connection-oriented anonymizing communication service. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tor. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote unauthenticated attacker may be able to execute arbitrary code
+      with the privileges of the Tor process or create a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.2.1.30"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since April 2, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015">CVE-2011-0015</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016">CVE-2011-0016</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427">CVE-2011-0427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490">CVE-2011-0490</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491">CVE-2011-0491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492">CVE-2011-0492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493">CVE-2011-0493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924">CVE-2011-1924</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:20Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-18T18:25:47Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-14.xml b/metadata/glsa/glsa-201110-14.xml
new file mode 100644
index 000000000000..c84db9605a60
--- /dev/null
+++ b/metadata/glsa/glsa-201110-14.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-14">
+  <title>D-Bus: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in D-Bus, the worst of which
+    allowing for a symlink attack.
+  </synopsis>
+  <product type="ebuild">D-Bus</product>
+  <announced>2011-10-21</announced>
+  <revised count="1">2011-10-21</revised>
+  <bug>348766</bug>
+  <bug>371261</bug>
+  <bug>372743</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.4.12</unaffected>
+      <vulnerable range="lt">1.4.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system, a simple way for applications to talk to
+      each other.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in D-Bus. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The vulnerabilities allow for local Denial of Service (daemon crash), or
+      arbitrary file overwriting.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.4.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4352">CVE-2010-4352</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2200">CVE-2011-2200</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2533">CVE-2011-2533</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:28Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-21T21:15:45Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-15.xml b/metadata/glsa/glsa-201110-15.xml
new file mode 100644
index 000000000000..8f6feb3fdd97
--- /dev/null
+++ b/metadata/glsa/glsa-201110-15.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-15">
+  <title>GnuPG: User-assisted execution of arbitrary code</title>
+  <synopsis>The GPGSM utility included in GnuPG contains a use-after-free
+    vulnerability that may allow an unauthenticated remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">GnuPG</product>
+  <announced>2011-10-22</announced>
+  <revised count="1">2011-10-22</revised>
+  <bug>329583</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">2.0.16-r1</unaffected>
+      <unaffected range="lt">2.0</unaffected>
+      <vulnerable range="lt">2.0.16-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
+      cryptographic software. The GPGSM utility in GnuPG is responsible for
+      processing X.509 certificates, signatures and encryption as well as
+      S/MIME messages. 
+    </p>
+  </background>
+  <description>
+    <p>The GPGSM utility in GnuPG contains a use-after-free vulnerability that
+      may be exploited when importing a crafted X.509 certificate explicitly or
+      during the signature verification process. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker may execute arbitrary code with the
+      privileges of the user running GnuPG by enticing them to import a crafted
+      certificate.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuPG 2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-2.0.16-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2547">CVE-2010-2547</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:19Z" tag="requester">system</metadata>
+  <metadata timestamp="2011-10-22T04:24:43Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-16.xml b/metadata/glsa/glsa-201110-16.xml
new file mode 100644
index 000000000000..e294e55f6a54
--- /dev/null
+++ b/metadata/glsa/glsa-201110-16.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-16">
+  <title>Cyrus IMAP Server: Multiple vulnerabilities</title>
+  <synopsis>The Cyrus IMAP Server is affected by multiple vulnerabilities which
+    could potentially lead to the remote execution of arbitrary code or a
+    Denial of Service. 
+  </synopsis>
+  <product type="ebuild">Cyrus IMAP Server</product>
+  <announced>2011-10-22</announced>
+  <revised count="1">2011-10-22</revised>
+  <bug>283596</bug>
+  <bug>382349</bug>
+  <bug>385729</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-mail/cyrus-imapd" auto="yes" arch="*">
+      <unaffected range="ge">2.4.12</unaffected>
+      <vulnerable range="lt">2.4.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail
+      server. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Cyrus IMAP Server.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An unauthenticated local or remote attacker may be able to execute
+      arbitrary code with the privileges of the Cyrus IMAP Server process or
+      cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cyrus IMAP Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/cyrus-imapd-2.4.12"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2632">CVE-2009-2632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3208">CVE-2011-3208</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3481">CVE-2011-3481</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:12Z" tag="requester">a3li</metadata>
+  <metadata timestamp="2011-10-22T04:32:26Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-17.xml b/metadata/glsa/glsa-201110-17.xml
new file mode 100644
index 000000000000..47fefb9d0311
--- /dev/null
+++ b/metadata/glsa/glsa-201110-17.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-17">
+  <title>Avahi: Denial of service</title>
+  <synopsis>Multiple vulnerabilities were found in Avahi, allowing for Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">avahi</product>
+  <announced>2011-10-22</announced>
+  <revised count="1">2011-10-22</revised>
+  <bug>335885</bug>
+  <bug>355583</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/avahi" auto="yes" arch="*">
+      <unaffected range="ge">0.6.28-r1</unaffected>
+      <vulnerable range="lt">0.6.28-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Avahi is a system which facilitates service discovery on a local
+      network.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Avahi. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Avahi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/avahi-0.6.28-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2244">CVE-2010-2244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1002">CVE-2011-1002</uri>
+  </references>
+  <metadata timestamp="2011-10-08T22:46:40Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-22T16:30:30Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-18.xml b/metadata/glsa/glsa-201110-18.xml
new file mode 100644
index 000000000000..e1a229ff5967
--- /dev/null
+++ b/metadata/glsa/glsa-201110-18.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-18">
+  <title>rgmanager: Privilege escalation</title>
+  <synopsis>A vulnerability was found in rgmanager, allowing for privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">rgmanager</product>
+  <announced>2011-10-22</announced>
+  <revised count="1">2011-10-22</revised>
+  <bug>352213</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-cluster/rgmanager" auto="yes" arch="*">
+      <unaffected range="ge">2.03.09-r1</unaffected>
+      <vulnerable range="lt">2.03.09-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>rgmanager is a clustered resource group manager.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in rgmanager. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rgmanager users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=sys-cluster/rgmanager-2.03.09-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389">CVE-2010-3389</uri>
+  </references>
+  <metadata timestamp="2011-10-08T22:41:31Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-22T16:33:13Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-19.xml b/metadata/glsa/glsa-201110-19.xml
new file mode 100644
index 000000000000..f9737367eaf6
--- /dev/null
+++ b/metadata/glsa/glsa-201110-19.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-19">
+  <title>X.Org X Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in the X.Org X server might allow local
+    attackers to disclose information.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2011-10-22</announced>
+  <revised count="2">2011-10-22</revised>
+  <bug>387069</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="rge">1.9.5-r1</unaffected>
+      <unaffected range="ge">1.10.4-r1</unaffected>
+      <vulnerable range="lt">1.10.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>vladz reported the following vulnerabilities in the X.Org X server:</p>
+    
+    <ul>
+      <li>The X.Org X server follows symbolic links when trying to access the
+        lock file for a X display, showing a predictable behavior depending on
+        the file type of the link target (CVE-2011-4028).
+      </li>
+      <li>The X.Org X server lock file mechanism allows for a race condition to
+        cause the X server to modify the file permissions of an arbitrary file
+        to 0444 (CVE-2011-4029).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could exploit these vulnerabilities to disclose
+      information by making arbitrary files on a system world-readable or gain
+      information whether a specified file exists on the system and whether it
+      is a file, directory, or a named pipe.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server 1.9 users should upgrade to the latest 1.9 version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.9.5-r1"
+    </code>
+    
+    <p>All X.Org X Server 1.10 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.10.4-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4028">CVE-2011-4028</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4029">CVE-2011-4029</uri>
+  </references>
+  <metadata timestamp="2011-10-13T20:53:51Z" tag="requester">a3li</metadata>
+  <metadata timestamp="2011-10-22T17:19:57Z" tag="submitter">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-20.xml b/metadata/glsa/glsa-201110-20.xml
new file mode 100644
index 000000000000..0b8bd4620b1b
--- /dev/null
+++ b/metadata/glsa/glsa-201110-20.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-20">
+  <title>Clam AntiVirus: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Clam AntiVirus, the most
+    severe of which may allow the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Clam AntiVirus</product>
+  <announced>2011-10-24</announced>
+  <revised count="2">2011-10-24</revised>
+  <bug>338226</bug>
+  <bug>347627</bug>
+  <bug>354019</bug>
+  <bug>378815</bug>
+  <bug>387521</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.97.3</unaffected>
+      <vulnerable range="lt">0.97.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX,
+      designed especially for e-mail scanning on mail gateways. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Clam AntiVirus. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An unauthenticated remote attacker may execute arbitrary code with the
+      privileges of the Clam AntiVirus process or cause a Denial of Service by
+      causing an affected user or system to scan a crafted file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Clam AntiVirus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.97.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0405">CVE-2010-0405</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3434">CVE-2010-3434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4260">CVE-2010-4260</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4261">CVE-2010-4261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4479">CVE-2010-4479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1003">CVE-2011-1003</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2721">CVE-2011-2721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3627">CVE-2011-3627</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:20Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-24T15:40:45Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-21.xml b/metadata/glsa/glsa-201110-21.xml
new file mode 100644
index 000000000000..846cb601fbc2
--- /dev/null
+++ b/metadata/glsa/glsa-201110-21.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-21">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Asterisk might allow unauthenticated
+    remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">Asterisk</product>
+  <announced>2011-10-24</announced>
+  <revised count="1">2011-10-24</revised>
+  <bug>352059</bug>
+  <bug>355967</bug>
+  <bug>359767</bug>
+  <bug>364887</bug>
+  <bug>372793</bug>
+  <bug>373409</bug>
+  <bug>387453</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.8.7.1</unaffected>
+      <unaffected range="rge">1.6.2.18.2</unaffected>
+      <vulnerable range="lt">1.8.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Asterisk. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An unauthenticated remote attacker may execute code with the privileges
+      of the Asterisk process or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All asterisk 1.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.6.2.18.2"
+    </code>
+    
+    <p>All asterisk 1.8.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.7.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1147">CVE-2011-1147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1174">CVE-2011-1174</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1175">CVE-2011-1175</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1507">CVE-2011-1507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1599">CVE-2011-1599</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2529">CVE-2011-2529</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2535">CVE-2011-2535</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2536">CVE-2011-2536</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2665">CVE-2011-2665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2666">CVE-2011-2666</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4063">CVE-2011-4063</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:05Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-24T18:44:10Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-22.xml b/metadata/glsa/glsa-201110-22.xml
new file mode 100644
index 000000000000..5dae728a83dc
--- /dev/null
+++ b/metadata/glsa/glsa-201110-22.xml
@@ -0,0 +1,179 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-22">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in the PostgreSQL server and client allow
+    remote attacker to conduct several attacks, including the execution of
+    arbitrary code and Denial of Service.
+  </synopsis>
+  <product type="ebuild">postgresql-server postgresql-base</product>
+  <announced>2011-10-25</announced>
+  <revised count="3">2012-03-05</revised>
+  <bug>261223</bug>
+  <bug>284274</bug>
+  <bug>297383</bug>
+  <bug>308063</bug>
+  <bug>313335</bug>
+  <bug>320967</bug>
+  <bug>339935</bug>
+  <bug>353387</bug>
+  <bug>384539</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <vulnerable range="le">9</vulnerable>
+    </package>
+    <package name="dev-db/postgresql-server" auto="yes" arch="*">
+      <unaffected range="ge">9.0.5</unaffected>
+      <unaffected range="rge">8.4.9</unaffected>
+      <unaffected range="rge">8.3.16</unaffected>
+      <unaffected range="rge">8.2.22</unaffected>
+      <unaffected range="rge">8.4.10</unaffected>
+      <unaffected range="rge">8.3.17</unaffected>
+      <unaffected range="rge">8.2.23</unaffected>
+      <unaffected range="ge">8.4.11</unaffected>
+      <unaffected range="ge">8.3.18</unaffected>
+      <vulnerable range="lt">9.0.5</vulnerable>
+    </package>
+    <package name="dev-db/postgresql-base" auto="yes" arch="*">
+      <unaffected range="ge">9.0.5</unaffected>
+      <unaffected range="rge">8.4.9</unaffected>
+      <unaffected range="rge">8.3.16</unaffected>
+      <unaffected range="rge">8.2.22</unaffected>
+      <unaffected range="rge">8.4.10</unaffected>
+      <unaffected range="rge">8.3.17</unaffected>
+      <unaffected range="rge">8.2.23</unaffected>
+      <unaffected range="ge">8.4.11</unaffected>
+      <unaffected range="ge">8.3.18</unaffected>
+      <vulnerable range="lt">9.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker could send a specially crafted SQL query
+      to a PostgreSQL server with the "intarray" module enabled, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      PostgreSQL server process, or a Denial of Service condition. Furthermore,
+      a remote authenticated attacker could execute arbitrary Perl code, cause
+      a Denial of Service condition via different vectors, bypass LDAP
+      authentication, bypass X.509 certificate validation, gain database
+      privileges, exploit weak blowfish encryption and possibly cause other
+      unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/postgresql-base-8.2.22:8.2"
+    </code>
+    
+    <p>All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/postgresql-base-8.3.16:8.3"
+    </code>
+    
+    <p>All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/postgresql-base-8.4.9:8.4"
+    </code>
+    
+    <p>All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/postgresql-base-9.0.5:9.0"
+    </code>
+    
+    <p>All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/postgresql-server-8.2.22:8.2"
+    </code>
+    
+    <p>All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/postgresql-server-8.3.16:8.3"
+    </code>
+    
+    <p>All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/postgresql-server-8.4.9:8.4"
+    </code>
+    
+    <p>All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/postgresql-server-9.0.5:9.0"
+    </code>
+    
+    <p>The old unsplit PostgreSQL packages have been removed from portage.
+      Users still using them are urged to migrate to the new PostgreSQL
+      packages as stated above and to remove the old package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "dev-db/postgresql"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0922">CVE-2009-0922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3229">CVE-2009-3229</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3230">CVE-2009-3230</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3231">CVE-2009-3231</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4034">CVE-2009-4034</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4136">CVE-2009-4136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0442">CVE-2010-0442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0733">CVE-2010-0733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1169">CVE-2010-1169</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1170">CVE-2010-1170</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1447">CVE-2010-1447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1975">CVE-2010-1975</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3433">CVE-2010-3433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4015">CVE-2010-4015</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483">CVE-2011-2483</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:07Z" tag="requester">
+    keytoaster
+  </metadata>
+  <metadata timestamp="2012-03-05T19:10:41Z" tag="submitter">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-23.xml b/metadata/glsa/glsa-201110-23.xml
new file mode 100644
index 000000000000..8a98f2fdf517
--- /dev/null
+++ b/metadata/glsa/glsa-201110-23.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-23">
+  <title>Apache mod_authnz_external: SQL injection</title>
+  <synopsis>An input sanitation flaw in mod_authnz_external allows remote
+    attacker to conduct SQL injection.
+  </synopsis>
+  <product type="ebuild">mod_authnz_external</product>
+  <announced>2011-10-25</announced>
+  <revised count="1">2011-10-25</revised>
+  <bug>386165</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_authnz_external" auto="yes" arch="*">
+      <unaffected range="ge">3.2.6</unaffected>
+      <vulnerable range="lt">3.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mod_authnz_external is a tool for creating custom authentication
+      backends for HTTP basic authentication.
+    </p>
+  </background>
+  <description>
+    <p>mysql/mysql-auth.pl in mod_authnz_external does not properly sanitize
+      input before using it in an SQL query.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could exploit this vulnerability to inject arbitrary
+      SQL statements by using a specially crafted username for HTTP
+      authentication on a site using mod_authnz_external.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache mod_authnz_external users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-apache/mod_authnz_external-3.2.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2688">CVE-2011-2688</uri>
+  </references>
+  <metadata timestamp="2011-10-18T14:42:12Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-25T17:13:58Z" tag="submitter">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-24.xml b/metadata/glsa/glsa-201110-24.xml
new file mode 100644
index 000000000000..6687719ac1d0
--- /dev/null
+++ b/metadata/glsa/glsa-201110-24.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-24">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Squid allowing attackers to
+    execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">Squid</product>
+  <announced>2011-10-26</announced>
+  <revised count="1">2011-10-26</revised>
+  <bug>279379</bug>
+  <bug>279380</bug>
+  <bug>301828</bug>
+  <bug>334263</bug>
+  <bug>381065</bug>
+  <bug>386215</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">3.1.15</unaffected>
+      <vulnerable range="lt">3.1.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squid is a full-featured web proxy cache. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Squid. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Remote unauthenticated attackers may be able to execute arbitrary code
+      with the privileges of the Squid process or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All squid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-3.1.15"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since September 4, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621">CVE-2009-2621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622">CVE-2009-2622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855">CVE-2009-2855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308">CVE-2010-0308</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639">CVE-2010-0639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951">CVE-2010-2951</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072">CVE-2010-3072</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205">CVE-2011-3205</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:54Z" tag="requester">craig</metadata>
+  <metadata timestamp="2011-10-26T20:47:18Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-25.xml b/metadata/glsa/glsa-201110-25.xml
new file mode 100644
index 000000000000..05fc58d0044f
--- /dev/null
+++ b/metadata/glsa/glsa-201110-25.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-25">
+  <title>Pure-FTPd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Pure-FTPd allowing attackers
+    to inject FTP commands or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">Pure-FTPd</product>
+  <announced>2011-10-26</announced>
+  <revised count="1">2011-10-26</revised>
+  <bug>358375</bug>
+  <bug>365751</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/pure-ftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.0.32</unaffected>
+      <vulnerable range="lt">1.0.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pure-FTPd is a fast, production-quality and standards-compliant FTP
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pure-FTPd. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote unauthenticated attackers may be able to inject FTP commands or
+      cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All pure-ftpd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/pure-ftpd-1.0.32"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since May 14, 2011. It is likely that your system is already no
+      longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0418">CVE-2011-0418</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1575">CVE-2011-1575</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:42Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-26T20:49:23Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201110-26.xml b/metadata/glsa/glsa-201110-26.xml
new file mode 100644
index 000000000000..24c215566953
--- /dev/null
+++ b/metadata/glsa/glsa-201110-26.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201110-26">
+  <title>libxml2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in libxml2 which could lead to
+    execution of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2011-10-26</announced>
+  <revised count="1">2011-10-26</revised>
+  <bug>345555</bug>
+  <bug>370715</bug>
+  <bug>386985</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.7.8-r3</unaffected>
+      <vulnerable range="lt">2.7.8-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML C parser and toolkit developed for the Gnome project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxml2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local or remote attacker may be able to execute arbitrary code with
+      the privileges of the application or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.7.8-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4008">CVE-2010-4008</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4494">CVE-2010-4494</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1944">CVE-2011-1944</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2821">CVE-2011-2821</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834">CVE-2011-2834</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:45Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-10-26T20:50:29Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-01.xml b/metadata/glsa/glsa-201111-01.xml
new file mode 100644
index 000000000000..7d43bd6d079f
--- /dev/null
+++ b/metadata/glsa/glsa-201111-01.xml
@@ -0,0 +1,210 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-01">
+  <title>Chromium, V8: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
+    some of which may allow execution of arbitrary code and local root
+    privilege escalation.
+  </synopsis>
+  <product type="ebuild">chromium v8</product>
+  <announced>2011-11-01</announced>
+  <revised count="1">2011-11-01</revised>
+  <bug>351525</bug>
+  <bug>353626</bug>
+  <bug>354121</bug>
+  <bug>356933</bug>
+  <bug>357963</bug>
+  <bug>358581</bug>
+  <bug>360399</bug>
+  <bug>363629</bug>
+  <bug>365125</bug>
+  <bug>366335</bug>
+  <bug>367013</bug>
+  <bug>368649</bug>
+  <bug>370481</bug>
+  <bug>373451</bug>
+  <bug>373469</bug>
+  <bug>377475</bug>
+  <bug>377629</bug>
+  <bug>380311</bug>
+  <bug>380897</bug>
+  <bug>381713</bug>
+  <bug>383251</bug>
+  <bug>385649</bug>
+  <bug>388461</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">15.0.874.102</unaffected>
+      <vulnerable range="lt">15.0.874.102</vulnerable>
+    </package>
+    <package name="dev-lang/v8" auto="yes" arch="*">
+      <unaffected range="ge">3.5.10.22</unaffected>
+      <vulnerable range="lt">3.5.10.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project. V8 is Google's open
+      source JavaScript engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
+      review the CVE identifiers and release notes referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain root privileges (CVE-2011-1444, fixed in
+      chromium-11.0.696.57).
+    </p>
+    
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted web site or JavaScript program using Chromium or V8, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process, or a Denial of Service condition. The attacker also could obtain
+      cookies and other sensitive information, conduct man-in-the-middle
+      attacks, perform address bar spoofing, bypass the same origin policy,
+      perform Cross-Site Scripting attacks, or bypass pop-up blocks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-15.0.874.102"
+    </code>
+    
+    <p>All V8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/v8-3.5.10.22"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2345">CVE-2011-2345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2346">CVE-2011-2346</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2347">CVE-2011-2347</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2348">CVE-2011-2348</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2349">CVE-2011-2349</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2350">CVE-2011-2350</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2351">CVE-2011-2351</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834">CVE-2011-2834</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2835">CVE-2011-2835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2837">CVE-2011-2837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2838">CVE-2011-2838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2839">CVE-2011-2839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2840">CVE-2011-2840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2841">CVE-2011-2841</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2843">CVE-2011-2843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2844">CVE-2011-2844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2845">CVE-2011-2845</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2846">CVE-2011-2846</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2847">CVE-2011-2847</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2848">CVE-2011-2848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2849">CVE-2011-2849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2850">CVE-2011-2850</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2851">CVE-2011-2851</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2852">CVE-2011-2852</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2853">CVE-2011-2853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2854">CVE-2011-2854</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2855">CVE-2011-2855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2856">CVE-2011-2856</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2857">CVE-2011-2857</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2858">CVE-2011-2858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2859">CVE-2011-2859</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2860">CVE-2011-2860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2861">CVE-2011-2861</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2862">CVE-2011-2862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2864">CVE-2011-2864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2874">CVE-2011-2874</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3234">CVE-2011-3234</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3873">CVE-2011-3873</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3875">CVE-2011-3875</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3876">CVE-2011-3876</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3877">CVE-2011-3877</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3878">CVE-2011-3878</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3879">CVE-2011-3879</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3880">CVE-2011-3880</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3881">CVE-2011-3881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3882">CVE-2011-3882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3883">CVE-2011-3883</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3884">CVE-2011-3884</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3885">CVE-2011-3885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3886">CVE-2011-3886</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3887">CVE-2011-3887</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3888">CVE-2011-3888</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3889">CVE-2011-3889</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3890">CVE-2011-3890</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3891">CVE-2011-3891</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html">
+      Release Notes 10.0.648.127
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html">
+      Release Notes 10.0.648.133
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html">
+      Release Notes 10.0.648.205
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html">
+      Release Notes 11.0.696.57
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/05/beta-and-stable-channel-update.html">
+      Release Notes 11.0.696.65
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html">
+      Release Notes 11.0.696.68
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html">
+      Release Notes 11.0.696.71
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html">
+      Release Notes 12.0.742.112
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html">
+      Release Notes 12.0.742.91
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html">
+      Release Notes 13.0.782.107
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html">
+      Release Notes 13.0.782.215
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/09/stable-channel-update.html">
+      Release Notes 13.0.782.220
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html">
+      Release Notes 14.0.835.163
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html">
+      Release Notes 14.0.835.202
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html">
+      Release Notes 15.0.874.102
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html">
+      Release Notes 8.0.552.237
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html">
+      Release Notes 9.0.597.107
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html">
+      Release Notes 9.0.597.84
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html">
+      Release Notes 9.0.597.94
+    </uri>
+  </references>
+  <metadata timestamp="2011-10-26T07:38:36Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2011-11-01T09:59:26Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-02.xml b/metadata/glsa/glsa-201111-02.xml
new file mode 100644
index 000000000000..292444cbb096
--- /dev/null
+++ b/metadata/glsa/glsa-201111-02.xml
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-02">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Oracle JRE/JDK,
+    allowing attackers to cause unspecified impact.
+  </synopsis>
+  <product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java</product>
+  <announced>2011-11-05</announced>
+  <revised count="1">2011-11-05</revised>
+  <bug>340421</bug>
+  <bug>354213</bug>
+  <bug>370559</bug>
+  <bug>387851</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/sun-jre-bin" auto="no" arch="*">
+      <unaffected range="ge">1.6.0.29</unaffected>
+      <vulnerable range="lt">1.6.0.29</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-java" auto="no" arch="*">
+      <unaffected range="ge">1.6.0.29</unaffected>
+      <vulnerable range="lt">1.6.0.29</vulnerable>
+    </package>
+    <package name="dev-java/sun-jdk" auto="no" arch="*">
+      <unaffected range="ge">1.6.0.29</unaffected>
+      <vulnerable range="lt">1.6.0.29</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
+      the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
+      provide the Oracle Java platform (formerly known as Sun Java Platform).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been reported in the Oracle Java
+      implementation. Please review the CVE identifiers referenced below and
+      the associated Oracle Critical Patch Update Advisory for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit these vulnerabilities to cause
+      unspecified impact, possibly including remote execution of arbitrary
+      code. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JDK 1.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.6.0.29"
+    </code>
+    
+    <p>All Oracle JRE 1.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.6.0.29"
+    </code>
+    
+    <p>All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/emul-linux-x86-java-1.6.0.29"
+    </code>
+    
+    <p>NOTE: As Oracle has revoked the DLJ license for its Java implementation,
+      the packages can no longer be updated automatically. This limitation is
+      not present on a non-fetch restricted implementation such as
+      dev-java/icedtea-bin.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541">CVE-2010-3541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548">CVE-2010-3548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549">CVE-2010-3549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550">CVE-2010-3550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551">CVE-2010-3551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552">CVE-2010-3552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553">CVE-2010-3553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554">CVE-2010-3554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555">CVE-2010-3555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556">CVE-2010-3556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557">CVE-2010-3557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558">CVE-2010-3558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559">CVE-2010-3559</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560">CVE-2010-3560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561">CVE-2010-3561</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562">CVE-2010-3562</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563">CVE-2010-3563</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565">CVE-2010-3565</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566">CVE-2010-3566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567">CVE-2010-3567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568">CVE-2010-3568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569">CVE-2010-3569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570">CVE-2010-3570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571">CVE-2010-3571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572">CVE-2010-3572</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573">CVE-2010-3573</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574">CVE-2010-3574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422">CVE-2010-4422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447">CVE-2010-4447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448">CVE-2010-4448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450">CVE-2010-4450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451">CVE-2010-4451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452">CVE-2010-4452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454">CVE-2010-4454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462">CVE-2010-4462</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463">CVE-2010-4463</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465">CVE-2010-4465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466">CVE-2010-4466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467">CVE-2010-4467</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468">CVE-2010-4468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469">CVE-2010-4469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470">CVE-2010-4470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471">CVE-2010-4471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472">CVE-2010-4472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473">CVE-2010-4473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474">CVE-2010-4474</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475">CVE-2010-4475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476">CVE-2010-4476</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802">CVE-2011-0802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814">CVE-2011-0814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815">CVE-2011-0815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862">CVE-2011-0862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863">CVE-2011-0863</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864">CVE-2011-0864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865">CVE-2011-0865</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867">CVE-2011-0867</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868">CVE-2011-0868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869">CVE-2011-0869</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871">CVE-2011-0871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872">CVE-2011-0872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873">CVE-2011-0873</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389">CVE-2011-3389</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516">CVE-2011-3516</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521">CVE-2011-3521</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544">CVE-2011-3544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545">CVE-2011-3545</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546">CVE-2011-3546</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547">CVE-2011-3547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548">CVE-2011-3548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549">CVE-2011-3549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550">CVE-2011-3550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551">CVE-2011-3551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552">CVE-2011-3552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553">CVE-2011-3553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554">CVE-2011-3554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555">CVE-2011-3555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556">CVE-2011-3556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557">CVE-2011-3557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558">CVE-2011-3558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560">CVE-2011-3560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561">CVE-2011-3561</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:14Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-11-05T10:22:49Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-03.xml b/metadata/glsa/glsa-201111-03.xml
new file mode 100644
index 000000000000..38dcfa626d1e
--- /dev/null
+++ b/metadata/glsa/glsa-201111-03.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-03">
+  <title>OpenTTD: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in OpenTTD which could lead to
+    execution of arbitrary code, a Denial of Service, or privilege escalation.
+  </synopsis>
+  <product type="ebuild">ebuild OpenTTD</product>
+  <announced>2011-11-11</announced>
+  <revised count="2">2011-11-11</revised>
+  <bug>381799</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="games-simulation/openttd" auto="yes" arch="*">
+      <unaffected range="ge">1.1.3</unaffected>
+      <vulnerable range="lt">1.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenTTD is a clone of Transport Tycoon Deluxe.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenTTD. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the OpenTTD process or cause a Denial of Service. Local users could cause
+      a Denial of Service. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenTTD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-simulation/openttd-1.1.3"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since September 27, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4168">CVE-2010-4168</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3341">CVE-2011-3341</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3342">CVE-2011-3342</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3343">CVE-2011-3343</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:12Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-11-11T22:08:46Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-04.xml b/metadata/glsa/glsa-201111-04.xml
new file mode 100644
index 000000000000..725712c2ba68
--- /dev/null
+++ b/metadata/glsa/glsa-201111-04.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-04">
+  <title>phpDocumentor: Function call injection</title>
+  <synopsis>phpDocumentor bundles Smarty which contains an input sanitation
+    flaw, allowing attackers to call arbitrary PHP functions. 
+  </synopsis>
+  <product type="ebuild">PhpDocumentor</product>
+  <announced>2011-11-11</announced>
+  <revised count="1">2011-11-11</revised>
+  <bug>213318</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/PEAR-PhpDocumentor" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3-r1</unaffected>
+      <vulnerable range="lt">1.4.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The phpDocumentor package provides automatic documenting of PHP API
+      directly from the source.
+    </p>
+  </background>
+  <description>
+    <p>phpDocumentor bundles Smarty with the modifier.regex_replace.php plug-in
+      which does not properly sanitize input related to the ASCII NUL character
+      in a search string.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could call arbitrary PHP functions via templates.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpDocumentor users should upgrade to the latest stable version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-php/PEAR-PhpDocumentor-1.4.3-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since February 12, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1066">
+      CVE-2008-1066
+    </uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:01Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-11-11T22:11:04Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-05.xml b/metadata/glsa/glsa-201111-05.xml
new file mode 100644
index 000000000000..9a592f2db3cb
--- /dev/null
+++ b/metadata/glsa/glsa-201111-05.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-05">
+  <title>Chromium, V8: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
+    some of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium v8</product>
+  <announced>2011-11-19</announced>
+  <revised count="1">2011-11-19</revised>
+  <bug>390113</bug>
+  <bug>390779</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">15.0.874.121</unaffected>
+      <vulnerable range="lt">15.0.874.121</vulnerable>
+    </package>
+    <package name="dev-lang/v8" auto="yes" arch="*">
+      <unaffected range="ge">3.5.10.24</unaffected>
+      <vulnerable range="lt">3.5.10.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project. V8 is Google's open
+      source JavaScript engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
+      review the CVE identifiers and release notes referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted web site or JavaScript program using Chromium or V8, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process, or a Denial of Service condition. The attacker also could cause
+      a Java applet to run without user confirmation.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-15.0.874.121"
+    </code>
+    
+    <p>All V8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/v8-3.5.10.24"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3892">
+      CVE-2011-3892
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3893">
+      CVE-2011-3893
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3894">
+      CVE-2011-3894
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3895">
+      CVE-2011-3895
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3896">
+      CVE-2011-3896
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3897">
+      CVE-2011-3897
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3898">
+      CVE-2011-3898
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3900">
+      CVE-2011-3900
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html">
+      Release Notes 15.0.874.120
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html">
+      Release Notes 15.0.874.121
+    </uri>
+  </references>
+  <metadata timestamp="2011-11-11T12:00:45Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2011-11-19T16:24:27Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-06.xml b/metadata/glsa/glsa-201111-06.xml
new file mode 100644
index 000000000000..388f8647e882
--- /dev/null
+++ b/metadata/glsa/glsa-201111-06.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-06">
+  <title>MaraDNS: Arbitrary code execution</title>
+  <synopsis>A buffer overflow vulnerability in MaraDNS allows remote attackers
+    to execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">MaraDNS</product>
+  <announced>2011-11-20</announced>
+  <revised count="1">2011-11-20</revised>
+  <bug>352569</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/maradns" auto="yes" arch="*">
+      <unaffected range="ge">1.4.06</unaffected>
+      <vulnerable range="lt">1.4.06</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MaraDNS is a proxy DNS server with permanent caching.</p>
+  </background>
+  <description>
+    <p>A long DNS hostname with a large number of labels could trigger a buffer
+      overflow in the compress_add_dlabel_points() function of dns/Compress.c. 
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote unauthenticated attacker could execute arbitrary code or cause
+      a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MaraDNS users should upgrade to the latest stable version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/maradns-1.4.06"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since February 12, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0520">CVE-2011-0520</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:03Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-11-20T17:56:41Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-07.xml b/metadata/glsa/glsa-201111-07.xml
new file mode 100644
index 000000000000..031f98ba79d0
--- /dev/null
+++ b/metadata/glsa/glsa-201111-07.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-07">
+  <title>TinTin++: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in TinTin++ which could
+    allow a remote attacker to conduct several attacks, including the execution
+    of arbitrary code and Denial of Service.
+  </synopsis>
+  <product type="ebuild">TinTin++</product>
+  <announced>2011-11-20</announced>
+  <revised count="1">2011-11-20</revised>
+  <bug>209903</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-mud/tintin" auto="yes" arch="*">
+      <unaffected range="ge">1.98.0</unaffected>
+      <vulnerable range="lt">1.98.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TinTin++ is a free MUD gaming client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in TinTin++. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Remote unauthenticated attackers may be able to execute arbitrary code
+      with the privileges of the TinTin++ process, cause a Denial of Service,
+      or truncate arbitrary files in the top level of the home directory
+      belonging to the user running the TinTin++ process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TinTin++ users should upgrade to the latest stable version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-mud/tintin-1.98.0"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since March 25, 2008. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0671">CVE-2008-0671</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0672">CVE-2008-0672</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0673">CVE-2008-0673</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:02Z" tag="requester">system</metadata>
+  <metadata timestamp="2011-11-20T17:56:45Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-08.xml b/metadata/glsa/glsa-201111-08.xml
new file mode 100644
index 000000000000..1560a4d8ed3b
--- /dev/null
+++ b/metadata/glsa/glsa-201111-08.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-08">
+  <title>radvd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in radvd which could
+    potentially lead to privilege escalation, data loss, or a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">radvd</product>
+  <announced>2011-11-20</announced>
+  <revised count="1">2011-11-20</revised>
+  <bug>385967</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/radvd" auto="yes" arch="*">
+      <unaffected range="ge">1.8.2</unaffected>
+      <vulnerable range="lt">1.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>radvd is an IPv6 router advertisement daemon for Linux and BSD.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in radvd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote unauthenticated attacker may be able to gain escalated
+      privileges, escalate the privileges of the radvd process, overwrite files
+      with specific names, or cause a Denial of Service. Local attackers may be
+      able to overwrite the contents of arbitrary files using symlinks. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All radvd users should upgrade to the latest stable version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/radvd-1.8.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601">CVE-2011-3601</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602">CVE-2011-3602</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603">CVE-2011-3603</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604">CVE-2011-3604</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605">CVE-2011-3605</uri>
+  </references>
+  <metadata timestamp="2011-11-10T10:43:03Z" tag="requester">ago</metadata>
+  <metadata timestamp="2011-11-20T17:56:48Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-09.xml b/metadata/glsa/glsa-201111-09.xml
new file mode 100644
index 000000000000..5c63636abb14
--- /dev/null
+++ b/metadata/glsa/glsa-201111-09.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-09">
+  <title>Perl Safe module: Arbitrary Perl code injection</title>
+  <synopsis>The Safe module for Perl does not properly restrict code, allowing
+    a remote attacker to execute arbitrary Perl code outside of a restricted
+    compartment.
+  </synopsis>
+  <product type="ebuild">Safe</product>
+  <announced>2011-11-20</announced>
+  <revised count="1">2011-11-20</revised>
+  <bug>325563</bug>
+  <access>remote</access>
+  <affected>
+    <package name="perl-core/Safe" auto="yes" arch="*">
+      <unaffected range="ge">2.27</unaffected>
+      <vulnerable range="lt">2.27</vulnerable>
+    </package>
+    <package name="virtual/perl-Safe" auto="yes" arch="*">
+      <unaffected range="ge">2.27</unaffected>
+      <vulnerable range="lt">2.27</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Safe is a Perl module to compile and execute code in restricted
+      compartments.
+    </p>
+  </background>
+  <description>
+    <p>Unsafe code evaluation prevents the Safe module from properly
+      restricting the code of implicitly called methods on implicitly blessed
+      objects.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to load a specially crafted Perl
+      script, resulting in execution arbitrary Perl code outside of a
+      restricted compartment.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All users of the standalone Perl Safe module should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=perl-core/Safe-2.27"
+    </code>
+    
+    <p>All users of the Safe module bundled with Perl should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=virtual/perl-Safe-2.27"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since July 18, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1168">CVE-2010-1168</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:03Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-11-20T17:56:51Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-10.xml b/metadata/glsa/glsa-201111-10.xml
new file mode 100644
index 000000000000..1e466304795a
--- /dev/null
+++ b/metadata/glsa/glsa-201111-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-10">
+  <title>Evince: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Evince, allowing remote
+    attackers to execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">evince</product>
+  <announced>2011-11-20</announced>
+  <revised count="1">2011-11-20</revised>
+  <bug>350681</bug>
+  <bug>363447</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/evince" auto="yes" arch="*">
+      <unaffected range="ge">2.32.0-r2</unaffected>
+      <vulnerable range="lt">2.32.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Evince is a document viewer for multiple document formats, including
+      PostScript.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Evince. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to load a DVI file with a
+      specially crafted font, resulting in the execution of arbitrary code with
+      the privileges of the user running the application or a Denial of
+      Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Evince users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/evince-2.32.0-r2"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since April 26, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2640">CVE-2010-2640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2641">CVE-2010-2641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2642">CVE-2010-2642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2643">CVE-2010-2643</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:07Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-11-20T17:56:53Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-11.xml b/metadata/glsa/glsa-201111-11.xml
new file mode 100644
index 000000000000..590eee2c5506
--- /dev/null
+++ b/metadata/glsa/glsa-201111-11.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-11">
+  <title>GNU Tar: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow flaw in GNU Tar could result in execution of
+    arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">tar</product>
+  <announced>2011-11-20</announced>
+  <revised count="1">2011-11-20</revised>
+  <bug>313333</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/tar" auto="yes" arch="*">
+      <unaffected range="ge">1.23</unaffected>
+      <vulnerable range="lt">1.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Tar is a utility to create archives as well as add and extract files
+      from archives.
+    </p>
+  </background>
+  <description>
+    <p>GNU Tar is vulnerable to a boundary error in the rmt_read__ function in
+      lib/rtapelib.c, which could cause a heap-based buffer overflow. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice the user to load a specially crafted
+      archive, possibly resulting in the execution of arbitrary code or a
+      Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Tar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/tar-1.23"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since July 18, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0624">CVE-2010-0624</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:10Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-11-20T17:56:56Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201111-12.xml b/metadata/glsa/glsa-201111-12.xml
new file mode 100644
index 000000000000..a4bb37dc592f
--- /dev/null
+++ b/metadata/glsa/glsa-201111-12.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201111-12">
+  <title>abcm2ps: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities, including buffer overflows, have been
+    found in abcm2ps.
+  </synopsis>
+  <product type="ebuild">abcm2ps</product>
+  <announced>2011-11-20</announced>
+  <revised count="1">2011-11-20</revised>
+  <bug>322859</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/abcm2ps" auto="yes" arch="*">
+      <unaffected range="ge">5.9.13</unaffected>
+      <vulnerable range="lt">5.9.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>abcm2ps is a program to convert abc files to Postscript files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in abcm2ps:</p>
+    
+    <ul>
+      <li>Boundary errors in the PUT0 and PUT1 macros, the trim_title()
+        function, or a long "-O" command line option can lead to a buffer
+        overflow (CVE-2010-3441). 
+      </li>
+      <li>A vulnerability in the getarena() function in abc2ps.c can cause a
+        heap-based buffer overflow in abcm2ps (CVE-2010-4743).
+      </li>
+      <li>Multiple unspecified vulnerabilities (CVE-2010-4744).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to load a specially crafted ABC
+      file or use a long -O option on the command line, resulting in the
+      execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All abcm2ps users should upgrade to the latest stable version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/abcm2ps-5.9.13"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 27, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3441">CVE-2010-3441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4743">CVE-2010-4743</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4744">CVE-2010-4744</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:36:59Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2011-11-20T17:57:02Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-01.xml b/metadata/glsa/glsa-201201-01.xml
new file mode 100644
index 000000000000..4b9b081674c6
--- /dev/null
+++ b/metadata/glsa/glsa-201201-01.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-01">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in phpMyAdmin, the most severe
+    of which allows the execution of arbitrary PHP code.
+  </synopsis>
+  <product type="ebuild">phpMyAdmin</product>
+  <announced>2012-01-04</announced>
+  <revised count="1">2012-01-04</revised>
+  <bug>302745</bug>
+  <bug>335490</bug>
+  <bug>336462</bug>
+  <bug>354227</bug>
+  <bug>373951</bug>
+  <bug>376369</bug>
+  <bug>387413</bug>
+  <bug>389427</bug>
+  <bug>395715</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">3.4.9</unaffected>
+      <vulnerable range="lt">3.4.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please
+      review the CVE identifiers and phpMyAdmin Security Advisories referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Remote attackers might be able to insert and execute PHP code, include
+      and execute local PHP files, or perform Cross-Site Scripting (XSS)
+      attacks via various vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-3.4.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7251">CVE-2008-7251</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7252">CVE-2008-7252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2958">CVE-2010-2958</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3055">CVE-2010-3055</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3056">CVE-2010-3056</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3263">CVE-2010-3263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0986">CVE-2011-0986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0987">CVE-2011-0987</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2505">CVE-2011-2505</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2506">CVE-2011-2506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2507">CVE-2011-2507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2508">CVE-2011-2508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2642">CVE-2011-2642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2643">CVE-2011-2643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2718">CVE-2011-2718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2719">CVE-2011-2719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3646">CVE-2011-3646</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4064">CVE-2011-4064</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4107">CVE-2011-4107</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4634">CVE-2011-4634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4780">CVE-2011-4780</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4782">CVE-2011-4782</uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php">
+      PMASA-2010-1
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php">
+      PMASA-2010-2
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php">
+      PMASA-2010-4
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php">
+      PMASA-2010-5
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php">
+      PMASA-2010-6
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php">
+      PMASA-2010-7
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php">
+      PMASA-2011-1
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php">
+      PMASA-2011-10
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php">
+      PMASA-2011-11
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php">
+      PMASA-2011-12
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php">
+      PMASA-2011-15
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php">
+      PMASA-2011-16
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php">
+      PMASA-2011-17
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php">
+      PMASA-2011-18
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php">
+      PMASA-2011-19
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php">
+      PMASA-2011-2
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php">
+      PMASA-2011-20
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php">
+      PMASA-2011-5
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php">
+      PMASA-2011-6
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php">
+      PMASA-2011-7
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php">
+      PMASA-2011-8
+    </uri>
+    <uri link="https://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php">
+      PMASA-2011-9
+    </uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:11Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-04T23:40:25Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-02.xml b/metadata/glsa/glsa-201201-02.xml
new file mode 100644
index 000000000000..c35483998b35
--- /dev/null
+++ b/metadata/glsa/glsa-201201-02.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-02">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in MySQL, some of which may
+    allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">MySQL</product>
+  <announced>2012-01-05</announced>
+  <revised count="1">2012-01-05</revised>
+  <bug>220813</bug>
+  <bug>229329</bug>
+  <bug>237166</bug>
+  <bug>238117</bug>
+  <bug>240407</bug>
+  <bug>277717</bug>
+  <bug>294187</bug>
+  <bug>303747</bug>
+  <bug>319489</bug>
+  <bug>321791</bug>
+  <bug>339717</bug>
+  <bug>344987</bug>
+  <bug>351413</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.1.56</unaffected>
+      <vulnerable range="lt">5.1.56</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular open-source multi-threaded, multi-user SQL database
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An unauthenticated remote attacker may be able to execute arbitrary code
+      with the privileges of the MySQL process, cause a Denial of Service
+      condition, bypass security restrictions, uninstall arbitrary MySQL
+      plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.1.56"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since May 14, 2011. It is likely that your system is already no
+      longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3963">CVE-2008-3963</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4097">CVE-2008-4097</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4098">CVE-2008-4098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4456">CVE-2008-4456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7247">CVE-2008-7247</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2446">CVE-2009-2446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4019">CVE-2009-4019</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4028">CVE-2009-4028</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4484">CVE-2009-4484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1621">CVE-2010-1621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1626">CVE-2010-1626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1848">CVE-2010-1848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1849">CVE-2010-1849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1850">CVE-2010-1850</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2008">CVE-2010-2008</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3676">CVE-2010-3676</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3677">CVE-2010-3677</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3678">CVE-2010-3678</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3679">CVE-2010-3679</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3680">CVE-2010-3680</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3681">CVE-2010-3681</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3682">CVE-2010-3682</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3683">CVE-2010-3683</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3833">CVE-2010-3833</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3834">CVE-2010-3834</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3835">CVE-2010-3835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3836">CVE-2010-3836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3837">CVE-2010-3837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3838">CVE-2010-3838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3839">CVE-2010-3839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3840">CVE-2010-3840</uri>
+  </references>
+  <metadata timestamp="2011-10-26T21:42:54Z" tag="requester">a3li</metadata>
+  <metadata timestamp="2012-01-05T22:45:51Z" tag="submitter">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-03.xml b/metadata/glsa/glsa-201201-03.xml
new file mode 100644
index 000000000000..f1efc0f82d62
--- /dev/null
+++ b/metadata/glsa/glsa-201201-03.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-03">
+  <title>Chromium, V8: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
+    some of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium v8</product>
+  <announced>2012-01-08</announced>
+  <revised count="1">2012-01-08</revised>
+  <bug>394587</bug>
+  <bug>397907</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">16.0.912.75</unaffected>
+      <vulnerable range="lt">16.0.912.75</vulnerable>
+    </package>
+    <package name="dev-lang/v8" auto="yes" arch="*">
+      <unaffected range="ge">3.6.6.11</unaffected>
+      <vulnerable range="lt">3.6.6.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project. V8 is Google's open
+      source JavaScript engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
+      review the CVE identifiers and release notes referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted web site or JavaScript program using Chromium or V8, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process, or a Denial of Service condition.
+    </p>
+    
+    <p>The attacker could also perform URL bar spoofing.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/chromium-16.0.912.75"
+    </code>
+    
+    <p>All V8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/v8-3.6.6.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3903">
+      CVE-2011-3903
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3904">
+      CVE-2011-3904
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3906">
+      CVE-2011-3906
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3907">
+      CVE-2011-3907
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3908">
+      CVE-2011-3908
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3909">
+      CVE-2011-3909
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3910">
+      CVE-2011-3910
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3912">
+      CVE-2011-3912
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3913">
+      CVE-2011-3913
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3914">
+      CVE-2011-3914
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3917">
+      CVE-2011-3917
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3921">
+      CVE-2011-3921
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3922">
+      CVE-2011-3922
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html">
+      Release Notes 16.0.912.63
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html">
+      Release Notes 16.0.912.75
+    </uri>
+  </references>
+  <metadata timestamp="2011-12-13T18:43:14Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-01-08T04:30:40Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-04.xml b/metadata/glsa/glsa-201201-04.xml
new file mode 100644
index 000000000000..1f1624e337cf
--- /dev/null
+++ b/metadata/glsa/glsa-201201-04.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-04">
+  <title>Logsurfer: Arbitrary code execution</title>
+  <synopsis>A double-free flaw in Logsurfer allows a remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">Logsurfer</product>
+  <announced>2012-01-20</announced>
+  <revised count="1">2012-01-20</revised>
+  <bug>387397</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/logsurfer+" auto="yes" arch="*">
+      <unaffected range="ge">1.8</unaffected>
+      <vulnerable range="lt">1.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Logsurfer is a real time log monitoring and analysis tool.</p>
+  </background>
+  <description>
+    <p>Logsurfer log files may contain substrings used for executing external
+      commands. The prepare_exec() function in src/exec.c contains a
+      double-free vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could inject specially-crafted strings into a log file
+      processed by Logsurfer, resulting in the execution of arbitrary code with
+      the permissions of the Logsurfer user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Logsurfer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/logsurfer+-1.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3626">
+      CVE-2011-3626
+    </uri>
+  </references>
+  <metadata timestamp="2011-11-19T12:42:58Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-01-20T18:19:29Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-05.xml b/metadata/glsa/glsa-201201-05.xml
new file mode 100644
index 000000000000..fd67570d62b8
--- /dev/null
+++ b/metadata/glsa/glsa-201201-05.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-05">
+  <title>mDNSResponder: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in mDNSResponder, which
+    could lead to execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">mDNSResponder</product>
+  <announced>2012-01-22</announced>
+  <revised count="1">2012-01-22</revised>
+  <bug>290822</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/mDNSResponder" auto="yes" arch="*">
+      <unaffected range="ge">212.1</unaffected>
+      <vulnerable range="lt">212.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mDNSResponder is a component of Apple's Bonjour, an initiative for
+      zero-configuration networking. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mDNSResponder. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local or remote attacker may be able to execute arbitrary code with
+      root privileges or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mDNSResponder users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/mDNSResponder-212.1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since November 21, 2009. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2386">CVE-2007-2386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3744">CVE-2007-3744</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3828">CVE-2007-3828</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0989">CVE-2008-0989</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2326">CVE-2008-2326</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3630">CVE-2008-3630</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:04Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-22T13:43:13Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-06.xml b/metadata/glsa/glsa-201201-06.xml
new file mode 100644
index 000000000000..2ce108640f85
--- /dev/null
+++ b/metadata/glsa/glsa-201201-06.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-06">
+  <title>iSCSI Enterprise Target: Arbitrary code execution</title>
+  <synopsis>Format string vulnerabilities in iSCSI Enterprise Target could
+    result in execution of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">iscsitarget</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>314187</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-block/iscsitarget" auto="yes" arch="*">
+      <unaffected range="ge">1.4.19</unaffected>
+      <vulnerable range="lt">1.4.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>iSCSI Enterprise Target is an open source iSCSI target with professional
+      features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target
+      contain format string errors.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially-crafted Internet Storage Name
+      Service (iSNS) request, possibly resulting in the execution of arbitrary
+      code with root privileges or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All iSCSI Enterprise Target users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-block/iscsitarget-1.4.19"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 11, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0743">CVE-2010-0743</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:07Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-01-23T11:50:37Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-07.xml b/metadata/glsa/glsa-201201-07.xml
new file mode 100644
index 000000000000..9c6f8788d4e9
--- /dev/null
+++ b/metadata/glsa/glsa-201201-07.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-07">
+  <title>NX Server Free Edition, NX Node: Privilege escalation</title>
+  <synopsis>An unspecified vulnerability in NX Server Free Edition and NX Node
+    could allow local attackers to gain root privileges.
+  </synopsis>
+  <product type="ebuild">NX Server NX Node</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>378345</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/nxserver-freeedition" auto="yes" arch="*">
+      <unaffected range="ge">3.5.0.5</unaffected>
+      <vulnerable range="lt">3.5.0.5</vulnerable>
+    </package>
+    <package name="net-misc/nxnode" auto="yes" arch="*">
+      <unaffected range="ge">3.5.0.4</unaffected>
+      <vulnerable range="lt">3.5.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NX Server Free Edition is a remote display technology by No Machine. NX
+      Node provides the shared components for NX Server.
+    </p>
+  </background>
+  <description>
+    <p>NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script
+      containing an unspecified vulnerability. 
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NX Server Free Edition users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-misc/nxserver-freeedition-3.5.0.5"
+    </code>
+    
+    <p>All NX Node users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/nxnode-3.5.0.4"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 23, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3977">
+      CVE-2011-3977
+    </uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:19Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-23T11:55:50Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-08.xml b/metadata/glsa/glsa-201201-08.xml
new file mode 100644
index 000000000000..f07fd9462f9e
--- /dev/null
+++ b/metadata/glsa/glsa-201201-08.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-08">
+  <title>FontForge: User-assisted execution of arbitrary code</title>
+  <synopsis>A stack-based buffer overflow flaw in FontForge could result in
+    execution of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">FontForge</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>386293</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/fontforge" auto="yes" arch="*">
+      <unaffected range="ge">20110222-r1</unaffected>
+      <vulnerable range="lt">20110222-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FontForge is a PostScript font editor and converter.</p>
+  </background>
+  <description>
+    <p>FontForge is vulnerable to an error when processing the
+      "CHARSET_REGISTRY" header in font files, which could cause a stack-based
+      buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted BDF
+      file using FontForge font editor, possibly resulting in the remote
+      execution of arbitrary code with the privileges of the FontForge process,
+      or a Denial of Service (application crash).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FontForge users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/fontforge-20110222-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since October 12, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4259">CVE-2010-4259</uri>
+  </references>
+  <metadata timestamp="2011-10-12T15:24:32Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-23T11:57:55Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-09.xml b/metadata/glsa/glsa-201201-09.xml
new file mode 100644
index 000000000000..f570d42a26db
--- /dev/null
+++ b/metadata/glsa/glsa-201201-09.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-09">
+  <title>FreeType: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeType, allowing
+    remote attackers to possibly execute arbitrary code or cause a Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">FreeType</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>332701</bug>
+  <bug>342121</bug>
+  <bug>345843</bug>
+  <bug>377143</bug>
+  <bug>387535</bug>
+  <bug>390623</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.4.8</unaffected>
+      <vulnerable range="lt">2.4.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeType is a high-quality and portable font engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeType. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted font,
+      possibly resulting in the remote execution of arbitrary code with the
+      privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeType users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.4.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 ">
+      CVE-2010-1797 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 ">
+      CVE-2010-2497 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 ">
+      CVE-2010-2498 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 ">
+      CVE-2010-2499 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 ">
+      CVE-2010-2500 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 ">
+      CVE-2010-2519 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 ">
+      CVE-2010-2520 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 ">
+      CVE-2010-2527 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 ">
+      CVE-2010-2541 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 ">
+      CVE-2010-2805 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 ">
+      CVE-2010-2806 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 ">
+      CVE-2010-2807 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 ">
+      CVE-2010-2808 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 ">
+      CVE-2010-3053 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 ">
+      CVE-2010-3054 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 ">
+      CVE-2010-3311 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 ">
+      CVE-2010-3814 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 ">
+      CVE-2010-3855 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 ">
+      CVE-2011-0226 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 ">
+      CVE-2011-3256 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439 ">
+      CVE-2011-3439 
+    </uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:52Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-23T19:48:21Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-10.xml b/metadata/glsa/glsa-201201-10.xml
new file mode 100644
index 000000000000..c6c2f9ea1a22
--- /dev/null
+++ b/metadata/glsa/glsa-201201-10.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-10">
+  <title>JasPer: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple memory management errors in JasPer could result in
+    execution of arbitrary code or a Denial of Service.
+  </synopsis>
+  <product type="ebuild">JasPer</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>394879</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jasper" auto="yes" arch="*">
+      <unaffected range="ge">1.900.1-r4</unaffected>
+      <vulnerable range="lt">1.900.1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The JasPer Project is an open-source initiative to provide a free
+      software-based reference implementation of the codec specified in the
+      JPEG-2000 Part-1 (jpeg2k) standard.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in JasPer:</p>
+    
+    <ul>
+      <li>The jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c contains
+        an error that could overwrite certain callback pointers, possibly
+        causing a heap-based buffer overflow (CVE-2011-4516).
+      </li>
+      <li>The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c uses an
+        incorrect data type, possibly causing a heap-based buffer overflow
+        (CVE-2011-4517).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to process
+      specially crafted JPEG-2000 files with an application using JasPer,
+      possibly resulting in the execution of arbitrary code with the privileges
+      of the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All JasPer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/jasper-1.900.1-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4516">CVE-2011-4516</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4517">CVE-2011-4517</uri>
+  </references>
+  <metadata timestamp="2011-12-27T05:22:50Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-23T19:50:54Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-11.xml b/metadata/glsa/glsa-201201-11.xml
new file mode 100644
index 000000000000..453a2fde9a99
--- /dev/null
+++ b/metadata/glsa/glsa-201201-11.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-11">
+  <title>Firewall Builder: Privilege escalation</title>
+  <synopsis>Insecure temporary file usage in Firewall Builder could allow
+    attackers to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">fwbuilder</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>235809</bug>
+  <bug>285861</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-firewall/fwbuilder" auto="yes" arch="*">
+      <unaffected range="ge">3.0.7</unaffected>
+      <vulnerable range="lt">3.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Firewall Builder is a GUI for easy management of multiple firewall
+      platforms.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities in Firewall Builder allow the iptables and
+      fwb_install scripts to use temporary files insecurely. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly overwrite arbitrary files with the
+      privileges of the user running Firewall Builder. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firewall Builder users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-firewall/fwbuilder-3.0.7"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since March 09, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4956">CVE-2008-4956</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4664">CVE-2009-4664</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:46Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-01-23T19:53:36Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-12.xml b/metadata/glsa/glsa-201201-12.xml
new file mode 100644
index 000000000000..df408413d0f3
--- /dev/null
+++ b/metadata/glsa/glsa-201201-12.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-12">
+  <title>Tor: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Tor, the most severe of
+    which may allow a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">Tor</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>388769</bug>
+  <bug>394969</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.2.2.35</unaffected>
+      <vulnerable range="lt">0.2.2.35</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tor is an implementation of second generation Onion Routing, a
+      connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tor:</p>
+    
+    <ul>
+      <li>When configured as client or bridge, Tor uses the same TLS
+        certificate chain for all outgoing connections (CVE-2011-2768).
+      </li>
+      <li>When configured as a bridge, Tor relays can distinguish incoming
+        bridge connections from client connections (CVE-2011-2769). 
+      </li>
+      <li>An error in or/buffers.c could result in a heap-based buffer overflow
+        (CVE-2011-2778).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service. Furthermore, a remote relay the user is directly
+      connected to may be able to disclose anonymous information about that
+      user or enumerate bridges in the user's connection. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.2.2.35"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2768">CVE-2011-2768</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2769">CVE-2011-2769</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2778">CVE-2011-2778</uri>
+  </references>
+  <metadata timestamp="2012-01-01T17:49:33Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-23T19:55:45Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-13.xml b/metadata/glsa/glsa-201201-13.xml
new file mode 100644
index 000000000000..3615378d1e9c
--- /dev/null
+++ b/metadata/glsa/glsa-201201-13.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-13">
+  <title>MIT Kerberos 5: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MIT Kerberos 5, the
+    most severe of which may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>303723</bug>
+  <bug>308021</bug>
+  <bug>321935</bug>
+  <bug>323525</bug>
+  <bug>339866</bug>
+  <bug>347369</bug>
+  <bug>352859</bug>
+  <bug>359129</bug>
+  <bug>363507</bug>
+  <bug>387585</bug>
+  <bug>393429</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.9.2-r1</unaffected>
+      <vulnerable range="lt">1.9.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MIT Kerberos 5 is a suite of applications that implement the Kerberos
+      network protocol.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to execute arbitrary code with the
+      privileges of the administration daemon or the Key Distribution Center
+      (KDC) daemon, cause a Denial of Service condition, or possibly obtain
+      sensitive information. Furthermore, a remote attacker may be able to
+      spoof Kerberos authorization, modify KDC responses, forge user data
+      messages, forge tokens, forge signatures, impersonate a client, modify
+      user-visible prompt text, or have other unspecified impact. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MIT Kerberos 5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.9.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3295">CVE-2009-3295</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4212">CVE-2009-4212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0283">CVE-2010-0283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0629">CVE-2010-0629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1320">CVE-2010-1320</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1321">CVE-2010-1321</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1322">CVE-2010-1322</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1323">CVE-2010-1323</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1324">CVE-2010-1324</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4020">CVE-2010-4020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4021">CVE-2010-4021</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4022">CVE-2010-4022</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0281">CVE-2011-0281</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0282">CVE-2011-0282</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0283">CVE-2011-0283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0284">CVE-2011-0284</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0285">CVE-2011-0285</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1527">CVE-2011-1527</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1528">CVE-2011-1528</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1529">CVE-2011-1529</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1530">CVE-2011-1530</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4151">CVE-2011-4151</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:18Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-01-23T20:00:30Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-14.xml b/metadata/glsa/glsa-201201-14.xml
new file mode 100644
index 000000000000..9c8c6c2754e6
--- /dev/null
+++ b/metadata/glsa/glsa-201201-14.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-14">
+  <title>MIT Kerberos 5 Applications: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MIT Kerberos 5
+    Applications, the most severe of which may allow execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">mit-krb5-appl</product>
+  <announced>2012-01-23</announced>
+  <revised count="1">2012-01-23</revised>
+  <bug>374229</bug>
+  <bug>396137</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5-appl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2-r1</unaffected>
+      <vulnerable range="lt">1.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A suite of applications that implement the Kerberos 5 network protocol
+      from MIT.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MIT Kerberos 5
+      Applications:
+    </p>
+    
+    <ul>
+      <li>An error in the FTP daemon prevents it from dropping its initial
+        effective group identifier (CVE-2011-1526). 
+      </li>
+      <li>A boundary error in the telnet daemon and client could cause a buffer
+        overflow (CVE-2011-4862).
+      </li>
+    </ul>
+    
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker may be able to execute arbitrary code
+      with the privileges of the user running the telnet daemon or client.
+      Furthermore, an authenticated remote attacker may be able to read or
+      write files owned by the same group as the effective group of the FTP
+      daemon. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MIT Kerberos 5 Applications users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-crypt/mit-krb5-appl-1.0.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1526">CVE-2011-1526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4862">CVE-2011-4862</uri>
+  </references>
+  <metadata timestamp="2012-01-08T17:28:51Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-01-23T20:02:13Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-15.xml b/metadata/glsa/glsa-201201-15.xml
new file mode 100644
index 000000000000..39434cc17b0f
--- /dev/null
+++ b/metadata/glsa/glsa-201201-15.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-15">
+  <title>ktsuss: Privilege escalation</title>
+  <synopsis>Two vulnerabilities have been found in ktsuss, allowing local
+    attackers to gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">ktsuss</product>
+  <announced>2012-01-27</announced>
+  <revised count="1">2012-01-27</revised>
+  <bug>381115</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-misc/ktsuss" auto="yes" arch="*">
+      <vulnerable range="le">1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ktsuss is a simple, graphical version of su written in C and GTK+. </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in ktuss:</p>
+    
+    <ul>
+      <li>Under specific circumstances, ktsuss skips authentication and fails
+        to change the effective UID back to the real UID (CVE-2011-2921).
+      </li>
+      <li>The GTK interface spawned by the ktsuss binary is run as root
+        (CVE-2011-2922).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges and use the
+      "GTK_MODULES" environment variable to possibly execute arbitrary code
+      with root privileges. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo discontinued support for ktsuss. We recommend that users unmerge
+      ktsuss:
+    </p>
+    
+    <code>
+      # emerge --unmerge "x11-misc/ktsuss"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2921">CVE-2011-2921</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2922">CVE-2011-2922</uri>
+  </references>
+  <metadata timestamp="2011-10-27T21:00:00Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-27T14:41:59Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-16.xml b/metadata/glsa/glsa-201201-16.xml
new file mode 100644
index 000000000000..a3d08976f1e3
--- /dev/null
+++ b/metadata/glsa/glsa-201201-16.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-16">
+  <title>X.Org X Server/X Keyboard Configuration Database: Screen lock bypass</title>
+  <synopsis>A debugging functionality in the X.Org X Server that is bound to a
+    hotkey by default can be used by local attackers to circumvent screen
+    locking utilities.
+  </synopsis>
+  <product type="ebuild">xkeyboard-config xorg-server</product>
+  <announced>2012-01-27</announced>
+  <revised count="1">2012-01-27</revised>
+  <bug>399347</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-misc/xkeyboard-config" auto="yes" arch="amd64 arm hppa x86">
+      <unaffected range="ge">2.4.1-r3</unaffected>
+      <vulnerable range="lt">2.4.1-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Keyboard Configuration Database provides keyboard configuration
+      for various X server implementations.
+    </p>
+  </background>
+  <description>
+    <p>Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server
+      again provides debugging functionality that can be used terminate an
+      application that exclusively grabs mouse and keyboard input, like screen
+      locking utilities.
+    </p>
+    
+    <p>Gu1 reported that the X Keyboard Configuration Database maps this
+      functionality by default to the Ctrl+Alt+Numpad * key combination.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A physically proximate attacker could exploit this vulnerability to gain
+      access to a locked X session without providing the correct credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>Downgrade to any version of x11-base/xorg-server below
+      x11-base/xorg-server-1.11:
+    </p>
+    
+    <code>
+      # emerge --oneshot --verbose "&lt;x11-base/xorg-server-1.11"
+    </code>
+  </workaround>
+  <resolution>
+    <p>All xkeyboard-config users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=x11-misc/xkeyboard-config-2.4.1-r3"
+    </code>
+    
+    <p>NOTE: The X.Org X Server 1.11 was only stable on the AMD64, ARM, HPPA,
+      and x86 architectures. Users of the stable branches of all other
+      architectures are not affected and will be directly provided with a fixed
+      X Keyboard Configuration Database version.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0064">CVE-2012-0064</uri>
+  </references>
+  <metadata timestamp="2012-01-19T17:45:40Z" tag="requester">a3li</metadata>
+  <metadata timestamp="2012-01-27T20:35:28Z" tag="submitter">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-17.xml b/metadata/glsa/glsa-201201-17.xml
new file mode 100644
index 000000000000..4a7c97462335
--- /dev/null
+++ b/metadata/glsa/glsa-201201-17.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-17">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium, some of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2012-01-28</announced>
+  <revised count="1">2012-01-28</revised>
+  <bug>400551</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">16.0.912.77</unaffected>
+      <vulnerable range="lt">16.0.912.77</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers and release notes referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      site using Chromium, possibly resulting in the execution of arbitrary
+      code with the privileges of the process, or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/chromium-16.0.912.77"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3924">
+      CVE-2011-3924
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3925">
+      CVE-2011-3925
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3926">
+      CVE-2011-3926
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3927">
+      CVE-2011-3927
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3928">
+      CVE-2011-3928
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html">
+      Release Notes 16.0.912.77
+    </uri>
+  </references>
+  <metadata timestamp="2012-01-24T07:47:36Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-01-28T03:36:47Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-18.xml b/metadata/glsa/glsa-201201-18.xml
new file mode 100644
index 000000000000..9a05146455b0
--- /dev/null
+++ b/metadata/glsa/glsa-201201-18.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-18">
+  <title>bip: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in bip might allow remote unauthenticated
+    attackers to cause a Denial of Service or possibly execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">bip</product>
+  <announced>2012-01-30</announced>
+  <revised count="1">2012-01-30</revised>
+  <bug>336321</bug>
+  <bug>400599</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/bip" auto="yes" arch="*">
+      <unaffected range="ge">0.8.8-r1</unaffected>
+      <vulnerable range="lt">0.8.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>bip is a multi-user IRC proxy with SSL support.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in bip:</p>
+    
+    <ul>
+      <li>Uli Schlachter reported that bip does not properly handle invalid
+        data during authentication, resulting in a daemon crash
+        (CVE-2010-3071).
+      </li>
+      <li>Julien Tinnes reported that bip does not check the number of open
+        file descriptors against FD_SETSIZE, resulting in a stack buffer
+        overflow (CVE-2012-0806).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could exploit these vulnerabilities to execute
+      arbitrary code with the privileges of the user running the bip daemon, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All bip users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/bip-0.8.8-r1"
+    </code>
+    
+    <p>NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version
+      of bip and is included in this advisory for completeness.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3071">CVE-2010-3071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806">CVE-2012-0806</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:17Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-30T12:28:13Z" tag="submitter">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201201-19.xml b/metadata/glsa/glsa-201201-19.xml
new file mode 100644
index 000000000000..f3ed452dbcac
--- /dev/null
+++ b/metadata/glsa/glsa-201201-19.xml
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201201-19">
+  <title>Adobe Reader: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Adobe Reader might allow remote
+    attackers to execute arbitrary code or conduct various other attacks.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2012-01-30</announced>
+  <revised count="1">2012-01-30</revised>
+  <bug>354211</bug>
+  <bug>382969</bug>
+  <bug>393481</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">9.4.7</unaffected>
+      <vulnerable range="lt">9.4.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Adobe Reader is a closed-source PDF reader.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Reader. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      file using Adobe Reader, possibly resulting in the remote execution of
+      arbitrary code, a Denial of Service, or other impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Reader users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.4.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091">CVE-2010-4091</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562">CVE-2011-0562</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563">CVE-2011-0563</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565">CVE-2011-0565</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566">CVE-2011-0566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567">CVE-2011-0567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570">CVE-2011-0570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585">CVE-2011-0585</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586">CVE-2011-0586</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587">CVE-2011-0587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588">CVE-2011-0588</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589">CVE-2011-0589</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590">CVE-2011-0590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591">CVE-2011-0591</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592">CVE-2011-0592</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593">CVE-2011-0593</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594">CVE-2011-0594</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595">CVE-2011-0595</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596">CVE-2011-0596</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598">CVE-2011-0598</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599">CVE-2011-0599</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600">CVE-2011-0600</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602">CVE-2011-0602</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603">CVE-2011-0603</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604">CVE-2011-0604</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605">CVE-2011-0605</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606">CVE-2011-0606</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130">CVE-2011-2130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134">CVE-2011-2134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135">CVE-2011-2135</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136">CVE-2011-2136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137">CVE-2011-2137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138">CVE-2011-2138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139">CVE-2011-2139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140">CVE-2011-2140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414">CVE-2011-2414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415">CVE-2011-2415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416">CVE-2011-2416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417">CVE-2011-2417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424">CVE-2011-2424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425">CVE-2011-2425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431">CVE-2011-2431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432">CVE-2011-2432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433">CVE-2011-2433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434">CVE-2011-2434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435">CVE-2011-2435</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436">CVE-2011-2436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437">CVE-2011-2437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438">CVE-2011-2438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439">CVE-2011-2439</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440">CVE-2011-2440</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441">CVE-2011-2441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442">CVE-2011-2442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462">CVE-2011-2462</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369">CVE-2011-4369</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:13Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-01-30T12:29:20Z" tag="submitter">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-01.xml b/metadata/glsa/glsa-201202-01.xml
new file mode 100644
index 000000000000..cad8538cd711
--- /dev/null
+++ b/metadata/glsa/glsa-201202-01.xml
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-01">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium, some of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2012-02-18</announced>
+  <revised count="1">2012-02-18</revised>
+  <bug>402841</bug>
+  <bug>404067</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">17.0.963.56</unaffected>
+      <vulnerable range="lt">17.0.963.56</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers and release notes referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      site using Chromium, possibly resulting in the execution of arbitrary
+      code with the privileges of the process, a Denial of Service condition,
+      information leak (clipboard contents), bypass of the Same Origin Policy,
+      or escape from NativeClient's sandbox.
+    </p>
+    
+    <p>A remote attacker could also entice the user to perform a set of UI
+      actions (drag and drop) to trigger an URL bar spoofing vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/chromium-17.0.963.56"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016">
+      CVE-2011-3016
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017">
+      CVE-2011-3017
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018">
+      CVE-2011-3018
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019">
+      CVE-2011-3019
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020">
+      CVE-2011-3020
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021">
+      CVE-2011-3021
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022">
+      CVE-2011-3022
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023">
+      CVE-2011-3023
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024">
+      CVE-2011-3024
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025">
+      CVE-2011-3025
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027">
+      CVE-2011-3027
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953">
+      CVE-2011-3953
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954">
+      CVE-2011-3954
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955">
+      CVE-2011-3955
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956">
+      CVE-2011-3956
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957">
+      CVE-2011-3957
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958">
+      CVE-2011-3958
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959">
+      CVE-2011-3959
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960">
+      CVE-2011-3960
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961">
+      CVE-2011-3961
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962">
+      CVE-2011-3962
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963">
+      CVE-2011-3963
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964">
+      CVE-2011-3964
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965">
+      CVE-2011-3965
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966">
+      CVE-2011-3966
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967">
+      CVE-2011-3967
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968">
+      CVE-2011-3968
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969">
+      CVE-2011-3969
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970">
+      CVE-2011-3970
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971">
+      CVE-2011-3971
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972">
+      CVE-2011-3972
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html">
+      Release Notes 17.0.963.46
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html">
+      Release Notes 17.0.963.56
+    </uri>
+  </references>
+  <metadata timestamp="2012-02-13T09:29:19Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-02-18T17:34:34Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-02.xml b/metadata/glsa/glsa-201202-02.xml
new file mode 100644
index 000000000000..a5ddb11c14f2
--- /dev/null
+++ b/metadata/glsa/glsa-201202-02.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-02">
+  <title>Quagga: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Quagga, the worst of which
+    leading to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Quagga</product>
+  <announced>2012-02-21</announced>
+  <revised count="2">2012-02-21</revised>
+  <bug>334303</bug>
+  <bug>359903</bug>
+  <bug>384651</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/quagga" auto="yes" arch="*">
+      <unaffected range="ge">0.99.20 </unaffected>
+      <vulnerable range="lt">0.99.20 </vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and
+      BGP.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Quagga. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A BGP peer could send a Route-Refresh message with specially-crafted ORF
+      record, which can cause Quagga's bgpd to crash or possibly execute
+      arbitrary code with the privileges of the user running Quagga's bgpd; a
+      BGP update AS path request with unknown AS type, or malformed
+      AS-Pathlimit or Extended-Community attributes could lead to Denial of
+      Service (daemon crash), an error in bgpd when handling AS_PATH attributes
+      within UPDATE messages can
+      be exploited to cause a heap-based buffer overflow resulting in a crash
+      of the
+      daemon and disruption of IPv4 routing, two errors in ospf6d and ospfd can
+      each be exploited to crash the daemon and disrupt IP routing.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quagga users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-0.99.20"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674">CVE-2010-1674</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675">CVE-2010-1675</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948">CVE-2010-2948</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949">CVE-2010-2949</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323">CVE-2011-3323</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324">CVE-2011-3324</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325">CVE-2011-3325</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326">CVE-2011-3326</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327">CVE-2011-3327</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:14Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-02-21T19:14:56Z" tag="submitter">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-03.xml b/metadata/glsa/glsa-201202-03.xml
new file mode 100644
index 000000000000..0da4cebd6ca4
--- /dev/null
+++ b/metadata/glsa/glsa-201202-03.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-03">
+  <title>MaraDNS: Denial of service</title>
+  <synopsis>A hash collision vulnerability in MaraDNS allows remote attackers
+    to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">maradns</product>
+  <announced>2012-02-22</announced>
+  <revised count="1">2012-02-22</revised>
+  <bug>397431</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/maradns" auto="yes" arch="*">
+      <unaffected range="ge">1.4.09</unaffected>
+      <vulnerable range="lt">1.4.09</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MaraDNS is a proxy DNS server with permanent caching.</p>
+  </background>
+  <description>
+    <p>MaraDNS does not properly randomize hash functions to protect against
+      hash collision attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send many specially crafted DNS recursive
+      queries, possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MaraDNS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/maradns-1.4.09"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0024">CVE-2012-0024</uri>
+  </references>
+  <metadata timestamp="2012-02-20T21:36:13Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-02-22T19:45:52Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-04.xml b/metadata/glsa/glsa-201202-04.xml
new file mode 100644
index 000000000000..96096d809071
--- /dev/null
+++ b/metadata/glsa/glsa-201202-04.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-04">
+  <title>PowerDNS: Denial of service</title>
+  <synopsis>A vulnerability in PowerDNS could allow a remote attacker to create
+    a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">pdns</product>
+  <announced>2012-02-22</announced>
+  <revised count="1">2012-02-22</revised>
+  <bug>398403</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdns" auto="yes" arch="*">
+      <unaffected range="ge">3.0.1</unaffected>
+      <vulnerable range="lt">3.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The PowerDNS nameserver is an authoritative-only nameserver which uses a
+      flexible backend architecture.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability has been found in PowerDNS which could cause a packet
+      loop of DNS responses. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send specially crafted DNS response packets,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>PowerDNS users can set "cache-ttl=0" in /etc/powerdns/pdns.conf and then
+      restart the PowerDNS daemon:
+    </p>
+    
+    <code>
+      # /etc/init.d/pdns restart
+    </code>
+    
+    <p>Please review the PowerDNS Security Advisory below for more workaround
+      details.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All PowerDNS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-3.0.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0206">CVE-2012-0206</uri>
+    <uri link="https://doc.powerdns.com/powerdns-advisory-2012-01.html">PowerDNS
+      Security Advisory 2012-01
+    </uri>
+  </references>
+  <metadata timestamp="2012-01-27T14:47:52Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-02-22T19:50:34Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-05.xml b/metadata/glsa/glsa-201202-05.xml
new file mode 100644
index 000000000000..e68d4e442683
--- /dev/null
+++ b/metadata/glsa/glsa-201202-05.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-05">
+  <title>Heimdal: Arbitrary code execution</title>
+  <synopsis>A boundary error in Heimdal could result in execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">heimdal</product>
+  <announced>2012-02-22</announced>
+  <revised count="1">2012-02-22</revised>
+  <bug>396105</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/heimdal" auto="yes" arch="*">
+      <unaffected range="ge">1.5.1-r1</unaffected>
+      <vulnerable range="lt">1.5.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Heimdal is a free implementation of Kerberos 5.</p>
+  </background>
+  <description>
+    <p>A boundary error in the "encrypt_keyid()" function in
+      appl/telnet/libtelnet/encrypt.c of the telnet daemon and client could
+      cause a buffer overflow. 
+    </p>
+  </description>
+  <impact type="high">
+    <p>An unauthenticated remote attacker may be able to execute arbitrary code
+      with the privileges of the user running the telnet daemon or client, or
+      cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Heimdal users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/heimdal-1.5.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4862">CVE-2011-4862</uri>
+  </references>
+  <metadata timestamp="2012-01-17T19:55:41Z" tag="requester">ago</metadata>
+  <metadata timestamp="2012-02-22T19:56:26Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-06.xml b/metadata/glsa/glsa-201202-06.xml
new file mode 100644
index 000000000000..f840c259f877
--- /dev/null
+++ b/metadata/glsa/glsa-201202-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-06">
+  <title>Asterisk: Denial of service</title>
+  <synopsis>A vulnerability in Asterisk could allow a remote attacker to cause
+    a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2012-02-22</announced>
+  <revised count="1">2012-02-22</revised>
+  <bug>399507</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.8.8.2</unaffected>
+      <vulnerable range="lt">1.8.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been found in Asterisk's handling of certain
+      encrypted streams where the res_srtp module has been loaded but video
+      support has not been enabled.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted SDP message to the
+      Asterisk daemon, possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.8.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0885">CVE-2012-0885</uri>
+  </references>
+  <metadata timestamp="2012-01-27T14:53:19Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-02-22T19:58:56Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-07.xml b/metadata/glsa/glsa-201202-07.xml
new file mode 100644
index 000000000000..d20ea9966f13
--- /dev/null
+++ b/metadata/glsa/glsa-201202-07.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-07">
+  <title>libvirt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in libvirt, the worst of which
+    might allow guest OS users to read arbitrary files on the host OS.
+  </synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2012-02-27</announced>
+  <revised count="1">2012-02-27</revised>
+  <bug>358877</bug>
+  <bug>372963</bug>
+  <bug>373991</bug>
+  <bug>386287</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3-r1</unaffected>
+      <vulnerable range="lt">0.9.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit to manipulate virtual machines.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libvirt. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>These vulnerabilities allow a remote attacker to cause a Denial of
+      Service condition on the host server or libvirt daemon, or  might allow
+      guest OS users to read arbitrary files on the host OS.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-0.9.3-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1146">CVE-2011-1146</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1486">CVE-2011-1486</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2178">CVE-2011-2178</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2511">CVE-2011-2511</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:16Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-02-27T22:20:05Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-08.xml b/metadata/glsa/glsa-201202-08.xml
new file mode 100644
index 000000000000..1b2a7771f6d2
--- /dev/null
+++ b/metadata/glsa/glsa-201202-08.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-08">
+  <title>stunnel: Arbitrary code execution</title>
+  <synopsis>A vulnerability was found in stunnel, allowing remote attackers to
+    cause a Denial of Service and potentially arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">ebuild stunnel</product>
+  <announced>2012-02-29</announced>
+  <revised count="2">2012-07-30</revised>
+  <bug>379859</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/stunnel" auto="yes" arch="*">
+      <unaffected range="ge">4.44</unaffected>
+      <unaffected range="lt">4</unaffected>
+      <vulnerable range="lt">4.44</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The stunnel program is designed to work as an SSL encryption wrapper
+      between a client and a local or remote server.
+    </p>
+  </background>
+  <description>
+    <p>An unspecified heap vulnerability was discovered in stunnel.</p>
+  </description>
+  <impact type="normal">
+    <p>The vulnerability may possibly be leveraged to perform remote code
+      execution or a Denial of Service attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All stunnel 4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/stunnel-4.44"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2940">CVE-2011-2940</uri>
+  </references>
+  <metadata timestamp="2011-10-30T18:44:45Z" tag="requester">ago</metadata>
+  <metadata timestamp="2012-07-30T23:07:18Z" tag="submitter">ago</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201202-09.xml b/metadata/glsa/glsa-201202-09.xml
new file mode 100644
index 000000000000..12bcf54c521b
--- /dev/null
+++ b/metadata/glsa/glsa-201202-09.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201202-09">
+  <title>libxml2: User-assisted execution of arbitrary code</title>
+  <synopsis>A boundary error in libxml2 could result in execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2012-02-29</announced>
+  <revised count="2">2012-02-29</revised>
+  <bug>398361</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.7.8-r4</unaffected>
+      <vulnerable range="lt">2.7.8-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML C parser and toolkit developed for the Gnome project.</p>
+  </background>
+  <description>
+    <p>The "xmlStringLenDecodeEntities()" function in parser.c contains a
+      boundary error which could possibly cause a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted XML
+      file in an application linked against libxml2, possibly resulting in the
+      remote execution of arbitrary code with the permissions of the user
+      running the application, or Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.7.8-r4"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3919">CVE-2011-3919</uri>
+  </references>
+  <metadata timestamp="2012-01-16T09:34:21Z" tag="requester">ago</metadata>
+  <metadata timestamp="2012-02-29T20:10:19Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-01.xml b/metadata/glsa/glsa-201203-01.xml
new file mode 100644
index 000000000000..058fa3df6e47
--- /dev/null
+++ b/metadata/glsa/glsa-201203-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-01">
+  <title>spamdyke: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in spamdyke might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">spamdyke</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>399157</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/spamdyke" auto="yes" arch="*">
+      <unaffected range="ge">4.3.0</unaffected>
+      <vulnerable range="lt">4.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>spamdyke is a drop-in connection-time spam filter for qmail.</p>
+  </background>
+  <description>
+    <p>Boundary errors related to the "snprintf()" and "vsnprintf()" functions
+      in spamdyke could cause a buffer overflow. 
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All spamdyke users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-filter/spamdyke-4.3.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0802">CVE-2012-0802</uri>
+  </references>
+  <metadata timestamp="2012-01-17T23:00:49Z" tag="requester">ago</metadata>
+  <metadata timestamp="2012-03-06T01:01:06Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-02.xml b/metadata/glsa/glsa-201203-02.xml
new file mode 100644
index 000000000000..dda5a498e1c2
--- /dev/null
+++ b/metadata/glsa/glsa-201203-02.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-02">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which might allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cURL</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>308645</bug>
+  <bug>373235</bug>
+  <bug>400799</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.24.0</unaffected>
+      <vulnerable range="lt">7.24.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cURL is a command line tool for transferring files with URL syntax,
+      supporting numerous protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in cURL:</p>
+    
+    <ul>
+      <li>When zlib is enabled, the amount of data sent to an application for
+        automatic decompression is not restricted (CVE-2010-0734).
+      </li>
+      <li>When performing GSSAPI authentication, credential delegation is
+        always used (CVE-2011-2192).
+      </li>
+      <li>When SSL is enabled, cURL improperly disables the OpenSSL workaround
+        to mitigate an information disclosure vulnerability in the SSL and TLS
+        protocols (CVE-2011-3389).
+      </li>
+      <li>libcurl does not properly verify file paths for escape control
+        characters in IMAP, POP3 or SMTP URLs (CVE-2012-0036). 
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated process to open a
+      specially crafted file or URL using cURL, possibly resulting in the
+      remote execution of arbitrary code, a Denial of Service condition,
+      disclosure of sensitive information, or unwanted actions performed via
+      the IMAP, POP3 or SMTP protocols. Furthermore, remote servers may be able
+      to impersonate clients via GSSAPI requests.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.24.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0734">CVE-2010-0734
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2192">CVE-2011-2192
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389">CVE-2011-3389
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0036">CVE-2012-0036
+    </uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:07Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-03-06T01:02:18Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-03.xml b/metadata/glsa/glsa-201203-03.xml
new file mode 100644
index 000000000000..d14f0e5750f3
--- /dev/null
+++ b/metadata/glsa/glsa-201203-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-03">
+  <title>Puppet: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Puppet, the worst of
+    which might allow local attackers to gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">puppet</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>303729</bug>
+  <bug>308031</bug>
+  <bug>384859</bug>
+  <bug>385149</bug>
+  <bug>388161</bug>
+  <bug>403963</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-admin/puppet" auto="yes" arch="*">
+      <unaffected range="ge">2.7.11</unaffected>
+      <vulnerable range="lt">2.7.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Puppet is a system configuration management tool written in Ruby.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Puppet. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain elevated privileges, or access and modify
+      arbitrary files.  Furthermore, a remote attacker may be able to spoof a
+      Puppet Master or write X.509 Certificate Signing Requests to arbitrary
+      locations.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Puppet users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/puppet-2.7.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3564">CVE-2009-3564</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0156">CVE-2010-0156</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3848">CVE-2011-3848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3869">CVE-2011-3869</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3870">CVE-2011-3870</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3871">CVE-2011-3871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3872">CVE-2011-3872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1053">CVE-2012-1053
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1054">CVE-2012-1054</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:02Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-03-06T01:03:42Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-04.xml b/metadata/glsa/glsa-201203-04.xml
new file mode 100644
index 000000000000..a7d5a7b85283
--- /dev/null
+++ b/metadata/glsa/glsa-201203-04.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-04">
+  <title>libxml2: Denial of service</title>
+  <synopsis>A hash collision vulnerability in libxml2 allows remote attackers
+    to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>405261</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.7.8-r5</unaffected>
+      <vulnerable range="lt">2.7.8-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML C parser and toolkit developed for the Gnome project.</p>
+  </background>
+  <description>
+    <p>libxml2 does not properly randomize hash functions to protect against
+      hash collision attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to open a
+      specially crafted XML document with an application using libxml2
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.7.8-r5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0841">CVE-2012-0841</uri>
+  </references>
+  <metadata timestamp="2012-03-04T20:55:53Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-06T01:04:40Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-05.xml b/metadata/glsa/glsa-201203-05.xml
new file mode 100644
index 000000000000..17d12d9339ed
--- /dev/null
+++ b/metadata/glsa/glsa-201203-05.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-05">
+  <title>Rack: Denial of service</title>
+  <synopsis>A hash collision vulnerability in Rack allows remote attackers to
+    cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">rack</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>396455</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/rack" auto="yes" arch="*">
+      <unaffected range="ge">1.1.3</unaffected>
+      <vulnerable range="lt">1.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Rack is a modular Ruby web server interface.</p>
+  </background>
+  <description>
+    <p>Rack does not properly randomize hash functions to protect against hash
+      collision attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted form post, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Rack users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rack-1.1.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5036">CVE-2011-5036</uri>
+  </references>
+  <metadata timestamp="2012-03-04T21:22:25Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-06T01:05:34Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-06.xml b/metadata/glsa/glsa-201203-06.xml
new file mode 100644
index 000000000000..f36cdf0bc0d3
--- /dev/null
+++ b/metadata/glsa/glsa-201203-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-06">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>Two vulnerabilities have been discovered in sudo, allowing local
+    attackers to possibly gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>351490</bug>
+  <bug>401533</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.3_p2</unaffected>
+      <unaffected range="rge">1.7.4_p5</unaffected>
+      <vulnerable range="lt">1.8.3_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo allows a system administrator to give users the ability to run
+      commands as other users.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been discovered in sudo:</p>
+    
+    <ul>
+      <li>When the sudoers file is configured with a Runas group, sudo does not
+        prompt for a password when changing to the new group (CVE-2011-0010). 
+      </li>
+      <li>A format string vulnerability exists in the "sudo_debug()" function
+        (CVE-2012-0809).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker could possibly gain the ability to run arbitrary
+      commands with the privileges of other users or groups, including root.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.3_p2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0010">CVE-2011-0010</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0809">CVE-2012-0809</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:40Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-03-06T01:39:33Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-07.xml b/metadata/glsa/glsa-201203-07.xml
new file mode 100644
index 000000000000..151c401b2ebb
--- /dev/null
+++ b/metadata/glsa/glsa-201203-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-07">
+  <title>foomatic-filters: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in foomatic-filters could result in the execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">foomatic-filters</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>379559</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/foomatic-filters" auto="yes" arch="*">
+      <unaffected range="ge">4.0.9</unaffected>
+      <vulnerable range="lt">4.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The foomatic-filters package contains wrapper scripts which are designed
+      to be used with Foomatic.
+    </p>
+  </background>
+  <description>
+    <p>The foomatic-rip filter improperly handles command-line arguments,
+      including those issued by FoomaticRIPCommandLine fields in PPD files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PPD
+      file, possibly resulting in execution of arbitrary code with the
+      privileges of the system user "lp".
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All foomatic-filters users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-print/foomatic-filters-4.0.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2697">CVE-2011-2697</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2964">CVE-2011-2964</uri>
+  </references>
+  <metadata timestamp="2012-01-29T22:40:52Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-06T01:40:15Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-08.xml b/metadata/glsa/glsa-201203-08.xml
new file mode 100644
index 000000000000..bba0509f08e8
--- /dev/null
+++ b/metadata/glsa/glsa-201203-08.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-08">
+  <title>libxslt: Denial of service</title>
+  <synopsis>A vulnerability in libxslt could result in Denial of Service.</synopsis>
+  <product type="ebuild">libxslt</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>402861</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxslt" auto="yes" arch="*">
+      <unaffected range="ge">1.1.26-r3</unaffected>
+      <vulnerable range="lt">1.1.26-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxslt is the XSLT C library developed for the GNOME project. XSLT is
+      an XML language to define transformations for XML.
+    </p>
+  </background>
+  <description>
+    <p>An out of bounds read error has been found in libxslt/pattern.c in
+      libxslt.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process an XML file using a
+      specially crafted XSLT stylesheet in an application linked against
+      libxslt, possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxslt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxslt-1.1.26-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3970">CVE-2011-3970</uri>
+  </references>
+  <metadata timestamp="2012-03-03T04:30:56Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-06T01:41:06Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-09.xml b/metadata/glsa/glsa-201203-09.xml
new file mode 100644
index 000000000000..3d93d35f8e94
--- /dev/null
+++ b/metadata/glsa/glsa-201203-09.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-09">
+  <title>ImageMagick: User-assisted execution of arbitrary code</title>
+  <synopsis>Vulnerabilities found in ImageMagick might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ImageMagick</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>402999</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.7.5.3</unaffected>
+      <vulnerable range="lt">6.7.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ImageMagick is a collection of tools and libraries for manipulating
+      various image formats.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in ImageMagick:</p>
+    
+    <ul>
+      <li>Incorrect offset and count values in the ResolutionUnit tag in EXIF
+        IFD could cause memory corruption (CVE-2012-0247).
+      </li>
+      <li>IOP tag offsets pointing to the beginning of an IFD could cause an
+        infinite loop of ImageMagick parsing the IFD structure (CVE-2012-0248).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image,
+      possibly resulting in execution of arbitrary code or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.7.5.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0247">CVE-2012-0247</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0248">CVE-2012-0248</uri>
+  </references>
+  <metadata timestamp="2012-03-03T14:41:18Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-06T01:41:55Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-10.xml b/metadata/glsa/glsa-201203-10.xml
new file mode 100644
index 000000000000..181c566859b1
--- /dev/null
+++ b/metadata/glsa/glsa-201203-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-10">
+  <title>libmikmod: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple buffer overflow vulnerabilities in libmikmod may allow an
+    attacker to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libmikmod</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>335892</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libmikmod" auto="yes" arch="*">
+      <unaffected range="ge">3.2.0_beta2-r3</unaffected>
+      <unaffected range="rge">3.1.12-r1</unaffected>
+      <vulnerable range="lt">3.2.0_beta2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libmikmod is a library to play a wide range of module formats.</p>
+  </background>
+  <description>
+    <p>Multiple boundary errors have been found in load_it.c in libmikmod,
+      which may cause a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open specially crafted files in
+      an application linked against libmikmod, possibly resulting in execution
+      of arbitrary code with the permissions of the user running the
+      application, or Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libmikmod 3.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/libmikmod-3.2.0_beta2-r3"
+    </code>
+    
+    <p>All libmikmod 3.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libmikmod-3.1.12-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2546">CVE-2010-2546</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971">CVE-2010-2971</uri>
+  </references>
+  <metadata timestamp="2012-03-02T20:38:21Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-06T01:42:39Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-11.xml b/metadata/glsa/glsa-201203-11.xml
new file mode 100644
index 000000000000..0561690727ce
--- /dev/null
+++ b/metadata/glsa/glsa-201203-11.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-11">
+  <title>usbmuxd: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in usbmuxd could result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">usbmuxd</product>
+  <announced>2012-03-06</announced>
+  <revised count="1">2012-03-06</revised>
+  <bug>399409</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-pda/usbmuxd" auto="yes" arch="*">
+      <unaffected range="ge">1.0.7-r1</unaffected>
+      <vulnerable range="lt">1.0.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod
+      Touch devices.
+    </p>
+  </background>
+  <description>
+    <p>The "receive_packet()" function in libusbmuxd.c contains a boundary
+      error when parsing the "SerialNumber" field of a USB device, which could
+      cause a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could gain physical access or entice a user to connect to a
+      malicious USB device, possibly resulting in execution of arbitrary code
+      with the privileges of the "usbmux" user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All usbmuxd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-pda/usbmuxd-1.0.7-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0065">CVE-2012-0065</uri>
+  </references>
+  <metadata timestamp="2012-01-23T14:30:43Z" tag="requester">ago</metadata>
+  <metadata timestamp="2012-03-06T01:43:19Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-12.xml b/metadata/glsa/glsa-201203-12.xml
new file mode 100644
index 000000000000..a3f2934b4af7
--- /dev/null
+++ b/metadata/glsa/glsa-201203-12.xml
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-12">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, allowing
+    remote attackers to cause a Denial of Service or obtain sensitive
+    information.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2012-03-06</announced>
+  <revised count="9">2015-06-06</revised>
+  <bug>397695</bug>
+  <bug>399365</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0g</unaffected>
+      <unaffected range="rge">0.9.8t</unaffected>
+      <unaffected range="rge">0.9.8u</unaffected>
+      <unaffected range="rge">0.9.8v</unaffected>
+      <unaffected range="rge">0.9.8w</unaffected>
+      <unaffected range="rge">0.9.8x</unaffected>
+      <unaffected range="rge">0.9.8y</unaffected>
+      <unaffected range="rge">0.9.8z_p1</unaffected>
+      <unaffected range="rge">0.9.8z_p2</unaffected>
+      <unaffected range="rge">0.9.8z_p3</unaffected>
+      <unaffected range="rge">0.9.8z_p4</unaffected>
+      <unaffected range="rge">0.9.8z_p5</unaffected>
+      <unaffected range="rge">0.9.8z_p6</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.0g</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in OpenSSL:</p>
+    
+    <ul>
+      <li>Timing differences for decryption are exposed by CBC mode encryption
+        in OpenSSL’s implementation of DTLS (CVE-2011-4108).
+      </li>
+      <li>A policy check failure can result in a double-free error when
+        X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).
+      </li>
+      <li>Clients and servers using SSL 3.0 handshakes do not clear the block
+        cipher padding, allowing a record to contain up to 15 bytes of
+        uninitialized memory, which could include sensitive information
+        (CVE-2011-4576). 
+      </li>
+      <li>Assertion errors can occur during the handling of malformed X.509
+        certificates when OpenSSL is built with RFC 3779 support
+        (CVE-2011-4577).
+      </li>
+      <li>A resource management error can occur when OpenSSL’s server gated
+        cryptography (SGC) does not properly handle handshake restarts
+        (CVE-2011-4619).
+      </li>
+      <li>Invalid parameters in the GOST block cipher are not properly handled
+        by the GOST ENGINE(CVE-2012-0027).
+      </li>
+      <li>An incorrect fix for CVE-2011-4108 creates an unspecified
+        vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). 
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service or obtain
+      sensitive information, including plaintext passwords. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.0g"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108">CVE-2011-4108</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109">CVE-2011-4109</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576">CVE-2011-4576</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577">CVE-2011-4577</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619">CVE-2011-4619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027">CVE-2012-0027</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050 ">
+      CVE-2012-0050 
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-01-16T19:58:37Z">ago</metadata>
+  <metadata tag="submitter" timestamp="2015-06-06T23:08:28Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-13.xml b/metadata/glsa/glsa-201203-13.xml
new file mode 100644
index 000000000000..98d1f6edf966
--- /dev/null
+++ b/metadata/glsa/glsa-201203-13.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-13">
+  <title>Openswan: Denial of service</title>
+  <synopsis>Multiple vulnerabilities in Openswan may create a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">Openswan</product>
+  <announced>2012-03-16</announced>
+  <revised count="1">2012-03-16</revised>
+  <bug>372961</bug>
+  <bug>389097</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/openswan" auto="yes" arch="*">
+      <unaffected range="ge">2.6.37</unaffected>
+      <vulnerable range="lt">2.6.37</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Openswan is an implementation of IPsec for Linux.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in Openswan:</p>
+    
+    <ul>
+      <li>Improper permissions are used on /var/run/starter.pid and
+        /var/lock/subsys/ipsec (CVE-2011-2147).
+      </li>
+      <li>Openswan contains a use-after-free error in the cryptographic helper
+        handler (CVE-2011-4073).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker or a local attacker may be able to cause
+      a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Openswan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openswan-2.6.37"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since November 10, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2147">CVE-2011-2147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4073">CVE-2011-4073</uri>
+  </references>
+  <metadata timestamp="2012-03-06T21:14:35Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-16T10:56:03Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-14.xml b/metadata/glsa/glsa-201203-14.xml
new file mode 100644
index 000000000000..698ab7754c25
--- /dev/null
+++ b/metadata/glsa/glsa-201203-14.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-14">
+  <title>Audacious Plugins: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities in Audacious Plugins could result in
+    execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">audacious-plugins</product>
+  <announced>2012-03-16</announced>
+  <revised count="1">2012-03-16</revised>
+  <bug>383991</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-plugins/audacious-plugins" auto="yes" arch="*">
+      <unaffected range="ge">3.1</unaffected>
+      <vulnerable range="lt">3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Plugins for the Audacious music player.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Audacious Plugins:</p>
+    
+    <ul>
+      <li>The "CSoundFile::ReadWav()" function in load_wav.cpp contains an
+        integer overflow which could cause a heap-based buffer overflow
+        (CVE-2011-2911). 
+      </li>
+      <li>The "CSoundFile::ReadS3M()" function in load_s3m.cpp contains
+        multiple boundary errors which could cause a stack-based buffer
+        overflow (CVE-2011-2912).
+      </li>
+      <li>The "CSoundFile::ReadAMS()" function in load_ams.cpp contains an
+        off-by-one error which could cause memory corruption (CVE-2011-2913).
+      </li>
+      <li>The "CSoundFile::ReadDSM()" function in load_dms.cpp contains an
+        off-by-one error which could cause memory corruption (CVE-2011-2914).
+      </li>
+      <li>The "CSoundFile::ReadAMS2()" function in load_ams.cpp contains an
+        off-by-one error which could cause memory corruption (CVE-2011-2915).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file, possibly resulting in execution of arbitrary code, or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Audacious Plugins users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-plugins/audacious-plugins-3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2911">CVE-2011-2911</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2912">CVE-2011-2912</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2913">CVE-2011-2913</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2914">CVE-2011-2914</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2915">CVE-2011-2915</uri>
+  </references>
+  <metadata timestamp="2012-03-11T14:43:54Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-16T10:57:34Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-15.xml b/metadata/glsa/glsa-201203-15.xml
new file mode 100644
index 000000000000..dd37960f3d30
--- /dev/null
+++ b/metadata/glsa/glsa-201203-15.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-15">
+  <title>gif2png: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in gif2png, the worst of
+    which might allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gif2png</product>
+  <announced>2012-03-16</announced>
+  <revised count="1">2012-03-16</revised>
+  <bug>351698</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gif2png" auto="yes" arch="*">
+      <unaffected range="ge">2.5.8</unaffected>
+      <vulnerable range="lt">2.5.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>gif2png converts images from GIF format to PNG format.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in gif2png:</p>
+    
+    <ul>
+      <li>A boundary error in gif2png.c could cause a buffer overflow
+        (CVE-2010-4694).
+      </li>
+      <li>The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames
+        (CVE-2010-4695).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted GIF
+      file, possibly resulting in execution of arbitrary code, a Denial of
+      Service condition, or the creation of PNG files in unintended
+      directories.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gif2png users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/gif2png-2.5.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4694">CVE-2010-4694</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4695">CVE-2010-4695</uri>
+  </references>
+  <metadata timestamp="2012-03-09T22:46:15Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-16T10:58:44Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-16.xml b/metadata/glsa/glsa-201203-16.xml
new file mode 100644
index 000000000000..18c921c5982b
--- /dev/null
+++ b/metadata/glsa/glsa-201203-16.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-16">
+  <title>ModPlug: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities in ModPlug could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libmodplug</product>
+  <announced>2012-03-16</announced>
+  <revised count="2">2012-03-16</revised>
+  <bug>362503</bug>
+  <bug>379557</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libmodplug" auto="yes" arch="*">
+      <unaffected range="ge">0.8.8.4</unaffected>
+      <vulnerable range="lt">0.8.8.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ModPlug is a library for playing MOD-like music.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in ModPlug:</p>
+    
+    <ul>
+      <li>The ReadS3M method in load_s3m.cpp fails to validate user-supplied
+        information, which could cause a stack-based buffer overflow
+        (CVE-2011-1574).
+      </li>
+      <li>The "CSoundFile::ReadWav()" function in load_wav.cpp contains an
+        integer overflow which could cause a heap-based buffer overflow
+        (CVE-2011-2911). 
+      </li>
+      <li>The "CSoundFile::ReadS3M()" function in load_s3m.cpp contains
+        multiple boundary errors which could cause a stack-based buffer
+        overflow (CVE-2011-2912).
+      </li>
+      <li>The "CSoundFile::ReadAMS()" function in load_ams.cpp contains an
+        off-by-one error which could cause memory corruption (CVE-2011-2913).
+      </li>
+      <li>The "CSoundFile::ReadDSM()" function in load_dms.cpp contains an
+        off-by-one error which could cause memory corruption (CVE-2011-2914).
+      </li>
+      <li>The "CSoundFile::ReadAMS2()" function in load_ams.cpp contains an
+        off-by-one error which could cause memory corruption (CVE-2011-2915).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file, possibly resulting in execution of arbitrary code, or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ModPlug users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libmodplug-0.8.8.4"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 27, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1574">CVE-2011-1574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2911">CVE-2011-2911</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2912">CVE-2011-2912</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2913">CVE-2011-2913</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2914">CVE-2011-2914</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2915">CVE-2011-2915</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:18Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-03-16T11:02:28Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-17.xml b/metadata/glsa/glsa-201203-17.xml
new file mode 100644
index 000000000000..7961608f327f
--- /dev/null
+++ b/metadata/glsa/glsa-201203-17.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-17">
+  <title>HPLIP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in HPLIP, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">hplip</product>
+  <announced>2012-03-16</announced>
+  <revised count="1">2012-03-16</revised>
+  <bug>352085</bug>
+  <bug>388655</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-print/hplip" auto="yes" arch="*">
+      <unaffected range="ge">3.11.10</unaffected>
+      <vulnerable range="lt">3.11.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides
+      drivers for HP's inkjet and laser printers, scanners and fax machines. 
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in HPLIP:</p>
+    
+    <ul>
+      <li>The "hpmud_get_pml()" function in pml.c contains a boundary error
+        which could cause a stack-based buffer overflow (CVE-2010-4267).
+      </li>
+      <li>The "send_data_to_stdout()" function in hpcupsfax.cpp creates
+        insecure temporary files (CVE-2011-2722).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A remote attacker might send specially crafted SNMP reponses, possibly
+      resulting in execution of arbitrary code or a Denial of Service
+      condition. Furthermore, a local attacker could perform symlink attacks to
+      overwrite arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All HPLIP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/hplip-3.11.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4267">CVE-2010-4267</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2722">CVE-2011-2722</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:15Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-03-16T11:04:44Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-18.xml b/metadata/glsa/glsa-201203-18.xml
new file mode 100644
index 000000000000..f817a2b17a15
--- /dev/null
+++ b/metadata/glsa/glsa-201203-18.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-18">
+  <title>Minitube: Insecure temporary file usage</title>
+  <synopsis>An insecure temporary file usage has been reported in Minitube,
+    possibly allowing symlink attacks.
+  </synopsis>
+  <product type="ebuild">Minitube</product>
+  <announced>2012-03-16</announced>
+  <revised count="1">2012-03-16</revised>
+  <bug>388867</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-video/minitube" auto="yes" arch="*">
+      <unaffected range="ge">1.6</unaffected>
+      <vulnerable range="lt">1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Minitube is a Qt4 YouTube desktop client.</p>
+  </background>
+  <description>
+    <p>Tomáš Pružina reported that Minitube does not handle temporary files
+      securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Minitube users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/minitube-1.6"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since November 11, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://flavio.tordini.org/minitube-1-6-released">Minitube 1.6
+      Release
+    </uri>
+  </references>
+  <metadata timestamp="2012-03-06T21:07:35Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-16T11:06:53Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-19.xml b/metadata/glsa/glsa-201203-19.xml
new file mode 100644
index 000000000000..38aaee31d98f
--- /dev/null
+++ b/metadata/glsa/glsa-201203-19.xml
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-19">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium, some of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2012-03-25</announced>
+  <revised count="1">2012-03-25</revised>
+  <bug>406975</bug>
+  <bug>407465</bug>
+  <bug>407755</bug>
+  <bug>409251</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">17.0.963.83</unaffected>
+      <vulnerable range="lt">17.0.963.83</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers and release notes referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      site using Chromium, possibly resulting in the execution of arbitrary
+      code with the privileges of the process, a Denial of Service condition,
+      Universal Cross-Site Scripting, or installation of an extension without
+      user interaction.
+    </p>
+    
+    <p>A remote attacker could also entice a user to install a specially
+      crafted extension that would interfere with browser-issued web requests.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/chromium-17.0.963.83"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3031">
+      CVE-2011-3031
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3032">
+      CVE-2011-3032
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3033">
+      CVE-2011-3033
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3034">
+      CVE-2011-3034
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3035">
+      CVE-2011-3035
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3036">
+      CVE-2011-3036
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3037">
+      CVE-2011-3037
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3038">
+      CVE-2011-3038
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3039">
+      CVE-2011-3039
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3040">
+      CVE-2011-3040
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3041">
+      CVE-2011-3041
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3042">
+      CVE-2011-3042
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3043">
+      CVE-2011-3043
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3044">
+      CVE-2011-3044
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3046">
+      CVE-2011-3046
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3047">
+      CVE-2011-3047
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3049">
+      CVE-2011-3049
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3050">
+      CVE-2011-3050
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3051">
+      CVE-2011-3051
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3052">
+      CVE-2011-3052
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3053">
+      CVE-2011-3053
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3054">
+      CVE-2011-3054
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3055">
+      CVE-2011-3055
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3056">
+      CVE-2011-3056
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3057">
+      CVE-2011-3057
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html">
+      Release Notes 17.0.963.65
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html">
+      Release Notes 17.0.963.78
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html">
+      Release Notes 17.0.963.79
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html">
+      Release Notes 17.0.963.83
+    </uri>
+  </references>
+  <metadata timestamp="2012-03-05T19:46:58Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-03-25T16:05:36Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-20.xml b/metadata/glsa/glsa-201203-20.xml
new file mode 100644
index 000000000000..e8975a7ad692
--- /dev/null
+++ b/metadata/glsa/glsa-201203-20.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-20">
+  <title>Logwatch: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Logwatch might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">Logwatch</product>
+  <announced>2012-03-28</announced>
+  <revised count="1">2012-03-28</revised>
+  <bug>356387</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/logwatch" auto="yes" arch="*">
+      <unaffected range="ge">7.4.0</unaffected>
+      <vulnerable range="lt">7.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Logwatch analyzes and reports on system logs.</p>
+  </background>
+  <description>
+    <p>logwatch.pl does not properly sanitize log filenames against shell
+      metacharacters before passing them to the "system()" function. 
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could pass a specially crafted log filename to
+      Logwatch, possibly resulting in execution of arbitrary code with root
+      privileges or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Logwatch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/logwatch-7.4.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1018">CVE-2011-1018</uri>
+  </references>
+  <metadata timestamp="2012-03-16T19:51:03Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-28T10:30:33Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-21.xml b/metadata/glsa/glsa-201203-21.xml
new file mode 100644
index 000000000000..4c4d43bd37bc
--- /dev/null
+++ b/metadata/glsa/glsa-201203-21.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-21">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Asterisk</product>
+  <announced>2012-03-28</announced>
+  <revised count="1">2012-03-28</revised>
+  <bug>408431</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.8.10.1</unaffected>
+      <vulnerable range="lt">1.8.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in Asterisk:</p>
+    
+    <ul>
+      <li>The "milliwatt_generate()" function in app_milliwatt.c is vulnerable
+        to a stack overrun (AST-2012-002).
+      </li>
+      <li>The "ast_parse_digest()" function in utils.c is vulnerable to a
+        stack-based buffer overflow (AST-2012-003).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A remote unauthenticated attacker could execute arbitrary code or cause
+      a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.10.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2012-002.txt">
+      AST-2012-002
+    </uri>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2012-003.txt">
+      AST-2012-003
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1183">CVE-2012-1183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1184">CVE-2012-1184</uri>
+  </references>
+  <metadata timestamp="2012-03-16T10:54:51Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-28T10:35:00Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-22.xml b/metadata/glsa/glsa-201203-22.xml
new file mode 100644
index 000000000000..c9037147b3f2
--- /dev/null
+++ b/metadata/glsa/glsa-201203-22.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-22">
+  <title>nginx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in nginx, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nginx</product>
+  <announced>2012-03-28</announced>
+  <revised count="1">2012-03-28</revised>
+  <bug>293785</bug>
+  <bug>293786</bug>
+  <bug>293788</bug>
+  <bug>389319</bug>
+  <bug>408367</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge">1.0.14</unaffected>
+      <vulnerable range="lt">1.0.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in nginx:</p>
+    
+    <ul>
+      <li>The TLS protocol does not properly handle session renegotiation
+        requests (CVE-2009-3555).
+      </li>
+      <li>The "ngx_http_process_request_headers()" function in ngx_http_parse.c
+        could cause a NULL pointer dereference (CVE-2009-3896).
+      </li>
+      <li>nginx does not properly sanitize user input for the the WebDAV COPY
+        or MOVE methods (CVE-2009-3898).
+      </li>
+      <li>The "ngx_resolver_copy()" function in ngx_resolver.c contains a
+        boundary error which could cause a heap-based buffer overflow
+        (CVE-2011-4315).
+      </li>
+      <li>nginx does not properly parse HTTP header responses which could
+        expose sensitive information (CVE-2012-1180).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the nginx process, cause a Denial of Service condition,
+      create or overwrite arbitrary files, or obtain sensitive information. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nginx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.0.14"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555">CVE-2009-3555
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896">CVE-2009-3896
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898">CVE-2009-3898
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315">CVE-2011-4315
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180">CVE-2012-1180
+    </uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:49Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-03-28T10:35:47Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-23.xml b/metadata/glsa/glsa-201203-23.xml
new file mode 100644
index 000000000000..788daa52ed50
--- /dev/null
+++ b/metadata/glsa/glsa-201203-23.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-23">
+  <title>libzip: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libzip, the worst of
+    which might allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libzip</product>
+  <announced>2012-03-29</announced>
+  <revised count="1">2012-03-29</revised>
+  <bug>409117</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libzip" auto="yes" arch="*">
+      <unaffected range="ge">0.10.1</unaffected>
+      <vulnerable range="lt">0.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libzip is a library for manipulating zip archives.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in the "_zip_readcdir()" function in
+      zip_open.c of libzip:
+    </p>
+    
+    <ul>
+      <li>An incorrect loop construct, which could cause a heap-based buffer
+        overflow (CVE-2012-1162).
+      </li>
+      <li>An integer overflow, which may not restrict operations within the
+        memory buffer (CVE-2012-1163).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted ZIP
+      file, possibly resulting in execution of arbitrary code with the
+      privileges of the process, a Denial of Service condition, or information
+      leaks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libzip users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libzip-0.10.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1162">CVE-2012-1162</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1163">CVE-2012-1163</uri>
+  </references>
+  <metadata timestamp="2012-03-23T11:20:26Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-03-29T11:18:55Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201203-24.xml b/metadata/glsa/glsa-201203-24.xml
new file mode 100644
index 000000000000..b19e18c11587
--- /dev/null
+++ b/metadata/glsa/glsa-201203-24.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201203-24">
+  <title>Chromium, V8: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
+    some of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium v8</product>
+  <announced>2012-03-30</announced>
+  <revised count="1">2012-03-30</revised>
+  <bug>410045</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">18.0.1025.142</unaffected>
+      <vulnerable range="lt">18.0.1025.142</vulnerable>
+    </package>
+    <package name="dev-lang/v8" auto="yes" arch="*">
+      <unaffected range="ge">3.8.9.16</unaffected>
+      <vulnerable range="lt">3.8.9.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project. V8 is Google's open
+      source JavaScript engine. SPDY is an experimental networking protocol.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
+      review the CVE identifiers and release notes referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted web site or JavaScript program using Chromium or V8, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process, or a Denial of Service condition.
+    </p>
+    
+    <p>The attacker could also entice a user to open a specially crafted web
+      site using Chromium, possibly resulting in cross-site scripting (XSS), or
+      an unspecified SPDY certificate checking error.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-18.0.1025.142"
+    </code>
+    
+    <p>All V8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/v8-3.8.9.16"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3057">
+      CVE-2011-3057
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3058">
+      CVE-2011-3058
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3059">
+      CVE-2011-3059
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3060">
+      CVE-2011-3060
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3061">
+      CVE-2011-3061
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3062">
+      CVE-2011-3062
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3063">
+      CVE-2011-3063
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3064">
+      CVE-2011-3064
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3065">
+      CVE-2011-3065
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html">
+      Release Notes 18.0.1025.142
+    </uri>
+  </references>
+  <metadata timestamp="2012-03-30T07:32:06Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-03-30T22:22:41Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201204-01.xml b/metadata/glsa/glsa-201204-01.xml
new file mode 100644
index 000000000000..aed3cc111a7f
--- /dev/null
+++ b/metadata/glsa/glsa-201204-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201204-01">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in VirtualBox, allowing local
+    attackers to gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2012-04-09</announced>
+  <revised count="1">2012-04-09</revised>
+  <bug>386317</bug>
+  <bug>399807</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">4.1.8</unaffected>
+      <vulnerable range="lt">4.1.8</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
+      <unaffected range="ge">4.1.4</unaffected>
+      <vulnerable range="lt">4.1.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple unspecified vulnerabilities have been discovered in VirtualBox.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker may be able to gain escalated privileges via unknown
+      attack vectors. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VirtualBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-4.1.8"
+    </code>
+    
+    <p>All VirtualBox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-4.1.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4414">CVE-2010-4414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2300">CVE-2011-2300</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2305">CVE-2011-2305</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0105">CVE-2012-0105</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0111">CVE-2012-0111</uri>
+  </references>
+  <metadata timestamp="2011-12-07T22:00:54Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-04-09T22:33:28Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201204-02.xml b/metadata/glsa/glsa-201204-02.xml
new file mode 100644
index 000000000000..d059fba358f3
--- /dev/null
+++ b/metadata/glsa/glsa-201204-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201204-02">
+  <title>InspIRCd: Arbitrary code execution</title>
+  <synopsis>A heap-based buffer overflow in InspIRCd may allow execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">InspIRCd</product>
+  <announced>2012-04-10</announced>
+  <revised count="1">2012-04-10</revised>
+  <bug>409159</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/inspircd" auto="yes" arch="*">
+      <unaffected range="ge">2.0.5-r1</unaffected>
+      <vulnerable range="lt">2.0.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>InspIRCd (Inspire IRCd) is a modular C++ IRC daemon</p>
+  </background>
+  <description>
+    <p>A vulnerability in InspIRCd allows DNS compression features to control
+      the number of overflowed bytes sent to the heap-based buffer "res[]" in
+      dns.cpp.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send specially crafted DNS responses, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All InspIRCd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/inspircd-2.0.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1836">CVE-2012-1836</uri>
+  </references>
+  <metadata timestamp="2012-03-23T11:55:36Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-04-10T11:06:33Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201204-03.xml b/metadata/glsa/glsa-201204-03.xml
new file mode 100644
index 000000000000..9cbceda9efa4
--- /dev/null
+++ b/metadata/glsa/glsa-201204-03.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201204-03">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium, some of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2012-04-10</announced>
+  <revised count="1">2012-04-10</revised>
+  <bug>410963</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">18.0.1025.151</unaffected>
+      <vulnerable range="lt">18.0.1025.151</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers and release notes referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      site using Chromium, possibly resulting in the execution of arbitrary
+      code with the privileges of the process, a Denial of Service condition,
+      or bypass of the same origin policy.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-18.0.1025.151"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066">
+      CVE-2011-3066
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067">
+      CVE-2011-3067
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068">
+      CVE-2011-3068
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069">
+      CVE-2011-3069
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070">
+      CVE-2011-3070
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071">
+      CVE-2011-3071
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072">
+      CVE-2011-3072
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073">
+      CVE-2011-3073
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074">
+      CVE-2011-3074
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075">
+      CVE-2011-3075
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076">
+      CVE-2011-3076
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077">
+      CVE-2011-3077
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html">
+      Release Notes 18.0.1025.151
+    </uri>
+  </references>
+  <metadata timestamp="2012-04-10T08:53:22Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-04-10T21:54:33Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201204-04.xml b/metadata/glsa/glsa-201204-04.xml
new file mode 100644
index 000000000000..904cecb45463
--- /dev/null
+++ b/metadata/glsa/glsa-201204-04.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201204-04">
+  <title>FreeType: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeType, allowing
+    remote attackers to possibly execute arbitrary code or cause Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">FreeType</product>
+  <announced>2012-04-17</announced>
+  <revised count="1">2012-04-17</revised>
+  <bug>407257</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.4.9</unaffected>
+      <vulnerable range="lt">2.4.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeType is a high-quality and portable font engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeType. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted font,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the user running the application, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeType users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.4.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1126">CVE-2012-1126</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1127">CVE-2012-1127</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1128">CVE-2012-1128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1129">CVE-2012-1129</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1130">CVE-2012-1130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1131">CVE-2012-1131</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1132">CVE-2012-1132</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1133">CVE-2012-1133</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1134">CVE-2012-1134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1135">CVE-2012-1135</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1136">CVE-2012-1136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1137">CVE-2012-1137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1138">CVE-2012-1138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1139">CVE-2012-1139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1140">CVE-2012-1140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1141">CVE-2012-1141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1142">CVE-2012-1142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1143">CVE-2012-1143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1144">CVE-2012-1144</uri>
+  </references>
+  <metadata timestamp="2012-03-17T18:44:31Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-04-17T22:43:12Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201204-05.xml b/metadata/glsa/glsa-201204-05.xml
new file mode 100644
index 000000000000..67d7743b9482
--- /dev/null
+++ b/metadata/glsa/glsa-201204-05.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201204-05">
+  <title>SWFTools: User-assisted execution of arbitrary code</title>
+  <synopsis>A heap-based buffer overflow in SWFTools could result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">SWFTools</product>
+  <announced>2012-04-17</announced>
+  <revised count="2">2012-04-18</revised>
+  <bug>332649</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/swftools" auto="yes" arch="*">
+      <vulnerable range="le">0.9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SWFTools is a collection of SWF manipulation and generation utilities
+      written by Rainer Böhme and Matthias Kramm.
+    </p>
+  </background>
+  <description>
+    <p>Integer overflow errors in the "getPNG()" function in png.c and the
+      "jpeg_load()" function in jpeg.c could cause a heap-based buffer
+      overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PNG or
+      JPEG file, possibly resulting in execution of arbitrary code with the
+      privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo discontinued support for SWFTools. We recommend that users
+      unmerge swftools:
+    </p>
+    
+    <code>
+      # emerge --unmerge "media-gfx/swftools"
+    </code>
+    
+    <p>NOTE: Users could upgrade to "&gt;=media-gfx/swftools-0.9.1", however
+      these packages are not currently stable.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1516">CVE-2010-1516</uri>
+  </references>
+  <metadata timestamp="2012-04-06T20:23:27Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-04-18T22:59:36Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201204-06.xml b/metadata/glsa/glsa-201204-06.xml
new file mode 100644
index 000000000000..d24555e38ed4
--- /dev/null
+++ b/metadata/glsa/glsa-201204-06.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201204-06">
+  <title>PolicyKit: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PolicyKit, the worst of
+    which may allow a local attacker to gain root privileges.
+  </synopsis>
+  <product type="ebuild">polkit</product>
+  <announced>2012-04-17</announced>
+  <revised count="1">2012-04-17</revised>
+  <bug>314535</bug>
+  <bug>364973</bug>
+  <bug>401513</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-auth/polkit" auto="yes" arch="*">
+      <unaffected range="ge">0.104-r1</unaffected>
+      <vulnerable range="lt">0.104-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PolicyKit is a toolkit for controlling privileges for system-wide
+      services.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in PolicyKit:</p>
+    
+    <ul>
+      <li>Error messages in the pkexec utility disclose the existence of local
+        files (CVE-2010-0750).
+      </li>
+      <li>The pkexec utility initially checks the effective user ID of its
+        parent process for authorization, instead of checking the real user ID
+        (CVE-2011-1485).
+      </li>
+      <li>Members of the "wheel" group are able to execute commands as an
+        administrator without a password (CVE-2011-4945).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain elevated privileges or sensitive
+      information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PolicyKit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/polkit-0.104-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0750">CVE-2010-0750</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1485">CVE-2011-1485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4945">CVE-2011-4945</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:57Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-04-17T22:43:48Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201204-07.xml b/metadata/glsa/glsa-201204-07.xml
new file mode 100644
index 000000000000..a6e0d124bb98
--- /dev/null
+++ b/metadata/glsa/glsa-201204-07.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201204-07">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Adobe Flash Player, the worst of which
+    might allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">Adobe Flash Player</product>
+  <announced>2012-04-17</announced>
+  <revised count="1">2012-04-17</revised>
+  <bug>390149</bug>
+  <bug>404101</bug>
+  <bug>407023</bug>
+  <bug>410005</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.228</unaffected>
+      <vulnerable range="lt">11.2.202.228</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted SWF
+      file, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition. Furthermore,
+      a remote attacker may be able to bypass intended access restrictions,
+      bypass cross-domain policy, inject arbitrary web script, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.228"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445">CVE-2011-2445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450">CVE-2011-2450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451">CVE-2011-2451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452">CVE-2011-2452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453">CVE-2011-2453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454">CVE-2011-2454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455">CVE-2011-2455</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456">CVE-2011-2456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457">CVE-2011-2457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458">CVE-2011-2458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459">CVE-2011-2459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460">CVE-2011-2460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752">CVE-2012-0752</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753">CVE-2012-0753</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754">CVE-2012-0754</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755">CVE-2012-0755</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756">CVE-2012-0756</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767">CVE-2012-0767</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768">CVE-2012-0768</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769">CVE-2012-0769</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773">CVE-2012-0773</uri>
+  </references>
+  <metadata timestamp="2011-12-02T19:37:21Z" tag="requester">ago</metadata>
+  <metadata timestamp="2012-04-17T22:44:16Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201204-08.xml b/metadata/glsa/glsa-201204-08.xml
new file mode 100644
index 000000000000..48ea5757fd1f
--- /dev/null
+++ b/metadata/glsa/glsa-201204-08.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201204-08">
+  <title>Perl DBD-Pg Module: Arbitrary code execution</title>
+  <synopsis>Two format string vulnerabilities have been found in the Perl
+    DBD-Pg module, allowing a remote PostgreSQL servers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">DBD-Pg</product>
+  <announced>2012-04-17</announced>
+  <revised count="1">2012-04-17</revised>
+  <bug>407549</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/DBD-Pg" auto="yes" arch="*">
+      <unaffected range="ge">2.19.0</unaffected>
+      <vulnerable range="lt">2.19.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>DBD-Pg is a PostgreSQL interface module for Perl.</p>
+  </background>
+  <description>
+    <p>Format string vulnerabilities have been found in the the "pg_warn()" and
+      "dbd_st_prepare()" functions in dbdimp.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote PostgreSQL server could send specially crafted database
+      warnings or DBD statements, possibly resulting in execution of arbitrary
+      code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All users of the Perl DBD-Pg module should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-perl/DBD-Pg-2.19.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1151">CVE-2012-1151</uri>
+  </references>
+  <metadata timestamp="2012-03-17T19:18:38Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-04-17T22:44:31Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201205-01.xml b/metadata/glsa/glsa-201205-01.xml
new file mode 100644
index 000000000000..fea5db6ea3b2
--- /dev/null
+++ b/metadata/glsa/glsa-201205-01.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201205-01">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium, some of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2012-05-15</announced>
+  <revised count="1">2012-05-15</revised>
+  <bug>414199</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">18.0.1025.168</unaffected>
+      <vulnerable range="lt">18.0.1025.168</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers and release notes referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      site using Chromium, possibly resulting in the execution of arbitrary
+      code with the privileges of the process, or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-18.0.1025.168"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3078">CVE-2011-3078</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3081">CVE-2011-3081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1521">CVE-2012-1521</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html">
+      Release Notes 18.0.1025.168
+    </uri>
+  </references>
+  <metadata timestamp="2012-05-02T15:49:58Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-05-15T06:57:17Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201205-02.xml b/metadata/glsa/glsa-201205-02.xml
new file mode 100644
index 000000000000..11af7b8402e1
--- /dev/null
+++ b/metadata/glsa/glsa-201205-02.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201205-02">
+  <title>ConnMan: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ConnMan, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">ConnMan</product>
+  <announced>2012-05-15</announced>
+  <revised count="1">2012-05-15</revised>
+  <bug>415415</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/connman" auto="yes" arch="*">
+      <unaffected range="ge">1.0-r1</unaffected>
+      <vulnerable range="lt">1.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ConnMan provides a daemon for managing Internet connections.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in ConnMan:</p>
+    
+    <ul>
+      <li>Errors in inet.c and rtnl.c prevent ConnMan from checking the origin
+        of netlink messages (CVE-2012-2320).
+      </li>
+      <li>ConnMan does not properly check for shell escapes when requesting a
+        hostname via DHCP (CVE-2012-2321).
+      </li>
+      <li>An infinite loop error exists in client.c (CVE-2012-2322).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ConnMan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/connman-1.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2320">CVE-2012-2320</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2321">CVE-2012-2321</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2322">CVE-2012-2322</uri>
+  </references>
+  <metadata timestamp="2012-05-11T12:11:41Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-05-15T21:51:20Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201205-03.xml b/metadata/glsa/glsa-201205-03.xml
new file mode 100644
index 000000000000..38f1863ee984
--- /dev/null
+++ b/metadata/glsa/glsa-201205-03.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201205-03">
+  <title>Chromium, V8: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
+    some of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium v8</product>
+  <announced>2012-05-21</announced>
+  <revised count="1">2012-05-21</revised>
+  <bug>416119</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">19.0.1084.46</unaffected>
+      <vulnerable range="lt">19.0.1084.46</vulnerable>
+    </package>
+    <package name="dev-lang/v8" auto="yes" arch="*">
+      <unaffected range="ge">3.9.24.21</unaffected>
+      <vulnerable range="lt">3.9.24.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project. V8 is Google’s open
+      source JavaScript engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
+      review the CVE identifiers and release notes referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted web site or JavaScript program using Chromium or V8, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-19.0.1084.46"
+    </code>
+    
+    <p>All V8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/v8-3.9.24.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3083">
+      CVE-2011-3083
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3084">
+      CVE-2011-3084
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3085">
+      CVE-2011-3085
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3086">
+      CVE-2011-3086
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3087">
+      CVE-2011-3087
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3088">
+      CVE-2011-3088
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3089">
+      CVE-2011-3089
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3090">
+      CVE-2011-3090
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3091">
+      CVE-2011-3091
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3092">
+      CVE-2011-3092
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3093">
+      CVE-2011-3093
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3094">
+      CVE-2011-3094
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3095">
+      CVE-2011-3095
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3096">
+      CVE-2011-3096
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3100">
+      CVE-2011-3100
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3101">
+      CVE-2011-3101
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html">
+      Release Notes 19.0.1084.46
+    </uri>
+  </references>
+  <metadata timestamp="2012-05-16T06:58:58Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-05-21T06:46:40Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201205-04.xml b/metadata/glsa/glsa-201205-04.xml
new file mode 100644
index 000000000000..e37fbda34247
--- /dev/null
+++ b/metadata/glsa/glsa-201205-04.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201205-04">
+  <title>Chromium, V8: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
+    some of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium v8</product>
+  <announced>2012-05-27</announced>
+  <revised count="1">2012-05-27</revised>
+  <bug>417321</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">19.0.1084.52</unaffected>
+      <vulnerable range="lt">19.0.1084.52</vulnerable>
+    </package>
+    <package name="dev-lang/v8" auto="yes" arch="*">
+      <unaffected range="ge">3.9.24.28</unaffected>
+      <vulnerable range="lt">3.9.24.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project. V8 is Google’s open
+      source JavaScript engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
+      review the CVE identifiers and release notes referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted web site or JavaScript program using Chromium or V8, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-19.0.1084.52"
+    </code>
+    
+    <p>All V8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/v8-3.9.24.28"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3103">
+      CVE-2011-3103
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3104">
+      CVE-2011-3104
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3105">
+      CVE-2011-3105
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3106">
+      CVE-2011-3106
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3107">
+      CVE-2011-3107
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3108">
+      CVE-2011-3108
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3109">
+      CVE-2011-3109
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3111">
+      CVE-2011-3111
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3115">
+      CVE-2011-3115
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html">
+      Release Notes 19.0.1084.52
+    </uri>
+  </references>
+  <metadata timestamp="2012-05-26T16:55:13Z" tag="requester">
+    phajdan.jr
+  </metadata>
+  <metadata timestamp="2012-05-27T22:45:29Z" tag="submitter">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-01.xml b/metadata/glsa/glsa-201206-01.xml
new file mode 100644
index 000000000000..39b724be14d7
--- /dev/null
+++ b/metadata/glsa/glsa-201206-01.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-01">
+  <title>BIND: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, the worst of
+    which allowing to cause remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2012-06-02</announced>
+  <revised count="1">2012-06-02</revised>
+  <bug>347621</bug>
+  <bug>356223</bug>
+  <bug>368863</bug>
+  <bug>374201</bug>
+  <bug>374623</bug>
+  <bug>390753</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.7.4_p1</unaffected>
+      <vulnerable range="lt">9.7.4_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND is the Berkeley Internet Name Domain Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The vulnerabilities allow remote attackers to cause a Denial of Service
+      (daemon crash) via a DNS query, to bypass intended access restrictions,
+      to incorrectly cache a ncache entry and a rrsig for the same type and to
+      incorrectly mark zone data as insecure.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All bind users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.7.4_p1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since December 22, 2011. It is likely that your system is
+      already
+      no longer affected by this issue. 
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3613">CVE-2010-3613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3614">CVE-2010-3614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3615">CVE-2010-3615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3762">CVE-2010-3762</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0414">CVE-2011-0414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1910">CVE-2011-1910</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2464">CVE-2011-2464</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2465">CVE-2011-2465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4313">CVE-2011-4313</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:02Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-06-02T13:53:49Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-02.xml b/metadata/glsa/glsa-201206-02.xml
new file mode 100644
index 000000000000..413cfe17a10e
--- /dev/null
+++ b/metadata/glsa/glsa-201206-02.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-02">
+  <title>QtGui: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in QtGui could result in execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">qt-gui</product>
+  <announced>2012-06-03</announced>
+  <revised count="1">2012-06-03</revised>
+  <bug>384089</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/qt-gui" auto="yes" arch="*">
+      <unaffected range="ge">4.7.4-r1</unaffected>
+      <vulnerable range="lt">4.7.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QtGui is a module for the Qt toolkit.</p>
+  </background>
+  <description>
+    <p>An error in qtiffhandler.cpp could cause a buffer overflow.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted TIFF
+      image with an application linked against QtGui, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QtGui users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/qt-gui-4.7.4-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3194">CVE-2011-3194</uri>
+  </references>
+  <metadata timestamp="2012-05-15T06:37:52Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-03T11:37:52Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-03.xml b/metadata/glsa/glsa-201206-03.xml
new file mode 100644
index 000000000000..fa6e89daee32
--- /dev/null
+++ b/metadata/glsa/glsa-201206-03.xml
@@ -0,0 +1,186 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-03">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Opera, the worst of
+    which allow for the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Opera</product>
+  <announced>2012-06-15</announced>
+  <revised count="1">2012-06-15</revised>
+  <bug>264831</bug>
+  <bug>283391</bug>
+  <bug>290862</bug>
+  <bug>293902</bug>
+  <bug>294208</bug>
+  <bug>294680</bug>
+  <bug>308069</bug>
+  <bug>324189</bug>
+  <bug>325199</bug>
+  <bug>326413</bug>
+  <bug>332449</bug>
+  <bug>348874</bug>
+  <bug>352750</bug>
+  <bug>367837</bug>
+  <bug>373289</bug>
+  <bug>381275</bug>
+  <bug>386217</bug>
+  <bug>387137</bug>
+  <bug>393395</bug>
+  <bug>409857</bug>
+  <bug>415379</bug>
+  <bug>421075</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">12.00.1467</unaffected>
+      <vulnerable range="lt">12.00.1467</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Opera is a fast web browser that is available free of charge.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Opera. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      page, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition. A remote
+      attacker may be able to: trick users into downloading and executing
+      arbitrary files, bypass intended access restrictions, spoof trusted
+      content, spoof URLs, bypass the Same Origin Policy, obtain sensitive
+      information, force subscriptions to arbitrary feeds, bypass the popup
+      blocker, bypass CSS filtering, conduct cross-site scripting attacks, or
+      have other unknown impact. 
+    </p>
+    
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application or possibly
+      obtain sensitive information. 
+    </p>
+    
+    <p>A physically proximate attacker may be able to access an email account. </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Opera users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/opera-12.00.1467"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234">CVE-2009-1234</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059">CVE-2009-2059</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063">CVE-2009-2063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067">CVE-2009-2067</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070">CVE-2009-2070</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013">CVE-2009-3013</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044">CVE-2009-3044</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045">CVE-2009-3045</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046">CVE-2009-3046</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047">CVE-2009-3047</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048">CVE-2009-3048</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049">CVE-2009-3049</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831">CVE-2009-3831</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071">CVE-2009-4071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072">CVE-2009-4072</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653">CVE-2010-0653</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349">CVE-2010-1349</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989">CVE-2010-1989</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993">CVE-2010-1993</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121">CVE-2010-2121</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421">CVE-2010-2421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455">CVE-2010-2455</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576">CVE-2010-2576</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658">CVE-2010-2658</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659">CVE-2010-2659</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660">CVE-2010-2660</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661">CVE-2010-2661</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662">CVE-2010-2662</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663">CVE-2010-2663</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664">CVE-2010-2664</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665">CVE-2010-2665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019">CVE-2010-3019</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020">CVE-2010-3020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021">CVE-2010-3021</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579">CVE-2010-4579</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580">CVE-2010-4580</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581">CVE-2010-4581</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582">CVE-2010-4582</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583">CVE-2010-4583</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584">CVE-2010-4584</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585">CVE-2010-4585</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586">CVE-2010-4586</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681">CVE-2011-0681</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682">CVE-2011-0682</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683">CVE-2011-0683</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684">CVE-2011-0684</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685">CVE-2011-0685</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686">CVE-2011-0686</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687">CVE-2011-0687</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337">CVE-2011-1337</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824">CVE-2011-1824</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609">CVE-2011-2609</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610">CVE-2011-2610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611">CVE-2011-2611</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612">CVE-2011-2612</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613">CVE-2011-2613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614">CVE-2011-2614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615">CVE-2011-2615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616">CVE-2011-2616</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617">CVE-2011-2617</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618">CVE-2011-2618</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619">CVE-2011-2619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620">CVE-2011-2620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621">CVE-2011-2621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622">CVE-2011-2622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623">CVE-2011-2623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624">CVE-2011-2624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625">CVE-2011-2625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626">CVE-2011-2626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627">CVE-2011-2627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628">CVE-2011-2628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629">CVE-2011-2629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630">CVE-2011-2630</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631">CVE-2011-2631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632">CVE-2011-2632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633">CVE-2011-2633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634">CVE-2011-2634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635">CVE-2011-2635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636">CVE-2011-2636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637">CVE-2011-2637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638">CVE-2011-2638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639">CVE-2011-2639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640">CVE-2011-2640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641">CVE-2011-2641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388">CVE-2011-3388</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065">CVE-2011-4065</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681">CVE-2011-4681</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682">CVE-2011-4682</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683">CVE-2011-4683</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924">CVE-2012-1924</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925">CVE-2012-1925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926">CVE-2012-1926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927">CVE-2012-1927</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928">CVE-2012-1928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930">CVE-2012-1930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931">CVE-2012-1931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555">CVE-2012-3555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556">CVE-2012-3556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557">CVE-2012-3557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558">CVE-2012-3558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560">CVE-2012-3560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561">CVE-2012-3561</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:35Z" tag="requester">
+    keytoaster
+  </metadata>
+  <metadata timestamp="2012-06-15T17:22:37Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-04.xml b/metadata/glsa/glsa-201206-04.xml
new file mode 100644
index 000000000000..b00559f8c476
--- /dev/null
+++ b/metadata/glsa/glsa-201206-04.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-04">
+  <title>ArgyllCMS: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in ArgyllCMS which could allow
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">argyllcms</product>
+  <announced>2012-06-18</announced>
+  <revised count="1">2012-06-18</revised>
+  <bug>416781</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/argyllcms" auto="yes" arch="*">
+      <unaffected range="ge">1.4.0</unaffected>
+      <vulnerable range="lt">1.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ArgyllCMS is an ICC compatible color management system that supports
+      accurate ICC profile creation for scanners, cameras and film recorders. 
+    </p>
+  </background>
+  <description>
+    <p>ArgyllCMS does not properly handle ICC profiles causing a use-after-free
+      vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using ArgyllCMS, possibly resulting in  execution of arbitrary code
+      with the privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All argyllcms users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/argyllcms-1.4.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1616">
+      CVE-2012-1616
+    </uri>
+  </references>
+  <metadata timestamp="2012-05-22T19:47:51Z" tag="requester">n0idx80</metadata>
+  <metadata timestamp="2012-06-18T22:09:51Z" tag="submitter">n0idx80</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-05.xml b/metadata/glsa/glsa-201206-05.xml
new file mode 100644
index 000000000000..234a5c0bad9e
--- /dev/null
+++ b/metadata/glsa/glsa-201206-05.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-05">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Asterisk might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">Asterisk</product>
+  <announced>2012-06-21</announced>
+  <revised count="1">2012-06-21</revised>
+  <bug>413353</bug>
+  <bug>418189</bug>
+  <bug>418191</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.8.12.1</unaffected>
+      <vulnerable range="lt">1.8.12.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Asterisk:</p>
+    
+    <ul>
+      <li>An error in manager.c allows shell access through the MixMonitor
+        application, GetVar, or Status (CVE-2012-2414).
+      </li>
+      <li>An error in chan_skinny.c could cause a heap-based buffer overflow
+        (CVE-2012-2415).
+      </li>
+      <li>An error in chan_sip.c prevents Asterisk from checking if a channel
+        exists before connected line updates (CVE-2012-2416).
+      </li>
+      <li>An error in chan_iax2.c may cause an invalid pointer to be called
+        (CVE-2012-2947).
+      </li>
+      <li>chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.12.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2414">CVE-2012-2414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2415">CVE-2012-2415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2416">CVE-2012-2416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2947">CVE-2012-2947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2948">CVE-2012-2948</uri>
+  </references>
+  <metadata timestamp="2012-04-24T21:44:51Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-21T00:28:33Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-06.xml b/metadata/glsa/glsa-201206-06.xml
new file mode 100644
index 000000000000..393630c818e5
--- /dev/null
+++ b/metadata/glsa/glsa-201206-06.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-06">
+  <title>OpenJPEG: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in OpenJPEG could result in execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">OpenJPEG</product>
+  <announced>2012-06-21</announced>
+  <revised count="1">2012-06-21</revised>
+  <bug>409203</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openjpeg" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0</unaffected>
+      <vulnerable range="lt">1.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJPEG is an open-source JPEG 2000 library.</p>
+  </background>
+  <description>
+    <p>An error in jp2.c of OpenJPEG could allow an out-of-bounds write error. </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted JPEG
+      file, possibly resulting in execution of arbitrary code or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJPEG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-1.5.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1499">CVE-2012-1499</uri>
+  </references>
+  <metadata timestamp="2012-03-22T13:07:16Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-21T00:29:40Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-07.xml b/metadata/glsa/glsa-201206-07.xml
new file mode 100644
index 000000000000..72ccb27e88ea
--- /dev/null
+++ b/metadata/glsa/glsa-201206-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-07">
+  <title>nginx: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in nginx could result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nginx</product>
+  <announced>2012-06-21</announced>
+  <revised count="1">2012-06-21</revised>
+  <bug>411751</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge">1.0.15</unaffected>
+      <vulnerable range="lt">1.0.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server.
+    </p>
+  </background>
+  <description>
+    <p>An error in ngx_http_mp4_module.c could cause a buffer overflow.</p>
+    
+    <p>NOTE: nginx must have been emerged with USE="nginx_modules_http_mp4" in
+      order to be affected by this vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to place a specially crafted MP4
+      file on the nginx server, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nginx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.0.15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2089">CVE-2012-2089</uri>
+  </references>
+  <metadata timestamp="2012-04-15T17:34:10Z" tag="requester">ago</metadata>
+  <metadata timestamp="2012-06-21T10:10:12Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-08.xml b/metadata/glsa/glsa-201206-08.xml
new file mode 100644
index 000000000000..631f92efdff6
--- /dev/null
+++ b/metadata/glsa/glsa-201206-08.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-08">
+  <title>Wicd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wicd, the worst of
+    which might allow execution of arbitrary code as root.
+  </synopsis>
+  <product type="ebuild">wicd</product>
+  <announced>2012-06-21</announced>
+  <revised count="1">2012-06-21</revised>
+  <bug>401005</bug>
+  <bug>411729</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/wicd" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2.1</unaffected>
+      <vulnerable range="lt">1.7.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wicd is an open source wired and wireless network manager for Linux.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in Wicd:</p>
+    
+    <ul>
+      <li>Passwords and passphrases are written to /var/log/wicd
+        (CVE-2012-0813).
+      </li>
+      <li>Input from the daemon's D-Bus interface is not properly sanitized
+        (CVE-2012-2095).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain privileges of the root user or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wicd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wicd-1.7.2.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0813">CVE-2012-0813</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2095">CVE-2012-2095</uri>
+  </references>
+  <metadata timestamp="2012-04-15T04:06:17Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-21T10:10:59Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-09.xml b/metadata/glsa/glsa-201206-09.xml
new file mode 100644
index 000000000000..182b83eed10a
--- /dev/null
+++ b/metadata/glsa/glsa-201206-09.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-09">
+  <title>MediaWiki: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of
+    which leading to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">MediaWiki</product>
+  <announced>2012-06-21</announced>
+  <revised count="1">2012-06-21</revised>
+  <bug>366685</bug>
+  <bug>409513</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.18.2</unaffected>
+      <vulnerable range="lt">1.18.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The MediaWiki wiki web application as used on wikipedia.org.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mediawiki. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>MediaWiki allows remote attackers to bypass authentication, to perform
+      imports from any wgImportSources wiki via a crafted POST request, to
+      conduct cross-site scripting (XSS) attacks or obtain sensitive
+      information, to inject arbitrary web script or HTML, to conduct
+      clickjacking attacks, to execute arbitrary PHP code, to inject arbitrary
+      web script or HTML, to bypass intended access restrictions and to obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MediaWiki users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.18.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2787">CVE-2010-2787</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2788">CVE-2010-2788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2789">CVE-2010-2789</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0003">CVE-2011-0003</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0047">CVE-2011-0047</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0537">CVE-2011-0537</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1579">CVE-2011-1579</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1580">CVE-2011-1580</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1766">CVE-2011-1766</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1766">CVE-2011-1766</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1578">CVE-2012-1578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1579">CVE-2012-1579</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1580">CVE-2012-1580</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1581">CVE-2012-1581</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1582">CVE-2012-1582</uri>
+  </references>
+  <metadata timestamp="2011-10-08T12:42:24Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-06-21T18:10:28Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-10.xml b/metadata/glsa/glsa-201206-10.xml
new file mode 100644
index 000000000000..c57e2b78d2a9
--- /dev/null
+++ b/metadata/glsa/glsa-201206-10.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-10">
+  <title>ejabberd: Multiple Denial of Service vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ejabberd, the worst of
+    which allowing for remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">ejabberd</product>
+  <announced>2012-06-21</announced>
+  <revised count="1">2012-06-21</revised>
+  <bug>308047</bug>
+  <bug>370201</bug>
+  <bug>386075</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/ejabberd" auto="yes" arch="*">
+      <unaffected range="ge">2.1.9</unaffected>
+      <vulnerable range="lt">2.1.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ejabberd is the Erlang jabber daemon.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ejabberd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>ejabberd allows remote attackers to cause a Denial of Service condition
+      with the result of either crashing the daemon or the whole system by
+      causing memory and CPU consumption.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ejabberd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/ejabberd-2.1.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0305">CVE-2010-0305</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1753">CVE-2011-1753</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4320">CVE-2011-4320</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:20Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-21T18:14:54Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-11.xml b/metadata/glsa/glsa-201206-11.xml
new file mode 100644
index 000000000000..90476ec6a1e1
--- /dev/null
+++ b/metadata/glsa/glsa-201206-11.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-11">
+  <title>Pidgin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Pidgin, the worst of which
+    allowing for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Pidgin</product>
+  <announced>2012-06-21</announced>
+  <revised count="1">2012-06-21</revised>
+  <bug>299751</bug>
+  <bug>372785</bug>
+  <bug>385073</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/pidgin" auto="yes" arch="*">
+      <unaffected range="ge">2.10.0-r1</unaffected>
+      <vulnerable range="lt">2.10.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pidgin is an GTK Instant Messenger client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pidgin. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>These vulnerabilities allow for arbitrary file retrieval, Denial of
+      Service and arbitrary code execution with the privileges of the user
+      running Pidgin.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pidgin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.10.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0013">CVE-2010-0013</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2485">CVE-2011-2485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3594">CVE-2011-3594</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:06Z" tag="requester">
+    keytoaster
+  </metadata>
+  <metadata timestamp="2012-06-21T18:17:26Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-12.xml b/metadata/glsa/glsa-201206-12.xml
new file mode 100644
index 000000000000..76d2d32ddf9a
--- /dev/null
+++ b/metadata/glsa/glsa-201206-12.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-12">
+  <title>tftp-hpa: Remote buffer overflow</title>
+  <synopsis>A vulnerability was found in tftp-hpa, which leads to remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tftp-hpa</product>
+  <announced>2012-06-21</announced>
+  <revised count="3">2017-04-17</revised>
+  <bug>374001</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/tftp-hpa" auto="yes" arch="*">
+      <unaffected range="ge">5.1</unaffected>
+      <vulnerable range="lt">5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tftp-hpa is the port of the OpenBSD TFTP server.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in tftp-hpa. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>The vulnerability might allow remote attackers to execute arbitrary
+      code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tftp-hpa users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/tftp-hpa-5.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2199">CVE-2011-2199</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:00Z">underling</metadata>
+  <metadata tag="submitter" timestamp="2017-04-17T18:08:16Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-13.xml b/metadata/glsa/glsa-201206-13.xml
new file mode 100644
index 000000000000..ba3c64acf3e7
--- /dev/null
+++ b/metadata/glsa/glsa-201206-13.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-13">
+  <title>Mono: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Mono, the worst of which
+    allowing for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mono mono-debugger</product>
+  <announced>2012-06-21</announced>
+  <revised count="1">2012-06-21</revised>
+  <bug>277878</bug>
+  <bug>342133</bug>
+  <bug>345561</bug>
+  <bug>346401</bug>
+  <bug>351087</bug>
+  <bug>372983</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-util/mono-debugger" auto="yes" arch="*">
+      <unaffected range="ge">2.8.1-r1</unaffected>
+      <vulnerable range="lt">2.8.1-r1</vulnerable>
+    </package>
+    <package name="dev-lang/mono" auto="yes" arch="*">
+      <unaffected range="ge">2.10.2-r1</unaffected>
+      <vulnerable range="lt">2.10.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mono is an open source implementation of Microsoft's .NET Framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mono and Mono debugger.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code, bypass general
+      constraints, obtain the source code for .aspx applications, obtain other
+      sensitive information, cause a Denial of Service, modify internal data
+      structures, or corrupt the internal state of the security manager.
+    </p>
+    
+    <p>A local attacker could entice a user into running Mono debugger in a
+      directory containing a specially crafted library file to execute
+      arbitrary code with the privileges of the user running Mono debugger.
+    </p>
+    
+    <p>A context-dependant attacker could bypass the authentication mechanism
+      provided by the XML Signature specification.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mono debugger users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/mono-debugger-2.8.1-r1"
+    </code>
+    
+    <p>All Mono users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/mono-2.10.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217">CVE-2009-0217</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3332">CVE-2010-3332</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3369">CVE-2010-3369</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4159">CVE-2010-4159</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4225">CVE-2010-4225</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4254">CVE-2010-4254</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0989">CVE-2011-0989</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0990">CVE-2011-0990</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0991">CVE-2011-0991</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0992">CVE-2011-0992</uri>
+  </references>
+  <metadata timestamp="2011-10-08T22:43:20Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-06-21T20:40:21Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-14.xml b/metadata/glsa/glsa-201206-14.xml
new file mode 100644
index 000000000000..eac17fb89d62
--- /dev/null
+++ b/metadata/glsa/glsa-201206-14.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-14">
+  <title>Adobe Reader: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Adobe Reader might allow remote
+    attackers to execute arbitrary code or conduct various other attacks.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2012-06-22</announced>
+  <revised count="1">2012-06-22</revised>
+  <bug>405949</bug>
+  <bug>411499</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">9.5.1</unaffected>
+      <vulnerable range="lt">9.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Adobe Reader is a closed-source PDF reader.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Adobe Reader, including an
+      integer overflow in TrueType Font handling (CVE-2012-0774) and multiple
+      unspecified errors which could cause memory corruption. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      file, possibly resulting in  execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Reader users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370">CVE-2011-4370</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371">CVE-2011-4371</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372">CVE-2011-4372</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373">CVE-2011-4373</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774">CVE-2012-0774</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775">CVE-2012-0775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776">CVE-2012-0776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777">CVE-2012-0777</uri>
+  </references>
+  <metadata timestamp="2012-04-12T01:22:21Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-22T10:12:35Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-15.xml b/metadata/glsa/glsa-201206-15.xml
new file mode 100644
index 000000000000..18e442994fce
--- /dev/null
+++ b/metadata/glsa/glsa-201206-15.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-15">
+  <title>libpng: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in libpng might allow remote attackers to
+    execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2012-06-22</announced>
+  <revised count="5">2017-01-03</revised>
+  <bug>373967</bug>
+  <bug>386185</bug>
+  <bug>401987</bug>
+  <bug>404197</bug>
+  <bug>410153</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.5.10</unaffected>
+      <unaffected range="ge" slot="1.2">1.2.49</unaffected>
+      <vulnerable range="lt">1.5.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpng is a standard library used to process PNG (Portable Network
+      Graphics) images. It is used by several programs, including web browsers
+      and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libpng:</p>
+    
+    <ul>
+      <li>The “embedded_profile_len()” function in pngwutil.c does not
+        check for negative values, resulting in a memory leak (CVE-2009-5063).
+      </li>
+      <li>The “png_format_buffer()” function in pngerror.c contains an
+        off-by-one error (CVE-2011-2501).
+      </li>
+      <li>The “png_rgb_to_gray()” function in pngrtran.c contains an
+        integer overflow error (CVE-2011-2690).
+      </li>
+      <li>The “png_err()” function in pngerror.c contains a NULL pointer
+        dereference error (CVE-2011-2691).
+      </li>
+      <li>The “png_handle_sCAL()” function in pngrutil.c improperly handles
+        malformed sCAL chunks(CVE-2011-2692).
+      </li>
+      <li>The “png_decompress_chunk()” function in pngrutil.c contains an
+        integer overflow error (CVE-2011-3026).
+      </li>
+      <li>The “png_inflate()” function in pngrutil.c contains and out of
+        bounds error (CVE-2011-3045).
+      </li>
+      <li>The “png_set_text_2()” function in pngset.c contains an error
+        which could result in memory corruption (CVE-2011-3048).
+      </li>
+      <li>The “png_formatted_warning()” function in pngerror.c contains an
+        off-by-one error (CVE-2011-3464).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>An attacker could exploit these vulnerabilities to execute arbitrary
+      code with the permissions of the user running the vulnerable program,
+      which could be the root user, or to cause programs linked against the
+      library to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpng 1.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.5.10"
+    </code>
+    
+    <p>All libpng 1.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.49"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5063">CVE-2009-5063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2501">CVE-2011-2501</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2690">CVE-2011-2690</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2691">CVE-2011-2691</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2692">CVE-2011-2692</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026">CVE-2011-3026</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045">CVE-2011-3045</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048">CVE-2011-3048</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3464">CVE-2011-3464</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:07Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2017-01-03T04:38:41Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-16.xml b/metadata/glsa/glsa-201206-16.xml
new file mode 100644
index 000000000000..e8920ad83ef6
--- /dev/null
+++ b/metadata/glsa/glsa-201206-16.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-16">
+  <title>TagLib: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in TagLib, possibly
+    resulting in Denial of Service.
+  </synopsis>
+  <product type="ebuild">TagLib</product>
+  <announced>2012-06-22</announced>
+  <revised count="1">2012-06-22</revised>
+  <bug>407673</bug>
+  <bug>410953</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/taglib" auto="yes" arch="*">
+      <unaffected range="ge">1.7.1</unaffected>
+      <vulnerable range="lt">1.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TagLib is a library for reading and editing audio meta data.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in TagLib:</p>
+    
+    <ul>
+      <li>The "analyzeCurrent()" function in ape/apeproperties.cpp contains a
+        division by zero error (CVE-2012-1107).
+      </li>
+      <li>The "parse()" function in inogg/xiphcomment.cpp contains an error
+        when processing the "vendorLength" field (CVE-2012-1108).
+      </li>
+      <li>The "mid()" function in toolkit/tbytevector.cpp contains an integer
+        overflow error (CVE-2012-1584).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to open a
+      specially crafted OGG file with an application using TagLib, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TagLib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/taglib-1.7.1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as  revdep-rebuild may assist in identifying  some of these
+      packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1107">CVE-2012-1107</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1108">CVE-2012-1108</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1584">CVE-2012-1584</uri>
+  </references>
+  <metadata timestamp="2012-04-06T15:50:48Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-22T16:29:31Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-17.xml b/metadata/glsa/glsa-201206-17.xml
new file mode 100644
index 000000000000..649c43a6f580
--- /dev/null
+++ b/metadata/glsa/glsa-201206-17.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-17">
+  <title>virtualenv: Insecure temporary file usage</title>
+  <synopsis>An insecure temporary file usage has been reported in virtualenv,
+    possibly allowing symlink attacks.
+  </synopsis>
+  <product type="ebuild">virtualenv</product>
+  <announced>2012-06-22</announced>
+  <revised count="1">2012-06-22</revised>
+  <bug>395285</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-python/virtualenv" auto="yes" arch="*">
+      <unaffected range="ge">1.5.1</unaffected>
+      <vulnerable range="lt">1.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>virtualenv is a virtual Python environment builder.</p>
+  </background>
+  <description>
+    <p>The virtualenv.py script in virtualenv does not handle temporary files
+      securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All virtualenv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/virtualenv-1.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4617">CVE-2011-4617</uri>
+  </references>
+  <metadata timestamp="2012-03-06T21:31:00Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-22T16:31:54Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-18.xml b/metadata/glsa/glsa-201206-18.xml
new file mode 100644
index 000000000000..ee00ffab3261
--- /dev/null
+++ b/metadata/glsa/glsa-201206-18.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-18">
+  <title>GnuTLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GnuTLS, allowing a
+    remote attacker to perform man-in-the-middle or Denial of Service attacks.
+  </synopsis>
+  <product type="ebuild">GnuTLS</product>
+  <announced>2012-06-23</announced>
+  <revised count="1">2012-06-23</revised>
+  <bug>281224</bug>
+  <bug>292025</bug>
+  <bug>389947</bug>
+  <bug>409287</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">2.12.18</unaffected>
+      <vulnerable range="lt">2.12.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0
+      protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in GnuTLS:</p>
+    
+    <ul>
+      <li>An error in libgnutls does not properly sanitize "\0" characters from
+        certificate fields (CVE-2009-2730).
+      </li>
+      <li>An error in the TLS and SSL protocols mistreats renegotiation
+        handshakes (CVE-2009-3555).
+      </li>
+      <li>A boundary error in the "gnutls_session_get_data()" function in
+        gnutls_session.c could cause a buffer overflow (CVE-2011-4128).
+      </li>
+      <li>An error in the "_gnutls_ciphertext2compressed()" function in
+        gnutls_cipher.c could cause memory corruption (CVE-2012-1573).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could perform man-in-the-middle attacks to spoof
+      arbitrary SSL servers or cause a Denial of Service condition in
+      applications linked against GnuTLS.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-2.12.18"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2730">CVE-2009-2730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555">CVE-2009-3555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4128">CVE-2011-4128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1573">CVE-2012-1573</uri>
+  </references>
+  <metadata timestamp="2012-04-17T00:40:28Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-23T14:21:06Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-19.xml b/metadata/glsa/glsa-201206-19.xml
new file mode 100644
index 000000000000..33cb381d669c
--- /dev/null
+++ b/metadata/glsa/glsa-201206-19.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-19">
+  <title>NVIDIA Drivers: Privilege escalation</title>
+  <synopsis>A vulnerability in NVIDIA drivers may allow a local attacker to
+    gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">nvidia-drivers</product>
+  <announced>2012-06-23</announced>
+  <revised count="1">2012-06-23</revised>
+  <bug>411617</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
+      <unaffected range="ge">295.40</unaffected>
+      <vulnerable range="lt">295.40</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
+      boards.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability has been found in the way NVIDIA drivers handle
+      read/write access to GPU device nodes, allowing access to arbitrary
+      system memory locations.
+    </p>
+    
+    <p>NOTE: Exposure to this vulnerability is reduced in Gentoo due to 660
+      permissions being used on the GPU device nodes by default.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NVIDIA driver users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=x11-drivers/nvidia-drivers-295.40"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0946">CVE-2012-0946</uri>
+  </references>
+  <metadata timestamp="2012-04-18T00:15:12Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-23T14:21:13Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-20.xml b/metadata/glsa/glsa-201206-20.xml
new file mode 100644
index 000000000000..ac53364d11b2
--- /dev/null
+++ b/metadata/glsa/glsa-201206-20.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-20">
+  <title>gdk-pixbuf: Denial of service</title>
+  <synopsis>Multiple vulnerabilities in gdk-pixbuf may create a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">gdk-pixbuf</product>
+  <announced>2012-06-23</announced>
+  <revised count="1">2012-06-23</revised>
+  <bug>373999</bug>
+  <bug>412033</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gdk-pixbuf" auto="yes" arch="*">
+      <unaffected range="ge">2.24.1-r1</unaffected>
+      <vulnerable range="lt">2.24.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>gdk-pixbuf is an image loading library for GTK+.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in gdk-pixbuf:</p>
+    
+    <ul>
+      <li>The "gdk_pixbuf__gif_image_load()" function in io-gif.c fails to
+        properly handle certain return values from subroutines (CVE-2011-2485).
+      </li>
+      <li>The "read_bitmap_file_data()" function in io-xbm.c contains an
+        integer overflow error (CVE-2012-2370).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      in an application linked against gdk-pixbuf, possibly resulting in Denial
+      of Service. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gdk-pixbuf users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/gdk-pixbuf-2.24.1-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2485">CVE-2011-2485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2370">CVE-2012-2370</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:08Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-23T20:11:46Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-21.xml b/metadata/glsa/glsa-201206-21.xml
new file mode 100644
index 000000000000..8a2c6b8952c2
--- /dev/null
+++ b/metadata/glsa/glsa-201206-21.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-21">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player
+    could result in the execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">Adobe Flash Player</product>
+  <announced>2012-06-23</announced>
+  <revised count="1">2012-06-23</revised>
+  <bug>414603</bug>
+  <bug>420311</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.236</unaffected>
+      <vulnerable range="lt">11.2.202.236</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted SWF
+      file, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.236"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779">CVE-2012-0779</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034">CVE-2012-2034</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035">CVE-2012-2035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036">CVE-2012-2036</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037">CVE-2012-2037</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038">CVE-2012-2038</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039">CVE-2012-2039</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040">CVE-2012-2040</uri>
+  </references>
+  <metadata timestamp="2012-05-05T11:36:09Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-23T20:11:51Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-22.xml b/metadata/glsa/glsa-201206-22.xml
new file mode 100644
index 000000000000..d6cbec859940
--- /dev/null
+++ b/metadata/glsa/glsa-201206-22.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-22">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which may allow execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">Samba</product>
+  <announced>2012-06-24</announced>
+  <revised count="1">2012-06-24</revised>
+  <bug>290633</bug>
+  <bug>310105</bug>
+  <bug>323785</bug>
+  <bug>332063</bug>
+  <bug>337295</bug>
+  <bug>356917</bug>
+  <bug>382263</bug>
+  <bug>386375</bug>
+  <bug>405551</bug>
+  <bug>411487</bug>
+  <bug>414319</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.5.15</unaffected>
+      <vulnerable range="lt">3.5.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with root
+      privileges, cause a Denial of Service condition, take ownership of shared
+      files, or bypass file permissions. Furthermore, a local attacker may be
+      able to cause a Denial of Service condition or obtain sensitive
+      information in a Samba credentials file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.5.15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2906">CVE-2009-2906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2948">CVE-2009-2948</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0728">CVE-2010-0728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1635">CVE-2010-1635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1642">CVE-2010-1642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2063">CVE-2010-2063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3069">CVE-2010-3069</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0719">CVE-2011-0719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1678">CVE-2011-1678</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2724">CVE-2011-2724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0870">CVE-2012-0870</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1182">CVE-2012-1182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2111">CVE-2012-2111</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:36:59Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-24T12:38:35Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-23.xml b/metadata/glsa/glsa-201206-23.xml
new file mode 100644
index 000000000000..7ad40d86ecc0
--- /dev/null
+++ b/metadata/glsa/glsa-201206-23.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-23">
+  <title>PyCrypto: Weak key generation</title>
+  <synopsis>PyCrypto generates weak ElGamal keys.</synopsis>
+  <product type="ebuild">pycrypto</product>
+  <announced>2012-06-24</announced>
+  <revised count="1">2012-06-24</revised>
+  <bug>417625</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pycrypto" auto="yes" arch="*">
+      <unaffected range="ge">2.6</unaffected>
+      <vulnerable range="lt">2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PyCrypto is the Python Cryptography Toolkit.</p>
+  </background>
+  <description>
+    <p>An error in the generate() function in ElGamal.py causes PyCrypto to
+      generate weak ElGamal keys.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might be able to derive private keys.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PyCrypto users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pycrypto-2.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2417">CVE-2012-2417</uri>
+  </references>
+  <metadata timestamp="2012-06-11T22:45:07Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-06-24T12:38:41Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-24.xml b/metadata/glsa/glsa-201206-24.xml
new file mode 100644
index 000000000000..e8685a7045b2
--- /dev/null
+++ b/metadata/glsa/glsa-201206-24.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-24">
+  <title>Apache Tomcat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Apache Tomcat, the worst of
+    which allowing to read, modify and overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">apache tomcat</product>
+  <announced>2012-06-24</announced>
+  <revised count="3">2016-03-20</revised>
+  <bug>272566</bug>
+  <bug>273662</bug>
+  <bug>303719</bug>
+  <bug>320963</bug>
+  <bug>329937</bug>
+  <bug>373987</bug>
+  <bug>374619</bug>
+  <bug>382043</bug>
+  <bug>386213</bug>
+  <bug>396401</bug>
+  <bug>399227</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="rge">6.0.35</unaffected>
+      <unaffected range="ge">7.0.23</unaffected>
+      <unaffected range="rge">6.0.44</unaffected>
+      <unaffected range="rge">6.0.45</unaffected>
+      <unaffected range="rge">6.0.46</unaffected>
+      <unaffected range="rge">6.0.47</unaffected>
+      <unaffected range="rge">6.0.48</unaffected>
+      <vulnerable range="lt">7.0.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache Tomcat. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The vulnerabilities allow an attacker to cause a Denial of Service, to
+      hijack a session, to bypass authentication, to inject webscript, to
+      enumerate valid usernames, to read, modify and overwrite arbitrary files,
+      to bypass intended access restrictions, to delete work-directory files,
+      to discover the server’s hostname or IP, to bypass read permissions for
+      files or HTTP headers, to read or write files outside of the intended
+      working directory, and to obtain sensitive information by reading a log
+      file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Tomcat 6.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-6.0.35"
+    </code>
+    
+    <p>All Apache Tomcat 7.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-7.0.23"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515">CVE-2008-5515</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033">CVE-2009-0033</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580">CVE-2009-0580</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781">CVE-2009-0781</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783">CVE-2009-0783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693">CVE-2009-2693</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901">CVE-2009-2901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902">CVE-2009-2902</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157">CVE-2010-1157</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227">CVE-2010-2227</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718">CVE-2010-3718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172">CVE-2010-4172</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312">CVE-2010-4312</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013">CVE-2011-0013</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534">CVE-2011-0534</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088">CVE-2011-1088</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183">CVE-2011-1183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184">CVE-2011-1184</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419">CVE-2011-1419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475">CVE-2011-1475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582">CVE-2011-1582</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204">CVE-2011-2204</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481">CVE-2011-2481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526">CVE-2011-2526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729">CVE-2011-2729</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190">CVE-2011-3190</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375">CVE-2011-3375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858">CVE-2011-4858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062">CVE-2011-5062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063">CVE-2011-5063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064">CVE-2011-5064</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022">CVE-2012-0022</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:00Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2016-03-20T14:15:43Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-25.xml b/metadata/glsa/glsa-201206-25.xml
new file mode 100644
index 000000000000..7ad6dfc6f5eb
--- /dev/null
+++ b/metadata/glsa/glsa-201206-25.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-25">
+  <title>Apache HTTP Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Apache HTTP Server.</synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2012-06-24</announced>
+  <revised count="1">2012-06-24</revised>
+  <bug>308049</bug>
+  <bug>330195</bug>
+  <bug>380475</bug>
+  <bug>382971</bug>
+  <bug>385859</bug>
+  <bug>389353</bug>
+  <bug>392189</bug>
+  <bug>398761</bug>
+  <bug>401081</bug>
+  <bug>412481</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.2.22-r1</unaffected>
+      <vulnerable range="lt">2.2.22-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache HTTP Server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache HTTP Server.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker might obtain sensitive information, gain privileges,
+      send requests to unintended servers behind proxies, bypass certain
+      security restrictions, obtain the values of HTTPOnly cookies, or cause a
+      Denial of Service in various ways.
+    </p>
+    
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache HTTP Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.22-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408">CVE-2010-0408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434">CVE-2010-0434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452">CVE-2010-1452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791">CVE-2010-2791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192">CVE-2011-3192</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348">CVE-2011-3348</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368">CVE-2011-3368</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607">CVE-2011-3607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317">CVE-2011-4317</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021">CVE-2012-0021</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031">CVE-2012-0031</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053">CVE-2012-0053</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883">CVE-2012-0883</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:41Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-06-24T14:28:33Z" tag="submitter">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-26.xml b/metadata/glsa/glsa-201206-26.xml
new file mode 100644
index 000000000000..b4efddddb7b9
--- /dev/null
+++ b/metadata/glsa/glsa-201206-26.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-26">
+  <title>RPM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in RPM, possibly allowing
+    local attackers to gain elevated privileges or remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">RPM</product>
+  <announced>2012-06-24</announced>
+  <revised count="1">2012-06-24</revised>
+  <bug>335880</bug>
+  <bug>384967</bug>
+  <bug>410949</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/rpm" auto="yes" arch="*">
+      <unaffected range="ge">4.9.1.3</unaffected>
+      <vulnerable range="lt">4.9.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Red Hat Package Manager (RPM) is a command line driven package
+      management system capable of installing, uninstalling, verifying,
+      querying, and updating computer software packages.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in RPM:</p>
+    
+    <ul>
+      <li>fsm.c fails to properly strip setuid and setgid bits from executable
+        files during a package upgrade (CVE-2010-2059).
+      </li>
+      <li>RPM does not properly parse spec files (CVE-2010-2197).</li>
+      <li>fsm.c fails to properly strip POSIX file capabilities from executable
+        files during a package upgrade or removal (CVE-2010-2198).
+      </li>
+      <li>fsm.c fails to properly strip POSIX ACLs from executable files during
+        a package upgrade or removal (CVE-2010-2199).
+      </li>
+      <li>header.c does not properly parse region offsets in package files
+        (CVE-2011-3378).
+      </li>
+      <li>RPM does not properly sanitize region tags in package headers
+        (CVE-2012-0060).
+      </li>
+      <li>RPM does not properly sanitize region sizes in package headers
+        (CVE-2012-0061).
+      </li>
+      <li>RPM does not properly sanitize region offsets in package
+        headers(CVE-2012-0815).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to gain elevated privileges. Furthermore, a
+      remote attacker could entice a user to open a specially crafted RPM
+      package, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RPM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/rpm-4.9.1.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2059">CVE-2010-2059</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2197">CVE-2010-2197</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2198">CVE-2010-2198</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2199">CVE-2010-2199</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3378">CVE-2011-3378</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0060">CVE-2012-0060</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0061">CVE-2012-0061</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0815">CVE-2012-0815</uri>
+  </references>
+  <metadata timestamp="2012-03-25T14:53:26Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-24T22:36:58Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-27.xml b/metadata/glsa/glsa-201206-27.xml
new file mode 100644
index 000000000000..7a64aa8cb896
--- /dev/null
+++ b/metadata/glsa/glsa-201206-27.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-27">
+  <title>mini_httpd: Arbitrary code execution</title>
+  <synopsis>A vulnerability in mini_httpd could allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mini_httpd</product>
+  <announced>2012-06-24</announced>
+  <revised count="1">2012-06-24</revised>
+  <bug>303755</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/mini_httpd" auto="yes" arch="*">
+      <vulnerable range="rle">1.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mini_httpd is a small webserver with optional SSL and IPv6 support.</p>
+  </background>
+  <description>
+    <p>mini_httpd does not properly check for shell escapes when parsing HTTP
+      requests.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send specially crafted HTTP requests, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process, or allowing for overwriting of files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo discontinued support for mini_httpd. We recommend that users
+      unmerge mini_httpd:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-servers/mini_httpd"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4490">CVE-2009-4490</uri>
+  </references>
+  <metadata timestamp="2012-05-11T17:25:55Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-24T22:37:57Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-28.xml b/metadata/glsa/glsa-201206-28.xml
new file mode 100644
index 000000000000..ab1d08f05e18
--- /dev/null
+++ b/metadata/glsa/glsa-201206-28.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-28">
+  <title>TeX Live: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in texlive-core, allowing
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">TeX Live</product>
+  <announced>2012-06-25</announced>
+  <revised count="1">2012-06-25</revised>
+  <bug>264598</bug>
+  <bug>324019</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/texlive-core" auto="yes" arch="*">
+      <unaffected range="ge">2009-r2</unaffected>
+      <vulnerable range="lt">2009-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TeX Live is a complete TeX distribution.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in texlive-core. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>These vulnerabilities might allow user-assisted remote attackers to
+      execute arbitrary code via a specially-crafted DVI file, or cause a
+      Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All texlive-core users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/texlive-core-2009-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1284">CVE-2009-1284</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0739">CVE-2010-0739</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0827">CVE-2010-0827</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1440">CVE-2010-1440</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:59Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-25T18:50:51Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-29.xml b/metadata/glsa/glsa-201206-29.xml
new file mode 100644
index 000000000000..d9fe47e2c147
--- /dev/null
+++ b/metadata/glsa/glsa-201206-29.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-29">
+  <title>mount-cifs: Multiple vulnerabilites</title>
+  <synopsis>Multiple vulnerabilities were found in mount-cifs, the worst of
+    which leading to privilege escalation.
+  </synopsis>
+  <product type="ebuild">mount-cifs</product>
+  <announced>2012-06-25</announced>
+  <revised count="2">2014-02-02</revised>
+  <bug>308067</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/mount-cifs" auto="yes" arch="*">
+      <vulnerable range="le">3.0.30</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mount-cifs is the cifs filesystem mount helper split from Samba.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mount-cifs. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The vulnerabilities allow local users to cause a denial of service (mtab
+      corruption) via a crafted string. Also, local users could mount a CIFS
+      share on an arbitrary mountpoint, and gain privileges via a symlink
+      attack on the mountpoint directory file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for mount-cifs. We recommend that users
+      unmerge mount-cifs:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-fs/mount-cifs"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0547">CVE-2010-0547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0787">CVE-2010-0787</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-08T22:36:28Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-02T18:36:37Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-30.xml b/metadata/glsa/glsa-201206-30.xml
new file mode 100644
index 000000000000..a88f73fe9d63
--- /dev/null
+++ b/metadata/glsa/glsa-201206-30.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-30">
+  <title>sendmail: X.509 NULL spoofing vulnerability</title>
+  <synopsis>An error in the hostname matching in sendmail might enable remote
+    attackers to conduct man-in-the-middle attacks.   
+  </synopsis>
+  <product type="ebuild">sendmail</product>
+  <announced>2012-06-25</announced>
+  <revised count="1">2012-06-25</revised>
+  <bug>299120</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/sendmail" auto="yes" arch="*">
+      <unaffected range="ge">8.14.4</unaffected>
+      <vulnerable range="lt">8.14.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sendmail is a widely-used Mail Transport Agent (MTA).</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in sendmail. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might employ a specially crafted certificate to
+      conduct man-in-the-middle attacks on SSL connections made using sendmail.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sendmail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/sendmail-8.14.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4565">CVE-2009-4565</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:22Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-25T18:51:12Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-31.xml b/metadata/glsa/glsa-201206-31.xml
new file mode 100644
index 000000000000..2229602fbc6d
--- /dev/null
+++ b/metadata/glsa/glsa-201206-31.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-31">
+  <title>Linux-PAM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Linux-PAM, allowing
+    local attackers to possibly gain escalated privileges, cause a Denial of
+    Service, corrupt data, or obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">pam</product>
+  <announced>2012-06-25</announced>
+  <revised count="1">2012-06-25</revised>
+  <bug>343399</bug>
+  <bug>386273</bug>
+  <bug>388431</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/pam" auto="yes" arch="*">
+      <unaffected range="ge">1.1.5</unaffected>
+      <vulnerable range="lt">1.1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
+      the separation of the development of privilege granting software from the
+      development of secure and appropriate authentication schemes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Linux-PAM. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could use specially crafted files to cause a buffer
+      overflow, possibly resulting in privilege escalation or Denial of
+      Service. Furthermore, a local attacker could execute specially crafted
+      programs or symlink attacks, possibly resulting in data loss or
+      disclosure of sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Linux-PAM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/pam-1.1.5"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since November 25, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3316">CVE-2010-3316</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3430">CVE-2010-3430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3431">CVE-2010-3431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3435">CVE-2010-3435</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3853">CVE-2010-3853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4706">CVE-2010-4706</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4707">CVE-2010-4707</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4708">CVE-2010-4708</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3148">CVE-2011-3148</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3149">CVE-2011-3149</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:20Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-25T18:51:25Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-32.xml b/metadata/glsa/glsa-201206-32.xml
new file mode 100644
index 000000000000..3dae50d96a6a
--- /dev/null
+++ b/metadata/glsa/glsa-201206-32.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-32">
+  <title>Links: SSL verification vulnerability</title>
+  <synopsis>An error in the verification of SSL certificates in Links might
+    enable remote attackers to conduct man-in-the-middle attacks. 
+  </synopsis>
+  <product type="ebuild">Links</product>
+  <announced>2012-06-25</announced>
+  <revised count="1">2012-06-25</revised>
+  <bug>253847</bug>
+  <bug>411493</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/links" auto="yes" arch="*">
+      <unaffected range="ge">2.6</unaffected>
+      <vulnerable range="lt">2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Links is a fast lightweight text and graphic web-browser.</p>
+  </background>
+  <description>
+    <p>A SSL verification vulnerability and two unspecified vulnerabilities
+      have been discovered in Links. Please review the Secunia Advisory
+      referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker might conduct man-in-the-middle attacks. The unspecified
+      errors could allow for out-of-bounds reads and writes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Links users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/links-2.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://secunia.com/Advisories/33391/">Secunia Advisory SA33391</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:18Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-06-25T18:51:32Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-33.xml b/metadata/glsa/glsa-201206-33.xml
new file mode 100644
index 000000000000..1e4478f07400
--- /dev/null
+++ b/metadata/glsa/glsa-201206-33.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-33">
+  <title>Postfix: Multiple vulnerabilities </title>
+  <synopsis>A vulnerability has been found in Postfix, the worst of which
+    possibly allowing remote code execution.
+  </synopsis>
+  <product type="ebuild">Postfix</product>
+  <announced>2012-06-25</announced>
+  <revised count="1">2012-06-25</revised>
+  <bug>358085</bug>
+  <bug>366605</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/postfix" auto="yes" arch="*">
+      <unaffected range="ge">2.7.4</unaffected>
+      <vulnerable range="lt">2.7.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Postfix is Wietse Venema’s mailer that attempts to be fast, easy to
+      administer, and secure, as an alternative to the widely-used Sendmail
+      program.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability have been discovered in Postfix. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could perform a man-in-the-middle attack and inject SMTP
+      commands during the plaintext to TLS session switch or might execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Postfix users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/postfix-2.7.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411">CVE-2011-0411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720">CVE-2011-1720</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:03Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-06-25T18:51:42Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-34.xml b/metadata/glsa/glsa-201206-34.xml
new file mode 100644
index 000000000000..74aacf358bb7
--- /dev/null
+++ b/metadata/glsa/glsa-201206-34.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-34">
+  <title>msmtp: X.509 NULL spoofing vulnerability</title>
+  <synopsis>An error in the hostname matching in msmtp might enable remote
+    attackers to conduct man-in-the-middle attacks.   
+  </synopsis>
+  <product type="ebuild">msmtp</product>
+  <announced>2012-06-25</announced>
+  <revised count="1">2012-06-25</revised>
+  <bug>293647</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/msmtp" auto="yes" arch="*">
+      <unaffected range="ge">1.4.19</unaffected>
+      <vulnerable range="lt">1.4.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>msmtp is an SMTP client and SMTP plugin for mail user agents such as
+      Mutt.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability have been discovered in msmtp. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might employ a specially crafted certificate to
+      conduct man-in-the-middle attacks on SSL connections made using msmtp. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All msmtp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/msmtp-1.4.19"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3942">CVE-2009-3942</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:28Z" tag="requester">craig</metadata>
+  <metadata timestamp="2012-06-25T18:51:50Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-35.xml b/metadata/glsa/glsa-201206-35.xml
new file mode 100644
index 000000000000..946ce6cb2383
--- /dev/null
+++ b/metadata/glsa/glsa-201206-35.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-35">
+  <title>nbd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in nbd, which could lead to
+    remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nbd</product>
+  <announced>2012-06-25</announced>
+  <revised count="1">2012-06-25</revised>
+  <bug>353097</bug>
+  <bug>372891</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-block/nbd" auto="yes" arch="*">
+      <unaffected range="ge">2.9.22</unaffected>
+      <vulnerable range="lt">2.9.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nbd is a userland client/server for kernel network block device.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in nbd. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>nbd allows remote attackers to cause a denial of service (NULL pointer
+      dereference and crash) or the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nbd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-block/nbd-2.9.22"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0530">CVE-2011-0530</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1925">CVE-2011-1925</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:56Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-25T19:17:58Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201206-36.xml b/metadata/glsa/glsa-201206-36.xml
new file mode 100644
index 000000000000..d676390d93ab
--- /dev/null
+++ b/metadata/glsa/glsa-201206-36.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201206-36">
+  <title>logrotate: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in logrotate, which could lead
+    to arbitrary system command execution.
+  </synopsis>
+  <product type="ebuild">logrotate</product>
+  <announced>2012-06-25</announced>
+  <revised count="1">2012-06-25</revised>
+  <bug>356811</bug>
+  <bug>372973</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/logrotate" auto="yes" arch="*">
+      <unaffected range="ge">3.8.0</unaffected>
+      <vulnerable range="lt">3.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>logrotate rotates, compresses, and mails system logs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in logrotate. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could use this flaw to truncate arbitrary system file,
+      to change file owner or mode on arbitrary system files, to conduct
+      symlink attacks and send arbitrary system files, to execute arbitrary
+      system commands, to cause abort in subsequent logrotate runs, to disclose
+      sensitive information, to execute arbitrary code or cause a Denial of
+      Service condition.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All logrotate users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/logrotate-3.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1098">CVE-2011-1098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1154">CVE-2011-1154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1155">CVE-2011-1155</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1549">CVE-2011-1549</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:29Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-06-25T19:17:59Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-01.xml b/metadata/glsa/glsa-201207-01.xml
new file mode 100644
index 000000000000..0547e3f58ade
--- /dev/null
+++ b/metadata/glsa/glsa-201207-01.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-01">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>A vulnerability has been found in sudo which may allow local users
+    to gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>416281</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5_p1</unaffected>
+      <vulnerable range="lt">1.8.5_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo allows a system administrator to give users the ability to run
+      commands as other users. Access to commands may also be granted on a
+      range to hosts.
+    </p>
+  </background>
+  <description>
+    <p>An error in sudo may allow unintended IPv4 hosts to be granted access to
+      commands.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.5_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2337">CVE-2012-2337</uri>
+  </references>
+  <metadata timestamp="2012-05-26T19:07:01Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-07-09T22:09:16Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-02.xml b/metadata/glsa/glsa-201207-02.xml
new file mode 100644
index 000000000000..6c4f9676ff8c
--- /dev/null
+++ b/metadata/glsa/glsa-201207-02.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-02">
+  <title>libxml2: User-assisted execution of arbitrary code</title>
+  <synopsis>A off-by-one error in libxml2 could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>416209</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.8.0_rc1</unaffected>
+      <vulnerable range="lt">2.8.0_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML C parser and toolkit developed for the Gnome project.</p>
+  </background>
+  <description>
+    <p>The "xmlXPtrEvalXPtrPart()" function in xpointer.c contains an
+      off-by-one error.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to open a
+      specially crafted XML document with an application using libxml2,
+      possibly resulting in execution of arbitrary code or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.8.0_rc1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3102">CVE-2011-3102</uri>
+  </references>
+  <metadata timestamp="2012-05-29T22:42:30Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-07-09T22:09:24Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-03.xml b/metadata/glsa/glsa-201207-03.xml
new file mode 100644
index 000000000000..9d4d400fca98
--- /dev/null
+++ b/metadata/glsa/glsa-201207-03.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-03">
+  <title>ChaSen: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in ChaSen could result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ChaSen</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>390769</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/chasen" auto="yes" arch="*">
+      <unaffected range="ge">2.4.4-r2</unaffected>
+      <vulnerable range="lt">2.4.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ChaSen is a Japanese morphological analysis system.</p>
+  </background>
+  <description>
+    <p>An error in chalib.c of ChaSen could cause a buffer overflow.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted text
+      file using ChaSen or an application using the ChaSen libraries, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ChaSen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/chasen-2.4.4-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4000">CVE-2011-4000</uri>
+  </references>
+  <metadata timestamp="2012-04-15T23:16:56Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-07-09T22:20:31Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-04.xml b/metadata/glsa/glsa-201207-04.xml
new file mode 100644
index 000000000000..a707e4b4d3d1
--- /dev/null
+++ b/metadata/glsa/glsa-201207-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-04">
+  <title>X.Org X Server: Privilege escalation</title>
+  <synopsis>A format string vulnerability in X.Org X Server may allow local
+    privilege escalation or Denial of Service.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>412609</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.11.4-r1</unaffected>
+      <unaffected range="rge">1.10.6-r1</unaffected>
+      <unaffected range="rle">1.9.5-r1</unaffected>
+      <vulnerable range="lt">1.11.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>The "LogVHdrMessageVerb()" function in log.c contains a format string
+      vulnerability.
+    </p>
+    
+    <p>NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X
+      Server being built with "-D_FORTIFY_SOURCE=2" by default.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server 1.11.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.11.4-r1"
+    </code>
+    
+    <p>All X.Org X Server 1.10.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.10.6-r1"
+    </code>
+    
+    <p>X.Org X Server 1.9.x is not affected.</p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2118">CVE-2012-2118</uri>
+  </references>
+  <metadata timestamp="2012-06-02T13:03:57Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-07-09T22:21:08Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-05.xml b/metadata/glsa/glsa-201207-05.xml
new file mode 100644
index 000000000000..ea5e2f76ad90
--- /dev/null
+++ b/metadata/glsa/glsa-201207-05.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-05">
+  <title>pidgin-otr: Arbitrary code execution</title>
+  <synopsis>A format string vulnerability in pidgin-otr may allow execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pidgin-otr</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>416263</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-plugins/pidgin-otr" auto="yes" arch="*">
+      <unaffected range="ge">3.2.1</unaffected>
+      <vulnerable range="lt">3.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>pidgin-otr messaging allows you to have private conversations over
+      instant messaging.
+    </p>
+  </background>
+  <description>
+    <p>A format string vulnerability has been found in the "log_message_cb()"
+      function in otr-plugin.c.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All pidgin-otr users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-plugins/pidgin-otr-3.2.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2369">CVE-2012-2369</uri>
+  </references>
+  <metadata timestamp="2012-06-10T15:39:18Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-07-09T22:35:33Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-06.xml b/metadata/glsa/glsa-201207-06.xml
new file mode 100644
index 000000000000..3e4ce1c21d84
--- /dev/null
+++ b/metadata/glsa/glsa-201207-06.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-06">
+  <title>JRuby: Denial of service</title>
+  <synopsis>A hash collision vulnerability in JRuby allows remote attackers to
+    cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">jruby</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>396305</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/jruby" auto="yes" arch="*">
+      <unaffected range="ge">1.6.5.1</unaffected>
+      <vulnerable range="lt">1.6.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>JRuby is a Java-based Ruby interpreter implementation.</p>
+  </background>
+  <description>
+    <p>JRuby does not properly randomize hash functions to protect against hash
+      collision attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted input, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All JRuby users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/jruby-1.6.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4838">CVE-2011-4838</uri>
+  </references>
+  <metadata timestamp="2012-06-11T19:25:16Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-07-09T22:35:40Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-07.xml b/metadata/glsa/glsa-201207-07.xml
new file mode 100644
index 000000000000..1dbaabc34817
--- /dev/null
+++ b/metadata/glsa/glsa-201207-07.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-07">
+  <title>Keepalived: Denial of service</title>
+  <synopsis>Keepalived uses world-writable PID files, allowing a local attacker
+    to kill arbitrary processes.
+  </synopsis>
+  <product type="ebuild">keepalived</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>371469</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-cluster/keepalived" auto="yes" arch="*">
+      <unaffected range="ge">1.2.2-r3</unaffected>
+      <vulnerable range="lt">1.2.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Keepalived is a strong &amp; robust keepalive facility to the Linux
+      Virtual Server project.
+    </p>
+  </background>
+  <description>
+    <p>The "pidfile_write()" function in pidfile.c in Keepalived writes PID
+      files with insecure permissions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker may be able to cause a Denial of Service of arbitrary
+      processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Keepalived users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/keepalived-1.2.2-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1784">CVE-2011-1784</uri>
+  </references>
+  <metadata timestamp="2012-06-11T19:50:31Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-07-09T23:28:51Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-08.xml b/metadata/glsa/glsa-201207-08.xml
new file mode 100644
index 000000000000..3ac6f45d78ef
--- /dev/null
+++ b/metadata/glsa/glsa-201207-08.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-08">
+  <title>Gnash: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Gnash which could
+    result in execution of arbitrary code, Denial of Service, or information
+    disclosure.
+  </synopsis>
+  <product type="ebuild">Gnash</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>391283</bug>
+  <bug>408209</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-plugins/gnash" auto="yes" arch="*">
+      <unaffected range="ge">0.8.10-r2</unaffected>
+      <vulnerable range="lt">0.8.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Gnash is a GNU flash movie player that supports many SWF features.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Gnash:</p>
+    
+    <ul>
+      <li>The "nsPluginInstance::setupCookies()" function in plugin.cpp creates
+        world-readable cookies with predictable file names (CVE-2011-4328).
+      </li>
+      <li>The "GnashImage::size()" function in GnashImage.h contains an integer
+        overflow error which could cause a heap-based buffer overflow
+        (CVE-2012-1175).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted SWF
+      file, possibly resulting in execution of arbitrary code or a Denial of
+      Service condition. Furthermore, a local attacker may be able to obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Gnash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-plugins/gnash-0.8.10-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4328">CVE-2011-4328</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1175">CVE-2012-1175</uri>
+  </references>
+  <metadata timestamp="2012-03-17T23:44:44Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-07-09T23:29:06Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-09.xml b/metadata/glsa/glsa-201207-09.xml
new file mode 100644
index 000000000000..6f5860e76651
--- /dev/null
+++ b/metadata/glsa/glsa-201207-09.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-09">
+  <title>mod_fcgid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in mod_fcgid, allowing
+    execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">mod_fcgid</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>344685</bug>
+  <bug>409373</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-apache/mod_fcgid" auto="yes" arch="*">
+      <unaffected range="ge">2.3.7</unaffected>
+      <vulnerable range="lt">2.3.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mod_fcgid is a binary-compatible alternative to mod_fastcgi with better
+      process management.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in mod_fcgid:</p>
+    
+    <ul>
+      <li>An error in the "fcgid_header_bucket_read()" function in
+        fcgid_bucket.c could cause a stack-based buffer overflow
+        (CVE-2010-3872).
+      </li>
+      <li>An error in the "is_spawn_allowed() function in fcgid_spawn_ctl.c
+        prevents Apache from recognizing the FcgidMaxProcessesPerClass
+        directive for a virtual host (CVE-2012-1181).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+      Furthermore, a remote attacker could send specially crafted HTTP
+      requests, possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mod_fcgid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_fcgid-2.3.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3872">CVE-2010-3872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1181">CVE-2012-1181</uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:38:12Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-07-09T23:33:49Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201207-10.xml b/metadata/glsa/glsa-201207-10.xml
new file mode 100644
index 000000000000..75ddbf5d0abe
--- /dev/null
+++ b/metadata/glsa/glsa-201207-10.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201207-10">
+  <title>CUPS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in CUPS, some of which may
+    allow execution of arbitrary code or local privilege escalation.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2012-07-09</announced>
+  <revised count="1">2012-07-09</revised>
+  <bug>295256</bug>
+  <bug>308045</bug>
+  <bug>325551</bug>
+  <bug>380771</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.4.8-r1</unaffected>
+      <vulnerable range="lt">1.4.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CUPS, the Common Unix Printing System, is a full-featured print server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in CUPS. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to execute arbitrary code using specially
+      crafted streams, IPP requests or files, or cause a Denial of Service
+      (daemon crash or hang). A local attacker may be able to gain escalated
+      privileges or overwrite arbitrary files. Furthermore, a remote attacker
+      may be able to obtain sensitive information from the CUPS process or
+      hijack a CUPS administrator authentication request.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CUPS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.4.8-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since September 03, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553">
+      CVE-2009-3553
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302">
+      CVE-2010-0302
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393">
+      CVE-2010-0393
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540">
+      CVE-2010-0540
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542">
+      CVE-2010-0542
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748">
+      CVE-2010-1748
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431">
+      CVE-2010-2431
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432">
+      CVE-2010-2432
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941">
+      CVE-2010-2941
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170">
+      CVE-2011-3170
+    </uri>
+  </references>
+  <metadata timestamp="2011-10-07T23:37:16Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-07-09T23:33:59Z" tag="submitter">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201208-01.xml b/metadata/glsa/glsa-201208-01.xml
new file mode 100644
index 000000000000..f811da4f418d
--- /dev/null
+++ b/metadata/glsa/glsa-201208-01.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201208-01">
+  <title>socat: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in socat might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">socat</product>
+  <announced>2012-08-14</announced>
+  <revised count="1">2012-08-14</revised>
+  <bug>415977</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/socat" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2.1</unaffected>
+      <vulnerable range="lt">1.7.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>socat is a multipurpose bidirectional relay, similar to netcat.</p>
+  </background>
+  <description>
+    <p>A vulnerability in the "xioscan_readline()" function in xio-readline.c
+      could cause a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the socat process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All socat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/socat-1.7.2.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0219">CVE-2012-0219</uri>
+    <uri link="http://www.dest-unreach.org/socat/contrib/socat-secadv3.html">
+      Socat security advisory 3
+    </uri>
+  </references>
+  <metadata timestamp="2012-07-11T21:57:34Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-08-14T20:30:08Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201208-02.xml b/metadata/glsa/glsa-201208-02.xml
new file mode 100644
index 000000000000..568b4b9a4a18
--- /dev/null
+++ b/metadata/glsa/glsa-201208-02.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201208-02">
+  <title>Puppet: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Puppet, the worst of
+    which could lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">Puppet</product>
+  <announced>2012-08-14</announced>
+  <revised count="1">2012-08-14</revised>
+  <bug>410857</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/puppet" auto="yes" arch="*">
+      <unaffected range="ge">2.7.13</unaffected>
+      <vulnerable range="lt">2.7.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Puppet is a system configuration management tool written in Ruby.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Puppet:</p>
+    
+    <ul>
+      <li>Puppet uses predictable file names for temporary files
+        (CVE-2012-1906).
+      </li>
+      <li>REST requests for a file in a remote filebucket are not handled
+        properly by overriding filebucket storage locations (CVE-2012-1986).
+      </li>
+      <li>REST requests for a file in a remote filebucket are not handled
+        properly by reading streams or writing files on the Puppet master's
+        file system (CVE-2012-1987).
+      </li>
+      <li>File name paths are not properly sanitized from bucket requests
+        (CVE-2012-1988).
+      </li>
+      <li>The Telnet utility in Puppet does not handle temporary files securely
+        (CVE-2012-1989).
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker with access to agent SSL keys could possibly execute
+      arbitrary code with the privileges of the process, cause a Denial of
+      Service condition, or perform symlink attacks to overwrite or read
+      arbitrary files on the Puppet master. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Puppet users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/puppet-2.7.13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1906">CVE-2012-1906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1986">CVE-2012-1986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1987">CVE-2012-1987</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1988">CVE-2012-1988</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1989">CVE-2012-1989</uri>
+  </references>
+  <metadata timestamp="2012-04-12T20:04:53Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-08-14T20:30:25Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201208-03.xml b/metadata/glsa/glsa-201208-03.xml
new file mode 100644
index 000000000000..15a9e18bd329
--- /dev/null
+++ b/metadata/glsa/glsa-201208-03.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201208-03">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium, some of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2012-08-14</announced>
+  <revised count="1">2012-08-14</revised>
+  <bug>423719</bug>
+  <bug>426204</bug>
+  <bug>429174</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">21.0.1180.57</unaffected>
+      <vulnerable range="lt">21.0.1180.57</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers and release notes referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      site using Chromium, possibly resulting in the execution of arbitrary
+      code with the privileges of the process, a Denial of Service condition,
+      disclosure of sensitive information, or other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-21.0.1180.57"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815">CVE-2012-2815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817">CVE-2012-2817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818">CVE-2012-2818</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819">CVE-2012-2819</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820">CVE-2012-2820</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821">CVE-2012-2821</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823">CVE-2012-2823</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824">CVE-2012-2824</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825">CVE-2012-2825</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826">CVE-2012-2826</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829">CVE-2012-2829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830">CVE-2012-2830</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831">CVE-2012-2831</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834">CVE-2012-2834</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842">CVE-2012-2842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843">CVE-2012-2843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846">CVE-2012-2846</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847">CVE-2012-2847</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848">CVE-2012-2848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849">CVE-2012-2849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853">CVE-2012-2853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854">CVE-2012-2854</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857">CVE-2012-2857</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858">CVE-2012-2858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859">CVE-2012-2859</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860">CVE-2012-2860</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html">
+      Release Notes 20.0.1132.43
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html">
+      Release Notes 20.0.1132.57
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html">
+      Release Notes 21.0.1180.57
+    </uri>
+  </references>
+  <metadata timestamp="2012-06-27T21:59:02Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-08-14T20:30:39Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201208-04.xml b/metadata/glsa/glsa-201208-04.xml
new file mode 100644
index 000000000000..947453128f44
--- /dev/null
+++ b/metadata/glsa/glsa-201208-04.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201208-04">
+  <title>Gajim: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Gajim, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gajim</product>
+  <announced>2012-08-14</announced>
+  <revised count="1">2012-08-14</revised>
+  <bug>411269</bug>
+  <bug>412215</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-im/gajim" auto="yes" arch="*">
+      <unaffected range="ge">0.15-r1</unaffected>
+      <vulnerable range="lt">0.15-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Gajim is a Jabber and XMPP client written in PyGTK.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Gajim. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted link
+      using Gajim, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition. Furthermore,
+      a remote attacker could use a specially crafted Jabber ID, possibly
+      resulting in execution of arbitrary SQL statements.
+    </p>
+    
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Gajim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/gajim-0.15-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2085">CVE-2012-2085</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2086">CVE-2012-2086</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2093">CVE-2012-2093</uri>
+  </references>
+  <metadata timestamp="2012-07-10T21:42:30Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-08-14T20:30:50Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201208-05.xml b/metadata/glsa/glsa-201208-05.xml
new file mode 100644
index 000000000000..b89acfb66a4e
--- /dev/null
+++ b/metadata/glsa/glsa-201208-05.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201208-05">
+  <title>Perl Config-IniFiles Module: Insecure temporary file usage</title>
+  <synopsis>An insecure temporary file usage has been reported in the Perl
+    Config-IniFiles module, possibly allowing symlink attacks.
+  </synopsis>
+  <product type="ebuild">Config-IniFiles</product>
+  <announced>2012-08-14</announced>
+  <revised count="1">2012-08-14</revised>
+  <bug>414485</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-perl/Config-IniFiles" auto="yes" arch="*">
+      <unaffected range="ge">2.710.0</unaffected>
+      <vulnerable range="lt">2.710.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Config-IniFiles is a Perl module for reading .ini-style configuration
+      files.
+    </p>
+  </background>
+  <description>
+    <p>The Perl Config-IniFiles module uses predicatable temporary file names.</p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All users of the Perl Config-IniFiles module should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-perl/Config-IniFiles-2.710.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2451">CVE-2012-2451</uri>
+  </references>
+  <metadata timestamp="2012-05-23T02:55:46Z" tag="requester">
+    underling
+  </metadata>
+  <metadata timestamp="2012-08-14T20:31:06Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201208-06.xml b/metadata/glsa/glsa-201208-06.xml
new file mode 100644
index 000000000000..08dddd2b4c27
--- /dev/null
+++ b/metadata/glsa/glsa-201208-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201208-06">
+  <title>libgdata: Man-in-the-Middle attack</title>
+  <synopsis>A vulnerability in libgdata could allow remote attackers to perform
+    man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">libgdata</product>
+  <announced>2012-08-14</announced>
+  <revised count="1">2012-08-14</revised>
+  <bug>408245</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libgdata" auto="yes" arch="*">
+      <unaffected range="ge">0.8.1-r2</unaffected>
+      <vulnerable range="lt">0.8.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libgdata is a GLib-based library for accessing online service APIs using
+      the GData protocol.
+    </p>
+  </background>
+  <description>
+    <p>An error in the "_gdata_service_build_session()" function of
+      gdata-service.c prevents libgdata from properly validating certificates.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could perform man-in-the-middle attacks to spoof
+      arbitrary SSL servers via a crafted certificate.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libgdata users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libgdata-0.8.1-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1177">CVE-2012-1177</uri>
+  </references>
+  <metadata timestamp="2012-04-17T00:40:07Z" tag="requester">ackle</metadata>
+  <metadata timestamp="2012-08-14T20:31:17Z" tag="submitter">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-01.xml b/metadata/glsa/glsa-201209-01.xml
new file mode 100644
index 000000000000..d278e2fc2090
--- /dev/null
+++ b/metadata/glsa/glsa-201209-01.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-01">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which could result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2012-09-05</announced>
+  <revised count="2">2012-09-05</revised>
+  <bug>431432</bug>
+  <bug>432286</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.238</unaffected>
+      <vulnerable range="lt">11.2.202.238</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple unspecified vulnerabilities have been discovered in Adobe Flash
+      Player. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open specially crafted SWF
+      content, possibly resulting in execution of arbitrary code with the
+      privileges of the process, or a Denial of Service condition. Furthermore,
+      a remote attacker may be able to obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.238"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535">CVE-2012-1535</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163">CVE-2012-4163</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164">CVE-2012-4164</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165">CVE-2012-4165</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166">CVE-2012-4166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167">CVE-2012-4167</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168">CVE-2012-4168</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-17T08:47:55Z">ago</metadata>
+  <metadata tag="submitter" timestamp="2012-09-05T01:17:33Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-02.xml b/metadata/glsa/glsa-201209-02.xml
new file mode 100644
index 000000000000..077da1f9bb94
--- /dev/null
+++ b/metadata/glsa/glsa-201209-02.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-02">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in libTIFF could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2012-09-23</announced>
+  <revised count="6">2014-06-02</revised>
+  <bug>307001</bug>
+  <bug>324885</bug>
+  <bug>357271</bug>
+  <bug>359871</bug>
+  <bug>371308</bug>
+  <bug>410931</bug>
+  <bug>422673</bug>
+  <bug>427166</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">4.0.2-r1</unaffected>
+      <unaffected range="rge">3.9.5-r2</unaffected>
+      <unaffected range="rge">3.9.7-r1</unaffected>
+      <vulnerable range="lt">4.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libTIFF provides support for reading and manipulating TIFF (Tagged Image
+      File Format) images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libTIFF. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted TIFF
+      file with an application making use of libTIFF, possibly resulting in
+      execution of arbitrary code with the privileges of the user running the
+      application or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libTIFF 4.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.0.2-r1"
+    </code>
+    
+    <p>All libTIFF 3.9 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.9.5-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2347">CVE-2009-2347</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5022">CVE-2009-5022</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1411">CVE-2010-1411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2065">CVE-2010-2065</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2067">CVE-2010-2067</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2233">CVE-2010-2233</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2443">CVE-2010-2443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2481">CVE-2010-2481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2482">CVE-2010-2482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2483">CVE-2010-2483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2595">CVE-2010-2595</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2596">CVE-2010-2596</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2597">CVE-2010-2597</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2630">CVE-2010-2630</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2631">CVE-2010-2631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3087">CVE-2010-3087</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4665">CVE-2010-4665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192">CVE-2011-0192</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192">CVE-2011-0192</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167">CVE-2011-1167</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167">CVE-2011-1167</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1173">CVE-2012-1173</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2088">CVE-2012-2088</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2113">CVE-2012-2113</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3401">CVE-2012-3401</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:10Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-02T14:06:53Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-03.xml b/metadata/glsa/glsa-201209-03.xml
new file mode 100644
index 000000000000..5816fcbc84cf
--- /dev/null
+++ b/metadata/glsa/glsa-201209-03.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-03">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in PHP, the worst of which lead
+    to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2012-09-24</announced>
+  <revised count="1">2012-09-24</revised>
+  <bug>384301</bug>
+  <bug>396311</bug>
+  <bug>396533</bug>
+  <bug>399247</bug>
+  <bug>399567</bug>
+  <bug>399573</bug>
+  <bug>401997</bug>
+  <bug>410957</bug>
+  <bug>414553</bug>
+  <bug>421489</bug>
+  <bug>427354</bug>
+  <bug>429630</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.3.15</unaffected>
+      <unaffected range="ge">5.4.5</unaffected>
+      <vulnerable range="lt">5.3.15</vulnerable>
+      <vulnerable range="lt">5.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, obtain sensitive
+      information, create arbitrary files, conduct directory traversal attacks,
+      bypass protection mechanisms, or perform further attacks with unspecified
+      impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.3.15"
+    </code>
+    
+    <p>All PHP users on ARM should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.4.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1398">CVE-2011-1398</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3379">CVE-2011-3379</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566">CVE-2011-4566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4885">CVE-2011-4885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0057">CVE-2012-0057</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0788">CVE-2012-0788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0789">CVE-2012-0789</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830">CVE-2012-0830</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831">CVE-2012-0831</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1172">CVE-2012-1172</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1823">CVE-2012-1823</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143">CVE-2012-2143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2311">CVE-2012-2311</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2335">CVE-2012-2335</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2336">CVE-2012-2336</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2386">CVE-2012-2386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2688">CVE-2012-2688</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3365">CVE-2012-3365</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3450">CVE-2012-3450</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-01-17T08:58:04Z">ago</metadata>
+  <metadata tag="submitter" timestamp="2012-09-24T00:00:49Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-04.xml b/metadata/glsa/glsa-201209-04.xml
new file mode 100644
index 000000000000..4d88218a3ef1
--- /dev/null
+++ b/metadata/glsa/glsa-201209-04.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-04">
+  <title>BIND: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, the worst of
+    which may allow remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2012-09-24</announced>
+  <revised count="1">2012-09-24</revised>
+  <bug>402661</bug>
+  <bug>419637</bug>
+  <bug>427966</bug>
+  <bug>434876</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.9.1_p3</unaffected>
+      <vulnerable range="lt">9.9.1_p3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND is the Berkeley Internet Name Domain Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND:</p>
+    
+    <ul>
+      <li>Domain names are not properly revoked due to an error in the cache
+        update policy (CVE-2012-1033).
+      </li>
+      <li>BIND accepts records with zero-length RDATA fields (CVE-2012-1667).</li>
+      <li>An assertion failure from the failing-query cache could occur when
+        DNSSEC validation is enabled (CVE-2012-3817).
+      </li>
+      <li>A memory leak may occur under high TCP query loads (CVE-2012-3868).</li>
+      <li>An assertion error can occur when a query is performed for a record
+        with RDATA greater than 65535 bytes (CVE-2012-4244).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service condition or
+      keep domain names resolvable after it has been deleted from registration.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BIND users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.9.1_p3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1033">CVE-2012-1033</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1667">CVE-2012-1667</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3817">CVE-2012-3817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3868">CVE-2012-3868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4244">CVE-2012-4244</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T01:12:32Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2012-09-24T00:04:59Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-05.xml b/metadata/glsa/glsa-201209-05.xml
new file mode 100644
index 000000000000..be768d5f8238
--- /dev/null
+++ b/metadata/glsa/glsa-201209-05.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-05">
+  <title>LibreOffice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibreOffice, allowing
+    remote attackers to execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libreoffice</product>
+  <announced>2012-09-24</announced>
+  <revised count="1">2012-09-24</revised>
+  <bug>386081</bug>
+  <bug>409455</bug>
+  <bug>416457</bug>
+  <bug>429482</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/libreoffice" auto="yes" arch="*">
+      <unaffected range="ge">3.5.5.3</unaffected>
+      <vulnerable range="lt">3.5.5.3</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">3.5.5.3</unaffected>
+      <vulnerable range="lt">3.5.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibreOffice is a full office productivity suite.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in LibreOffice:</p>
+    
+    <ul>
+      <li>The Microsoft Word Document parser contains an out-of-bounds read
+        error (CVE-2011-2713).
+      </li>
+      <li>The Raptor RDF parser contains an XML External Entity expansion error
+        (CVE-2012-0037).
+      </li>
+      <li>The graphic loading parser contains an integer overflow error which
+        could cause a heap-based buffer overflow (CVE-2012-1149).
+      </li>
+      <li>Multiple errors in the XML manifest handling code could cause a
+        heap-based buffer overflow (CVE-2012-2665).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      document file using LibreOffice, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibreOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-3.5.5.3"
+    </code>
+    
+    <p>All users of the LibreOffice binary package should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-3.5.5.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713">CVE-2011-2713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037">CVE-2012-0037</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149">CVE-2012-1149</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665">CVE-2012-2665</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-05-25T03:12:45Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-09-24T10:36:10Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-06.xml b/metadata/glsa/glsa-201209-06.xml
new file mode 100644
index 000000000000..3c1ebf377b86
--- /dev/null
+++ b/metadata/glsa/glsa-201209-06.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-06">
+  <title>Expat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Expat, possibly
+    resulting in Denial of Service.
+  </synopsis>
+  <product type="ebuild">expat</product>
+  <announced>2012-09-24</announced>
+  <revised count="1">2012-09-24</revised>
+  <bug>280615</bug>
+  <bug>303727</bug>
+  <bug>407519</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/expat" auto="yes" arch="*">
+      <unaffected range="ge">2.1.0_beta3</unaffected>
+      <vulnerable range="lt">2.1.0_beta3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Expat is a set of XML parsing libraries.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Expat. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted XML
+      file in an application linked against Expat, possibly resulting in a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Expat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/expat-2.1.0_beta3"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560">CVE-2009-3560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720">CVE-2009-3720</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0876">CVE-2012-0876</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1147">CVE-2012-1147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1148">CVE-2012-1148</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-14T16:05:51Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-09-24T10:37:12Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-07.xml b/metadata/glsa/glsa-201209-07.xml
new file mode 100644
index 000000000000..76290afb9b03
--- /dev/null
+++ b/metadata/glsa/glsa-201209-07.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-07">
+  <title>International Components for Unicode: User-assisted execution of
+    arbitrary code
+  </title>
+  <synopsis>A buffer overflow in International Components for Unicode could
+    result in execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2012-09-24</announced>
+  <revised count="1">2012-09-24</revised>
+  <bug>394201</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">49.1.1-r1</unaffected>
+      <vulnerable range="lt">49.1.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>International Components for Unicode (ICU) is a set of C/C++ and Java
+      libraries providing Unicode and Globalization support for software
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>An error in the _canonicalize() function in uloc.cpp could cause a
+      stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted locale
+      representation using an application linked against ICU, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ICU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-49.1.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4599">CVE-2011-4599</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-06-07T15:27:29Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-24T23:23:13Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-08.xml b/metadata/glsa/glsa-201209-08.xml
new file mode 100644
index 000000000000..e051dc3d8bb5
--- /dev/null
+++ b/metadata/glsa/glsa-201209-08.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-08">
+  <title>SquidClamav: Denial of service</title>
+  <synopsis>A vulnerability in SquidClamav may result in Denial of Service.</synopsis>
+  <product type="ebuild">squidclamav</product>
+  <announced>2012-09-24</announced>
+  <revised count="1">2012-09-24</revised>
+  <bug>428778</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squidclamav" auto="yes" arch="*">
+      <unaffected range="ge">6.8</unaffected>
+      <vulnerable range="lt">6.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP.</p>
+  </background>
+  <description>
+    <p>SquidClamav does not properly escape URLs before passing them to the
+      system command call.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted URL to SquidClamav,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SquidClamav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squidclamav-6.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3501">CVE-2012-3501</uri>
+    <uri link="https://squidclamav.darold.net/news.html">SquidClamav News</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-14T16:12:43Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-09-24T23:23:20Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-09.xml b/metadata/glsa/glsa-201209-09.xml
new file mode 100644
index 000000000000..33a7516c26cc
--- /dev/null
+++ b/metadata/glsa/glsa-201209-09.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-09">
+  <title>Atheme IRC Services: Denial of service</title>
+  <synopsis>A vulnerability has been found in Atheme which may lead to Denial
+    of Service or a bypass of security restrictions.
+  </synopsis>
+  <product type="ebuild">atheme</product>
+  <announced>2012-09-25</announced>
+  <revised count="1">2012-09-25</revised>
+  <bug>409103</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/atheme-services" auto="yes" arch="*">
+      <unaffected range="ge">6.0.10</unaffected>
+      <vulnerable range="lt">6.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Atheme is a portable and secure set of open-source and modular IRC
+      services. CertFP is certificate fingerprinting used to authenticate users
+      to nicknames.
+    </p>
+  </background>
+  <description>
+    <p>The “myuser_delete()” function in account.c does not properly remove
+      CertFP entries when deleting user accounts.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker may be able to cause a Denial of Service
+      condition or gain access to an Atheme IRC Services user account.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Atheme users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/atheme-services-6.0.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1576">CVE-2012-1576</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-14T16:09:52Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-09-25T10:53:52Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-10.xml b/metadata/glsa/glsa-201209-10.xml
new file mode 100644
index 000000000000..688cc430422b
--- /dev/null
+++ b/metadata/glsa/glsa-201209-10.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-10">
+  <title>Calligra: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in Calligra could result in the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">calligra</product>
+  <announced>2012-09-25</announced>
+  <revised count="1">2012-09-25</revised>
+  <bug>428890</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/calligra" auto="yes" arch="*">
+      <unaffected range="ge">2.4.3-r1</unaffected>
+      <vulnerable range="lt">2.4.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Calligra is an office suite by KDE.</p>
+  </background>
+  <description>
+    <p>An error in the read() function in styles.cpp could cause a heap-based
+      buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted ODF
+      file, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Calligra users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/calligra-2.4.3-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3456">CVE-2012-3456</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-09T20:25:04Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-25T10:54:01Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-11.xml b/metadata/glsa/glsa-201209-11.xml
new file mode 100644
index 000000000000..70ed202c2acc
--- /dev/null
+++ b/metadata/glsa/glsa-201209-11.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-11">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Opera, the worst of
+    which may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2012-09-25</announced>
+  <revised count="1">2012-09-25</revised>
+  <bug>429478</bug>
+  <bug>434584</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">12.01.1532</unaffected>
+      <vulnerable range="lt">12.01.1532</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Opera is a fast web browser that is available free of charge.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Opera. Please review
+      the CVE identifiers and Opera Release Notes referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      page using Opera, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+      Furthermore, a remote attacker may be able to trick a user into
+      downloading and executing files, conduct Cross-Site Scripting (XSS)
+      attacks, spoof the address bar, or have other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Opera users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/opera-12.01.1532"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4010">CVE-2012-4010</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142">CVE-2012-4142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143">CVE-2012-4143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144">CVE-2012-4144</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145">CVE-2012-4145</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146">CVE-2012-4146</uri>
+    <uri link="https://www.opera.com/docs/changelogs/unix/1201/">Opera 12.01 for
+      UNIX changelog
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-03T11:42:44Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-25T21:25:23Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-12.xml b/metadata/glsa/glsa-201209-12.xml
new file mode 100644
index 000000000000..8fefa8855908
--- /dev/null
+++ b/metadata/glsa/glsa-201209-12.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-12">
+  <title>Libtasn1: Denial of service</title>
+  <synopsis>A vulnerability in Libtasn1 might cause a Denial of Service
+    condition. 
+  </synopsis>
+  <product type="ebuild">libtasn1</product>
+  <announced>2012-09-25</announced>
+  <revised count="1">2012-09-25</revised>
+  <bug>409031</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libtasn1" auto="yes" arch="*">
+      <unaffected range="ge">2.12</unaffected>
+      <vulnerable range="lt">2.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libtasn1 is a library used to parse ASN.1 (Abstract Syntax Notation One)
+      objects, and perform DER (Distinguished Encoding Rules) decoding.
+    </p>
+  </background>
+  <description>
+    <p>Libtasn1 does not properly handle length fields when performing DER
+      decoding.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      DER-encoded object in an application linked against Libtasn1, possibly
+      resulting in Denial of Service. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libtasn1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libtasn1-2.12"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1569">CVE-2012-1569</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-14T16:07:38Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-09-25T21:25:29Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-13.xml b/metadata/glsa/glsa-201209-13.xml
new file mode 100644
index 000000000000..7a5d2cdc8f1d
--- /dev/null
+++ b/metadata/glsa/glsa-201209-13.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-13">
+  <title>libjpeg-turbo: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in libjpeg-turbo could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libjpeg-turbo</product>
+  <announced>2012-09-26</announced>
+  <revised count="1">2012-09-26</revised>
+  <bug>426938</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libjpeg-turbo accelerates JPEG compression and decompression.</p>
+  </background>
+  <description>
+    <p>A vulnerability in the get_sos() function in jdmarker.c could cause a
+      heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted JPEG
+      file in an application linked against libjpeg-turbo, possibly resulting
+      in the remote execution of arbitrary code with the permissions of the
+      user running the application, or Denial of Service. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libjpeg-turbo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libjpeg-turbo-1.2.1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2806">CVE-2012-2806</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-07-22T17:28:52Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-26T11:11:07Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-14.xml b/metadata/glsa/glsa-201209-14.xml
new file mode 100644
index 000000000000..16c0ffb00f44
--- /dev/null
+++ b/metadata/glsa/glsa-201209-14.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-14">
+  <title>file: Denial of service</title>
+  <synopsis>A vulnerability in file could result in Denial of Service.</synopsis>
+  <product type="ebuild">file</product>
+  <announced>2012-09-26</announced>
+  <revised count="1">2012-09-26</revised>
+  <bug>427368</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.11</unaffected>
+      <vulnerable range="lt">5.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>file is a utility that guesses a file format by scanning binary data for
+      patterns.
+    </p>
+  </background>
+  <description>
+    <p>Multiple out-of-bounds read errors and invalid pointer dereference
+      errors have been found in cdf.c. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      Composite Document File (CDF) using file, possibly resulting in a Denial
+      of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1571">CVE-2012-1571</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-07-22T16:44:09Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-26T11:11:29Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-15.xml b/metadata/glsa/glsa-201209-15.xml
new file mode 100644
index 000000000000..c7d5570fba75
--- /dev/null
+++ b/metadata/glsa/glsa-201209-15.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-15">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2012-09-26</announced>
+  <revised count="1">2012-09-26</revised>
+  <bug>425050</bug>
+  <bug>433750</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">1.8.15.1</unaffected>
+      <vulnerable range="lt">1.8.15.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Asterisk:</p>
+    
+    <ul>
+      <li>An error in manager.c allows shell access (CVE-2012-2186).</li>
+      <li>An error in Asterisk could cause all RTP ports to be exhausted
+        (CVE-2012-3812).
+      </li>
+      <li>A double-free error could occur when two parties attempt to
+        manipulate the same voicemail account simultaneously (CVE-2012-3863).
+      </li>
+      <li>Asterisk does not properly implement certain ACL rules
+        (CVE-2012-4737).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote, authenticated attacker could execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or bypass
+      outbound call restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.15.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2186">CVE-2012-2186</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3812">CVE-2012-3812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3863">CVE-2012-3863</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4737">CVE-2012-4737</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-14T15:47:40Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-09-26T21:43:31Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-16.xml b/metadata/glsa/glsa-201209-16.xml
new file mode 100644
index 000000000000..6be1aa6dc984
--- /dev/null
+++ b/metadata/glsa/glsa-201209-16.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-16">
+  <title>SQLAlchemy: SQL injection</title>
+  <synopsis>An input sanitation flaw in SQLAlchemy allows remote attacker to
+    conduct SQL injection. 
+  </synopsis>
+  <product type="ebuild">sqlalchemy</product>
+  <announced>2012-09-26</announced>
+  <revised count="1">2012-09-26</revised>
+  <bug>407437</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/sqlalchemy" auto="yes" arch="*">
+      <unaffected range="ge">0.7.4</unaffected>
+      <vulnerable range="lt">0.7.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLAlchemy is a Python SQL toolkit and Object Relational Mapper.</p>
+  </background>
+  <description>
+    <p>SQLAlchemy does not properly sanitize input passed from the “limit”
+      and “offset” keywords to the select() function before using it in an
+      SQL query. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit this vulnerability to execute arbitrary
+      SQL statements.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLAlchemy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/sqlalchemy-0.7.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0805">CVE-2012-0805</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-14T16:04:11Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-09-26T21:43:47Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-17.xml b/metadata/glsa/glsa-201209-17.xml
new file mode 100644
index 000000000000..1c2c7f9f946c
--- /dev/null
+++ b/metadata/glsa/glsa-201209-17.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-17">
+  <title>Pidgin: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in Pidgin might allow remote attackers to execute
+    arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">pidgin</product>
+  <announced>2012-09-27</announced>
+  <revised count="1">2012-09-27</revised>
+  <bug>425076</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/pidgin" auto="yes" arch="*">
+      <unaffected range="ge">2.10.6</unaffected>
+      <vulnerable range="lt">2.10.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pidgin is a GTK Instant Messenger client for a variety of instant
+      messaging protocols. libpurple is the core library for Pidgin.
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow vulnerability has been found in the MXit
+      protocol plug-in for libpurple.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the Pidgin process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pidgin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.10.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3374">CVE-2012-3374</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-20T13:28:52Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-27T11:52:16Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-18.xml b/metadata/glsa/glsa-201209-18.xml
new file mode 100644
index 000000000000..d29210c30812
--- /dev/null
+++ b/metadata/glsa/glsa-201209-18.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-18">
+  <title>Postfixadmin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Postfixadmin which may
+    lead to SQL injection or cross-site scripting attacks.
+  </synopsis>
+  <product type="ebuild">postfixadmin</product>
+  <announced>2012-09-27</announced>
+  <revised count="1">2012-09-27</revised>
+  <bug>400971</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/postfixadmin" auto="yes" arch="*">
+      <unaffected range="ge">2.3.5</unaffected>
+      <vulnerable range="lt">2.3.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Postfixadmin is a web-based management tool for Postfix-style virtual
+      domains and users.
+    </p>
+  </background>
+  <description>
+    <p>Multiple SQL injection vulnerabilities (CVE-2012-0811) and cross-site
+      scripting vulnerabilities (CVE-2012-0812) have been found in
+      Postfixadmin.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit these vulnerabilities to execute
+      arbitrary SQL statements or arbitrary HTML and script code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Postfixadmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/postfixadmin-2.3.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0811">CVE-2012-0811</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0812">CVE-2012-0812</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-14T16:01:37Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-09-27T11:52:28Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-19.xml b/metadata/glsa/glsa-201209-19.xml
new file mode 100644
index 000000000000..9c71537dfe74
--- /dev/null
+++ b/metadata/glsa/glsa-201209-19.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-19">
+  <title>NUT: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in NUT might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">nut</product>
+  <announced>2012-09-27</announced>
+  <revised count="1">2012-09-27</revised>
+  <bug>419377</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-power/nut" auto="yes" arch="*">
+      <unaffected range="ge">2.6.3</unaffected>
+      <vulnerable range="lt">2.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Network UPS Tools (NUT) provide support for power devices.</p>
+  </background>
+  <description>
+    <p>An error in the addchar() function in parseconf.c may cause a buffer
+      overflow.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted string to upsd,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NUT users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-power/nut-2.6.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2944">CVE-2012-2944</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-20T13:16:15Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-27T19:53:02Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-20.xml b/metadata/glsa/glsa-201209-20.xml
new file mode 100644
index 000000000000..69c91c77d8ec
--- /dev/null
+++ b/metadata/glsa/glsa-201209-20.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-20">
+  <title>mod_rpaf: Denial of service</title>
+  <synopsis>A vulnerability in mod_rpaf may result in Denial of Service.</synopsis>
+  <product type="ebuild">mod_rpaf</product>
+  <announced>2012-09-27</announced>
+  <revised count="1">2012-09-27</revised>
+  <bug>432406</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_rpaf" auto="yes" arch="*">
+      <unaffected range="ge">0.6</unaffected>
+      <vulnerable range="lt">0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mod_rpaf is a reverse proxy add forward module for backend Apache
+      servers.
+    </p>
+  </background>
+  <description>
+    <p>An error has been found in the way mod_rpaf handles X-Forwarded-For
+      headers. Please review the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted HTTP header, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mod_rpaf users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_rpaf-0.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3526">CVE-2012-3526</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-19T10:41:24Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-27T19:53:08Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-21.xml b/metadata/glsa/glsa-201209-21.xml
new file mode 100644
index 000000000000..7a7530c144a1
--- /dev/null
+++ b/metadata/glsa/glsa-201209-21.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-21">
+  <title>fastjar: Directory traversal</title>
+  <synopsis>Two directory traversal vulnerabilities have been found in fastjar,
+    allowing remote attackers to create or overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">fastjar</product>
+  <announced>2012-09-28</announced>
+  <revised count="1">2012-09-28</revised>
+  <bug>325557</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/fastjar" auto="yes" arch="*">
+      <unaffected range="ge">0.98-r1</unaffected>
+      <vulnerable range="lt">0.98-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>fastjar is a Java archiver written in C.</p>
+  </background>
+  <description>
+    <p>Two directory traversal vulnerabilities have been discovered in fastjar.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted JAR
+      file, possibly resulting in the creation or truncation of arbitrary
+      files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All fastjar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/fastjar-0.98-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0831">CVE-2010-0831</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2322">CVE-2010-2322</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:29Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2012-09-28T00:34:46Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-22.xml b/metadata/glsa/glsa-201209-22.xml
new file mode 100644
index 000000000000..7b2b35b9d8bd
--- /dev/null
+++ b/metadata/glsa/glsa-201209-22.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-22">
+  <title>libgssglue: Privilege escalation</title>
+  <synopsis>A vulnerability in libgssglue may allow a local attacker to gain
+    escalated privileges.
+  </synopsis>
+  <product type="ebuild">libgssglue</product>
+  <announced>2012-09-28</announced>
+  <revised count="1">2012-09-28</revised>
+  <bug>385321</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-libs/libgssglue" auto="yes" arch="*">
+      <unaffected range="ge">0.4</unaffected>
+      <vulnerable range="lt">0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libgssglue exports a GSSAPI interface which calls other random GSSAPI
+      libraries.
+    </p>
+  </background>
+  <description>
+    <p>libgssglue does not securely use getenv() when loading a library for a
+      setuid application.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libgssglue users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libgssglue-0.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2709">CVE-2011-2709</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-09T12:06:10Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-09-28T00:34:59Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-23.xml b/metadata/glsa/glsa-201209-23.xml
new file mode 100644
index 000000000000..abba53a99d11
--- /dev/null
+++ b/metadata/glsa/glsa-201209-23.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-23">
+  <title>GIMP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GIMP, the worst of
+    which allow execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">gimp</product>
+  <announced>2012-09-28</announced>
+  <revised count="1">2012-09-28</revised>
+  <bug>293127</bug>
+  <bug>350915</bug>
+  <bug>372975</bug>
+  <bug>379289</bug>
+  <bug>418425</bug>
+  <bug>432582</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gimp" auto="yes" arch="*">
+      <unaffected range="ge">2.6.12-r2</unaffected>
+      <vulnerable range="lt">2.6.12-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GIMP is the GNU Image Manipulation Program.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GIMP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GIMP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/gimp-2.6.12-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1570">CVE-2009-1570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3909">CVE-2009-3909</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4540">CVE-2010-4540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4541">CVE-2010-4541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4542">CVE-2010-4542</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4543">CVE-2010-4543</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1178">CVE-2011-1178</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2896">CVE-2011-2896</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2763">CVE-2012-2763</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3402">CVE-2012-3402</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:15Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2012-09-28T11:27:42Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-24.xml b/metadata/glsa/glsa-201209-24.xml
new file mode 100644
index 000000000000..2d9fcdcc3456
--- /dev/null
+++ b/metadata/glsa/glsa-201209-24.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-24">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL which may
+    allow a remote attacker to conduct several attacks.
+    
+  </synopsis>
+  <product type="ebuild">PostgreSQL</product>
+  <announced>2012-09-28</announced>
+  <revised count="2">2014-01-20</revised>
+  <bug>406037</bug>
+  <bug>419727</bug>
+  <bug>431766</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql-server" auto="yes" arch="*">
+      <unaffected range="ge">9.1.5</unaffected>
+      <unaffected range="rge">9.0.9</unaffected>
+      <unaffected range="rge">8.4.13</unaffected>
+      <unaffected range="rge">8.3.20</unaffected>
+      <unaffected range="rge">8.4.17</unaffected>
+      <unaffected range="rge">8.4.19</unaffected>
+      <unaffected range="rge">9.0.13</unaffected>
+      <unaffected range="rge">9.0.14</unaffected>
+      <unaffected range="rge">9.0.15</unaffected>
+      <unaffected range="rge">8.4.14</unaffected>
+      <unaffected range="rge">8.4.15</unaffected>
+      <unaffected range="rge">8.4.16</unaffected>
+      <unaffected range="rge">9.0.16</unaffected>
+      <unaffected range="rge">9.0.17</unaffected>
+      <vulnerable range="lt">9.1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could spoof SSL connections. Furthermore, a remote
+      authenticated attacker could cause a Denial of Service, read and write
+      arbitrary files, inject SQL commands into dump scripts, or bypass
+      database restrictions to execute database functions.
+    </p>
+    
+    <p>A context-dependent attacker could more easily obtain access via
+      authentication attempts with an initial substring of the intended
+      password. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.1 server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-9.1.5"
+    </code>
+    
+    <p>All PostgreSQL 9.0 server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-9.0.9"
+    </code>
+    
+    <p>All PostgreSQL 8.4 server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-8.4.13"
+    </code>
+    
+    <p>All PostgreSQL 8.3 server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-8.3.20"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0866">CVE-2012-0866</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0867">CVE-2012-0867</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0868">CVE-2012-0868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143">CVE-2012-2143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2655">CVE-2012-2655</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3488">CVE-2012-3488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3489">CVE-2012-3489</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-04-08T15:26:13Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-20T09:36:28Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201209-25.xml b/metadata/glsa/glsa-201209-25.xml
new file mode 100644
index 000000000000..de327b0c48e2
--- /dev/null
+++ b/metadata/glsa/glsa-201209-25.xml
@@ -0,0 +1,209 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201209-25">
+  <title>VMware Player, Server, Workstation: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VMware Player, Server,
+    and Workstation, allowing remote and local attackers to conduct several
+    attacks, including privilege escalation, remote execution of arbitrary
+    code, and a Denial of Service.
+  </synopsis>
+  <product type="ebuild">vmware-server vmware-player vmware-workstation</product>
+  <announced>2012-09-29</announced>
+  <revised count="2">2012-09-29</revised>
+  <bug>213548</bug>
+  <bug>224637</bug>
+  <bug>236167</bug>
+  <bug>245941</bug>
+  <bug>265139</bug>
+  <bug>282213</bug>
+  <bug>297367</bug>
+  <bug>335866</bug>
+  <bug>385727</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/vmware-player" auto="yes" arch="*">
+      <vulnerable range="le">2.5.5.328052</vulnerable>
+    </package>
+    <package name="app-emulation/vmware-workstation" auto="yes" arch="*">
+      <vulnerable range="le">6.5.5.328052</vulnerable>
+    </package>
+    <package name="app-emulation/vmware-server" auto="yes" arch="*">
+      <vulnerable range="le">1.0.9.156507</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VMware Player, Server, and Workstation allow emulation of a complete PC
+      on a PC without the usual performance overhead of most emulators.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VMware Player, Server,
+      and Workstation. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Local users may be able to gain escalated privileges, cause a Denial of
+      Service, or gain sensitive information. 
+    </p>
+    
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in the remote execution of arbitrary code, or a Denial
+      of Service. Remote attackers also may be able to spoof DNS traffic, read
+      arbitrary files, or inject arbitrary web script to the VMware Server
+      Console. 
+    </p>
+    
+    <p>Furthermore, guest OS users may be able to execute arbitrary code on the
+      host OS, gain escalated privileges on the guest OS, or cause a Denial of
+      Service (crash the host OS).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo discontinued support for VMware Player. We recommend that users
+      unmerge VMware Player:
+    </p>
+    
+    <code>
+      # emerge --unmerge "app-emulation/vmware-player"
+    </code>
+    
+    <p>NOTE: Users could upgrade to
+      “&gt;=app-emulation/vmware-player-3.1.5”, however these packages are
+      not currently stable.
+    </p>
+    
+    <p>Gentoo discontinued support for VMware Workstation. We recommend that
+      users unmerge VMware Workstation:
+    </p>
+    
+    <code>
+      # emerge --unmerge "app-emulation/vmware-workstation"
+    </code>
+    
+    <p>NOTE: Users could upgrade to
+      “&gt;=app-emulation/vmware-workstation-7.1.5”, however these packages
+      are not currently stable.
+    </p>
+    
+    <p>Gentoo discontinued support for VMware Server. We recommend that users
+      unmerge VMware Server:
+    </p>
+    
+    <code>
+      # emerge --unmerge "app-emulation/vmware-server"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269">CVE-2007-5269</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503 ">
+      CVE-2007-5503 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671 ">
+      CVE-2007-5671 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967 ">
+      CVE-2008-0967 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340 ">
+      CVE-2008-1340 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361 ">
+      CVE-2008-1361 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362 ">
+      CVE-2008-1362 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363 ">
+      CVE-2008-1363 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364 ">
+      CVE-2008-1364 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392 ">
+      CVE-2008-1392 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447 ">
+      CVE-2008-1447 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806 ">
+      CVE-2008-1806 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807 ">
+      CVE-2008-1807 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808 ">
+      CVE-2008-1808 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 ">
+      CVE-2008-2098 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100 ">
+      CVE-2008-2100 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101 ">
+      CVE-2008-2101 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915 ">
+      CVE-2008-4915 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916 ">
+      CVE-2008-4916 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917 ">
+      CVE-2008-4917 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 ">
+      CVE-2009-0040 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909 ">
+      CVE-2009-0909 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910 ">
+      CVE-2009-0910 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244">CVE-2009-1244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267 ">
+      CVE-2009-2267 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707 ">
+      CVE-2009-3707 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732 ">
+      CVE-2009-3732 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733 ">
+      CVE-2009-3733 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811 ">
+      CVE-2009-4811 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137 ">
+      CVE-2010-1137 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138 ">
+      CVE-2010-1138 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139 ">
+      CVE-2010-1139 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140 ">
+      CVE-2010-1140 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141 ">
+      CVE-2010-1141 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142 ">
+      CVE-2010-1142 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143 ">
+      CVE-2010-1143 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868">CVE-2011-3868</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:01Z">system</metadata>
+  <metadata tag="submitter" timestamp="2012-09-29T13:12:45Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201210-01.xml b/metadata/glsa/glsa-201210-01.xml
new file mode 100644
index 000000000000..f7415a40438b
--- /dev/null
+++ b/metadata/glsa/glsa-201210-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201210-01">
+  <title>w3m: SSL spoofing vulnerability</title>
+  <synopsis>An error in the hostname matching of w3m might enable remote
+    attackers to conduct man-in-the-middle attacks. 
+  </synopsis>
+  <product type="ebuild">w3m</product>
+  <announced>2012-10-18</announced>
+  <revised count="1">2012-10-18</revised>
+  <bug>325431</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/w3m" auto="yes" arch="*">
+      <unaffected range="ge">0.5.2-r4</unaffected>
+      <vulnerable range="lt">0.5.2-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>w3m is a text based WWW browser.</p>
+  </background>
+  <description>
+    <p>A SSL spoofing vulnerability has been discovered in w3m. Please review
+      the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might employ a specially crafted certificate to
+      conduct man-in-the-middle attacks on SSL connections made using w3m. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All w3m users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/w3m-0.5.2-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2074">CVE-2010-2074</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:00Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2012-10-18T20:42:33Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201210-02.xml b/metadata/glsa/glsa-201210-02.xml
new file mode 100644
index 000000000000..e95c2baa20e9
--- /dev/null
+++ b/metadata/glsa/glsa-201210-02.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201210-02">
+  <title>MoinMoin: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in MoinMoin, the worst of
+    which allowing for injection of arbitrary web script or HTML.
+  </synopsis>
+  <product type="ebuild">MoinMoin</product>
+  <announced>2012-10-18</announced>
+  <revised count="1">2012-10-18</revised>
+  <bug>305663</bug>
+  <bug>339295</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/moinmoin" auto="yes" arch="*">
+      <unaffected range="ge">1.9.4</unaffected>
+      <vulnerable range="lt">1.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MoinMoin is a Python WikiEngine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MoinMoin. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>These vulnerabilities in MoinMoin allow remote users to inject arbitrary
+      web script or HTML, to obtain sensitive information and to bypass the
+      textcha protection mechanism. There are several other unknown impacts and
+      attack vectors.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MoinMoin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/moinmoin-1.9.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0668">CVE-2010-0668</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0669">CVE-2010-0669</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0717">CVE-2010-0717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0828">CVE-2010-0828</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1238">CVE-2010-1238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2487">CVE-2010-2487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2969">CVE-2010-2969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2970">CVE-2010-2970</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1058">CVE-2011-1058</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:36:59Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2012-10-18T20:46:53Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201210-03.xml b/metadata/glsa/glsa-201210-03.xml
new file mode 100644
index 000000000000..fb68a508cf58
--- /dev/null
+++ b/metadata/glsa/glsa-201210-03.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201210-03">
+  <title>rdesktop: Directory Traversal</title>
+  <synopsis>A vulnerability which allows a remote attacking server to read or
+    overwrite arbitrary files has been found in rdesktop.
+  </synopsis>
+  <product type="ebuild">rdesktop</product>
+  <announced>2012-10-18</announced>
+  <revised count="1">2012-10-18</revised>
+  <bug>364191</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rdesktop" auto="yes" arch="*">
+      <unaffected range="ge">1.7.0</unaffected>
+      <vulnerable range="lt">1.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>rdesktop is a Remote Desktop Protocol (RDP) Client.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in rdesktop. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote RDP servers may be able to read or overwrite arbitrary files via
+      a .. (dot dot) in a pathname.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rdesktop users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rdesktop-1.7.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1595">CVE-2011-1595</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:09Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-10-18T20:47:56Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201210-04.xml b/metadata/glsa/glsa-201210-04.xml
new file mode 100644
index 000000000000..34534b1d8067
--- /dev/null
+++ b/metadata/glsa/glsa-201210-04.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201210-04">
+  <title>qemu-kvm: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in qemu-kvm, allowing attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ebuild</product>
+  <announced>2012-10-18</announced>
+  <revised count="1">2012-10-18</revised>
+  <bug>364889</bug>
+  <bug>365259</bug>
+  <bug>372411</bug>
+  <bug>373997</bug>
+  <bug>400595</bug>
+  <bug>430456</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/qemu-kvm" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1-r1</unaffected>
+      <vulnerable range="lt">1.1.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>qemu-kvm provides QEMU and Kernel-based Virtual Machine userland tools.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in qemu-kvm. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>These vulnerabilities allow a remote attacker to cause a Denial of
+      Service condition on the host server or qemu process, might allow for
+      arbitrary code execution or a symlink attack when qemu-kvm is in snapshot
+      mode.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All qemu-kvm users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-kvm-1.1.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1750">CVE-2011-1750</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1751">CVE-2011-1751</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2212">CVE-2011-2212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2512">CVE-2011-2512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0029">CVE-2012-0029</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2652">CVE-2012-2652</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:53Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2012-10-18T20:48:30Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201210-05.xml b/metadata/glsa/glsa-201210-05.xml
new file mode 100644
index 000000000000..ecd0563c4c8e
--- /dev/null
+++ b/metadata/glsa/glsa-201210-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201210-05">
+  <title>Bash: Multiple vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been found in Bash, the worst of which may
+    allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">bash</product>
+  <announced>2012-10-20</announced>
+  <revised count="1">2012-10-20</revised>
+  <bug>251319</bug>
+  <bug>431850</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-shells/bash" auto="yes" arch="*">
+      <unaffected range="ge">4.2_p37</unaffected>
+      <vulnerable range="lt">4.2_p37</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bash is the standard GNU Bourne Again SHell. </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in Bash:</p>
+    
+    <ul>
+      <li>Bash example scripts do not handle temporary files securely
+        (CVE-2008-5374).
+      </li>
+      <li>Improper bounds checking in Bash could cause a stack-based buffer
+        overflow (CVE-2012-3410).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted Bash
+      script, possibly resulting in execution of arbitrary code with the
+      privileges of the process, or a Denial of Service condition of the Bash
+      executable. 
+    </p>
+    
+    <p>A local attacker may be able to perform symlink attacks to overwrite
+      arbitrary files with the privileges of the user running the application
+      or bypass shell access restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.2_p37"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5374">CVE-2008-5374</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3410">CVE-2012-3410</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-04T16:02:06Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-10-20T00:12:47Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201210-06.xml b/metadata/glsa/glsa-201210-06.xml
new file mode 100644
index 000000000000..2cec9b05e9fa
--- /dev/null
+++ b/metadata/glsa/glsa-201210-06.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201210-06">
+  <title>Libav: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Libav, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">libav</product>
+  <announced>2012-10-20</announced>
+  <revised count="1">2012-10-20</revised>
+  <bug>408555</bug>
+  <bug>422537</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/libav" auto="yes" arch="*">
+      <unaffected range="ge">0.8.3</unaffected>
+      <vulnerable range="lt">0.8.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libav is a complete solution to record, convert and stream audio and
+      video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Libav. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file in an application linked against Libav, possibly resulting in
+      execution of arbitrary code with the privileges of the application or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/libav-0.8.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929">CVE-2011-3929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936">CVE-2011-3936</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3937">CVE-2011-3937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3937">CVE-2011-3937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940">CVE-2011-3940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945">CVE-2011-3945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947">CVE-2011-3947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951">CVE-2011-3951</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952">CVE-2011-3952</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0848">CVE-2012-0848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0851">CVE-2012-0851</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0852">CVE-2012-0852</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0853">CVE-2012-0853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0858">CVE-2012-0858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947">CVE-2012-0947</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-05-01T20:28:38Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2012-10-20T00:14:06Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201210-07.xml b/metadata/glsa/glsa-201210-07.xml
new file mode 100644
index 000000000000..b35728407beb
--- /dev/null
+++ b/metadata/glsa/glsa-201210-07.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201210-07">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium, some of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2012-10-21</announced>
+  <revised count="1">2012-10-21</revised>
+  <bug>433551</bug>
+  <bug>436234</bug>
+  <bug>437664</bug>
+  <bug>437984</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">22.0.1229.94</unaffected>
+      <vulnerable range="lt">22.0.1229.94</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers and release notes referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      site using Chromium, possibly resulting in the execution of arbitrary
+      code with the privileges of the process, arbitrary file write, a Denial
+      of Service condition, Cross-Site Scripting in SSL interstitial and
+      various Universal Cross-Site Scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-22.0.1229.94"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859">CVE-2012-2859</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860">CVE-2012-2860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2865">CVE-2012-2865</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2866">CVE-2012-2866</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2867">CVE-2012-2867</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2868">CVE-2012-2868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2869">CVE-2012-2869</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2872">CVE-2012-2872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2874">CVE-2012-2874</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2876">CVE-2012-2876</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2877">CVE-2012-2877</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2878">CVE-2012-2878</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2879">CVE-2012-2879</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2880">CVE-2012-2880</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2881">CVE-2012-2881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2882">CVE-2012-2882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2883">CVE-2012-2883</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2884">CVE-2012-2884</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2885">CVE-2012-2885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2886">CVE-2012-2886</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2887">CVE-2012-2887</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2888">CVE-2012-2888</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2889">CVE-2012-2889</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2891">CVE-2012-2891</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2892">CVE-2012-2892</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2894">CVE-2012-2894</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2896">CVE-2012-2896</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2900">CVE-2012-2900</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5108">CVE-2012-5108</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5110">CVE-2012-5110</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5111">CVE-2012-5111</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5112">CVE-2012-5112</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5376">CVE-2012-5376</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html">
+      Release Notes 21.0.1180.89
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html">
+      Release Notes 22.0.1229.79
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html">
+      Release Notes 22.0.1229.92
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html">
+      Release Notes 22.0.1229.94
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-06T13:01:44Z">
+    phajdan.jr
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-10-21T15:03:00Z">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201211-01.xml b/metadata/glsa/glsa-201211-01.xml
new file mode 100644
index 000000000000..3ce37c496569
--- /dev/null
+++ b/metadata/glsa/glsa-201211-01.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201211-01">
+  <title>MantisBT: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MantisBT, the worst of
+    which allowing for local file inclusion.
+  </synopsis>
+  <product type="ebuild">MantisBT</product>
+  <announced>2012-11-08</announced>
+  <revised count="1">2012-11-08</revised>
+  <bug>348761</bug>
+  <bug>381417</bug>
+  <bug>386153</bug>
+  <bug>407121</bug>
+  <bug>420375</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mantisbt" auto="yes" arch="*">
+      <unaffected range="ge">1.2.11</unaffected>
+      <vulnerable range="lt">1.2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MantisBT is a PHP/MySQL/Web based bugtracking system.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MantisBT. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit these vulnerabilities to conduct
+      directory traversal attacks, disclose the contents of local files, inject
+      arbitrary web scripts, obtain sensitive information, bypass
+      authentication and intended access restrictions, or manipulate bugs and
+      attachments.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MantisBT users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mantisbt-1.2.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303">CVE-2010-3303</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763">CVE-2010-3763</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348">CVE-2010-4348</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349">CVE-2010-4349</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350">CVE-2010-4350</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2938">CVE-2011-2938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3356">CVE-2011-3356</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3357">CVE-2011-3357</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3358">CVE-2011-3358</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3578">CVE-2011-3578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3755">CVE-2011-3755</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1118">CVE-2012-1118</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1119">CVE-2012-1119</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1120">CVE-2012-1120</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1121">CVE-2012-1121</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1122">CVE-2012-1122</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1123">CVE-2012-1123</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2691">CVE-2012-2691</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2692">CVE-2012-2692</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:13Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2012-11-08T10:37:33Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201301-01.xml b/metadata/glsa/glsa-201301-01.xml
new file mode 100644
index 000000000000..d3c323790b89
--- /dev/null
+++ b/metadata/glsa/glsa-201301-01.xml
@@ -0,0 +1,1245 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201301-01">
+  <title>Mozilla Products: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox,
+    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
+    allow execution of arbitrary code or local privilege escalation.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2013-01-08</announced>
+  <revised count="1">2013-01-08</revised>
+  <bug>180159</bug>
+  <bug>181361</bug>
+  <bug>207261</bug>
+  <bug>238535</bug>
+  <bug>246602</bug>
+  <bug>251322</bug>
+  <bug>255221</bug>
+  <bug>255234</bug>
+  <bug>255687</bug>
+  <bug>257577</bug>
+  <bug>260062</bug>
+  <bug>261386</bug>
+  <bug>262704</bug>
+  <bug>267234</bug>
+  <bug>273918</bug>
+  <bug>277752</bug>
+  <bug>280226</bug>
+  <bug>280234</bug>
+  <bug>280393</bug>
+  <bug>282549</bug>
+  <bug>284439</bug>
+  <bug>286721</bug>
+  <bug>290892</bug>
+  <bug>292034</bug>
+  <bug>297532</bug>
+  <bug>305689</bug>
+  <bug>307045</bug>
+  <bug>311021</bug>
+  <bug>312361</bug>
+  <bug>312645</bug>
+  <bug>312651</bug>
+  <bug>312675</bug>
+  <bug>312679</bug>
+  <bug>312763</bug>
+  <bug>313003</bug>
+  <bug>324735</bug>
+  <bug>326341</bug>
+  <bug>329279</bug>
+  <bug>336396</bug>
+  <bug>341821</bug>
+  <bug>342847</bug>
+  <bug>348316</bug>
+  <bug>357057</bug>
+  <bug>360055</bug>
+  <bug>360315</bug>
+  <bug>365323</bug>
+  <bug>373595</bug>
+  <bug>379549</bug>
+  <bug>381245</bug>
+  <bug>388045</bug>
+  <bug>390771</bug>
+  <bug>395431</bug>
+  <bug>401701</bug>
+  <bug>403183</bug>
+  <bug>404437</bug>
+  <bug>408161</bug>
+  <bug>413657</bug>
+  <bug>419917</bug>
+  <bug>427224</bug>
+  <bug>433383</bug>
+  <bug>437780</bug>
+  <bug>439586</bug>
+  <bug>439960</bug>
+  <bug>444318</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">10.0.11</unaffected>
+      <vulnerable range="lt">10.0.11</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">10.0.11</unaffected>
+      <vulnerable range="lt">10.0.11</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">10.0.11</unaffected>
+      <vulnerable range="lt">10.0.11</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">10.0.11</unaffected>
+      <vulnerable range="lt">10.0.11</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">2.14-r1</unaffected>
+      <vulnerable range="lt">2.14-r1</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.14</unaffected>
+      <vulnerable range="lt">2.14</vulnerable>
+    </package>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.14</unaffected>
+      <vulnerable range="lt">3.14</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <vulnerable range="le">3.6.8</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <vulnerable range="le">3.5.6</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*">
+      <vulnerable range="le">3.0.4-r1</vulnerable>
+    </package>
+    <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*">
+      <vulnerable range="le">3.0</vulnerable>
+    </package>
+    <package name="www-client/icecat" auto="yes" arch="*">
+      <vulnerable range="le">10.0-r1</vulnerable>
+    </package>
+    <package name="net-libs/xulrunner" auto="yes" arch="*">
+      <vulnerable range="le">2.0-r1</vulnerable>
+    </package>
+    <package name="net-libs/xulrunner-bin" auto="yes" arch="*">
+      <vulnerable range="le">1.8.1.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an
+      open-source email client, both from the Mozilla Project. The SeaMonkey
+      project is a community effort to deliver production-quality releases of
+      code derived from the application formerly known as the ‘Mozilla
+      Application Suite’. XULRunner is a Mozilla runtime package that can be
+      used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird.
+      NSS is Mozilla’s Network Security Services library that implements PKI
+      support. IceCat is the GNU version of Firefox.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox,
+      Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page or email, possibly resulting in execution of arbitrary code or a
+      Denial of Service condition. Furthermore, a remote attacker may be able
+      to perform Man-in-the-Middle attacks, obtain sensitive information,
+      bypass restrictions and protection mechanisms, force file downloads,
+      conduct XML injection attacks, conduct XSS attacks, bypass the Same
+      Origin Policy, spoof URL’s for phishing attacks, trigger a vertical
+      scroll, spoof the location bar, spoof an SSL indicator, modify the
+      browser’s font, conduct clickjacking attacks, or have other unspecified
+      impact.
+    </p>
+    
+    <p>A local attacker could gain escalated privileges, obtain sensitive
+      information, or replace an arbitrary downloaded file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-10.0.11"
+    </code>
+    
+    <p>All users of the Mozilla Firefox binary package should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-10.0.11"
+    </code>
+    
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-10.0.11"
+    </code>
+    
+    <p>All users of the Mozilla Thunderbird binary package should upgrade to
+      the latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-10.0.11"
+    </code>
+    
+    <p>All Mozilla SeaMonkey users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-2.14-r1"
+    </code>
+    
+    <p>All users of the Mozilla SeaMonkey binary package should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-2.14"
+    </code>
+    
+    <p>All NSS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.14"
+    </code>
+    
+    <p>The “www-client/mozilla-firefox” package has been merged into the
+      “www-client/firefox” package. To upgrade, please unmerge
+      “www-client/mozilla-firefox” and then emerge the latest
+      “www-client/firefox” package:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --unmerge "www-client/mozilla-firefox"
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-10.0.11"
+    </code>
+    
+    <p>The “www-client/mozilla-firefox-bin” package has been merged into
+      the “www-client/firefox-bin” package. To upgrade, please unmerge
+      “www-client/mozilla-firefox-bin” and then emerge the latest
+      “www-client/firefox-bin” package:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --unmerge "www-client/mozilla-firefox-bin"
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-10.0.11"
+    </code>
+    
+    <p>The “mail-client/mozilla-thunderbird” package has been merged into
+      the “mail-client/thunderbird” package. To upgrade, please unmerge
+      “mail-client/mozilla-thunderbird” and then emerge the latest
+      “mail-client/thunderbird” package:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --unmerge "mail-client/mozilla-thunderbird"
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-10.0.11"
+    </code>
+    
+    <p>The “mail-client/mozilla-thunderbird-bin” package has been merged
+      into the “mail-client/thunderbird-bin” package. To upgrade, please
+      unmerge “mail-client/mozilla-thunderbird-bin” and then emerge the
+      latest “mail-client/thunderbird-bin” package:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --unmerge "mail-client/mozilla-thunderbird-bin"
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-10.0.11"
+    </code>
+    
+    <p>Gentoo discontinued support for GNU IceCat. We recommend that users
+      unmerge GNU IceCat:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-client/icecat"
+    </code>
+    
+    <p>Gentoo discontinued support for XULRunner. We recommend that users
+      unmerge XULRunner:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-libs/xulrunner"
+    </code>
+    
+    <p>Gentoo discontinued support for the XULRunner binary package. We
+      recommend that users unmerge XULRunner:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-libs/xulrunner-bin"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101">
+      CVE-2011-3101
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436">CVE-2007-2436
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437">CVE-2007-2437
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671">CVE-2007-2671</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073">CVE-2007-3073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016">CVE-2008-0016
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017">CVE-2008-0017
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367">CVE-2008-0367</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835">CVE-2008-3835
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836">CVE-2008-3836
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837">CVE-2008-3837
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058">CVE-2008-4058
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059">CVE-2008-4059
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060">CVE-2008-4060
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061">CVE-2008-4061
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062">CVE-2008-4062
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063">CVE-2008-4063
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064">CVE-2008-4064
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065">CVE-2008-4065
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066">CVE-2008-4066
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067">CVE-2008-4067
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068">CVE-2008-4068
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069">CVE-2008-4069
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070">CVE-2008-4070
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582">CVE-2008-4582
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012">CVE-2008-5012
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013">CVE-2008-5013
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014">CVE-2008-5014
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015">CVE-2008-5015
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016">CVE-2008-5016
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017">CVE-2008-5017
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018">CVE-2008-5018
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019">CVE-2008-5019
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021">CVE-2008-5021
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022">CVE-2008-5022
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023">CVE-2008-5023
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024">CVE-2008-5024
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052">CVE-2008-5052
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500">CVE-2008-5500
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501">CVE-2008-5501
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502">CVE-2008-5502
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503">CVE-2008-5503
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504">CVE-2008-5504
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505">CVE-2008-5505
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506">CVE-2008-5506
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507">CVE-2008-5507
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508">CVE-2008-5508
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510">CVE-2008-5510
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511">CVE-2008-5511
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512">CVE-2008-5512
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513">CVE-2008-5513
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822">CVE-2008-5822
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913">CVE-2008-5913
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961">CVE-2008-6961
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071">CVE-2009-0071
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071">CVE-2009-0071
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352">CVE-2009-0352
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353">CVE-2009-0353
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354">CVE-2009-0354
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355">CVE-2009-0355
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356">CVE-2009-0356
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357">CVE-2009-0357
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358">CVE-2009-0358
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652">CVE-2009-0652
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771">CVE-2009-0771
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772">CVE-2009-0772
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773">CVE-2009-0773
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774">CVE-2009-0774
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775">CVE-2009-0775
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776">CVE-2009-0776
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777">CVE-2009-0777
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044">CVE-2009-1044
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169">CVE-2009-1169
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302">CVE-2009-1302
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303">CVE-2009-1303
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304">CVE-2009-1304
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305">CVE-2009-1305
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306">CVE-2009-1306
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307">CVE-2009-1307
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308">CVE-2009-1308
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309">CVE-2009-1309
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310">CVE-2009-1310
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311">CVE-2009-1311
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312">CVE-2009-1312
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313">CVE-2009-1313
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392">CVE-2009-1392
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563">CVE-2009-1563
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571">CVE-2009-1571
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828">CVE-2009-1828
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832">CVE-2009-1832
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833">CVE-2009-1833
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834">CVE-2009-1834
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835">CVE-2009-1835
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836">CVE-2009-1836
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837">CVE-2009-1837
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838">CVE-2009-1838
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839">CVE-2009-1839
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840">CVE-2009-1840
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841">CVE-2009-1841
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043">CVE-2009-2043
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044">CVE-2009-2044
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061">CVE-2009-2061
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065">CVE-2009-2065
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210">CVE-2009-2210
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404">CVE-2009-2404
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408">CVE-2009-2408
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462">CVE-2009-2462
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463">CVE-2009-2463
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464">CVE-2009-2464
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465">CVE-2009-2465
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466">CVE-2009-2466
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467">CVE-2009-2467
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469">CVE-2009-2469
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470">CVE-2009-2470
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471">CVE-2009-2471
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472">CVE-2009-2472
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477">CVE-2009-2477
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478">CVE-2009-2478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479">CVE-2009-2479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535">CVE-2009-2535
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654">CVE-2009-2654
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662">CVE-2009-2662
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664">CVE-2009-2664
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665">CVE-2009-2665
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069">CVE-2009-3069
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070">CVE-2009-3070
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071">CVE-2009-3071
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072">CVE-2009-3072
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074">CVE-2009-3074
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075">CVE-2009-3075
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076">CVE-2009-3076
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077">CVE-2009-3077
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078">CVE-2009-3078
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079">CVE-2009-3079
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274">CVE-2009-3274
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371">CVE-2009-3371
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372">CVE-2009-3372
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373">CVE-2009-3373
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374">CVE-2009-3374
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375">CVE-2009-3375
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376">CVE-2009-3376
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377">CVE-2009-3377
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378">CVE-2009-3378
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379">CVE-2009-3379
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380">CVE-2009-3380
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381">CVE-2009-3381
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382">CVE-2009-3382
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383">CVE-2009-3383
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388">CVE-2009-3388
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389">CVE-2009-3389
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555">CVE-2009-3555
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978">CVE-2009-3978
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979">CVE-2009-3979
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980">CVE-2009-3980
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981">CVE-2009-3981
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982">CVE-2009-3982
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983">CVE-2009-3983
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984">CVE-2009-3984
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985">CVE-2009-3985
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986">CVE-2009-3986
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987">CVE-2009-3987
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988">CVE-2009-3988
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159">CVE-2010-0159
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160">CVE-2010-0160
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162">CVE-2010-0162
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163">CVE-2010-0163
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164">CVE-2010-0164
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165">CVE-2010-0165
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166">CVE-2010-0166
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167">CVE-2010-0167
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167">CVE-2010-0167
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168">CVE-2010-0168
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169">CVE-2010-0169
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169">CVE-2010-0169
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170">CVE-2010-0170
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171">CVE-2010-0171
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171">CVE-2010-0171
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172">CVE-2010-0172
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173">CVE-2010-0173
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174">CVE-2010-0174
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174">CVE-2010-0174
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175">CVE-2010-0175
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175">CVE-2010-0175
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176">CVE-2010-0176
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176">CVE-2010-0176
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177">CVE-2010-0177
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178">CVE-2010-0178
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179">CVE-2010-0179
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181">CVE-2010-0181
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182">CVE-2010-0182
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183">CVE-2010-0183
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220">CVE-2010-0220
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648">CVE-2010-0648
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654">CVE-2010-0654
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028">CVE-2010-1028
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121">CVE-2010-1121
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125">CVE-2010-1125
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196">CVE-2010-1196
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197">CVE-2010-1197
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198">CVE-2010-1198
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199">CVE-2010-1199
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200">CVE-2010-1200
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201">CVE-2010-1201
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202">CVE-2010-1202
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203">CVE-2010-1203
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205">CVE-2010-1205
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206">CVE-2010-1206
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207">CVE-2010-1207
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208">CVE-2010-1208
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209">CVE-2010-1209
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210">CVE-2010-1210
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211">CVE-2010-1211
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212">CVE-2010-1212
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213">CVE-2010-1213
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214">CVE-2010-1214
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215">CVE-2010-1215
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585">CVE-2010-1585
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751">CVE-2010-2751
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752">CVE-2010-2752
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753">CVE-2010-2753
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754">CVE-2010-2754
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755">CVE-2010-2755
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760">CVE-2010-2760
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762">CVE-2010-2762
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763">CVE-2010-2763
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764">CVE-2010-2764
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765">CVE-2010-2765
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766">CVE-2010-2766
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767">CVE-2010-2767
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768">CVE-2010-2768
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769">CVE-2010-2769
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770">CVE-2010-2770
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131">CVE-2010-3131
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166">CVE-2010-3166
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167">CVE-2010-3167
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168">CVE-2010-3168
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169">CVE-2010-3169
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170">CVE-2010-3170
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171">CVE-2010-3171
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173">CVE-2010-3173
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174">CVE-2010-3174
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175">CVE-2010-3175
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176">CVE-2010-3176
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177">CVE-2010-3177
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178">CVE-2010-3178
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179">CVE-2010-3179
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180">CVE-2010-3180
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182">CVE-2010-3182
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183">CVE-2010-3183
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399">CVE-2010-3399
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400">CVE-2010-3400
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765">CVE-2010-3765</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766">CVE-2010-3766
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767">CVE-2010-3767
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768">CVE-2010-3768
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769">CVE-2010-3769
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770">CVE-2010-3770
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771">CVE-2010-3771
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772">CVE-2010-3772
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773">CVE-2010-3773
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774">CVE-2010-3774
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775">CVE-2010-3775
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776">CVE-2010-3776
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777">CVE-2010-3777
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778">CVE-2010-3778
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508">CVE-2010-4508
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074">CVE-2010-5074
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051">CVE-2011-0051
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053">CVE-2011-0053
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054">CVE-2011-0054
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055">CVE-2011-0055
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056">CVE-2011-0056
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057">CVE-2011-0057
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058">CVE-2011-0058
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059">CVE-2011-0059
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061">CVE-2011-0061
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062">CVE-2011-0062
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065">CVE-2011-0065
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066">CVE-2011-0066
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067">CVE-2011-0067
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068">CVE-2011-0068
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069">CVE-2011-0069
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070">CVE-2011-0070
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071">CVE-2011-0071
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072">CVE-2011-0072
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073">CVE-2011-0073
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074">CVE-2011-0074
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075">CVE-2011-0075
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076">CVE-2011-0076
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077">CVE-2011-0077
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078">CVE-2011-0078
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079">CVE-2011-0079
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080">CVE-2011-0080
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081">CVE-2011-0081
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082">CVE-2011-0082
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083">CVE-2011-0083
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084">CVE-2011-0084
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085">CVE-2011-0085
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187">CVE-2011-1187</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202">CVE-2011-1202
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712">CVE-2011-1712
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362">CVE-2011-2362
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363">CVE-2011-2363
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364">CVE-2011-2364
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365">CVE-2011-2365
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369">CVE-2011-2369
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370">CVE-2011-2370
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371">CVE-2011-2371
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372">CVE-2011-2372
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373">CVE-2011-2373
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374">CVE-2011-2374
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375">CVE-2011-2375
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376">CVE-2011-2376
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377">CVE-2011-2377
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378">CVE-2011-2378
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605">CVE-2011-2605
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980">CVE-2011-2980
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981">CVE-2011-2981
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982">CVE-2011-2982
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983">CVE-2011-2983
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984">CVE-2011-2984
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985">CVE-2011-2985
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986">CVE-2011-2986
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987">CVE-2011-2987
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988">CVE-2011-2988
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989">CVE-2011-2989
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990">CVE-2011-2990
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991">CVE-2011-2991
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993">CVE-2011-2993
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995">CVE-2011-2995
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996">CVE-2011-2996
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997">CVE-2011-2997
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998">CVE-2011-2998
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999">CVE-2011-2999
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000">CVE-2011-3000
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001">CVE-2011-3001
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002">CVE-2011-3002
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003">CVE-2011-3003
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004">CVE-2011-3004
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005">CVE-2011-3005
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026">CVE-2011-3026</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062">CVE-2011-3062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232">CVE-2011-3232
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389">CVE-2011-3389</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640">CVE-2011-3640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647">CVE-2011-3647
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648">CVE-2011-3648
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649">CVE-2011-3649
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650">CVE-2011-3650
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651">CVE-2011-3651
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652">CVE-2011-3652
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653">CVE-2011-3653
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654">CVE-2011-3654
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655">CVE-2011-3655
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658">CVE-2011-3658
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659">CVE-2011-3659
+       
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660">CVE-2011-3660
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661">CVE-2011-3661
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663">CVE-2011-3663
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665">CVE-2011-3665
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670">CVE-2011-3670
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866">CVE-2011-3866
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688">CVE-2011-4688
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441">CVE-2012-0441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442">CVE-2012-0442
+       
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443">CVE-2012-0443
+       
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444">CVE-2012-0444
+       
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445">CVE-2012-0445
+       
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446">CVE-2012-0446
+       
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447">CVE-2012-0447
+       
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449">CVE-2012-0449
+       
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450">CVE-2012-0450
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451">CVE-2012-0451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452">CVE-2012-0452
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455">CVE-2012-0455</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456">CVE-2012-0456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457">CVE-2012-0457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458">CVE-2012-0458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459">CVE-2012-0459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460">CVE-2012-0460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461">CVE-2012-0461</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462">CVE-2012-0462</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463">CVE-2012-0463</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464">CVE-2012-0464</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467">CVE-2012-0467</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468">CVE-2012-0468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469">CVE-2012-0469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470">CVE-2012-0470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471">CVE-2012-0471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473">CVE-2012-0473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474">CVE-2012-0474</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475">CVE-2012-0475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477">CVE-2012-0477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478">CVE-2012-0478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479">CVE-2012-0479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937">CVE-2012-1937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938">CVE-2012-1938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939">CVE-2012-1939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940">CVE-2012-1940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941">CVE-2012-1941</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945">CVE-2012-1945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946">CVE-2012-1946</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947">CVE-2012-1947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948">CVE-2012-1948</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949">CVE-2012-1949</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950">CVE-2012-1950</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951">CVE-2012-1951</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952">CVE-2012-1952</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953">CVE-2012-1953</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954">CVE-2012-1954</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955">CVE-2012-1955</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956">CVE-2012-1956
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957">CVE-2012-1957</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958">CVE-2012-1958</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959">CVE-2012-1959</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960">CVE-2012-1960</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961">CVE-2012-1961</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962">CVE-2012-1962</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963">CVE-2012-1963</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964">CVE-2012-1964</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965">CVE-2012-1965</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966">CVE-2012-1966</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967">CVE-2012-1967</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970">CVE-2012-1970
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971">CVE-2012-1971
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972">CVE-2012-1972
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973">CVE-2012-1973
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974">CVE-2012-1974
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975">CVE-2012-1975
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976">CVE-2012-1976
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994">CVE-2012-1994</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956">CVE-2012-3956
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957">CVE-2012-3957
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958">CVE-2012-3958
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959">CVE-2012-3959
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960">CVE-2012-3960
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961">CVE-2012-3961
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962">CVE-2012-3962
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963">CVE-2012-3963
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964">CVE-2012-3964
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965">CVE-2012-3965
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966">CVE-2012-3966
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967">CVE-2012-3967
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968">CVE-2012-3968
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969">CVE-2012-3969
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970">CVE-2012-3970
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971">CVE-2012-3971
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972">CVE-2012-3972
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973">CVE-2012-3973
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975">CVE-2012-3975
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976">CVE-2012-3976
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977">CVE-2012-3977
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978">CVE-2012-3978
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980">CVE-2012-3980
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982">CVE-2012-3982
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984">CVE-2012-3984
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985">CVE-2012-3985
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986">CVE-2012-3986
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988">CVE-2012-3988
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989">CVE-2012-3989
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990">CVE-2012-3990
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991">CVE-2012-3991
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992">CVE-2012-3992
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993">CVE-2012-3993
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994">CVE-2012-3994
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995">CVE-2012-3995
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179">CVE-2012-4179
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180">CVE-2012-4180
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181">CVE-2012-4181
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182">CVE-2012-4182
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183">CVE-2012-4183
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184">CVE-2012-4184
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185">CVE-2012-4185
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186">CVE-2012-4186
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187">CVE-2012-4187
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188">CVE-2012-4188
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190">CVE-2012-4190
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191">CVE-2012-4191
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192">CVE-2012-4192
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193">CVE-2012-4193
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194">CVE-2012-4194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195">CVE-2012-4195</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196">CVE-2012-4196</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201">CVE-2012-4201</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202">CVE-2012-4202</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204">CVE-2012-4204</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205">CVE-2012-4205</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206">CVE-2012-4206</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207">CVE-2012-4207</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208">CVE-2012-4208</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209">CVE-2012-4209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210">CVE-2012-4210</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212">CVE-2012-4212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215">CVE-2012-4215</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216">CVE-2012-4216</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354">CVE-2012-5354
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829">CVE-2012-5829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830">CVE-2012-5830</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833">CVE-2012-5833</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835">CVE-2012-5835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836">CVE-2012-5836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838">CVE-2012-5838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839">CVE-2012-5839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840">CVE-2012-5840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841">CVE-2012-5841</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842">CVE-2012-5842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843">CVE-2012-5843</uri>
+    <uri link="https://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/">
+      Firefox Blocking Fraudulent Certificates
+    </uri>
+    <uri link="https://www.mozilla.org/security/announce/2011/mfsa2011-11.html">
+      Mozilla Foundation Security Advisory 2011-11
+    </uri>
+    <uri link="https://www.mozilla.org/security/announce/2011/mfsa2011-34.html">
+      Mozilla Foundation Security Advisory 2011-34 
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:10Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-01-08T00:21:02Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201301-02.xml b/metadata/glsa/glsa-201301-02.xml
new file mode 100644
index 000000000000..d893765933bc
--- /dev/null
+++ b/metadata/glsa/glsa-201301-02.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201301-02">
+  <title>HAProxy: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in HAProxy may allow execution of arbitrary code.</synopsis>
+  <product type="ebuild">haproxy</product>
+  <announced>2013-01-08</announced>
+  <revised count="1">2013-01-08</revised>
+  <bug>417079</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/haproxy" auto="yes" arch="*">
+      <unaffected range="ge">1.4.21</unaffected>
+      <vulnerable range="lt">1.4.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>HAProxy is a TCP/HTTP reverse proxy for high availability environments.</p>
+  </background>
+  <description>
+    <p>A boundary error in HAProxy could cause a buffer overflow when header
+      rewriting is enabled and the configuration sets global.tune.bufsize to a
+      value greater than the default (16384 bytes).
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All HAProxy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-1.4.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2942">CVE-2012-2942</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-06-10T15:38:17Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-01-08T23:51:14Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201301-03.xml b/metadata/glsa/glsa-201301-03.xml
new file mode 100644
index 000000000000..2b2e18ea728a
--- /dev/null
+++ b/metadata/glsa/glsa-201301-03.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201301-03">
+  <title>Tor: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Tor, allowing attackers
+    to cause Denial of Service or obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2013-01-08</announced>
+  <revised count="1">2013-01-08</revised>
+  <bug>432188</bug>
+  <bug>434882</bug>
+  <bug>444804</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.2.3.25</unaffected>
+      <vulnerable range="lt">0.2.3.25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tor is an implementation of second generation Onion Routing, a
+      connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tor. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.2.3.25"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3517">CVE-2012-3517</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3518">CVE-2012-3518</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3519">CVE-2012-3519</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4419">CVE-2012-4419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4922">CVE-2012-4922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5573">CVE-2012-5573</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-19T10:40:15Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-01-08T23:51:55Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201301-04.xml b/metadata/glsa/glsa-201301-04.xml
new file mode 100644
index 000000000000..1258bf2f7a8d
--- /dev/null
+++ b/metadata/glsa/glsa-201301-04.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201301-04">
+  <title>dhcpcd: Arbitrary code execution</title>
+  <synopsis>A vulnerability has been found in dhcpcd, allowing remote attackers
+    to execute arbitrary code on the DHCP client.
+  </synopsis>
+  <product type="ebuild">dhcpcd</product>
+  <announced>2013-01-09</announced>
+  <revised count="1">2013-01-09</revised>
+  <bug>362459</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcpcd" auto="yes" arch="*">
+      <unaffected range="ge">5.2.12</unaffected>
+      <vulnerable range="lt">5.2.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP
+      client.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in dhcpcd. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>The vulnerability might allow an attacker to execute arbitrary code on
+      the DHCP client.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All dhcpcd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcpcd-5.2.12"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0996">CVE-2011-0996</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:25Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-01-09T00:39:13Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201301-05.xml b/metadata/glsa/glsa-201301-05.xml
new file mode 100644
index 000000000000..e3eda72e1316
--- /dev/null
+++ b/metadata/glsa/glsa-201301-05.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201301-05">
+  <title>bzip2: User-assisted execution of arbitrary code</title>
+  <synopsis>An integer overflow vulnerability has been found in bzip2 and could
+    result in execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">bzip2</product>
+  <announced>2013-01-09</announced>
+  <revised count="1">2013-01-09</revised>
+  <bug>338215</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-arch/bzip2" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6</unaffected>
+      <vulnerable range="lt">1.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>bzip2 is a high-quality data compressor used extensively by Gentoo
+      Linux.
+    </p>
+  </background>
+  <description>
+    <p>An integer overflow vulnerability has been discovered in bzip2. Please
+      review the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      compressed file using bzip2, possibly resulting in execution of arbitrary
+      code with the privileges of the process, or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All bzip2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/bzip2-1.0.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0405">CVE-2010-0405</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:01Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-01-09T00:39:55Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201301-06.xml b/metadata/glsa/glsa-201301-06.xml
new file mode 100644
index 000000000000..612b1dbab7e7
--- /dev/null
+++ b/metadata/glsa/glsa-201301-06.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201301-06">
+  <title>ISC DHCP: Denial of service</title>
+  <synopsis>Multiple vulnerabilities have been found in ISC DHCP, the worst of
+    which may allow remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">ISC DHCP Server</product>
+  <announced>2013-01-09</announced>
+  <revised count="1">2013-01-09</revised>
+  <bug>362453</bug>
+  <bug>378799</bug>
+  <bug>393617</bug>
+  <bug>398763</bug>
+  <bug>428120</bug>
+  <bug>434880</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4_p2</unaffected>
+      <vulnerable range="lt">4.2.4_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ISC DHCP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The vulnerabilities might allow remote attackers to execute arbitrary
+      code or cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ISC DHCP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcp-4.2.4_p2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0997">CVE-2011-0997</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2748">CVE-2011-2748</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2749">CVE-2011-2749</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4539">CVE-2011-4539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4868">CVE-2011-4868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3570">CVE-2012-3570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3571">CVE-2012-3571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3954">CVE-2012-3954</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3955">CVE-2012-3955</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-11T16:33:23Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-01-09T00:42:17Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201301-07.xml b/metadata/glsa/glsa-201301-07.xml
new file mode 100644
index 000000000000..1138c03cf586
--- /dev/null
+++ b/metadata/glsa/glsa-201301-07.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201301-07">
+  <title>DokuWiki: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in DokuWiki, the worst of which
+    leading to privilege escalation.
+  </synopsis>
+  <product type="ebuild">DokuWiki</product>
+  <announced>2013-01-09</announced>
+  <revised count="1">2013-01-09</revised>
+  <bug>301310</bug>
+  <bug>386155</bug>
+  <bug>412891</bug>
+  <bug>427232</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/dokuwiki" auto="yes" arch="*">
+      <unaffected range="ge">20121013</unaffected>
+      <vulnerable range="lt">20121013</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>DokuWiki is a simple to use Wiki aimed at a small company’s
+      documentation needs.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in DokuWiki. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The vulnerabilities might allow an attacker to disclose local files, to
+      inject arbitrary web script, or to gain elevated privileges in the
+      DokuWiki application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All DokuWiki users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/dokuwiki-20121013"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0287">CVE-2010-0287</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0288">CVE-2010-0288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0289">CVE-2010-0289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2510">CVE-2011-2510</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3727">CVE-2011-3727</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0283">CVE-2012-0283</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:15Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-01-09T00:43:00Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201304-01.xml b/metadata/glsa/glsa-201304-01.xml
new file mode 100644
index 000000000000..267a6840a73a
--- /dev/null
+++ b/metadata/glsa/glsa-201304-01.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201304-01">
+  <title>NVIDIA Drivers: Privilege escalation</title>
+  <synopsis>Two vulnerabilities in NVIDIA drivers may allow a local attacker to
+    gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">nvidia-drivers</product>
+  <announced>2013-04-08</announced>
+  <revised count="1">2013-04-08</revised>
+  <bug>429614</bug>
+  <bug>464248</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
+      <unaffected range="ge">304.88</unaffected>
+      <vulnerable range="lt">304.88</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
+      boards.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been discovered in NVIDIA drivers:</p>
+    
+    <ul>
+      <li>A vulnerability has been found in the way NVIDIA drivers handle
+        read/write access to GPU device nodes, allowing access to arbitrary
+        system memory locations (CVE-2012-4225).
+      </li>
+      <li>A buffer overflow error has been discovered in NVIDIA drivers
+        (CVE-2013-0131).
+      </li>
+    </ul>
+    
+    <p>NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660
+      permissions being used on the GPU device nodes by default.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NVIDIA driver users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=x11-drivers/nvidia-drivers-304.88"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4225">CVE-2012-4225</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0131">CVE-2013-0131</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-09T20:47:12Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-04-08T22:10:10Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201307-01.xml b/metadata/glsa/glsa-201307-01.xml
new file mode 100644
index 000000000000..160bb7c68808
--- /dev/null
+++ b/metadata/glsa/glsa-201307-01.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201307-01">
+  <title>HAProxy: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in HAProxy, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">HAProxy</product>
+  <announced>2013-07-11</announced>
+  <revised count="1">2013-07-11</revised>
+  <bug>464340</bug>
+  <bug>473674</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/haproxy" auto="yes" arch="*">
+      <unaffected range="ge">1.4.24</unaffected>
+      <vulnerable range="lt">1.4.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>HAProxy is a free, very fast and reliable solution offering high
+      availability, load balancing, and proxying for TCP and HTTP-based
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in HAProxy. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      application or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All HAProxy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-1.4.24"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1912">CVE-2013-1912</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2175">CVE-2013-2175</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-07-07T15:13:45Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-07-11T23:08:33Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201308-01.xml b/metadata/glsa/glsa-201308-01.xml
new file mode 100644
index 000000000000..fa46469f49ef
--- /dev/null
+++ b/metadata/glsa/glsa-201308-01.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201308-01">
+  <title>PuTTY: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Putty, allowing
+    attackers to compromise user system
+  </synopsis>
+  <product type="ebuild">putty</product>
+  <announced>2013-08-21</announced>
+  <revised count="2">2013-08-21</revised>
+  <bug>394429</bug>
+  <bug>479872</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/putty" auto="yes" arch="*">
+      <unaffected range="ge">0.63</unaffected>
+      <vulnerable range="lt">0.63</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PuTTY is a telnet and SSH client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PuTTY. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could entice a user to open connection to specially crafted
+      SSH server, possibly resulting in  execution of arbitrary code with the
+      privileges of the process or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PuTTY users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/putty-0.63"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4607">CVE-2011-4607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4852">CVE-2013-4852</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T21:22:42Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-08-21T11:27:53Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201308-02.xml b/metadata/glsa/glsa-201308-02.xml
new file mode 100644
index 000000000000..f5a0b5daebb0
--- /dev/null
+++ b/metadata/glsa/glsa-201308-02.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201308-02">
+  <title>D-Bus: Denial of service</title>
+  <synopsis>A vulnerability has been found in D-Bus which allows a local user
+    to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">d-bus</product>
+  <announced>2013-08-22</announced>
+  <revised count="1">2013-08-22</revised>
+  <bug>473190</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.6.12</unaffected>
+      <vulnerable range="lt">1.6.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system which processes can use to talk to each
+      other.
+    </p>
+  </background>
+  <description>
+    <p>D-Bus’ _dbus_printf_string_upper_bound() function crashes if it
+      returns exactly 1024 bytes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could provide specially-crafted input to an application
+      using D-Bus which would cause _dbus_printf_string_upper_bound() to return
+      1024 bytes and crash, causing a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.6.12"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2168">
+      CVE-2013-2168
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-07-12T01:19:11Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-08-22T15:34:55Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201308-03.xml b/metadata/glsa/glsa-201308-03.xml
new file mode 100644
index 000000000000..0b1d88ca15f1
--- /dev/null
+++ b/metadata/glsa/glsa-201308-03.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201308-03">
+  <title>Adobe Reader: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Reader, including
+    potential remote execution of arbitrary code and local privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">Ebuild</product>
+  <announced>2013-08-22</announced>
+  <revised count="2">2014-01-30</revised>
+  <bug>431732</bug>
+  <bug>451058</bug>
+  <bug>469960</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">9.5.5</unaffected>
+      <vulnerable range="lt">9.5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Adobe Reader is a closed-source PDF reader.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Reader. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      file, possibly resulting in arbitrary code execution or a Denial of
+      Service condition. A local attacker could gain privileges via unspecified
+      vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Reader users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.5.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525">CVE-2012-1525</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530">CVE-2012-1530</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049">CVE-2012-2049</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050">CVE-2012-2050</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051">CVE-2012-2051</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147">CVE-2012-4147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4148">CVE-2012-4148</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149">CVE-2012-4149</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150">CVE-2012-4150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151">CVE-2012-4151</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152">CVE-2012-4152</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153">CVE-2012-4153</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154">CVE-2012-4154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155">CVE-2012-4155</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156">CVE-2012-4156</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157">CVE-2012-4157</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158">CVE-2012-4158</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159">CVE-2012-4159</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160">CVE-2012-4160</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363">CVE-2012-4363</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601">CVE-2013-0601</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602">CVE-2013-0602</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603">CVE-2013-0603</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604">CVE-2013-0604</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605">CVE-2013-0605</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606">CVE-2013-0606</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607">CVE-2013-0607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608">CVE-2013-0608</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609">CVE-2013-0609</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610">CVE-2013-0610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611">CVE-2013-0611</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612">CVE-2013-0612</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613">CVE-2013-0613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614">CVE-2013-0614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615">CVE-2013-0615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616">CVE-2013-0616</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617">CVE-2013-0617</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618">CVE-2013-0618</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619">CVE-2013-0619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620">CVE-2013-0620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621">CVE-2013-0621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622">CVE-2013-0622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623">CVE-2013-0623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624">CVE-2013-0624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626">CVE-2013-0626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627">CVE-2013-0627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640">CVE-2013-0640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641">CVE-2013-0641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549">CVE-2013-2549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550">CVE-2013-2550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718">CVE-2013-2718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719">CVE-2013-2719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720">CVE-2013-2720</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721">CVE-2013-2721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722">CVE-2013-2722</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723">CVE-2013-2723</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724">CVE-2013-2724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725">CVE-2013-2725</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726">CVE-2013-2726</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727">CVE-2013-2727</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729">CVE-2013-2729</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730">CVE-2013-2730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731">CVE-2013-2731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732">CVE-2013-2732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733">CVE-2013-2733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734">CVE-2013-2734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735">CVE-2013-2735</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736">CVE-2013-2736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737">CVE-2013-2737</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337">CVE-2013-3337</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338">CVE-2013-3338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339">CVE-2013-3339</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340">CVE-2013-3340</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341">CVE-2013-3341</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342">CVE-2013-3342</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-04T23:42:51Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-01-30T07:45:58Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201308-04.xml b/metadata/glsa/glsa-201308-04.xml
new file mode 100644
index 000000000000..103ba6e2172c
--- /dev/null
+++ b/metadata/glsa/glsa-201308-04.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201308-04">
+  <title>Puppet: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Puppet, the worst of
+    which could lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">puppet</product>
+  <announced>2013-08-23</announced>
+  <revised count="1">2013-08-23</revised>
+  <bug>456002</bug>
+  <bug>461656</bug>
+  <bug>473720</bug>
+  <bug>481186</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/puppet" auto="yes" arch="*">
+      <unaffected range="ge">2.7.23</unaffected>
+      <vulnerable range="lt">2.7.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Puppet is a system configuration management tool written in Ruby.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Puppet. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Puppet users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/puppet-2.7.23"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6120">CVE-2012-6120</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1640">CVE-2013-1640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1652">CVE-2013-1652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1653">CVE-2013-1653</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1654">CVE-2013-1654</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1655">CVE-2013-1655</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2274">CVE-2013-2274</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2275">CVE-2013-2275</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3567">CVE-2013-3567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4761">CVE-2013-4761</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4956">CVE-2013-4956</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-17T21:39:55Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-08-23T18:13:33Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201308-05.xml b/metadata/glsa/glsa-201308-05.xml
new file mode 100644
index 000000000000..ef2d01a24462
--- /dev/null
+++ b/metadata/glsa/glsa-201308-05.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201308-05">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, allowing
+    remote attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2013-08-28</announced>
+  <revised count="2">2013-08-30</revised>
+  <bug>398549</bug>
+  <bug>427964</bug>
+  <bug>431572</bug>
+  <bug>433990</bug>
+  <bug>470262</bug>
+  <bug>472762</bug>
+  <bug>478694</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.10.1</unaffected>
+      <unaffected range="rge">1.8.9</unaffected>
+      <vulnerable range="lt">1.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a versatile network protocol analyzer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark 1.10 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.10.1"
+    </code>
+    
+    <p>All Wireshark 1.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.8.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041">CVE-2012-0041</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042">CVE-2012-0042</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043">CVE-2012-0043</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066">CVE-2012-0066</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067">CVE-2012-0067</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068">CVE-2012-0068</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548">CVE-2012-3548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048">CVE-2012-4048</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049">CVE-2012-4049</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285">CVE-2012-4285</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286">CVE-2012-4286</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287">CVE-2012-4287</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288">CVE-2012-4288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289">CVE-2012-4289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290">CVE-2012-4290</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291">CVE-2012-4291</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292">CVE-2012-4292</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293">CVE-2012-4293</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294">CVE-2012-4294</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295">CVE-2012-4295</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296">CVE-2012-4296</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297">CVE-2012-4297</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298">CVE-2012-4298</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555">CVE-2013-3555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556">CVE-2013-3556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557">CVE-2013-3557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558">CVE-2013-3558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559">CVE-2013-3559</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3560">CVE-2013-3560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3561">CVE-2013-3561</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3562">CVE-2013-3562</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074">CVE-2013-4074</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075">CVE-2013-4075</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076">CVE-2013-4076</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077">CVE-2013-4077</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078">CVE-2013-4078</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079">CVE-2013-4079</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080">CVE-2013-4080</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081">CVE-2013-4081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082">CVE-2013-4082</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083">CVE-2013-4083</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920">CVE-2013-4920</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921">CVE-2013-4921</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922">CVE-2013-4922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923">CVE-2013-4923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924">CVE-2013-4924</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925">CVE-2013-4925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926">CVE-2013-4926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927">CVE-2013-4927</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928">CVE-2013-4928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929">CVE-2013-4929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930">CVE-2013-4930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931">CVE-2013-4931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932">CVE-2013-4932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933">CVE-2013-4933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934">CVE-2013-4934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935">CVE-2013-4935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936">CVE-2013-4936</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-05-10T22:02:05Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-08-30T07:20:47Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201308-06.xml b/metadata/glsa/glsa-201308-06.xml
new file mode 100644
index 000000000000..3c8f50bdf8c4
--- /dev/null
+++ b/metadata/glsa/glsa-201308-06.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201308-06">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MySQL, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2013-08-29</announced>
+  <revised count="2">2013-08-30</revised>
+  <bug>399375</bug>
+  <bug>411503</bug>
+  <bug>412889</bug>
+  <bug>417989</bug>
+  <bug>445602</bug>
+  <bug>462498</bug>
+  <bug>466236</bug>
+  <bug>477474</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.1.70</unaffected>
+      <vulnerable range="lt">5.1.70</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a fast, multi-threaded, multi-user SQL database server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      application or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.1.70"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262">CVE-2011-2262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075">CVE-2012-0075</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087">CVE-2012-0087</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101">CVE-2012-0101</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102">CVE-2012-0102</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112">CVE-2012-0112</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113">CVE-2012-0113</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114">CVE-2012-0114</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115">CVE-2012-0115</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116">CVE-2012-0116</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117">CVE-2012-0117</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118">CVE-2012-0118</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119">CVE-2012-0119</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120">CVE-2012-0120</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484">CVE-2012-0484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485">CVE-2012-0485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486">CVE-2012-0486</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487">CVE-2012-0487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488">CVE-2012-0488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489">CVE-2012-0489</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490">CVE-2012-0490</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491">CVE-2012-0491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492">CVE-2012-0492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493">CVE-2012-0493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494">CVE-2012-0494</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495">CVE-2012-0495</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496">CVE-2012-0496</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540">CVE-2012-0540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553">CVE-2012-0553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572">CVE-2012-0572</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574">CVE-2012-0574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578">CVE-2012-0578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0583">CVE-2012-0583</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1688">CVE-2012-1688</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689">CVE-2012-1689</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1690">CVE-2012-1690</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1696">CVE-2012-1696</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1697">CVE-2012-1697</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702">CVE-2012-1702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1703">CVE-2012-1703</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705">CVE-2012-1705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734">CVE-2012-1734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2102">CVE-2012-2102</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2122">CVE-2012-2122</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749">CVE-2012-2749</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150">CVE-2012-3150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158">CVE-2012-3158</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160">CVE-2012-3160</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163">CVE-2012-3163</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166">CVE-2012-3166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167">CVE-2012-3167</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173">CVE-2012-3173</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177">CVE-2012-3177</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180">CVE-2012-3180</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197">CVE-2012-3197</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060">CVE-2012-5060</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096">CVE-2012-5096</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611">CVE-2012-5611</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612">CVE-2012-5612</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613">CVE-2012-5613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614">CVE-2012-5614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615">CVE-2012-5615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627">CVE-2012-5627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367">CVE-2013-0367</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368">CVE-2013-0368</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371">CVE-2013-0371</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375">CVE-2013-0375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383">CVE-2013-0383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384">CVE-2013-0384</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385">CVE-2013-0385</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386">CVE-2013-0386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389">CVE-2013-0389</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1492">CVE-2013-1492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502">CVE-2013-1502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506">CVE-2013-1506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511">CVE-2013-1511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512">CVE-2013-1512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521">CVE-2013-1521</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523">CVE-2013-1523</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526">CVE-2013-1526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531">CVE-2013-1531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532">CVE-2013-1532</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544">CVE-2013-1544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548">CVE-2013-1548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552">CVE-2013-1552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555">CVE-2013-1555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566">CVE-2013-1566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567">CVE-2013-1567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570">CVE-2013-1570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1623">CVE-2013-1623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375">CVE-2013-2375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376">CVE-2013-2376</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378">CVE-2013-2378</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381">CVE-2013-2381</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389">CVE-2013-2389</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391">CVE-2013-2391</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392">CVE-2013-2392</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395">CVE-2013-2395</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802">CVE-2013-3802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804">CVE-2013-3804</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808">CVE-2013-3808</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-03T20:07:11Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-08-30T07:20:44Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-01.xml b/metadata/glsa/glsa-201309-01.xml
new file mode 100644
index 000000000000..658ec5e207ff
--- /dev/null
+++ b/metadata/glsa/glsa-201309-01.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-01">
+  <title>Cyrus-SASL: Denial of service</title>
+  <synopsis>A NULL pointer dereference in Cyrus-SASL may allow remote attackers
+    to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">cyrus-sasl</product>
+  <announced>2013-09-01</announced>
+  <revised count="1">2013-09-01</revised>
+  <bug>476764</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/cyrus-sasl" auto="yes" arch="*">
+      <unaffected range="ge">2.1.26-r3</unaffected>
+      <vulnerable range="lt">2.1.26-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cyrus-SASL is an implementation of the Simple Authentication and
+      Security Layer.
+    </p>
+  </background>
+  <description>
+    <p>In the GNU C Library (glibc) from version 2.17 onwards, the crypt()
+      function call can return NULL when the salt violates specifications or
+      the system is in FIPS-140 mode and a DES or MD5 hashed password is
+      passed. When Cyrus-SASL’s authentication mechanisms call crypt(), a
+      NULL may be returned.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could trigger this vulnerability to cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cyrus-SASL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/cyrus-sasl-2.1.26-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4122">CVE-2013-4122</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-23T14:52:45Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-01T19:36:23Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-02.xml b/metadata/glsa/glsa-201309-02.xml
new file mode 100644
index 000000000000..c18bba8b6344
--- /dev/null
+++ b/metadata/glsa/glsa-201309-02.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-02">
+  <title>strongSwan: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in strongSwan, possibly
+    allowing remote attackers to authenticate as other users or cause a Denial
+    of Service condition.
+  </synopsis>
+  <product type="ebuild">strongswan</product>
+  <announced>2013-09-01</announced>
+  <revised count="1">2013-09-01</revised>
+  <bug>468504</bug>
+  <bug>479396</bug>
+  <bug>483202</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/strongswan" auto="yes" arch="*">
+      <unaffected range="ge">5.1.0</unaffected>
+      <vulnerable range="lt">5.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>strongSwan is an IPSec implementation for Linux.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in strongSwan. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could use ECDSA to authenticate as another user with
+      an invalid signature. Additionally, a remote attacker could send a
+      specially crafted request, possibly resulting in a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All strongSwan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/strongswan-5.1.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2054">CVE-2013-2054</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2944">CVE-2013-2944</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5018">CVE-2013-5018</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-23T13:39:48Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-01T23:59:13Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-03.xml b/metadata/glsa/glsa-201309-03.xml
new file mode 100644
index 000000000000..8625528ca7c5
--- /dev/null
+++ b/metadata/glsa/glsa-201309-03.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-03">
+  <title>Xlockmore: Denial of service</title>
+  <synopsis>A buffer overflow in Xlockmore might allow remote attackers to
+    cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">Xlockmore</product>
+  <announced>2013-09-02</announced>
+  <revised count="1">2013-09-02</revised>
+  <bug>255229</bug>
+  <bug>440776</bug>
+  <bug>477328</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-misc/xlockmore" auto="yes" arch="*">
+      <unaffected range="ge">5.43</unaffected>
+      <vulnerable range="lt">5.43</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xlockmore is just another screensaver application for X.</p>
+  </background>
+  <description>
+    <p>A Denial of Service flaw was found in the way Xlockmore performed 
+      the passing of arguments to the underlying localtime() call, when the
+      ‘dlock’ mode was used.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly cause a Denial of Service condition and
+      potentially obtain unauthorized access to the graphical session,
+      previously locked by another user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xlockmore users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-misc/xlockmore-5.43"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4524">CVE-2012-4524</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4143">CVE-2013-4143</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-16T22:04:18Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-09-02T09:00:54Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-04.xml b/metadata/glsa/glsa-201309-04.xml
new file mode 100644
index 000000000000..80c78b521907
--- /dev/null
+++ b/metadata/glsa/glsa-201309-04.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-04">
+  <title>Snack: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in Snack could result in execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">snack</product>
+  <announced>2013-09-11</announced>
+  <revised count="1">2013-09-11</revised>
+  <bug>446822</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-tcltk/snack" auto="yes" arch="*">
+      <unaffected range="ge">2.2.10-r5</unaffected>
+      <vulnerable range="lt">2.2.10-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Snack is a sound toolkit for creating multi-platform audio applications
+      with scripting languages.
+    </p>
+  </background>
+  <description>
+    <p>The GetWavHeader() function in jkSoundFile.c does not have boundary
+      checks when parsing format sub-chunks or unknown sub-chunks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted WAV
+      file with an application using Snack, possibly resulting in execution of
+      arbitrary code or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Snack users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-tcltk/snack-2.2.10-r5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6303">CVE-2012-6303</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-16T11:40:00Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-09-11T10:07:54Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-05.xml b/metadata/glsa/glsa-201309-05.xml
new file mode 100644
index 000000000000..3e8c6937b6e6
--- /dev/null
+++ b/metadata/glsa/glsa-201309-05.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-05">
+  <title>pip: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in pip, which may allow
+    remote attackers to execute arbitrary code or local attackers to conduct
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">pip</product>
+  <announced>2013-09-12</announced>
+  <revised count="1">2013-09-12</revised>
+  <bug>462616</bug>
+  <bug>480202</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-python/pip" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1</unaffected>
+      <vulnerable range="lt">1.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>pip is a tool for installing and managing Python packages.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in pip. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could conduct a Man-in-the-Middle attack to cause pip
+      to execute arbitrary code. A local attacker could perform symlink attacks
+      to overwrite arbitrary files with the privileges of the user running the
+      application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All pip users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pip-1.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1629">CVE-2013-1629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1888">CVE-2013-1888</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-07-11T20:41:57Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-12T20:57:59Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-06.xml b/metadata/glsa/glsa-201309-06.xml
new file mode 100644
index 000000000000..0cdb38a043bc
--- /dev/null
+++ b/metadata/glsa/glsa-201309-06.xml
@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-06">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which could result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2013-09-14</announced>
+  <revised count="2">2013-09-14</revised>
+  <bug>437808</bug>
+  <bug>442084</bug>
+  <bug>446984</bug>
+  <bug>452104</bug>
+  <bug>456132</bug>
+  <bug>457066</bug>
+  <bug>459368</bug>
+  <bug>461598</bug>
+  <bug>465534</bug>
+  <bug>469870</bug>
+  <bug>473038</bug>
+  <bug>476328</bug>
+  <bug>484512</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.310</unaffected>
+      <vulnerable range="lt">11.2.202.310</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple unspecified vulnerabilities have been discovered in Adobe Flash
+      Player. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open specially crafted SWF
+      content, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition. Furthermore,
+      a remote attacker may be able to bypass access restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.310"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248">CVE-2012-5248</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249">CVE-2012-5249</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250">CVE-2012-5250</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251">CVE-2012-5251</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252">CVE-2012-5252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253">CVE-2012-5253</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254">CVE-2012-5254</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255">CVE-2012-5255</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256">CVE-2012-5256</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257">CVE-2012-5257</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258">CVE-2012-5258</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259">CVE-2012-5259</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260">CVE-2012-5260</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261">CVE-2012-5261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262">CVE-2012-5262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263">CVE-2012-5263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264">CVE-2012-5264</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265">CVE-2012-5265</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266">CVE-2012-5266</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267">CVE-2012-5267</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268">CVE-2012-5268</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269">CVE-2012-5269</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270">CVE-2012-5270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271">CVE-2012-5271</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272">CVE-2012-5272</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274">CVE-2012-5274</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275">CVE-2012-5275</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276">CVE-2012-5276</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277">CVE-2012-5277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278">CVE-2012-5278</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279">CVE-2012-5279</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280">CVE-2012-5280</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676">CVE-2012-5676</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677">CVE-2012-5677</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678">CVE-2012-5678</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504">CVE-2013-0504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630">CVE-2013-0630</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633">CVE-2013-0633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634">CVE-2013-0634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637">CVE-2013-0637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638">CVE-2013-0638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639">CVE-2013-0639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642">CVE-2013-0642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643">CVE-2013-0643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644">CVE-2013-0644</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645">CVE-2013-0645</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646">CVE-2013-0646</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647">CVE-2013-0647</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648">CVE-2013-0648</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649">CVE-2013-0649</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650">CVE-2013-0650</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365">CVE-2013-1365</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366">CVE-2013-1366</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367">CVE-2013-1367</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368">CVE-2013-1368</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369">CVE-2013-1369</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370">CVE-2013-1370</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371">CVE-2013-1371</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372">CVE-2013-1372</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373">CVE-2013-1373</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374">CVE-2013-1374</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375">CVE-2013-1375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378">CVE-2013-1378</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379">CVE-2013-1379</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380">CVE-2013-1380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555">CVE-2013-2555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728">CVE-2013-2728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343">CVE-2013-3343</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344">CVE-2013-3344</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345">CVE-2013-3345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347">CVE-2013-3347</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361">CVE-2013-3361</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362">CVE-2013-3362</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363">CVE-2013-3363</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324">CVE-2013-5324</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-10-22T11:10:18Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-09-14T14:46:19Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-07.xml b/metadata/glsa/glsa-201309-07.xml
new file mode 100644
index 000000000000..b76e1a945fdb
--- /dev/null
+++ b/metadata/glsa/glsa-201309-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-07">
+  <title>libotr: Arbitrary code execution</title>
+  <synopsis>A buffer overflow vulnerability in libotr could allow a remote
+    attacker to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libotr</product>
+  <announced>2013-09-15</announced>
+  <revised count="1">2013-09-15</revised>
+  <bug>430486</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libotr" auto="yes" arch="*">
+      <unaffected range="ge">3.2.1</unaffected>
+      <vulnerable range="lt">3.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libotr is a portable off-the-record messaging library.</p>
+  </background>
+  <description>
+    <p>Multiple heap-based buffer overflows are present in the Base64 decoder
+      of libotr.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted OTR message, resulting
+      in arbitrary code execution with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libotr users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libotr-3.2.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3461">CVE-2012-3461</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-11T14:50:36Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-15T04:34:43Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-08.xml b/metadata/glsa/glsa-201309-08.xml
new file mode 100644
index 000000000000..cd71961f7213
--- /dev/null
+++ b/metadata/glsa/glsa-201309-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-08">
+  <title>FileZilla: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FileZilla, the worst of
+    which could result in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">filezilla</product>
+  <announced>2013-09-15</announced>
+  <revised count="1">2013-09-15</revised>
+  <bug>479880</bug>
+  <bug>482672</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-ftp/filezilla" auto="yes" arch="*">
+      <unaffected range="ge">3.7.3</unaffected>
+      <vulnerable range="lt">3.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FileZilla is an open source FTP client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FileZilla. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to connect to a malicious server,
+      resulting in possible arbitrary code execution or a Denial of Service.
+      Additionally, a local attacker could read sensitive memory, potentially
+      resulting in password disclosure.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FileZilla users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/filezilla-3.7.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4206">
+      CVE-2013-4206
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4207">
+      CVE-2013-4207
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4208">
+      CVE-2013-4208
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4852">CVE-2013-4852</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-23T14:35:29Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-15T04:36:50Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-09.xml b/metadata/glsa/glsa-201309-09.xml
new file mode 100644
index 000000000000..8eda7a8312b7
--- /dev/null
+++ b/metadata/glsa/glsa-201309-09.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-09">
+  <title>LibRaw, libkdcraw: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibRaw and libkdcraw,
+    the worst of which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">libraw</product>
+  <announced>2013-09-15</announced>
+  <revised count="1">2013-09-15</revised>
+  <bug>471694</bug>
+  <bug>482926</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libraw" auto="yes" arch="*">
+      <unaffected range="ge">0.15.4</unaffected>
+      <vulnerable range="lt">0.15.4</vulnerable>
+    </package>
+    <package name="kde-base/libkdcraw" auto="yes" arch="*">
+      <unaffected range="ge">4.10.5-r1</unaffected>
+      <vulnerable range="lt">4.10.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibRaw is a library for reading RAW files obtained from digital photo
+      cameras. libkdcraw is a wrapper for LibRaw within KDE.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibRaw and libkdcraw.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in arbitrary code execution or Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibRaw users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libraw-0.15.4"
+    </code>
+    
+    <p>All libkdcraw users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-base/libkdcraw-4.10.5-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1438">CVE-2013-1438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1439">CVE-2013-1439</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2126">CVE-2013-2126</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2127">CVE-2013-2127</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-21T06:34:07Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-15T04:41:15Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-10.xml b/metadata/glsa/glsa-201309-10.xml
new file mode 100644
index 000000000000..4687192099f3
--- /dev/null
+++ b/metadata/glsa/glsa-201309-10.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-10">
+  <title>Adobe Reader: Arbitrary Code Execution</title>
+  <synopsis>A vulnerability in Adobe Reader could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">acroread</product>
+  <announced>2013-09-15</announced>
+  <revised count="1">2013-09-15</revised>
+  <bug>483210</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/acroread" auto="yes" arch="*">
+      <unaffected range="ge">9.5.5</unaffected>
+      <vulnerable range="lt">9.5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Adobe Reader is a closed-source PDF reader.</p>
+  </background>
+  <description>
+    <p>An unspecified vulnerability exists in Adobe Reader.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Reader users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.5.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3346">CVE-2013-3346</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-31T22:47:11Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-15T04:43:05Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-11.xml b/metadata/glsa/glsa-201309-11.xml
new file mode 100644
index 000000000000..9118cca9617c
--- /dev/null
+++ b/metadata/glsa/glsa-201309-11.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-11">
+  <title>Subversion: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Subversion, allowing
+    attackers to cause a Denial of Service, escalate privileges, or obtain
+    sensitive information.
+  </synopsis>
+  <product type="ebuild">subversion</product>
+  <announced>2013-09-23</announced>
+  <revised count="1">2013-09-23</revised>
+  <bug>350166</bug>
+  <bug>356741</bug>
+  <bug>369065</bug>
+  <bug>463728</bug>
+  <bug>463860</bug>
+  <bug>472202</bug>
+  <bug>482166</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-vcs/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.7.13</unaffected>
+      <vulnerable range="lt">1.7.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Subversion is a versioning system designed to be a replacement for CVS. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Subversion. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could cause a Denial of Service condition or obtain
+      sensitive information. A local attacker could escalate his privileges to
+      the user running svnserve.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Subversion users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/subversion-1.7.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539">CVE-2010-4539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644">CVE-2010-4644</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715">CVE-2011-0715</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752">CVE-2011-1752</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783">CVE-2011-1783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921">CVE-2011-1921</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845">CVE-2013-1845</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846">CVE-2013-1846</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847">CVE-2013-1847</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849">CVE-2013-1849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884">CVE-2013-1884</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968">CVE-2013-1968</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088">CVE-2013-2088</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112">CVE-2013-2112</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131">CVE-2013-4131</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277">CVE-2013-4277</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:25Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-23T22:53:51Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-12.xml b/metadata/glsa/glsa-201309-12.xml
new file mode 100644
index 000000000000..09511e9bbdce
--- /dev/null
+++ b/metadata/glsa/glsa-201309-12.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-12">
+  <title>Apache HTTP Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in Apache HTTP
+    Server, possibly allowing remote attackers to execute arbitrary code, cause
+    a Denial of Service condition or perform man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2013-09-23</announced>
+  <revised count="1">2013-09-23</revised>
+  <bug>275645</bug>
+  <bug>438680</bug>
+  <bug>466502</bug>
+  <bug>476568</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.2.25</unaffected>
+      <vulnerable range="lt">2.2.25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache HTTP Server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Apache HTTP Server. Please
+      review the CVE identifiers and research paper referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request to possibly
+      execute arbitrary code, cause Denial of Service, or obtain sensitive
+      information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache HTTP Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.25"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6750">CVE-2007-6750</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4929">CVE-2012-4929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1862">CVE-2013-1862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1896">CVE-2013-1896</uri>
+    <uri link="https://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf">
+      Compression and Information Leakage of Plaintext
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T01:03:17Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-09-23T23:22:02Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-13.xml b/metadata/glsa/glsa-201309-13.xml
new file mode 100644
index 000000000000..59e1d15d51bf
--- /dev/null
+++ b/metadata/glsa/glsa-201309-13.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-13">
+  <title>GNU ZRTP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GNU ZRTP, some of which
+    may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libzrtpcpp</product>
+  <announced>2013-09-24</announced>
+  <revised count="1">2013-09-24</revised>
+  <bug>481228</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libzrtpcpp" auto="yes" arch="*">
+      <unaffected range="ge">2.3.4</unaffected>
+      <vulnerable range="lt">2.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU ZRTP is a C++ implementation of the ZRTP protocol.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU ZRTP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU ZRTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libzrtpcpp-2.3.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2221">CVE-2013-2221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2222">CVE-2013-2222</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2223">CVE-2013-2223</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-01T18:53:56Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-09-24T22:01:15Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-14.xml b/metadata/glsa/glsa-201309-14.xml
new file mode 100644
index 000000000000..afeef766d3ec
--- /dev/null
+++ b/metadata/glsa/glsa-201309-14.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-14">
+  <title>MoinMoin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in MoinMoin, the worst
+    of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">moinmoin</product>
+  <announced>2013-09-24</announced>
+  <revised count="1">2013-09-24</revised>
+  <bug>449314</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/moinmoin" auto="yes" arch="*">
+      <unaffected range="ge">1.9.6</unaffected>
+      <vulnerable range="lt">1.9.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MoinMoin is a Python WikiEngine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MoinMoin. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to execute arbitrary code with the
+      privileges of the process, overwrite arbitrary files, or conduct
+      Cross-Site Scripting (XSS) attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MoinMoin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/moinmoin-1.9.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6080">CVE-2012-6080</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6081">CVE-2012-6081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6082">CVE-2012-6082</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6495">CVE-2012-6495</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-06T17:22:55Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-09-24T22:32:39Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-15.xml b/metadata/glsa/glsa-201309-15.xml
new file mode 100644
index 000000000000..50ba980001a4
--- /dev/null
+++ b/metadata/glsa/glsa-201309-15.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-15">
+  <title>ProFTPD: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ProFTPD, the worst of
+    which leading to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ProFTPD</product>
+  <announced>2013-09-24</announced>
+  <revised count="1">2013-09-24</revised>
+  <bug>305343</bug>
+  <bug>343389</bug>
+  <bug>348998</bug>
+  <bug>354080</bug>
+  <bug>361963</bug>
+  <bug>390075</bug>
+  <bug>450746</bug>
+  <bug>484614</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.4d</unaffected>
+      <vulnerable range="lt">1.3.4d</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ProFTPD is an advanced and very configurable FTP server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ProFTPD. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker could possibly execute arbitrary code with
+      the privileges of the process, perform man-in-the-middle attacks to spoof
+      arbitrary SSL servers, cause a Denial of Service condition, or read and
+      modify arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ProFTPD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.3.4d"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555">CVE-2009-3555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3867">CVE-2010-3867</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4221">CVE-2010-4221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4652">CVE-2010-4652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1137">CVE-2011-1137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130">CVE-2011-4130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6095">CVE-2012-6095</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4359">CVE-2013-4359</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:05Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-24T23:08:08Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-16.xml b/metadata/glsa/glsa-201309-16.xml
new file mode 100644
index 000000000000..78718265d261
--- /dev/null
+++ b/metadata/glsa/glsa-201309-16.xml
@@ -0,0 +1,234 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-16">
+  <title>Chromium, V8: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
+    some of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium v8</product>
+  <announced>2013-09-24</announced>
+  <revised count="2">2013-09-25</revised>
+  <bug>442096</bug>
+  <bug>444826</bug>
+  <bug>445246</bug>
+  <bug>446944</bug>
+  <bug>451334</bug>
+  <bug>453610</bug>
+  <bug>458644</bug>
+  <bug>460318</bug>
+  <bug>460776</bug>
+  <bug>463426</bug>
+  <bug>470920</bug>
+  <bug>472350</bug>
+  <bug>476344</bug>
+  <bug>479048</bug>
+  <bug>481990</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">29.0.1457.57</unaffected>
+      <vulnerable range="lt">29.0.1457.57</vulnerable>
+    </package>
+    <package name="dev-lang/v8" auto="yes" arch="*">
+      <unaffected range="ge">3.18.5.14</unaffected>
+      <vulnerable range="lt">3.18.5.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project. V8 is Google’s open
+      source JavaScript engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
+      review the CVE identifiers and release notes referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted web site or JavaScript program using Chromium or V8, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition. Furthermore, a remote attacker
+      may be able to bypass security restrictions or have other, unspecified,
+      impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-29.0.1457.57"
+    </code>
+    
+    <p>All V8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/v8-3.18.5.14"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116">CVE-2012-5116</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117">CVE-2012-5117</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118">CVE-2012-5118</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120">CVE-2012-5120</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121">CVE-2012-5121</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122">CVE-2012-5122</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123">CVE-2012-5123</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124">CVE-2012-5124</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125">CVE-2012-5125</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126">CVE-2012-5126</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127">CVE-2012-5127</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128">CVE-2012-5128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130">CVE-2012-5130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132">CVE-2012-5132</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133">CVE-2012-5133</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135">CVE-2012-5135</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136">CVE-2012-5136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137">CVE-2012-5137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138">CVE-2012-5138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139">CVE-2012-5139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140">CVE-2012-5140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141">CVE-2012-5141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142">CVE-2012-5142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143">CVE-2012-5143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144">CVE-2012-5144</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145">CVE-2012-5145</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146">CVE-2012-5146</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147">CVE-2012-5147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148">CVE-2012-5148</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149">CVE-2012-5149</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150">CVE-2012-5150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151">CVE-2012-5151</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152">CVE-2012-5152</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153">CVE-2012-5153</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154">CVE-2012-5154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828">CVE-2013-0828</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829">CVE-2013-0829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830">CVE-2013-0830</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831">CVE-2013-0831</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832">CVE-2013-0832</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833">CVE-2013-0833</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834">CVE-2013-0834</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835">CVE-2013-0835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836">CVE-2013-0836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837">CVE-2013-0837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838">CVE-2013-0838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839">CVE-2013-0839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840">CVE-2013-0840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841">CVE-2013-0841</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842">CVE-2013-0842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879">CVE-2013-0879</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880">CVE-2013-0880</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881">CVE-2013-0881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882">CVE-2013-0882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883">CVE-2013-0883</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884">CVE-2013-0884</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885">CVE-2013-0885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887">CVE-2013-0887</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888">CVE-2013-0888</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889">CVE-2013-0889</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890">CVE-2013-0890</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891">CVE-2013-0891</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892">CVE-2013-0892</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893">CVE-2013-0893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894">CVE-2013-0894</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895">CVE-2013-0895</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896">CVE-2013-0896</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897">CVE-2013-0897</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898">CVE-2013-0898</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899">CVE-2013-0899</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900">CVE-2013-0900</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902">CVE-2013-0902</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903">CVE-2013-0903</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904">CVE-2013-0904</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905">CVE-2013-0905</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906">CVE-2013-0906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907">CVE-2013-0907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908">CVE-2013-0908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909">CVE-2013-0909</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910">CVE-2013-0910</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911">CVE-2013-0911</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912">CVE-2013-0912</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916">CVE-2013-0916</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917">CVE-2013-0917</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918">CVE-2013-0918</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919">CVE-2013-0919</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920">CVE-2013-0920</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921">CVE-2013-0921</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922">CVE-2013-0922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923">CVE-2013-0923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924">CVE-2013-0924</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925">CVE-2013-0925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926">CVE-2013-0926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836">CVE-2013-2836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837">CVE-2013-2837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838">CVE-2013-2838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839">CVE-2013-2839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840">CVE-2013-2840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841">CVE-2013-2841</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842">CVE-2013-2842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843">CVE-2013-2843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844">CVE-2013-2844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845">CVE-2013-2845</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846">CVE-2013-2846</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847">CVE-2013-2847</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848">CVE-2013-2848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849">CVE-2013-2849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853">CVE-2013-2853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855">CVE-2013-2855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856">CVE-2013-2856</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857">CVE-2013-2857</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858">CVE-2013-2858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859">CVE-2013-2859</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860">CVE-2013-2860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861">CVE-2013-2861</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862">CVE-2013-2862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863">CVE-2013-2863</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865">CVE-2013-2865</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867">CVE-2013-2867</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868">CVE-2013-2868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869">CVE-2013-2869</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870">CVE-2013-2870</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871">CVE-2013-2871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874">CVE-2013-2874</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875">CVE-2013-2875</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876">CVE-2013-2876</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877">CVE-2013-2877</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878">CVE-2013-2878</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879">CVE-2013-2879</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880">CVE-2013-2880</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881">CVE-2013-2881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882">CVE-2013-2882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883">CVE-2013-2883</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884">CVE-2013-2884</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885">CVE-2013-2885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886">CVE-2013-2886</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887">CVE-2013-2887</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900">CVE-2013-2900</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901">CVE-2013-2901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902">CVE-2013-2902</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903">CVE-2013-2903</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904">CVE-2013-2904</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905">CVE-2013-2905</uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html">
+      Release Notes 23.0.1271.64
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html">
+      Release Notes 23.0.1271.91
+    </uri>
+    <uri link="https://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html">
+      Release Notes 23.0.1271.95
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-11-07T23:45:36Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-09-25T20:40:39Z">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-17.xml b/metadata/glsa/glsa-201309-17.xml
new file mode 100644
index 000000000000..1d256721b04d
--- /dev/null
+++ b/metadata/glsa/glsa-201309-17.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-17">
+  <title>Monkey HTTP Daemon: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in Monkey HTTP
+    Daemon, the worst of which could result in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">monkeyd</product>
+  <announced>2013-09-25</announced>
+  <revised count="1">2013-09-25</revised>
+  <bug>471906</bug>
+  <bug>472400</bug>
+  <bug>472644</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/monkeyd" auto="yes" arch="*">
+      <unaffected range="ge">1.2.2</unaffected>
+      <vulnerable range="lt">1.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Monkey HTTP Daemon is a lightweight and powerful web server for
+      GNU/Linux.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Monkey HTTP Daemon.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted request, resulting in
+      possible arbitrary code execution or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Monkey HTTP Daemon users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/monkeyd-1.2.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2163">CVE-2013-2163</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3724">CVE-2013-3724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3843">CVE-2013-3843</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-23T09:57:28Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-25T16:51:51Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-18.xml b/metadata/glsa/glsa-201309-18.xml
new file mode 100644
index 000000000000..325b5c463fee
--- /dev/null
+++ b/metadata/glsa/glsa-201309-18.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-18">
+  <title>libvirt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libvirt, allowing
+    remote attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2013-09-25</announced>
+  <revised count="1">2013-09-25</revised>
+  <bug>454588</bug>
+  <bug>470096</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5.1-r3</unaffected>
+      <vulnerable range="lt">1.0.5.1-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>An error in the virNetMessageFree() function in rpc/virnetserverclient.c
+      can lead to a use-after-free. Additionally, a socket leak in the
+      remoteDispatchStoragePoolListAllVolumes command can lead to file
+      descriptor exhaustion.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause certain errors during an RPC connection to
+      cause a message to be freed without being removed from the message queue,
+      possibly resulting in execution of arbitrary code or a Denial of Service
+      condition. Additionally, a remote attacker could repeatedly issue the
+      command to list all pool volumes, causing a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/libvirt-1.0.5.1-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0170">CVE-2013-0170</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1962">CVE-2013-1962</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-02-26T00:00:24Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-09-25T16:52:55Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-19.xml b/metadata/glsa/glsa-201309-19.xml
new file mode 100644
index 000000000000..e4ff190ba195
--- /dev/null
+++ b/metadata/glsa/glsa-201309-19.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-19">
+  <title>TPP: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in TPP might allow a remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">tpp</product>
+  <announced>2013-09-25</announced>
+  <revised count="1">2013-09-25</revised>
+  <bug>474018</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/tpp" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1-r2</unaffected>
+      <vulnerable range="lt">1.3.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TPP is an ncurses-based text presentation tool.</p>
+  </background>
+  <description>
+    <p>TPP templates may contain a --exec clause, the contents of which are
+      automatically executed without confirmation from the user. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using TPP, possibly resulting in execution of arbitrary code with the
+      privileges of the user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TPP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/tpp-1.3.1-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2208">CVE-2013-2208</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-23T15:06:40Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-25T16:53:56Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-20.xml b/metadata/glsa/glsa-201309-20.xml
new file mode 100644
index 000000000000..33823b8e3918
--- /dev/null
+++ b/metadata/glsa/glsa-201309-20.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-20">
+  <title>Dropbear: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dropbear, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">dropbear</product>
+  <announced>2013-09-26</announced>
+  <revised count="1">2013-09-26</revised>
+  <bug>328409</bug>
+  <bug>405607</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dropbear" auto="yes" arch="*">
+      <unaffected range="ge">2012.55</unaffected>
+      <vulnerable range="lt">2012.55</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dropbear is an SSH server and client designed with a small memory
+      footprint.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dropbear. Please review
+      the CVE identifier and Gentoo bug referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request to trigger a
+      use-after-free condition, possibly resulting in arbitrary code execution
+      or a Denial of Service condition. Additionally, the bundled version of
+      libtommath has an error in its prime number generation, which could
+      result in the generation of weak keys.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dropbear users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dropbear-2012.55"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0920">CVE-2012-0920</uri>
+    <uri link="https://bugs.gentoo.org/show_bug.cgi?id=328383">libtommath
+      Gentoo bug
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-03T20:26:25Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-26T23:47:21Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-21.xml b/metadata/glsa/glsa-201309-21.xml
new file mode 100644
index 000000000000..9ec2d7b0b7d4
--- /dev/null
+++ b/metadata/glsa/glsa-201309-21.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-21">
+  <title>klibc: Command Injection</title>
+  <synopsis>A vulnerability in klibc could allow remote attackers to execute
+    arbitrary shell code.
+  </synopsis>
+  <product type="ebuild">klibc</product>
+  <announced>2013-09-26</announced>
+  <revised count="1">2013-09-26</revised>
+  <bug>369075</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/klibc" auto="yes" arch="*">
+      <unaffected range="ge">1.5.25</unaffected>
+      <vulnerable range="lt">1.5.25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>klibc is a minimalistic libc used for making an initramfs.</p>
+  </background>
+  <description>
+    <p>The ipconfig utility in klibc writes DHCP options to
+      /tmp/net-$DEVICE.conf, and this file is later sourced by other scripts to
+      get defined variables. The options written to this file are not properly
+      escaped.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted DHCP reply, which could
+      execute arbitrary shell code with the privileges of any process which
+      sources DHCP options.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All klibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/klibc-1.5.25"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1930">CVE-2011-1930</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-30T11:18:21Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-26T23:52:30Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-22.xml b/metadata/glsa/glsa-201309-22.xml
new file mode 100644
index 000000000000..624ee4865d1e
--- /dev/null
+++ b/metadata/glsa/glsa-201309-22.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-22">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Squid, possibly
+    resulting in remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2013-09-27</announced>
+  <revised count="1">2013-09-27</revised>
+  <bug>261208</bug>
+  <bug>389133</bug>
+  <bug>447596</bug>
+  <bug>452584</bug>
+  <bug>461492</bug>
+  <bug>476562</bug>
+  <bug>476960</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">3.2.13</unaffected>
+      <vulnerable range="lt">3.2.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squid is a full-featured web proxy cache.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Squid. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to bypass ACL restrictions or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Squid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-3.2.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0801">CVE-2009-0801</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4096">CVE-2011-4096</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5643">CVE-2012-5643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0189">CVE-2013-0189</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1839">CVE-2013-1839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4115">CVE-2013-4115</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4123">CVE-2013-4123</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T01:08:59Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-09-27T09:34:15Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-23.xml b/metadata/glsa/glsa-201309-23.xml
new file mode 100644
index 000000000000..56b299b0b8f6
--- /dev/null
+++ b/metadata/glsa/glsa-201309-23.xml
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-23">
+  <title>Mozilla Products: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox,
+    Thunderbird, and SeaMonkey, some of which may allow a remote user to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird,seamonkey</product>
+  <announced>2013-09-27</announced>
+  <revised count="1">2013-09-27</revised>
+  <bug>450940</bug>
+  <bug>458390</bug>
+  <bug>460818</bug>
+  <bug>464226</bug>
+  <bug>469868</bug>
+  <bug>474758</bug>
+  <bug>479968</bug>
+  <bug>485258</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">17.0.9</unaffected>
+      <vulnerable range="lt">17.0.9</vulnerable>
+    </package>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">17.0.9</unaffected>
+      <vulnerable range="lt">17.0.9</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">2.21</unaffected>
+      <vulnerable range="lt">2.21</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">17.0.9</unaffected>
+      <vulnerable range="lt">17.0.9</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">17.0.9</unaffected>
+      <vulnerable range="lt">17.0.9</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.21</unaffected>
+      <vulnerable range="lt">2.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
+      an open-source email client, both from the Mozilla Project. The
+      SeaMonkey project is a community effort to deliver production-quality
+      releases of code derived from the application formerly known as the
+      ‘Mozilla Application Suite’.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox,
+      Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page or email, possibly resulting in execution of arbitrary code or a
+      Denial of Service condition. Further, a remote attacker could conduct XSS
+      attacks, spoof URLs, bypass address space layout randomization, conduct
+      clickjacking attacks, obtain potentially sensitive information, bypass
+      access restrictions, modify the local filesystem, or conduct other
+      unspecified attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-17.0.9"
+    </code>
+    
+    <p>All users of the Mozilla Firefox binary package should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-17.0.9"
+    </code>
+    
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-17.0.9"
+    </code>
+    
+    <p>All users of the Mozilla Thunderbird binary package should upgrade to
+      the latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-17.0.9"
+    </code>
+    
+    <p>All SeaMonkey users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-2.21"
+    </code>
+    
+    <p>All users of the Mozilla SeaMonkey binary package should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-2.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744">CVE-2013-0744</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745">CVE-2013-0745</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746">CVE-2013-0746</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747">CVE-2013-0747</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748">CVE-2013-0748</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749">CVE-2013-0749</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750">CVE-2013-0750</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751">CVE-2013-0751</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752">CVE-2013-0752</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753">CVE-2013-0753</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754">CVE-2013-0754</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755">CVE-2013-0755</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756">CVE-2013-0756</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757">CVE-2013-0757</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758">CVE-2013-0758</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759">CVE-2013-0759</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760">CVE-2013-0760</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761">CVE-2013-0761</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762">CVE-2013-0762</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763">CVE-2013-0763</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764">CVE-2013-0764</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765">CVE-2013-0765</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766">CVE-2013-0766</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767">CVE-2013-0767</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768">CVE-2013-0768</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769">CVE-2013-0769</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770">CVE-2013-0770</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771">CVE-2013-0771</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772">CVE-2013-0772</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773">CVE-2013-0773</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774">CVE-2013-0774</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775">CVE-2013-0775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776">CVE-2013-0776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777">CVE-2013-0777</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778">CVE-2013-0778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779">CVE-2013-0779</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780">CVE-2013-0780</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781">CVE-2013-0781</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782">CVE-2013-0782</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783">CVE-2013-0783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784">CVE-2013-0784</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787">CVE-2013-0787</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788">CVE-2013-0788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789">CVE-2013-0789</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791">CVE-2013-0791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792">CVE-2013-0792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793">CVE-2013-0793</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794">CVE-2013-0794</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795">CVE-2013-0795</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796">CVE-2013-0796</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797">CVE-2013-0797</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799">CVE-2013-0799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800">CVE-2013-0800</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801">CVE-2013-0801</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670">CVE-2013-1670</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671">CVE-2013-1671</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674">CVE-2013-1674</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675">CVE-2013-1675</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676">CVE-2013-1676</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677">CVE-2013-1677</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678">CVE-2013-1678</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679">CVE-2013-1679</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680">CVE-2013-1680</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681">CVE-2013-1681</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682">CVE-2013-1682</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684">CVE-2013-1684</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687">CVE-2013-1687</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690">CVE-2013-1690</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692">CVE-2013-1692</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693">CVE-2013-1693</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694">CVE-2013-1694</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697">CVE-2013-1697</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701">CVE-2013-1701</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702">CVE-2013-1702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704">CVE-2013-1704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705">CVE-2013-1705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707">CVE-2013-1707</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708">CVE-2013-1708</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709">CVE-2013-1709</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710">CVE-2013-1710</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711">CVE-2013-1711</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712">CVE-2013-1712</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713">CVE-2013-1713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714">CVE-2013-1714</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717">CVE-2013-1717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718">CVE-2013-1718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719">CVE-2013-1719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720">CVE-2013-1720</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722">CVE-2013-1722</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723">CVE-2013-1723</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724">CVE-2013-1724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725">CVE-2013-1725</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726">CVE-2013-1726</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728">CVE-2013-1728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730">CVE-2013-1730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732">CVE-2013-1732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735">CVE-2013-1735</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736">CVE-2013-1736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737">CVE-2013-1737</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738">CVE-2013-1738</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-07-12T01:55:45Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-09-27T20:18:53Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201309-24.xml b/metadata/glsa/glsa-201309-24.xml
new file mode 100644
index 000000000000..9bb8b1e1eb95
--- /dev/null
+++ b/metadata/glsa/glsa-201309-24.xml
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201309-24">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, allowing attackers
+    on a Xen Virtual Machine to execute arbitrary code, cause Denial of
+    Service, or gain access to data on the host.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2013-09-27</announced>
+  <revised count="1">2013-09-27</revised>
+  <bug>385319</bug>
+  <bug>386371</bug>
+  <bug>420875</bug>
+  <bug>431156</bug>
+  <bug>454314</bug>
+  <bug>464724</bug>
+  <bug>472214</bug>
+  <bug>482860</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.2.2-r1</unaffected>
+      <vulnerable range="lt">4.2.2-r1</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.2.2-r3</unaffected>
+      <vulnerable range="lt">4.2.2-r3</vulnerable>
+    </package>
+    <package name="app-emulation/xen-pvgrub" auto="yes" arch="*">
+      <unaffected range="ge">4.2.2-r1</unaffected>
+      <vulnerable range="lt">4.2.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Guest domains could possibly gain privileges, execute arbitrary code, or
+      cause a Denial of Service on the host domain (Dom0). Additionally, guest
+      domains could gain information about other virtual machines running on
+      the same host or read arbitrary files on the host.
+    </p>
+  </impact>
+  <workaround>
+    <p>The CVEs listed below do not currently have fixes, but only apply to Xen
+      setups which have “tmem” specified on the hypervisor command line.
+      TMEM is not currently supported for use in production systems, and
+      administrators using tmem should disable it.
+      Relevant CVEs:
+      * CVE-2012-2497
+      * CVE-2012-6030
+      * CVE-2012-6031
+      * CVE-2012-6032
+      * CVE-2012-6033
+      * CVE-2012-6034
+      * CVE-2012-6035
+      * CVE-2012-6036
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.2.2-r1"
+    </code>
+    
+    <p>All Xen-tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.2.2-r3"
+    </code>
+    
+    <p>All Xen-pvgrub users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-pvgrub-4.2.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2901">CVE-2011-2901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262">CVE-2011-3262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0217">CVE-2012-0217</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0218">CVE-2012-0218</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2934">CVE-2012-2934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3432">CVE-2012-3432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3433">CVE-2012-3433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494">CVE-2012-3494</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495">CVE-2012-3495</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496">CVE-2012-3496</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497">CVE-2012-3497</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498">CVE-2012-3498</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515">CVE-2012-3515</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411">CVE-2012-4411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535">CVE-2012-4535</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536">CVE-2012-4536</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537">CVE-2012-4537</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538">CVE-2012-4538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539">CVE-2012-4539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5510">CVE-2012-5510</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5511">CVE-2012-5511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5512">CVE-2012-5512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5513">CVE-2012-5513</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5514">CVE-2012-5514</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5515">CVE-2012-5515</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5525">CVE-2012-5525</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5634">CVE-2012-5634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030">CVE-2012-6030</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031">CVE-2012-6031</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032">CVE-2012-6032</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033">CVE-2012-6033</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034">CVE-2012-6034</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035">CVE-2012-6035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036">CVE-2012-6036</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6075">CVE-2012-6075</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6333">CVE-2012-6333</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0151">CVE-2013-0151</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0152">CVE-2013-0152</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0153">CVE-2013-0153</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0154">CVE-2013-0154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0215">CVE-2013-0215</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1432">CVE-2013-1432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1917">CVE-2013-1917</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1918">CVE-2013-1918</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1919">CVE-2013-1919</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1920">CVE-2013-1920</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1922">CVE-2013-1922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1952">CVE-2013-1952</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1964">CVE-2013-1964</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076">CVE-2013-2076</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2077">CVE-2013-2077</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078">CVE-2013-2078</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2194">CVE-2013-2194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2195">CVE-2013-2195</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2196">CVE-2013-2196</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211">CVE-2013-2211</uri>
+    <uri link="https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html">
+      Xen TMEM
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T01:02:21Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-09-27T20:19:09Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-01.xml b/metadata/glsa/glsa-201310-01.xml
new file mode 100644
index 000000000000..9fedc00f1b28
--- /dev/null
+++ b/metadata/glsa/glsa-201310-01.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-01">
+  <title>Perl Module-Signature module: Arbitrary code execution</title>
+  <synopsis>The Module-Signature module for Perl has insufficient path checks,
+    allowing a remote attacker to execute arbitrary Perl code.
+  </synopsis>
+  <product type="ebuild">Module-Signature</product>
+  <announced>2013-10-04</announced>
+  <revised count="1">2013-10-04</revised>
+  <bug>472428</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/Module-Signature" auto="yes" arch="*">
+      <unaffected range="ge">0.720.0</unaffected>
+      <vulnerable range="lt">0.720.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Perl Module::Signature module adds signing capabilities to CPAN
+      modules.
+    </p>
+  </background>
+  <description>
+    <p>The ‘cpansign verify’ command will automatically download keys and
+      use them to check the signature of CPAN packages via the SIGNATURE file.
+      If an attacker were to replace this (SHA1) with a special unknown cipher
+      (e.g. ‘Special’) and were to include in the distribution a
+      ‘Digest/Special.pm’, the code in this Perl module would be executed
+      when ‘cpansign -verify’ is run.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All users of the Module-Signature Perl module should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-perl/Module-Signature-0.720.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2145">CVE-2013-2145</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-21T11:15:28Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-04T06:56:47Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-02.xml b/metadata/glsa/glsa-201310-02.xml
new file mode 100644
index 000000000000..129802f1c418
--- /dev/null
+++ b/metadata/glsa/glsa-201310-02.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-02">
+  <title>isync: Man-in-the-Middle attack</title>
+  <synopsis>A vulnerability in isync could allow remote attackers to perform
+    man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">isync</product>
+  <announced>2013-10-05</announced>
+  <revised count="1">2013-10-05</revised>
+  <bug>458420</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/isync" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6</unaffected>
+      <vulnerable range="lt">1.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>isync is an IMAP and MailDir mailbox synchronizer. </p>
+  </background>
+  <description>
+    <p>isync does not properly verify the server’s hostname against the CN
+      field in the SSL certificate.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote server could perform man-in-the-middle attacks to disclose
+      passwords or obtain other sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All isync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/isync-1.0.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0289">CVE-2013-0289</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-04-08T23:32:51Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-10-05T20:45:35Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-03.xml b/metadata/glsa/glsa-201310-03.xml
new file mode 100644
index 000000000000..d68f002ab43d
--- /dev/null
+++ b/metadata/glsa/glsa-201310-03.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-03">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, some of which
+    may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2013-10-06</announced>
+  <revised count="1">2013-10-06</revised>
+  <bug>263028</bug>
+  <bug>290430</bug>
+  <bug>290464</bug>
+  <bug>308017</bug>
+  <bug>338878</bug>
+  <bug>352581</bug>
+  <bug>459866</bug>
+  <bug>480366</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.22.2-r1</unaffected>
+      <vulnerable range="lt">0.22.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a cross-platform PDF rendering library originally based on
+      Xpdf.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      file, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.22.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0146">CVE-2009-0146</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0147">CVE-2009-0147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0165">CVE-2009-0165</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0166">CVE-2009-0166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0195">CVE-2009-0195</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0799">CVE-2009-0799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0800">CVE-2009-0800</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1179">CVE-2009-1179</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1180">CVE-2009-1180</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1181">CVE-2009-1181</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1182">CVE-2009-1182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1183">CVE-2009-1183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1187">CVE-2009-1187</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1188">CVE-2009-1188</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3603">CVE-2009-3603</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3604">CVE-2009-3604</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3605">CVE-2009-3605</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3606">CVE-2009-3606</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3607">CVE-2009-3607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3608">CVE-2009-3608</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3609">CVE-2009-3609</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3938">CVE-2009-3938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702">CVE-2010-3702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3703">CVE-2010-3703</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704">CVE-2010-3704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4653">CVE-2010-4653</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4654">CVE-2010-4654</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2142">CVE-2012-2142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1788">CVE-2013-1788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1789">CVE-2013-1789</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1790">CVE-2013-1790</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:55Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-06T15:45:26Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-04.xml b/metadata/glsa/glsa-201310-04.xml
new file mode 100644
index 000000000000..cc63efe02b36
--- /dev/null
+++ b/metadata/glsa/glsa-201310-04.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-04">
+  <title>nginx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in nginx, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nginx</product>
+  <announced>2013-10-06</announced>
+  <revised count="1">2013-10-06</revised>
+  <bug>458726</bug>
+  <bug>468870</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1-r2</unaffected>
+      <vulnerable range="lt">1.4.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in nginx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process, or a Denial of Service condition. Furthermore, a
+      context-dependent attacker may be able to obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nginx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.4.1-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337">CVE-2013-0337</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028">CVE-2013-2028</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070">CVE-2013-2070</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-30T22:53:05Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-10-06T21:49:01Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-05.xml b/metadata/glsa/glsa-201310-05.xml
new file mode 100644
index 000000000000..7a3588b90364
--- /dev/null
+++ b/metadata/glsa/glsa-201310-05.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-05">
+  <title>GEGL: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in GEGL might allow a remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">gegl</product>
+  <announced>2013-10-06</announced>
+  <revised count="1">2013-10-06</revised>
+  <bug>442016</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gegl" auto="yes" arch="*">
+      <unaffected range="ge">0.2.0-r2</unaffected>
+      <vulnerable range="lt">0.2.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GEGL is a graph-based image processing framework.</p>
+  </background>
+  <description>
+    <p>Multiple integer overflows in GEGL may cause a heap-based buffer
+      overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PPM
+      image using an application linked against GEGL, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gegl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/gegl-0.2.0-r2"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4433">CVE-2012-4433</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-30T23:10:40Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-10-06T22:25:22Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-06.xml b/metadata/glsa/glsa-201310-06.xml
new file mode 100644
index 000000000000..73773f79aefb
--- /dev/null
+++ b/metadata/glsa/glsa-201310-06.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-06">
+  <title>Aircrack-ng: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in Aircrack-ng could result in
+    execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">aircrack-ng</product>
+  <announced>2013-10-07</announced>
+  <revised count="1">2013-10-07</revised>
+  <bug>311797</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/aircrack-ng" auto="yes" arch="*">
+      <unaffected range="ge">1.1-r2</unaffected>
+      <vulnerable range="lt">1.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can
+      recover keys once enough data packets have been captured.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow vulnerability has been discovered in Aircrack-ng.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted dump
+      file using Aircrack-ng, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Aircrack-ng users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/aircrack-ng-1.1-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1159">CVE-2010-1159</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-23T23:18:18Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-10-07T08:46:58Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-07.xml b/metadata/glsa/glsa-201310-07.xml
new file mode 100644
index 000000000000..f5dc746c7beb
--- /dev/null
+++ b/metadata/glsa/glsa-201310-07.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-07">
+  <title>OpenJPEG: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities in OpenJPEG could result in execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">openjpeg</product>
+  <announced>2013-10-10</announced>
+  <revised count="1">2013-10-10</revised>
+  <bug>412895</bug>
+  <bug>425772</bug>
+  <bug>433766</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openjpeg" auto="yes" arch="*">
+      <unaffected range="ge">1.5.1</unaffected>
+      <vulnerable range="lt">1.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJPEG is an open-source JPEG 2000 library.</p>
+  </background>
+  <description>
+    <p>OpenJPEG contains an invalid free error and multiple buffer overflow
+      flaws. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted JPEG
+      file, possibly resulting in execution of arbitrary code or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJPEG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-1.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5030">CVE-2009-5030</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3358">CVE-2012-3358</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3535">CVE-2012-3535</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-29T15:22:41Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-10-10T11:18:57Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-08.xml b/metadata/glsa/glsa-201310-08.xml
new file mode 100644
index 000000000000..0bdbb103a182
--- /dev/null
+++ b/metadata/glsa/glsa-201310-08.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-08">
+  <title>Quagga: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Quagga, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">quagga</product>
+  <announced>2013-10-10</announced>
+  <revised count="1">2013-10-10</revised>
+  <bug>408507</bug>
+  <bug>475706</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/quagga" auto="yes" arch="*">
+      <unaffected range="ge">0.99.22.4</unaffected>
+      <vulnerable range="lt">0.99.22.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and
+      BGP.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Quagga. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause arbitrary code execution or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quagga users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-0.99.22.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249">CVE-2012-0249</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250">CVE-2012-0250</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255">CVE-2012-0255</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820">CVE-2012-1820</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236">CVE-2013-2236</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-02T19:08:42Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-10T11:51:02Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-09.xml b/metadata/glsa/glsa-201310-09.xml
new file mode 100644
index 000000000000..19fe361d8709
--- /dev/null
+++ b/metadata/glsa/glsa-201310-09.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-09">
+  <title>Setuptools: Man-in-the-Middle attack</title>
+  <synopsis>A vulnerability in Setuptools could allow remote attackers to
+    perform man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">setuptools</product>
+  <announced>2013-10-10</announced>
+  <revised count="1">2013-10-10</revised>
+  <bug>479964</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/setuptools" auto="yes" arch="*">
+      <unaffected range="ge">0.8-r1</unaffected>
+      <vulnerable range="lt">0.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Setuptools is a manager for Python packages.</p>
+  </background>
+  <description>
+    <p>Setuptools does not check the integrity of downloaded Python packages.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could perform man-in-the-middle attacks to execute
+      arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Setuptools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/setuptools-0.8-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1633">CVE-2013-1633</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-29T15:36:44Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-10-10T12:13:55Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-10.xml b/metadata/glsa/glsa-201310-10.xml
new file mode 100644
index 000000000000..443fb903d953
--- /dev/null
+++ b/metadata/glsa/glsa-201310-10.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-10">
+  <title>PolarSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PolarSSL, the worst of
+    which might allow a remote attacker to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">PolarSSL</product>
+  <announced>2013-10-17</announced>
+  <revised count="1">2013-10-17</revised>
+  <bug>358783</bug>
+  <bug>416399</bug>
+  <bug>455562</bug>
+  <bug>464206</bug>
+  <bug>480882</bug>
+  <bug>487170</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/polarssl" auto="yes" arch="*">
+      <unaffected range="ge">1.3.0</unaffected>
+      <vulnerable range="lt">1.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PolarSSL is a cryptographic library for embedded systems.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PolarSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might be able to cause Denial of Service, conduct a
+      man-in-the middle attack, compromise an encrypted communication channel,
+      or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PolarSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/polarssl-1.3.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1923">CVE-2011-1923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2130">CVE-2012-2130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169">CVE-2013-0169</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1621">CVE-2013-1621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4623">CVE-2013-4623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5915">CVE-2013-5915</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-08T22:30:33Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-10-17T08:18:11Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-11.xml b/metadata/glsa/glsa-201310-11.xml
new file mode 100644
index 000000000000..39500921a7bd
--- /dev/null
+++ b/metadata/glsa/glsa-201310-11.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-11">
+  <title>Perl Parallel-ForkManager Module: Insecure temporary file usage</title>
+  <synopsis>An insecure temporary file usage has been reported in the Perl
+    Parallel-ForkManager module, possibly allowing symlink attacks.
+  </synopsis>
+  <product type="ebuild">Parallel-ForkManager</product>
+  <announced>2013-10-17</announced>
+  <revised count="1">2013-10-17</revised>
+  <bug>389839</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-perl/Parallel-ForkManager" auto="yes" arch="*">
+      <unaffected range="ge">1.20.0</unaffected>
+      <vulnerable range="lt">1.20.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Parallel-ForkManager is a simple parallel processing fork manager for
+      Perl.
+    </p>
+  </background>
+  <description>
+    <p>The Perl Parallel-ForkManager module does not handle temporary files
+      securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Parallel-ForkManager users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-perl/Parallel-ForkManager-1.20.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4115">CVE-2011-4115</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-02T18:47:58Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-17T08:42:08Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-12.xml b/metadata/glsa/glsa-201310-12.xml
new file mode 100644
index 000000000000..487dd38ab3d5
--- /dev/null
+++ b/metadata/glsa/glsa-201310-12.xml
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-12">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in FFmpeg, the worst of which
+    might enable remote attackers to cause user-assisted execution of arbitrary
+    code.                                 
+  </synopsis>
+  <product type="ebuild">FFmpeg</product>
+  <announced>2013-10-25</announced>
+  <revised count="1">2013-10-25</revised>
+  <bug>285719</bug>
+  <bug>307755</bug>
+  <bug>339036</bug>
+  <bug>352481</bug>
+  <bug>365273</bug>
+  <bug>378801</bug>
+  <bug>382301</bug>
+  <bug>384095</bug>
+  <bug>385511</bug>
+  <bug>389807</bug>
+  <bug>391421</bug>
+  <bug>397893</bug>
+  <bug>401069</bug>
+  <bug>411369</bug>
+  <bug>420305</bug>
+  <bug>433772</bug>
+  <bug>439054</bug>
+  <bug>454420</bug>
+  <bug>465496</bug>
+  <bug>473302</bug>
+  <bug>473790</bug>
+  <bug>476218</bug>
+  <bug>482136</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">1.0.7</unaffected>
+      <vulnerable range="lt">1.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete solution to record, convert and stream audio and
+      video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers and FFmpeg changelogs referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file, possibly leading to the execution of arbitrary code with the
+      privileges of the user running the application or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-1.0.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4631">CVE-2009-4631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4632">CVE-2009-4632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4633">CVE-2009-4633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4634">CVE-2009-4634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4635">CVE-2009-4635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4636">CVE-2009-4636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4637">CVE-2009-4637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4638">CVE-2009-4638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4639">CVE-2009-4639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4640">CVE-2009-4640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3429">CVE-2010-3429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3908">CVE-2010-3908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704">CVE-2010-4704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704">CVE-2010-4704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4705">CVE-2010-4705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1931">CVE-2011-1931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3362">CVE-2011-3362</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3893">CVE-2011-3893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3895">CVE-2011-3895</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929">CVE-2011-3929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3934">CVE-2011-3934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3935">CVE-2011-3935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936">CVE-2011-3936</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3937">CVE-2011-3937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940">CVE-2011-3940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3941">CVE-2011-3941</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3944">CVE-2011-3944</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945">CVE-2011-3945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3946">CVE-2011-3946</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947">CVE-2011-3947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3949">CVE-2011-3949</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3950">CVE-2011-3950</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951">CVE-2011-3951</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952">CVE-2011-3952</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3973">CVE-2011-3973</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3974">CVE-2011-3974</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4351">CVE-2011-4351</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4352">CVE-2011-4352</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4353">CVE-2011-4353</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4364">CVE-2011-4364</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947">CVE-2012-0947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2771">CVE-2012-2771</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772">CVE-2012-2772</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2773">CVE-2012-2773</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2774">CVE-2012-2774</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775">CVE-2012-2775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776">CVE-2012-2776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777">CVE-2012-2777</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2778">CVE-2012-2778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779">CVE-2012-2779</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2780">CVE-2012-2780</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2781">CVE-2012-2781</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2782">CVE-2012-2782</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783">CVE-2012-2783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784">CVE-2012-2784</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2785">CVE-2012-2785</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786">CVE-2012-2786</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787">CVE-2012-2787</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788">CVE-2012-2788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789">CVE-2012-2789</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790">CVE-2012-2790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791">CVE-2012-2791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2792">CVE-2012-2792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793">CVE-2012-2793</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794">CVE-2012-2794</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2795">CVE-2012-2795</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796">CVE-2012-2796</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797">CVE-2012-2797</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798">CVE-2012-2798</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2799">CVE-2012-2799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800">CVE-2012-2800</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801">CVE-2012-2801</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802">CVE-2012-2802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803">CVE-2012-2803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804">CVE-2012-2804</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2805">CVE-2012-2805</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3670">CVE-2013-3670</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3671">CVE-2013-3671</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3672">CVE-2013-3672</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3673">CVE-2013-3673</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3674">CVE-2013-3674</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3675">CVE-2013-3675</uri>
+    <uri link="https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10">
+      FFmpeg 0.10.x Changelog
+    </uri>
+    <uri link="https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0">
+      FFmpeg 1.0.x Changelog
+    </uri>
+    <uri link="http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html">
+      NGS Secure Research NGS00068
+    </uri>
+    <uri link="https://secunia.com/advisories/36760/">Secunia Advisory SA36760</uri>
+    <uri link="https://secunia.com/advisories/46134/">Secunia Advisory SA46134</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:08Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-25T18:49:10Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-13.xml b/metadata/glsa/glsa-201310-13.xml
new file mode 100644
index 000000000000..b6a510893342
--- /dev/null
+++ b/metadata/glsa/glsa-201310-13.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-13">
+  <title>MPlayer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MPlayer and the bundled
+    FFmpeg, the worst of which may lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">MPlayer</product>
+  <announced>2013-10-25</announced>
+  <revised count="1">2013-10-25</revised>
+  <bug>253649</bug>
+  <bug>279342</bug>
+  <bug>339037</bug>
+  <bug>379297</bug>
+  <bug>394809</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.1-r1</unaffected>
+      <vulnerable range="lt">1.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MPlayer is a media player including support for a wide range of audio
+      and video formats.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MPlayer and the bundled
+      FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a crafted media file to
+      execute arbitrary code or cause a Denial of Service. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MPlayer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/mplayer-1.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6718">CVE-2007-6718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4610">CVE-2008-4610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2062">CVE-2010-2062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3429">CVE-2010-3429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3625">CVE-2011-3625</uri>
+    <uri link="https://security.gentoo.org/glsa/glsa-201310-12.xml">FFmpeg:
+      Multiple Vulnerabilities
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:04Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2013-10-25T18:54:56Z">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-14.xml b/metadata/glsa/glsa-201310-14.xml
new file mode 100644
index 000000000000..769fc3d1347b
--- /dev/null
+++ b/metadata/glsa/glsa-201310-14.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-14">
+  <title>Groff: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Groff, allowing
+    context-dependent attackers to conduct symlink attacks. 
+  </synopsis>
+  <product type="ebuild">groff</product>
+  <announced>2013-10-25</announced>
+  <revised count="1">2013-10-25</revised>
+  <bug>386335</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/groff" auto="yes" arch="*">
+      <unaffected range="ge">1.22.2</unaffected>
+      <vulnerable range="lt">1.22.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Troff (Groff) is a text formatter used for man pages.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Groff. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A context-dependent attacker could perform symlink attacks to overwrite
+      arbitrary files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Groff users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/groff-1.22.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5044">CVE-2009-5044</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5078">CVE-2009-5078</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5079">CVE-2009-5079</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5080">CVE-2009-5080</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5081">CVE-2009-5081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5082">CVE-2009-5082</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-10-10T02:36:54Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-25T22:46:33Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-15.xml b/metadata/glsa/glsa-201310-15.xml
new file mode 100644
index 000000000000..c66edbdbb15b
--- /dev/null
+++ b/metadata/glsa/glsa-201310-15.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-15">
+  <title>GNU Automake: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GNU Automake, allowing
+    local arbitrary command execution with the privileges of the user running
+    an Automake-based build.
+  </synopsis>
+  <product type="ebuild">automake</product>
+  <announced>2013-10-25</announced>
+  <revised count="1">2013-10-25</revised>
+  <bug>295357</bug>
+  <bug>426336</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/automake" auto="yes" arch="*">
+      <unaffected range="ge">1.11.6</unaffected>
+      <vulnerable range="lt">1.11.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Automake is a tool for automatically generating Makefile.in files
+      compliant with the GNU Coding Standards.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU Automake. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute arbitrary commands with the privileges of
+      the user running an Automake-based build.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Automake users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/automake-1.11.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029">CVE-2009-4029</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3386">CVE-2012-3386</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:36Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-25T23:54:51Z">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-16.xml b/metadata/glsa/glsa-201310-16.xml
new file mode 100644
index 000000000000..5bc1db836090
--- /dev/null
+++ b/metadata/glsa/glsa-201310-16.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-16">
+  <title>TPTEST: Arbitrary code execution</title>
+  <synopsis>Two buffer overflow vulnerabilities in TPTEST may allow remote
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">tptest</product>
+  <announced>2013-10-26</announced>
+  <revised count="1">2013-10-26</revised>
+  <bug>261191</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/tptest" auto="yes" arch="*">
+      <unaffected range="ge">3.1.7-r2</unaffected>
+      <vulnerable range="lt">3.1.7-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TPTEST is a tool to measure the speed of a user’s Internet connection.</p>
+  </background>
+  <description>
+    <p>The GetStatsFromLine() function in TPTEST is vulnerable to buffer
+      overflows from STATS lines with long email and pwd fields.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially-crafted STATS line, possibly
+      resulting in arbitrary code execution or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TPTEST users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tptest-3.1.7-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0650">CVE-2009-0650</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0659">CVE-2009-0659</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-10-10T10:39:46Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-26T20:08:51Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-17.xml b/metadata/glsa/glsa-201310-17.xml
new file mode 100644
index 000000000000..b23f8ae10e67
--- /dev/null
+++ b/metadata/glsa/glsa-201310-17.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-17">
+  <title>pmake: Insecure temporary file usage</title>
+  <synopsis>pmake uses temporary files in an insecure manner, allowing for
+    symlink attacks.
+  </synopsis>
+  <product type="ebuild">pmake</product>
+  <announced>2013-10-28</announced>
+  <revised count="2">2013-10-28</revised>
+  <bug>367891</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/pmake" auto="yes" arch="*">
+      <unaffected range="ge">1.111.3.1</unaffected>
+      <vulnerable range="lt">1.111.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>pmake is Debian’s version of NetBSD’s make, a tool to build programs
+      in parallel.
+    </p>
+  </background>
+  <description>
+    <p>/usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary
+      files insecurely, with predictable names (/tmp/_depend[PID]), and
+      without using $TMPDIR.
+    </p>
+  </description>
+  <impact type="low">
+    <p>The make include files allow local users to overwrite arbitrary files
+      via a symlink attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All pmake users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/pmake-1.111.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1920">CVE-2011-1920</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-08T22:19:21Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-10-28T11:31:35Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-18.xml b/metadata/glsa/glsa-201310-18.xml
new file mode 100644
index 000000000000..bd2005bb1049
--- /dev/null
+++ b/metadata/glsa/glsa-201310-18.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-18">
+  <title>GnuTLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in GnuTLS, the worst
+    of which could lead to Denial of Service.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2013-10-28</announced>
+  <revised count="1">2013-10-28</revised>
+  <bug>455560</bug>
+  <bug>471788</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">2.12.23-r1</unaffected>
+      <vulnerable range="lt">2.12.23-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0
+      protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GnuTLS. Please review
+      the CVE identifiers and Lucky Thirteen research paper referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could sent a specially crafted packet to cause a
+      Denial of Service condition. Additionally, a remote attacker could
+      perform man-in-the-middle attacks to recover plaintext data.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-2.12.23-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1619">CVE-2013-1619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2116">CVE-2013-2116</uri>
+    <uri link="http://www.isg.rhul.ac.uk/tls/TLStiming.pdf">Lucky Thirteen:
+      Breaking the TLS and DTLS Record Protocols
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-24T19:32:51Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-28T11:33:22Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-19.xml b/metadata/glsa/glsa-201310-19.xml
new file mode 100644
index 000000000000..005d3953f817
--- /dev/null
+++ b/metadata/glsa/glsa-201310-19.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-19">
+  <title>X2Go Server: Arbitrary code execution</title>
+  <synopsis>A path vulnerability in X2Go Server may allow remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">x2goserver</product>
+  <announced>2013-10-28</announced>
+  <revised count="1">2013-10-28</revised>
+  <bug>472582</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/x2goserver" auto="yes" arch="*">
+      <unaffected range="ge">4.0.0.2</unaffected>
+      <vulnerable range="lt">4.0.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X2Go is an open source terminal server project.</p>
+  </background>
+  <description>
+    <p>A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not
+      hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote
+      attacker to change that path.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to execute arbitrary code with the
+      privileges of the user running the server process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X2Go Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/x2goserver-4.0.0.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4376">CVE-2013-4376</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-11T15:02:19Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-28T12:03:05Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-20.xml b/metadata/glsa/glsa-201310-20.xml
new file mode 100644
index 000000000000..f4ee0adfc32c
--- /dev/null
+++ b/metadata/glsa/glsa-201310-20.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-20">
+  <title>acpid2: Privilege escalation</title>
+  <synopsis>A vulnerability in acpid2 may allow a local attacker to gain
+    escalated privileges.
+  </synopsis>
+  <product type="ebuild">acpid</product>
+  <announced>2013-10-28</announced>
+  <revised count="1">2013-10-28</revised>
+  <bug>434522</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-power/acpid" auto="yes" arch="*">
+      <unaffected range="ge">2.0.17</unaffected>
+      <vulnerable range="lt">2.0.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>acpid2 is a daemon for Advanced Configuration and Power Interface.</p>
+  </background>
+  <description>
+    <p>acpid2 does not properly use the pidof program in powerbtn.sh. </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All acpid2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-power/acpid-2.0.17"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2777">CVE-2011-2777</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-11-18T14:31:23Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-10-28T16:52:47Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201310-21.xml b/metadata/glsa/glsa-201310-21.xml
new file mode 100644
index 000000000000..347d29935f89
--- /dev/null
+++ b/metadata/glsa/glsa-201310-21.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201310-21">
+  <title>MediaWiki: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of
+    which could lead to Denial of Service.
+  </synopsis>
+  <product type="ebuild">mediawiki</product>
+  <announced>2013-10-28</announced>
+  <revised count="1">2013-10-28</revised>
+  <bug>460352</bug>
+  <bug>466124</bug>
+  <bug>468110</bug>
+  <bug>471140</bug>
+  <bug>483594</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.21.2</unaffected>
+      <unaffected range="rge">1.20.7</unaffected>
+      <unaffected range="rge">1.19.8</unaffected>
+      <vulnerable range="lt">1.21.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The MediaWiki wiki web application as used on wikipedia.org.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MediaWiki. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code, perform
+      man-in-the-middle attacks, obtain sensitive information or perform
+      cross-site scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MediaWiki 1.21.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.21.2"
+    </code>
+    
+    <p>All MediaWiki 1.20.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.20.7"
+    </code>
+    
+    <p>All MediaWiki 1.19.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.19.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1816">CVE-2013-1816</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1817">CVE-2013-1817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1818">CVE-2013-1818</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1951">CVE-2013-1951</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2031">CVE-2013-2031</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2032">CVE-2013-2032</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2114">CVE-2013-2114</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4301">CVE-2013-4301</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4302">CVE-2013-4302</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4303">CVE-2013-4303</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4304">CVE-2013-4304</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4305">CVE-2013-4305</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4306">CVE-2013-4306</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4307">CVE-2013-4307</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4308">CVE-2013-4308</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-24T19:36:35Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-10-28T16:56:03Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-01.xml b/metadata/glsa/glsa-201311-01.xml
new file mode 100644
index 000000000000..ac10c210d11c
--- /dev/null
+++ b/metadata/glsa/glsa-201311-01.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-01">
+  <title>Mednafen: Arbitrary code execution</title>
+  <synopsis>An unspecified vulnerability in Mednafen could result in the
+    execution of arbitrary code. 
+  </synopsis>
+  <product type="ebuild">mednafen</product>
+  <announced>2013-11-04</announced>
+  <revised count="1">2013-11-04</revised>
+  <bug>326141</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-emulation/mednafen" auto="yes" arch="*">
+      <unaffected range="ge">0.8.13</unaffected>
+      <vulnerable range="lt">0.8.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mednafen is an advanced NES, GB/GBC/GBA, TurboGrafx 16/CD, NGPC and Lynx
+      emulator.
+    </p>
+  </background>
+  <description>
+    <p>An unspecified vulnerability has been discovered in Mednafen when using
+      network play.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote server could execute arbitrary code with the privileges of the
+      process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mednafen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-emulation/mednafen-0.8.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3085">CVE-2010-3085</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:38Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-04T11:26:30Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-02.xml b/metadata/glsa/glsa-201311-02.xml
new file mode 100644
index 000000000000..8ccb918469b8
--- /dev/null
+++ b/metadata/glsa/glsa-201311-02.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-02">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in phpMyAdmin, allowing
+    remote authenticated attackers to execute arbitrary code, inject SQL code
+    or conduct other attacks.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2013-11-04</announced>
+  <revised count="1">2013-11-04</revised>
+  <bug>465420</bug>
+  <bug>467080</bug>
+  <bug>478696</bug>
+  <bug>479870</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">4.0.5</unaffected>
+      <vulnerable range="lt">4.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker could exploit these vulnerabilities to
+      execute arbitrary code with the privileges of the process running
+      phpMyAdmin, inject SQL code, or to conduct Cross-Site Scripting and
+      Clickjacking attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.0.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1937">CVE-2013-1937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3238">CVE-2013-3238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3239">CVE-2013-3239</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4995">CVE-2013-4995</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4996">CVE-2013-4996</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4997">CVE-2013-4997</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4998">CVE-2013-4998</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4999">CVE-2013-4999</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5000">CVE-2013-5000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5001">CVE-2013-5001</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5002">CVE-2013-5002</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5003">CVE-2013-5003</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5029">CVE-2013-5029</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-24T20:08:03Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2013-11-04T11:28:46Z">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-03.xml b/metadata/glsa/glsa-201311-03.xml
new file mode 100644
index 000000000000..4ec6ec441beb
--- /dev/null
+++ b/metadata/glsa/glsa-201311-03.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-03">
+  <title>Quassel: Multiple Vulnerabilities</title>
+  <synopsis>Two vulnerabilities in Quassel may result in Denial of Service or
+    SQL injection.
+  </synopsis>
+  <product type="ebuild">quassel</product>
+  <announced>2013-11-07</announced>
+  <revised count="1">2013-11-07</revised>
+  <bug>338879</bug>
+  <bug>487632</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/quassel" auto="yes" arch="*">
+      <unaffected range="ge">0.9.1</unaffected>
+      <vulnerable range="lt">0.9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7
+      connectivity.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in Quassel:</p>
+    
+    <ul>
+      <li>Quassel does not properly handle multiple CTCP requests
+        (CVE-2010-3443).
+      </li>
+      <li>Quassel, when used with certain versions of Qt and PostgreSQL, does
+        not sanitize user input (CVE-2013-4422).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send multiple CTCP requests in single private
+      message, possibly resulting in a Denial of Service condition. Futhermore,
+      a remote attacker may be able to execute arbitrary SQL statements.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quassel users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/quassel-0.9.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3443">CVE-2010-3443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4422">CVE-2013-4422</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:21Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-07T01:26:59Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-04.xml b/metadata/glsa/glsa-201311-04.xml
new file mode 100644
index 000000000000..f32c058f879f
--- /dev/null
+++ b/metadata/glsa/glsa-201311-04.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-04">
+  <title>Vixie cron: Denial of service</title>
+  <synopsis>A vulnerability has been found in Vixie cron, allowing local
+    attackers to conduct symlink attacks. 
+  </synopsis>
+  <product type="ebuild">vixie-cron</product>
+  <announced>2013-11-07</announced>
+  <revised count="1">2013-11-07</revised>
+  <bug>308055</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-process/vixie-cron" auto="yes" arch="*">
+      <unaffected range="ge">4.1-r14</unaffected>
+      <vulnerable range="lt">4.1-r14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Paul Vixie’s cron daemon, a fully featured crond implementation.</p>
+  </background>
+  <description>
+    <p>Vixie cron contains a race condition relating to atime and mtime values
+      of temporary files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could change the modification time of files, possibly
+      resulting in a Denial of Service condition via a symlink attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Vixie cron users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-process/vixie-cron-4.1-r14"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0424">CVE-2010-0424</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-11-04T03:18:24Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-07T01:56:36Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-05.xml b/metadata/glsa/glsa-201311-05.xml
new file mode 100644
index 000000000000..43a453a59052
--- /dev/null
+++ b/metadata/glsa/glsa-201311-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-05">
+  <title>GIMP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GIMP, the worst of
+    which allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gimp</product>
+  <announced>2013-11-10</announced>
+  <revised count="1">2013-11-10</revised>
+  <bug>434580</bug>
+  <bug>444280</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gimp" auto="yes" arch="*">
+      <unaffected range="ge">2.8.2-r1</unaffected>
+      <vulnerable range="lt">2.8.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GIMP is the GNU Image Manipulation Program.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GIMP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted KiSS
+      palette, GIF image or XWD file using GIMP, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GIMP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/gimp-2.8.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3403">CVE-2012-3403</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3481">CVE-2012-3481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5576">CVE-2012-5576</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-30T02:48:55Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-11-10T14:50:48Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-06.xml b/metadata/glsa/glsa-201311-06.xml
new file mode 100644
index 000000000000..78ffd959612d
--- /dev/null
+++ b/metadata/glsa/glsa-201311-06.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-06">
+  <title>libxml2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libxml2, allowing
+    remote attackers to execute arbitrary code or cause Denial of Service. 
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2013-11-10</announced>
+  <revised count="1">2013-11-10</revised>
+  <bug>434344</bug>
+  <bug>444836</bug>
+  <bug>458430</bug>
+  <bug>458740</bug>
+  <bug>466238</bug>
+  <bug>476438</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.1-r1</unaffected>
+      <vulnerable range="lt">2.9.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML C parser and toolkit developed for the Gnome project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxml2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      document with an application linked against libxml2, possibly resulting
+      in execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2871">CVE-2012-2871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134">CVE-2012-5134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338">CVE-2013-0338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664">CVE-2013-1664</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969">CVE-2013-1969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877">CVE-2013-2877</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-18T19:04:07Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-11-10T14:54:33Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-07.xml b/metadata/glsa/glsa-201311-07.xml
new file mode 100644
index 000000000000..4f5357666c05
--- /dev/null
+++ b/metadata/glsa/glsa-201311-07.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-07">
+  <title>Blender: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Blender, the worst of
+    which could allow attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">blender</product>
+  <announced>2013-11-13</announced>
+  <revised count="1">2013-11-13</revised>
+  <bug>219008</bug>
+  <bug>293130</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-gfx/blender" auto="yes" arch="*">
+      <unaffected range="ge">2.49b-r2</unaffected>
+      <vulnerable range="lt">2.49b-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Blender is a 3D Creation/Animation/Publishing System.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Blender. Please review
+      the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Blender users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/blender-2.49b-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1102">CVE-2008-1102</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1103">CVE-2008-1103</uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3850">
+      CVE-2009-3850
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:20Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-13T11:12:41Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-08.xml b/metadata/glsa/glsa-201311-08.xml
new file mode 100644
index 000000000000..a9883cd09616
--- /dev/null
+++ b/metadata/glsa/glsa-201311-08.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-08">
+  <title>Netpbm: User-assisted arbitrary code execution</title>
+  <synopsis>A vulnerability in Netpbm could result in execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">Netpbm</product>
+  <announced>2013-11-13</announced>
+  <revised count="1">2013-11-13</revised>
+  <bug>308025</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/netpbm" auto="yes" arch="*">
+      <unaffected range="ge">10.49.00</unaffected>
+      <vulnerable range="lt">10.49.00</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Netpbm is a toolkit for manipulation of graphic images, including
+      conversion of images between a variety of different formats.
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow exists in converter/ppm/xpmtoppm.c in
+      Netpbm.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted XMP
+      file using Netpbm, possibly resulting in  execution of arbitrary code
+      with the privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Netpbm users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/netpbm-10.49.00"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4274">
+      CVE-2009-4274
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:16Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-11-13T11:13:34Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-09.xml b/metadata/glsa/glsa-201311-09.xml
new file mode 100644
index 000000000000..16b779a96968
--- /dev/null
+++ b/metadata/glsa/glsa-201311-09.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-09">
+  <title>FreeRADIUS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeRADIUS, the worst
+    of which allow execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">freeradius</product>
+  <announced>2013-11-13</announced>
+  <revised count="1">2013-11-13</revised>
+  <bug>339389</bug>
+  <bug>386183</bug>
+  <bug>434802</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">2.2.0</unaffected>
+      <vulnerable range="lt">2.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeRADIUS is an open source RADIUS authentication server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeRADIUS. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeRADIUS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/freeradius-2.2.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3696">CVE-2010-3696</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3697">CVE-2010-3697</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2701">CVE-2011-2701</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3547">CVE-2012-3547</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T00:59:15Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-11-13T11:43:33Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-10.xml b/metadata/glsa/glsa-201311-10.xml
new file mode 100644
index 000000000000..f6b576800089
--- /dev/null
+++ b/metadata/glsa/glsa-201311-10.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-10">
+  <title>GraphicsMagick: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GraphicsMagick,
+    allowing remote attackers to execute arbitrary code or cause a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">graphicsmagick</product>
+  <announced>2013-11-19</announced>
+  <revised count="1">2013-11-19</revised>
+  <bug>365769</bug>
+  <bug>488050</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphicsmagick" auto="yes" arch="*">
+      <unaffected range="ge">1.3.18</unaffected>
+      <vulnerable range="lt">1.3.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GraphicsMagick is the Swiss army knife of image processing.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GraphicsMagick. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially-crafted image
+      file, potentially resulting in arbitrary code execution or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GraphicsMagick users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphicsmagick-1.3.18"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1097">CVE-2008-1097</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1882">CVE-2009-1882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736">CVE-2009-3736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4589">CVE-2013-4589</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-02-24T15:58:45Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-11-19T00:09:06Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-11.xml b/metadata/glsa/glsa-201311-11.xml
new file mode 100644
index 000000000000..79fc58d5bbf2
--- /dev/null
+++ b/metadata/glsa/glsa-201311-11.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-11">
+  <title>CTorrent: User-assisted arbitrary code execution</title>
+  <synopsis>A stack-based buffer overflow in CTorrent might allow a remote
+    attacker to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ctorrent</product>
+  <announced>2013-11-20</announced>
+  <revised count="2">2013-11-22</revised>
+  <bug>266953</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/ctorrent" auto="yes" arch="*">
+      <unaffected range="ge">3.3.2-r1</unaffected>
+      <vulnerable range="lt">3.3.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CTorrent is a BitTorrent client implemented in C++ to be lightweight and
+      quick.
+    </p>
+  </background>
+  <description>
+    <p>CTorrent contains a stack-based buffer overflow in the
+      btFiles::BuildFromMI function in trunk/btfiles.cpp. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      torrent file using CTorrent, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CTorrent users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-p2p/ctorrent-3.3.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1759">
+      CVE-2009-1759
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:38Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-22T10:00:47Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-12.xml b/metadata/glsa/glsa-201311-12.xml
new file mode 100644
index 000000000000..95c25debe1d4
--- /dev/null
+++ b/metadata/glsa/glsa-201311-12.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-12">
+  <title>Open DC Hub: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Open DC Hub could result in execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">opendchub</product>
+  <announced>2013-11-20</announced>
+  <revised count="1">2013-11-20</revised>
+  <bug>314551</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/opendchub" auto="yes" arch="*">
+      <unaffected range="ge">0.8.2</unaffected>
+      <vulnerable range="lt">0.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Open DC Hub is the hub software for the Direct Connect file sharing
+      network. 
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow flaw has been discovered in the way Open
+      DC Hub sanitized content of a user’s MyINFO message.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated user may be able to execute arbitrary code or
+      cause a Denial of Service condition via specially crafted MyINFO message.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Open DC Hub users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-p2p/opendchub-0.8.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1147">
+      CVE-2010-1147
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:01Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-20T10:00:54Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-13.xml b/metadata/glsa/glsa-201311-13.xml
new file mode 100644
index 000000000000..a1bdcb4a8162
--- /dev/null
+++ b/metadata/glsa/glsa-201311-13.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-13">
+  <title>OpenVPN: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenVPN, allowing
+    remote attackers to read encrypted traffic.
+  </synopsis>
+  <product type="ebuild">openvpn</product>
+  <announced>2013-11-20</announced>
+  <revised count="1">2013-11-20</revised>
+  <bug>293894</bug>
+  <bug>468756</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openvpn" auto="yes" arch="*">
+      <unaffected range="ge">2.3.1</unaffected>
+      <vulnerable range="lt">2.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenVPN is a multi-platform, full-featured SSL VPN solution. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenVPN. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to recover plaintext from an encrypted
+      communication. Another vulnerability could allow remote attacker perform
+      a Man-in-the-Middle attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenVPN users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openvpn-2.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555">CVE-2009-3555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2061">CVE-2013-2061</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-23T14:49:37Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-20T10:13:40Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-14.xml b/metadata/glsa/glsa-201311-14.xml
new file mode 100644
index 000000000000..4b81ea64ddd6
--- /dev/null
+++ b/metadata/glsa/glsa-201311-14.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-14">
+  <title>QtCore, QtGui: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in QtCore and QtGui,
+    possibly resulting in execution of arbitrary code, Denial of Service, or
+    man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">qt-core qt-gui</product>
+  <announced>2013-11-22</announced>
+  <revised count="1">2013-11-22</revised>
+  <bug>361401</bug>
+  <bug>382171</bug>
+  <bug>384103</bug>
+  <bug>455884</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-qt/qtcore" auto="yes" arch="*">
+      <unaffected range="ge">4.8.4-r2</unaffected>
+      <vulnerable range="lt">4.8.4-r2</vulnerable>
+    </package>
+    <package name="dev-qt/qtgui" auto="yes" arch="*">
+      <unaffected range="ge">4.8.4-r1</unaffected>
+      <vulnerable range="lt">4.8.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Qt toolkit is a comprehensive C++ application development framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QtCore and QtGui.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      with an application linked against QtCore or QtGui, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition. Furthermore, a remote attacker might employ
+      a specially crafted certificate to conduct man-in-the-middle attacks on
+      SSL connections.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QtCore users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtcore-4.8.4-r2"
+    </code>
+    
+    <p>All QtGui users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtgui-4.8.4-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3193">CVE-2011-3193</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0254">CVE-2013-0254</uri>
+    <uri link="http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificates/">
+      Security advisory: Fraudulent certificates
+    </uri>
+    <uri link="http://blog.qt.digia.com/2011/09/02/what-the-diginotar-security-breach-means-for-qt-users/">
+      What the DigiNotar security breach means for Qt users
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-05-15T06:36:48Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-22T10:54:16Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-15.xml b/metadata/glsa/glsa-201311-15.xml
new file mode 100644
index 000000000000..5f56d0cc88b0
--- /dev/null
+++ b/metadata/glsa/glsa-201311-15.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-15">
+  <title>Zabbix: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Zabbix, possibly
+    leading to SQL injection attacks, Denial of Service, or information
+    disclosure. 
+  </synopsis>
+  <product type="ebuild">zabbix</product>
+  <announced>2013-11-25</announced>
+  <revised count="1">2013-11-25</revised>
+  <bug>312875</bug>
+  <bug>394497</bug>
+  <bug>428372</bug>
+  <bug>452878</bug>
+  <bug>486696</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/zabbix" auto="yes" arch="*">
+      <unaffected range="ge">2.0.9_rc1-r2</unaffected>
+      <vulnerable range="lt">2.0.9_rc1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Zabbix is software for monitoring applications, networks, and servers.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Zabbix. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary SQL statements, cause
+      a Denial of Service condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Zabbix users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/zabbix-2.0.9_rc1-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277">CVE-2010-1277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904">CVE-2011-2904</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263">CVE-2011-3263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674">CVE-2011-4674</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435">CVE-2012-3435</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364">CVE-2013-1364</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572">CVE-2013-5572</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:48Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-11-25T17:22:15Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-16.xml b/metadata/glsa/glsa-201311-16.xml
new file mode 100644
index 000000000000..716a1f82fefb
--- /dev/null
+++ b/metadata/glsa/glsa-201311-16.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-16">
+  <title>fcron: Information disclosure</title>
+  <synopsis>A vulnerability has been found in fcron, allowing local attackers
+    to conduct symlink attacks. 
+  </synopsis>
+  <product type="ebuild">fcron</product>
+  <announced>2013-11-25</announced>
+  <revised count="1">2013-11-25</revised>
+  <bug>308075</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-process/fcron" auto="yes" arch="*">
+      <unaffected range="ge">3.0.5-r2</unaffected>
+      <vulnerable range="lt">3.0.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>fcron is a periodic command scheduler for Unix-based systems</p>
+  </background>
+  <description>
+    <p>The fcrontab function contains a race condition relating to symlinks.</p>
+  </description>
+  <impact type="low">
+    <p>A local attacker could perform symlink attacks to read arbitrary files
+      with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All fcron users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-process/fcron-3.0.5-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0792">CVE-2010-0792</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:12Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-25T17:22:51Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-17.xml b/metadata/glsa/glsa-201311-17.xml
new file mode 100644
index 000000000000..30baf4f2b22c
--- /dev/null
+++ b/metadata/glsa/glsa-201311-17.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-17">
+  <title>Perl: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Perl, the worst of which
+    could allow a local attacker to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2013-11-28</announced>
+  <revised count="1">2013-11-28</revised>
+  <bug>249629</bug>
+  <bug>313565</bug>
+  <bug>362025</bug>
+  <bug>386357</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.12.3-r1</unaffected>
+      <vulnerable range="lt">5.12.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Perl is Larry Wall’s Practical Extraction and Report Language.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Perl. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could cause a Denial of Service condition or perform
+      symlink attacks to overwrite arbitrary files with the privileges of the
+      user running the application. A context-dependent attacker could cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.12.3-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5302">CVE-2008-5302</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5303">CVE-2008-5303</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1158">CVE-2010-1158</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0761">CVE-2011-0761</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1487">CVE-2011-1487</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:30Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-28T08:18:07Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-18.xml b/metadata/glsa/glsa-201311-18.xml
new file mode 100644
index 000000000000..7d4c35954ae4
--- /dev/null
+++ b/metadata/glsa/glsa-201311-18.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-18">
+  <title>Unbound: Denial of service</title>
+  <synopsis>Multiple Denial of Service vulnerabilities have been found in
+    Unbound.
+  </synopsis>
+  <product type="ebuild">unbound</product>
+  <announced>2013-11-28</announced>
+  <revised count="1">2013-11-28</revised>
+  <bug>395287</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/unbound" auto="yes" arch="*">
+      <unaffected range="ge">1.4.13_p2</unaffected>
+      <vulnerable range="lt">1.4.13_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Unbound is a validating, recursive, and caching DNS resolver. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Unbound. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      a specially crafted response.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Unbound users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/unbound-1.4.13_p2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4528">CVE-2011-4528</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4869">CVE-2011-4869</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T01:21:57Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-11-28T08:18:29Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-19.xml b/metadata/glsa/glsa-201311-19.xml
new file mode 100644
index 000000000000..68ae32b6bf1d
--- /dev/null
+++ b/metadata/glsa/glsa-201311-19.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-19">
+  <title>rssh: Access restriction bypass</title>
+  <synopsis>Multiple vulnerabilities have been found in rssh, allowing local
+    attackers to bypass access restrictions.
+  </synopsis>
+  <product type="ebuild">rssh</product>
+  <announced>2013-11-28</announced>
+  <revised count="1">2013-11-28</revised>
+  <bug>415255</bug>
+  <bug>445166</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-shells/rssh" auto="yes" arch="*">
+      <unaffected range="ge">2.3.4</unaffected>
+      <vulnerable range="lt">2.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>rssh is a restricted shell, allowing only a few commands like scp or
+      sftp. It is often used as a complement to OpenSSH to provide limited
+      access to users.
+    </p>
+  </background>
+  <description>
+    <p>Multiple command line parsing and validation vulnerabilities have been
+      discovered in rssh. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Multiple parsing and validation vulnerabilities can cause the
+      restrictions set up by rssh to be bypassed. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rssh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/rssh-2.3.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2252">
+      CVE-2012-2252
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3478">
+      CVE-2012-3478
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-24T14:16:31Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-28T08:18:46Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-20.xml b/metadata/glsa/glsa-201311-20.xml
new file mode 100644
index 000000000000..501999f8ba7c
--- /dev/null
+++ b/metadata/glsa/glsa-201311-20.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-20">
+  <title>Okular: Arbitrary code execution </title>
+  <synopsis>A heap-based buffer overflow in Okular might allow a remote
+    attacker to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">okular</product>
+  <announced>2013-11-28</announced>
+  <revised count="1">2013-11-28</revised>
+  <bug>334469</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/okular" auto="yes" arch="*">
+      <unaffected range="ge">4.4.5-r2</unaffected>
+      <vulnerable range="lt">4.4.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Okular is a universal document viewer based on KPDF for KDE 4.</p>
+  </background>
+  <description>
+    <p>Okular contains a heap-based buffer overflow  in the RLE decompression
+      functionality in the TranscribePalmImageToJPEG function in
+      generators/plucker/inplug/image.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PBD
+      file using Okular, possibly resulting in execution of arbitrary code with
+      the privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Okular users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-base/okular-4.4.5-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2575">
+      CVE-2010-2575
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:53Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-28T08:19:02Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-21.xml b/metadata/glsa/glsa-201311-21.xml
new file mode 100644
index 000000000000..80e0970856a1
--- /dev/null
+++ b/metadata/glsa/glsa-201311-21.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-21">
+  <title>cpio: Arbitrary code execution </title>
+  <synopsis>A heap-based buffer overflow in cpio might allow a remote rmt
+    server to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">cpio</product>
+  <announced>2013-11-28</announced>
+  <revised count="1">2013-11-28</revised>
+  <bug>314663</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/cpio" auto="yes" arch="*">
+      <unaffected range="ge">2.11</unaffected>
+      <vulnerable range="lt">2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU cpio copies files into or out of a cpio or tar archive.</p>
+  </background>
+  <description>
+    <p>Cpio contains a heap-based buffer overflow in the rmt_read__ function in
+      lib/rtapelib.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote server could sending more data than was requested, related to
+      archive filenames that contain a : (colon) character, possibly resulting
+      in execution of arbitrary code or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cpio users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/cpio-2.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624">
+      CVE-2010-0624
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:31Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-11-28T08:19:10Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201311-22.xml b/metadata/glsa/glsa-201311-22.xml
new file mode 100644
index 000000000000..9ea6f6ffda01
--- /dev/null
+++ b/metadata/glsa/glsa-201311-22.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201311-22">
+  <title>Namazu: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Namazu, worst of which
+    allows remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">namazu</product>
+  <announced>2013-11-28</announced>
+  <revised count="1">2013-11-28</revised>
+  <bug>391259</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/namazu" auto="yes" arch="*">
+      <unaffected range="ge">2.0.21</unaffected>
+      <vulnerable range="lt">2.0.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Namazu is a full-text search engine intended for easy use.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Namazu. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code or cause a Denial of
+      Service condition.
+      Furthermore, a remote attacker may be able to inject arbitrary web script
+      or HTML via a cookie.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Namazu users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/namazu-2.0.21"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5028">CVE-2009-5028</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4345">CVE-2011-4345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4711">CVE-2011-4711</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T01:13:31Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-11-28T09:20:14Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-01.xml b/metadata/glsa/glsa-201312-01.xml
new file mode 100644
index 000000000000..3e0cc26c933c
--- /dev/null
+++ b/metadata/glsa/glsa-201312-01.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-01">
+  <title>GNU C Library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GNU C Library, the
+    worst of which allowing arbitrary code execution and privilege escalation.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2013-12-03</announced>
+  <revised count="1">2013-12-03</revised>
+  <bug>350744</bug>
+  <bug>356567</bug>
+  <bug>386323</bug>
+  <bug>386327</bug>
+  <bug>386329</bug>
+  <bug>386333</bug>
+  <bug>386343</bug>
+  <bug>386349</bug>
+  <bug>393477</bug>
+  <bug>404993</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.15-r3</unaffected>
+      <vulnerable range="lt">2.15-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU C library is the standard C library used by Gentoo Linux
+      systems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU C Library. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could trigger vulnerabilities in dynamic library
+      loader, making it possible to load attacker-controlled shared objects
+      during execution of setuid/setgid programs to escalate privileges.
+    </p>
+    
+    <p>A context-dependent attacker could trigger various vulnerabilities in
+      GNU C Library, including a buffer overflow, leading to execution of
+      arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU C Library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.15-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5029">CVE-2009-5029</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3847">CVE-2010-3847</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0536">CVE-2011-0536</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1071">CVE-2011-1071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1089">CVE-2011-1089</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1095">CVE-2011-1095</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1658">CVE-2011-1658</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1659">CVE-2011-1659</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0864">CVE-2012-0864</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-08-16T04:55:03Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-03T03:49:15Z">
+    phajdan.jr
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-02.xml b/metadata/glsa/glsa-201312-02.xml
new file mode 100644
index 000000000000..824155b3179d
--- /dev/null
+++ b/metadata/glsa/glsa-201312-02.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-02">
+  <title>BusyBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BusyBox, allowing
+    remote attackers to execute arbitrary code or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">busybox</product>
+  <announced>2013-12-03</announced>
+  <revised count="1">2013-12-03</revised>
+  <bug>379857</bug>
+  <bug>426504</bug>
+  <bug>461372</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/busybox" auto="yes" arch="*">
+      <unaffected range="ge">1.21.0</unaffected>
+      <vulnerable range="lt">1.21.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BusyBox is set of tools for embedded systems and is a replacement for
+      GNU Coreutils.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BusyBox. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted DHCP request to
+      possibly execute arbitrary code or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BusyBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/busybox-1.21.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1168">CVE-2006-1168</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2716">CVE-2011-2716</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1813">CVE-2013-1813</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:58Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-03T03:51:08Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-03.xml b/metadata/glsa/glsa-201312-03.xml
new file mode 100644
index 000000000000..34d19495f481
--- /dev/null
+++ b/metadata/glsa/glsa-201312-03.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-03">
+  <title>OpenSSL: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL allowing remote
+    attackers to determine private keys or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">OpenSSL</product>
+  <announced>2013-12-03</announced>
+  <revised count="5">2015-06-06</revised>
+  <bug>369753</bug>
+  <bug>406199</bug>
+  <bug>412643</bug>
+  <bug>415435</bug>
+  <bug>455592</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0j</unaffected>
+      <unaffected range="rge">0.9.8y</unaffected>
+      <unaffected range="rge">0.9.8z_p1</unaffected>
+      <unaffected range="rge">0.9.8z_p2</unaffected>
+      <unaffected range="rge">0.9.8z_p3</unaffected>
+      <unaffected range="rge">0.9.8z_p4</unaffected>
+      <unaffected range="rge">0.9.8z_p5</unaffected>
+      <unaffected range="rge">0.9.8z_p6</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.0j</vulnerable>
+      <vulnerable range="lt">0.9.8y</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Remote attackers can determine private keys, decrypt data, cause a
+      Denial of Service or possibly have other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL 1.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.0j"
+    </code>
+    
+    <p>All OpenSSL 0.9.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8y"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7250">CVE-2006-7250</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1945">CVE-2011-1945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0884">CVE-2012-0884</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1165">CVE-2012-1165</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2110">CVE-2012-2110</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2333">CVE-2012-2333</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2686">CVE-2012-2686</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0166">CVE-2013-0166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169">CVE-2013-0169</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-15T02:30:07Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-06-06T23:09:51Z">n0idx80</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-04.xml b/metadata/glsa/glsa-201312-04.xml
new file mode 100644
index 000000000000..be52f60ca198
--- /dev/null
+++ b/metadata/glsa/glsa-201312-04.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-04">
+  <title>libtheora: Arbitrary code execution</title>
+  <synopsis>An integer overflow in libtheora might allow remote attackers to
+    execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libtheora</product>
+  <announced>2013-12-03</announced>
+  <revised count="1">2013-12-03</revised>
+  <bug>298039</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libtheora" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1</unaffected>
+      <vulnerable range="lt">1.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libtheora is the reference implementation of Theora, a free and open
+      video compression format from the Xiph.org Foundation.
+    </p>
+  </background>
+  <description>
+    <p>An integer overflow flaw has been discovered in libtheora.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libtheora users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libtheora-1.1.1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3389">
+      CVE-2009-3389
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:01Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-03T04:32:42Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-05.xml b/metadata/glsa/glsa-201312-05.xml
new file mode 100644
index 000000000000..421083609979
--- /dev/null
+++ b/metadata/glsa/glsa-201312-05.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-05">
+  <title>SWI-Prolog : Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SWI-Prolog which allow
+    attackers to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">swi-prolog</product>
+  <announced>2013-12-06</announced>
+  <revised count="1">2013-12-06</revised>
+  <bug>450284</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/swi-prolog" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5</unaffected>
+      <vulnerable range="lt">6.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SWI-Prolog is a free, small, and standard compliant Prolog compiler.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SWI-Prolog:
+      * An error in the canoniseFileName() function could cause a stack-based
+      buffer overflow (CVE-2012-6089).
+      * An error in the expand() function could cause a stack-based buffer
+      overflow (CVE-2012-6090).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attack can create files with specially crafted
+      names, causing arbitrary code execution or a denial of service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SWI-Prolog users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/swi-prolog-6.2.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6089">CVE-2012-6089</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6090">CVE-2012-6090</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-21T22:27:33Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-12-06T05:30:38Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-06.xml b/metadata/glsa/glsa-201312-06.xml
new file mode 100644
index 000000000000..6e713c85089e
--- /dev/null
+++ b/metadata/glsa/glsa-201312-06.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-06">
+  <title>Festival: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Festival could result in arbitrary code
+    execution, and privilege escalation.
+  </synopsis>
+  <product type="ebuild">festival</product>
+  <announced>2013-12-09</announced>
+  <revised count="1">2013-12-09</revised>
+  <bug>386319</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-accessibility/festival" auto="yes" arch="*">
+      <unaffected range="ge">2.1</unaffected>
+      <vulnerable range="lt">2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Festival is a Text to Speech Engine from The Centre for Speech
+      Technology Research.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in Festival Server has an incorrect path in
+      LD_LIBRARY_PATH, which allows local users to place a Trojan horse shared
+      library in the current working directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker can execute arbitrary a Trojan horse shared library,
+      potentially resulting in arbitrary code execution and privilege
+      escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Festival users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-accessibility/festival-2.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3996">CVE-2010-3996</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-04T22:54:17Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-12-09T05:41:22Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-07.xml b/metadata/glsa/glsa-201312-07.xml
new file mode 100644
index 000000000000..6bce1611f753
--- /dev/null
+++ b/metadata/glsa/glsa-201312-07.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-07">
+  <title>OpenEXR: Multiple Vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in OpenEXR, allowing
+    remote attackers to execute arbitrary code or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">openexr</product>
+  <announced>2013-12-09</announced>
+  <revised count="1">2013-12-09</revised>
+  <bug>277202</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/openexr" auto="yes" arch="*">
+      <unaffected range="ge">1.7.0</unaffected>
+      <vulnerable range="lt">1.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenEXR is a high dynamic-range (HDR) image file format developed by
+      Industrial Light &amp; Magic for use in computer imaging applications. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenEXR. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could execute arbitrary code or cause a
+      Denial of Service condition via unspecified vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenEXR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openexr-1.7.0"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since December 08, 2010. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1720">
+      CVE-2009-1720
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1721">
+      CVE-2009-1721
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:13Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-09T05:43:34Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-08.xml b/metadata/glsa/glsa-201312-08.xml
new file mode 100644
index 000000000000..265f85d7befa
--- /dev/null
+++ b/metadata/glsa/glsa-201312-08.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-08">
+  <title>WebP: User-assisted execution of arbitrary code</title>
+  <synopsis>An integer overflow vulnerability in WebP could lead to arbitrary
+    code execution or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libwebp</product>
+  <announced>2013-12-10</announced>
+  <revised count="1">2013-12-10</revised>
+  <bug>442152</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libwebp" auto="yes" arch="*">
+      <unaffected range="ge">0.2.1</unaffected>
+      <vulnerable range="lt">0.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebP is a lossy image compression format.</p>
+  </background>
+  <description>
+    <p>An integer overflow flaw has been found in WebP.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      in an application linked against WebP, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libwebp-0.2.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127">CVE-2012-5127</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-11-26T01:29:46Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-12-10T07:54:19Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-09.xml b/metadata/glsa/glsa-201312-09.xml
new file mode 100644
index 000000000000..94426854fe8e
--- /dev/null
+++ b/metadata/glsa/glsa-201312-09.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-09">
+  <title>cabextract: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cabextract, allowing
+    remote attackers to execute arbitrary code or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">cabextract</product>
+  <announced>2013-12-14</announced>
+  <revised count="1">2013-12-14</revised>
+  <bug>329891</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/cabextract" auto="yes" arch="*">
+      <unaffected range="ge">1.3</unaffected>
+      <vulnerable range="lt">1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cabextract is free software for extracting Microsoft cabinet files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cabextract. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially-crafted
+      archive in a .cab file, related to the libmspack library, potentially
+      resulting in arbitrary code execution or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cabextract users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/cabextract-1.3"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 03, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2800">
+      CVE-2010-2800
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2801">
+      CVE-2010-2801
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:14Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-14T22:24:14Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-10.xml b/metadata/glsa/glsa-201312-10.xml
new file mode 100644
index 000000000000..807586ee45cc
--- /dev/null
+++ b/metadata/glsa/glsa-201312-10.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-10">
+  <title>libsmi: Arbitrary code execution </title>
+  <synopsis>A buffer overflow in libsmi might allow a context-dependent
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libsmi</product>
+  <announced>2013-12-14</announced>
+  <revised count="1">2013-12-14</revised>
+  <bug>342127</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/libsmi" auto="yes" arch="*">
+      <unaffected range="ge">0.4.8-r1</unaffected>
+      <vulnerable range="lt">0.4.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libsmi is a library that allows management applications to access SMI
+      MIB module definitions.
+    </p>
+  </background>
+  <description>
+    <p>libsmi contains a buffer overflow vulnerability in the smiGetNode()
+      function in lib/smi.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could possibly execute arbitrary code by
+      way of a specially crafted Object Identifier (OID).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libsmi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libsmi-0.4.8-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since October 30, 2010. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2891">CVE-2010-2891</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:09Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-14T22:33:15Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-11.xml b/metadata/glsa/glsa-201312-11.xml
new file mode 100644
index 000000000000..404c33f117ba
--- /dev/null
+++ b/metadata/glsa/glsa-201312-11.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-11">
+  <title>Win32 Codecs: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in Win32 Codecs can potentially
+    allow for user-assisted arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">win32codecs</product>
+  <announced>2013-12-16</announced>
+  <revised count="1">2013-12-16</revised>
+  <bug>232999</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/win32codecs" auto="yes" arch="*">
+      <vulnerable range="le">20071007-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Win32 Codecs is a set of Windows audio and video playback codecs.</p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow exists when handling Shockwave Flash files.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted Flash
+      file using a package linked against Win32 Codecs, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Win32 Codecs. We recommend that
+      users unmerge Win32 Codecs:
+    </p>
+    
+    <code>
+      # emerge --unmerge "media-libs/win32codecs"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5400">CVE-2007-5400</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-12-11T01:23:33Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-16T12:38:30Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-12.xml b/metadata/glsa/glsa-201312-12.xml
new file mode 100644
index 000000000000..f491faca46bf
--- /dev/null
+++ b/metadata/glsa/glsa-201312-12.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-12">
+  <title>MIT Kerberos 5: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in MIT Kerberos 5,
+    allowing execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2013-12-16</announced>
+  <revised count="1">2013-12-16</revised>
+  <bug>429324</bug>
+  <bug>466268</bug>
+  <bug>469752</bug>
+  <bug>490668</bug>
+  <bug>494062</bug>
+  <bug>494064</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.11.4</unaffected>
+      <vulnerable range="lt">1.11.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MIT Kerberos 5 is a suite of applications that implement the Kerberos
+      network protocol.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Key Distribution
+      Center in MIT Kerberos 5. Please review the CVE identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition. Additionally, a remote attacker
+      could impersonate a kadmind server and send a specially crafted packet to
+      the password change port, which can result in a ping-pong condition and a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MIT Kerberos 5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.11.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-2443">CVE-2002-2443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1014">CVE-2012-1014</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1015">CVE-2012-1015</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1416">CVE-2013-1416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1417">CVE-2013-1417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1418">CVE-2013-1418</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6800">CVE-2013-6800</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-22T15:10:58Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-12-16T17:33:09Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-13.xml b/metadata/glsa/glsa-201312-13.xml
new file mode 100644
index 000000000000..2295b2f3dbb3
--- /dev/null
+++ b/metadata/glsa/glsa-201312-13.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-13">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, allowing
+    remote attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2013-12-16</announced>
+  <revised count="1">2013-12-16</revised>
+  <bug>484582</bug>
+  <bug>490434</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <unaffected range="rge">1.8.11</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a versatile network protocol analyzer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark 1.10 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.10.3"
+    </code>
+    
+    <p>All Wireshark 1.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.8.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5717">CVE-2013-5717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5718">CVE-2013-5718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5719">CVE-2013-5719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5720">CVE-2013-5720</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5721">CVE-2013-5721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5722">CVE-2013-5722</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6336">CVE-2013-6336</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6337">CVE-2013-6337</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6338">CVE-2013-6338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6339">CVE-2013-6339</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6340">CVE-2013-6340</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-30T23:34:56Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2013-12-16T18:13:16Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-14.xml b/metadata/glsa/glsa-201312-14.xml
new file mode 100644
index 000000000000..f5f65e5e2693
--- /dev/null
+++ b/metadata/glsa/glsa-201312-14.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-14">
+  <title>libsndfile: Arbitrary code execution</title>
+  <synopsis>An integer overflow in libsndfile might allow remote attackers to
+    execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libsndfile</product>
+  <announced>2013-12-17</announced>
+  <revised count="1">2013-12-17</revised>
+  <bug>375125</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsndfile" auto="yes" arch="*">
+      <unaffected range="ge">1.0.25</unaffected>
+      <vulnerable range="lt">1.0.25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libsndfile is a C library for reading and writing files containing
+      sampled sound through one standard library interface.
+    </p>
+  </background>
+  <description>
+    <p>An integer overflow flaw has been discovered in Libsndfile.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PAF
+      file using libsndfile, possibly resulting in execution of arbitrary code
+      with the privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libsndfile users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libsndfile-1.0.25"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since September 12, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2696">CVE-2011-2696</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:34Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-17T11:38:44Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-15.xml b/metadata/glsa/glsa-201312-15.xml
new file mode 100644
index 000000000000..027a038d19b9
--- /dev/null
+++ b/metadata/glsa/glsa-201312-15.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-15">
+  <title>Tinyproxy: Denial of service</title>
+  <synopsis>A vulnerability has been found in Tinyproxy, allows remote
+    attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tinyproxy</product>
+  <announced>2013-12-23</announced>
+  <revised count="1">2013-12-23</revised>
+  <bug>432046</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/tinyproxy" auto="yes" arch="*">
+      <unaffected range="ge">1.8.3-r3</unaffected>
+      <vulnerable range="lt">1.8.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating
+      systems.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in the way how Tinyproxy works with
+      headers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request with too many
+      headers, possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tinyproxy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/tinyproxy-1.8.3-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3505">CVE-2012-3505</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-10-10T03:12:39Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2013-12-23T17:53:38Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201312-16.xml b/metadata/glsa/glsa-201312-16.xml
new file mode 100644
index 000000000000..ad15b9976ab0
--- /dev/null
+++ b/metadata/glsa/glsa-201312-16.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201312-16">
+  <title>Xfig: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Xfig could result in execution of arbitrary code
+    or Denial of Service.
+  </synopsis>
+  <product type="ebuild">xfig</product>
+  <announced>2013-12-27</announced>
+  <revised count="1">2013-12-27</revised>
+  <bug>348344</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xfig" auto="yes" arch="*">
+      <unaffected range="ge">3.2.5b-r1</unaffected>
+      <vulnerable range="lt">3.2.5b-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xfig is an interactive drawing tool.</p>
+  </background>
+  <description>
+    <p>Xfig contains a buffer overflow vulnerability in processing certain FIG
+      images.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially-crafted file,
+      potentially resulting in arbitrary code execution or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xfig users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/xfig-3.2.5b-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since January 09, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4262">
+      CVE-2010-4262
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:54Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2013-12-27T17:20:28Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-01.xml b/metadata/glsa/glsa-201401-01.xml
new file mode 100644
index 000000000000..f27d73852c6a
--- /dev/null
+++ b/metadata/glsa/glsa-201401-01.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-01">
+  <title>Libgdiplus: Arbitrary code execution</title>
+  <synopsis>Multiple integer overflow vulnerabilities in Libgdiplus may allow
+    remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libgdiplus</product>
+  <announced>2014-01-05</announced>
+  <revised count="1">2014-01-05</revised>
+  <bug>334101</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-dotnet/libgdiplus" auto="yes" arch="*">
+      <unaffected range="ge">2.6.7-r1</unaffected>
+      <vulnerable range="lt">2.6.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libgdiplus is the Mono library that provide a GDI+ comptible API on
+      non-Windows operating systems.
+    </p>
+  </background>
+  <description>
+    <p>An integer overflow flaw has been discovered in Libgdiplus.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially-crafted
+      TIFF/JPEG/BMP file, potentially resulting in arbitrary code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libgdiplus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-dotnet/libgdiplus-2.6.7-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since September 12, 2010. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1526">CVE-2010-1526</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:09Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-05T00:05:05Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-02.xml b/metadata/glsa/glsa-201401-02.xml
new file mode 100644
index 000000000000..509d35d5fc87
--- /dev/null
+++ b/metadata/glsa/glsa-201401-02.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-02">
+  <title>Gajim: Information disclosure</title>
+  <synopsis>An error in Gajim causes invalid OpenSSL certificates to be
+    accepted as valid.
+  </synopsis>
+  <product type="ebuild">gajim</product>
+  <announced>2014-01-06</announced>
+  <revised count="1">2014-01-06</revised>
+  <bug>442860</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gajim" auto="yes" arch="*">
+      <unaffected range="ge">0.15.3-r1</unaffected>
+      <vulnerable range="lt">0.15.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Gajim is a Jabber/XMPP client which uses GTK+.</p>
+  </background>
+  <description>
+    <p>The _ssl_verify_callback() function in tls_nb.py does not properly
+      validate SSL certificates, causing any certificate to be accepted as
+      valid as long as the root CA is valid.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker might employ a specially crafted certificate to
+      conduct man-in-the-middle attacks on SSL connections and potentially
+      disclose sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Gajim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/gajim-0.15.3-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5524">CVE-2012-5524</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-12-11T01:48:29Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-06T19:16:07Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-03.xml b/metadata/glsa/glsa-201401-03.xml
new file mode 100644
index 000000000000..0a5da6e5bf55
--- /dev/null
+++ b/metadata/glsa/glsa-201401-03.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-03">
+  <title>Nagstamon: Information disclosure</title>
+  <synopsis>A vulnerability in Nagstamon could expose user credentials to a
+    remote attacker.
+  </synopsis>
+  <product type="ebuild">nagstamon</product>
+  <announced>2014-01-06</announced>
+  <revised count="2">2014-01-06</revised>
+  <bug>476538</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/nagstamon" auto="yes" arch="*">
+      <unaffected range="ge">0.9.11_rc1</unaffected>
+      <vulnerable range="lt">0.9.11_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nagstamon is a Nagios status monitor application.</p>
+  </background>
+  <description>
+    <p>Nagstamon’s automatic request to check for updates includes plaintext
+      username and password information for one of the monitor servers that the
+      Nagstamon instance connects to.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could eavesdrop on this request and gain user
+      credentials for a monitor server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nagstamon users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/nagstamon-0.9.11_rc1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4114">CVE-2013-4114</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:16Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-06T22:22:38Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-04.xml b/metadata/glsa/glsa-201401-04.xml
new file mode 100644
index 000000000000..8455a8b2cd1c
--- /dev/null
+++ b/metadata/glsa/glsa-201401-04.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-04">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2014-01-06</announced>
+  <revised count="5">2015-06-17</revised>
+  <bug>325593</bug>
+  <bug>355927</bug>
+  <bug>358663</bug>
+  <bug>396329</bug>
+  <bug>403437</bug>
+  <bug>469988</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">3.2.5-r1</unaffected>
+      <unaffected range="ge">2.6.8</unaffected>
+      <unaffected range="ge">2.7.3-r1</unaffected>
+      <unaffected range="ge">3.3.2-r1</unaffected>
+      <vulnerable range="lt">3.3.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition or
+      perform a man-in-the-middle attack to disclose sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 3.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.3.2-r1"
+    </code>
+    
+    <p>All Python 3.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.2.5-r1"
+    </code>
+    
+    <p>All Python 2.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.6.8"
+    </code>
+    
+    <p>All Python 2.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1634">CVE-2010-1634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2089">CVE-2010-2089</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3492">CVE-2010-3492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3493">CVE-2010-3493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1015">CVE-2011-1015</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0845">CVE-2012-0845</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1150">CVE-2012-1150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2099">CVE-2013-2099</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-18T03:32:23Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-06-17T19:34:44Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-05.xml b/metadata/glsa/glsa-201401-05.xml
new file mode 100644
index 000000000000..e0504d2e700a
--- /dev/null
+++ b/metadata/glsa/glsa-201401-05.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-05">
+  <title>ISC DHCP: Denial of service</title>
+  <synopsis>A memory exhaustion vulnerability in ISC DHCP could lead to Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">dhcp</product>
+  <announced>2014-01-06</announced>
+  <revised count="1">2014-01-06</revised>
+  <bug>463848</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.5_p1</unaffected>
+      <vulnerable range="lt">4.2.5_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.</p>
+  </background>
+  <description>
+    <p>ISC DHCP is vulnerable to a memory exhaustion attack involving regular
+      expressions sent by DHCP clients.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request from a
+      malicious or spoofed client, potentially leading to a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ISC DHCP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcp-4.2.5_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2494">CVE-2013-2494</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-03T16:23:20Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-06T21:52:49Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-06.xml b/metadata/glsa/glsa-201401-06.xml
new file mode 100644
index 000000000000..12ea190af74d
--- /dev/null
+++ b/metadata/glsa/glsa-201401-06.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-06">
+  <title>Git: Privilege escalation</title>
+  <synopsis>A stack-based buffer overflow in Git might allow a local attacker
+    to gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">git </product>
+  <announced>2014-01-10</announced>
+  <revised count="1">2014-01-10</revised>
+  <bug>335891</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2.2</unaffected>
+      <vulnerable range="lt">1.7.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency. 
+    </p>
+  </background>
+  <description>
+    <p>Git contains a stack-based buffer overflow in the is_git_directory
+      function in setup.c.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges via a specially crafted
+      git repository.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-1.7.2.2"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since September 11, 2010. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2542">CVE-2010-2542</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:23Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-10T13:31:29Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-07.xml b/metadata/glsa/glsa-201401-07.xml
new file mode 100644
index 000000000000..d7b49ab80cf5
--- /dev/null
+++ b/metadata/glsa/glsa-201401-07.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-07">
+  <title>libxslt: Denial of service</title>
+  <synopsis>Multiple Denial of Service vulnerabilities have been found in
+    libxslt.
+  </synopsis>
+  <product type="ebuild">libxslt</product>
+  <announced>2014-01-10</announced>
+  <revised count="1">2014-01-10</revised>
+  <bug>433603</bug>
+  <bug>436284</bug>
+  <bug>463236</bug>
+  <bug>496114</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxslt" auto="yes" arch="*">
+      <unaffected range="ge">1.1.28</unaffected>
+      <vulnerable range="lt">1.1.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxslt is the XSLT C library developed for the GNOME project. XSLT is
+      an XML language to define transformations for XML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in libxslt:</p>
+    
+    <ul>
+      <li>Multiple errors exist in pattern.c and functions.c (CVE-2012-2870,
+        CVE-2012-6139).
+      </li>
+      <li>A double-free error exists in templates.c (CVE-2012-2893).</li>
+      <li>A NULL pointer dereference in keys.c (CVE-2012-6139).</li>
+      <li>An error in handling stylesheets containing DTDs (CVE-2013-4520).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file in an application linked against libxslt, possibly resulting in a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxslt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxslt-1.1.28"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2870">CVE-2012-2870</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2893">CVE-2012-2893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6139">CVE-2012-6139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4520">CVE-2013-4520</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-30T01:49:44Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-01-10T14:13:14Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-08.xml b/metadata/glsa/glsa-201401-08.xml
new file mode 100644
index 000000000000..e42eedefd142
--- /dev/null
+++ b/metadata/glsa/glsa-201401-08.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-08">
+  <title>NTP: Traffic amplification</title>
+  <synopsis>NTP can be abused to amplify Denial of Service attack traffic.</synopsis>
+  <product type="ebuild"/>
+  <announced>2014-01-16</announced>
+  <revised count="1">2014-01-16</revised>
+  <bug>496776</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.6_p5-r10</unaffected>
+      <vulnerable range="lt">4.2.6_p5-r10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTP is a protocol designed to synchronize the clocks of computers over a
+      network. The net-misc/ntp package contains the official reference
+      implementation by the NTP Project.
+    </p>
+  </background>
+  <description>
+    <p>ntpd is susceptible to a reflected Denial of Service attack. Please
+      review the CVE identifiers and references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker may conduct a distributed reflective
+      Denial of Service attack on another user via a vulnerable NTP server.
+    </p>
+  </impact>
+  <workaround>
+    <p>We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10
+      and added “noquery” to the default restriction which disallows anyone
+      to query the ntpd status, including “monlist”.
+    </p>
+    
+    <p>If you use a non-default configuration, and provide a ntp service to
+      untrusted networks, we highly recommend you to revise your configuration
+      to disable mode 6 and 7 queries for any untrusted (public) network.
+    </p>
+    
+    <p>You can always enable these queries for specific trusted networks. For
+      more details please see the “Access Control Support” chapter in the
+      ntp.conf(5) man page.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All NTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.6_p5-r10"
+    </code>
+    
+    <p>Note that the updated package contains a modified default configuration
+      only. You may need to modify your configuration further.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5211">CVE-2013-5211</uri>
+    <uri link="https://www.kb.cert.org/vuls/id/348126">VU#348126</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-01-16T20:55:36Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-16T22:31:29Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-09.xml b/metadata/glsa/glsa-201401-09.xml
new file mode 100644
index 000000000000..2da8825be7bb
--- /dev/null
+++ b/metadata/glsa/glsa-201401-09.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-09">
+  <title>Openswan: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in Openswan could result in execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">openswan</product>
+  <announced>2014-01-18</announced>
+  <revised count="1">2014-01-18</revised>
+  <bug>483204</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openswan" auto="yes" arch="*">
+      <unaffected range="ge">2.6.39</unaffected>
+      <vulnerable range="lt">2.6.39</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Openswan is an implementation of IPsec for Linux.</p>
+  </background>
+  <description>
+    <p>A buffer overflow flaw has been discovered in Openswan when using
+      Opportunistic Encryption.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted DNS TXT record,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Openswan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openswan-2.6.39"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2053">CVE-2013-2053</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-01T18:39:23Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-01-18T20:05:02Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-10.xml b/metadata/glsa/glsa-201401-10.xml
new file mode 100644
index 000000000000..bd496074b925
--- /dev/null
+++ b/metadata/glsa/glsa-201401-10.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-10">
+  <title>libexif, exif: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libexif and exif, some
+    of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libexif</product>
+  <announced>2014-01-19</announced>
+  <revised count="1">2014-01-19</revised>
+  <bug>426366</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libexif" auto="yes" arch="*">
+      <unaffected range="ge">0.6.21</unaffected>
+      <vulnerable range="lt">0.6.21</vulnerable>
+    </package>
+    <package name="media-gfx/exif" auto="yes" arch="*">
+      <unaffected range="ge">0.6.21</unaffected>
+      <vulnerable range="lt">0.6.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libexif is a library for parsing, editing and saving Exif metadata from
+      images. exif is a small command line interface for libexif.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libexif and exif.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using exif or an application linked against libexif, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libexif users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libexif-0.6.21"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as  revdep-rebuild may assist in identifying  some of these
+      packages.
+    </p>
+    
+    <p>All exif users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/exif-0.6.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2812">CVE-2012-2812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2813">CVE-2012-2813</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2814">CVE-2012-2814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2836">CVE-2012-2836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2837">CVE-2012-2837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2840">CVE-2012-2840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2841">CVE-2012-2841</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2845">CVE-2012-2845</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-07-22T17:42:17Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-01-19T15:10:21Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-11.xml b/metadata/glsa/glsa-201401-11.xml
new file mode 100644
index 000000000000..3179f7f4ee8e
--- /dev/null
+++ b/metadata/glsa/glsa-201401-11.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-11">
+  <title>Perl, Locale Maketext Perl module: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Perl and
+    Locale::Maketext Perl module, the worst of which could allow a
+    context-dependent attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2014-01-19</announced>
+  <revised count="1">2014-01-19</revised>
+  <bug>384887</bug>
+  <bug>448632</bug>
+  <bug>460444</bug>
+  <bug>483448</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.16.3</unaffected>
+      <vulnerable range="lt">5.16.3</vulnerable>
+    </package>
+    <package name="perl-core/locale-maketext" auto="yes" arch="*">
+      <unaffected range="ge">1.230.0</unaffected>
+      <vulnerable range="lt">1.230.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Perl is Larry Wall’s Practical Extraction and Report Language.
+      Locale::Maketext is a Perl module - framework for localization.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Perl and
+      Locale::Maketext Perl module. Please review the CVE identifiers
+      referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could possibly execute arbitrary code with
+      the privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.16.3"
+    </code>
+    
+    <p>All Locale::Maketext users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=perl-core/locale-maketext-1.230.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2728">CVE-2011-2728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2939">CVE-2011-2939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5195">CVE-2012-5195
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1667">CVE-2013-1667</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-12-19T14:48:00Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-01-19T16:14:53Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-12.xml b/metadata/glsa/glsa-201401-12.xml
new file mode 100644
index 000000000000..b732c5772d0e
--- /dev/null
+++ b/metadata/glsa/glsa-201401-12.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-12">
+  <title>GNUstep Base library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GNUstep Base library,
+    the worst of which allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gnustep-base</product>
+  <announced>2014-01-20</announced>
+  <revised count="1">2014-01-20</revised>
+  <bug>325577</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="gnustep-base/gnustep-base" auto="yes" arch="*">
+      <unaffected range="ge">1.20.1</unaffected>
+      <vulnerable range="lt">1.20.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNUstep Base library is a free software package implementing the API of
+      the OpenStep Foundation Kit (tm), including later additions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNUstep Base library.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker could possibly execute arbitrary code. A
+      local attacker could possibly read arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNUstep Base library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=gnustep-base/gnustep-base-1.20.1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 13, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1457">CVE-2010-1457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1620">CVE-2010-1620</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:30Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-20T08:51:59Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-13.xml b/metadata/glsa/glsa-201401-13.xml
new file mode 100644
index 000000000000..89e9cdd5d46c
--- /dev/null
+++ b/metadata/glsa/glsa-201401-13.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-13">
+  <title>VirtualBox: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, allowing
+    local attackers to escalate their privileges or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2014-01-20</announced>
+  <revised count="1">2014-01-20</revised>
+  <bug>434872</bug>
+  <bug>498166</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">4.2.22</unaffected>
+      <vulnerable range="lt">4.2.22</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
+      <unaffected range="ge">4.2.22</unaffected>
+      <vulnerable range="lt">4.2.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Virtualbox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker in a guest virtual machine may be able to escalate
+      privileges or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All virtualbox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-4.2.22"
+    </code>
+    
+    <p>All virtualbox-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-4.2.22"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3221">CVE-2012-3221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5892">CVE-2013-5892</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0404">CVE-2014-0404</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0405">CVE-2014-0405</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0406">CVE-2014-0406</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0407">CVE-2014-0407</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-20T23:38:57Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-20T08:52:54Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-14.xml b/metadata/glsa/glsa-201401-14.xml
new file mode 100644
index 000000000000..6e3785d64066
--- /dev/null
+++ b/metadata/glsa/glsa-201401-14.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-14">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2014-01-20</announced>
+  <revised count="1">2014-01-20</revised>
+  <bug>456074</bug>
+  <bug>465678</bug>
+  <bug>474354</bug>
+  <bug>492688</bug>
+  <bug>497092</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.34.0-r1</unaffected>
+      <vulnerable range="lt">7.34.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cURL is a command line tool for transferring files with URL syntax,
+      supporting numerous protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated process to connect to
+      a malicious server using cURL, possibly resulting in the remote execution
+      of arbitrary code or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.34.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0249">CVE-2013-0249</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1944">CVE-2013-1944</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2174">CVE-2013-2174</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6422">CVE-2013-6422</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-17T19:39:59Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-01-20T14:02:23Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-15.xml b/metadata/glsa/glsa-201401-15.xml
new file mode 100644
index 000000000000..ff2685e985e6
--- /dev/null
+++ b/metadata/glsa/glsa-201401-15.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-15">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>449828</bug>
+  <bug>463622</bug>
+  <bug>482776</bug>
+  <bug>494630</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">11.7.0</unaffected>
+      <unaffected range="rge">1.8.25.0</unaffected>
+      <vulnerable range="lt">11.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Asterisk. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, or obtain sensitive
+      information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk 11.* users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-11.7.0"
+    </code>
+    
+    <p>All Asterisk 1.8.* users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.25.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5976">CVE-2012-5976</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5977">CVE-2012-5977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2264">CVE-2013-2264</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2685">CVE-2013-2685</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2686">CVE-2013-2686</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5641">CVE-2013-5641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5642">CVE-2013-5642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7100">CVE-2013-7100</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-03T17:20:14Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T04:17:25Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-16.xml b/metadata/glsa/glsa-201401-16.xml
new file mode 100644
index 000000000000..8510a3578f26
--- /dev/null
+++ b/metadata/glsa/glsa-201401-16.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-16">
+  <title>CCID: Arbitrary code execution</title>
+  <synopsis>A vulnerability in CCID could result in execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">ccid</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>349559</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-crypt/ccid" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1-r1</unaffected>
+      <vulnerable range="lt">1.4.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CCID is a generic USB Chip/Smart Card Interface Devices driver.</p>
+  </background>
+  <description>
+    <p>CCID contains an integer overflow vulnerability in ccid_serial.c.</p>
+  </description>
+  <impact type="high">
+    <p>A physically proximate attacker could execute arbitrary code via a smart
+      card with a specially crafted
+      serial number.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CCID users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/ccid-1.4.1-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since January 21, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4530">CVE-2010-4530</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:18Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T17:22:43Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-17.xml b/metadata/glsa/glsa-201401-17.xml
new file mode 100644
index 000000000000..37d85d6c5268
--- /dev/null
+++ b/metadata/glsa/glsa-201401-17.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-17">
+  <title>PCSC-Lite: Arbitrary code execution</title>
+  <synopsis>A vulnerability in PCSC-Lite could result in execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">pcsc-lite</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>349561</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/pcsc-lite" auto="yes" arch="*">
+      <unaffected range="ge">1.6.6</unaffected>
+      <vulnerable range="lt">1.6.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PCSC-Lite is a PC/SC Architecture smartcard middleware library.</p>
+  </background>
+  <description>
+    <p>PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr
+      function in the
+      Answer-to-Reset Handler (atrhandler.c).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A physically proximate attacker could execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCSC-Lite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/pcsc-lite-1.6.6"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since January 10, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4531">CVE-2010-4531</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:57Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T17:31:07Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-18.xml b/metadata/glsa/glsa-201401-18.xml
new file mode 100644
index 000000000000..10ed72dab113
--- /dev/null
+++ b/metadata/glsa/glsa-201401-18.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-18">
+  <title>OpenSC: Arbitrary code execution</title>
+  <synopsis>Multiple stack-based buffer overflows have been found in OpenSC,
+    allowing attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">opensc</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>349567</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-libs/opensc" auto="yes" arch="*">
+      <unaffected range="ge">0.11.13-r2</unaffected>
+      <vulnerable range="lt">0.11.13-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSC is a tools and libraries for smart cards.</p>
+  </background>
+  <description>
+    <p>Multiple stack-based buffer overflow errors have been discovered in
+      OpenSC.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A physically proximate attacker could possibly execute arbitrary code
+      using a specially crafted smart card.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/opensc-0.11.13-r2"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4523">CVE-2010-4523</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:47Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T18:48:55Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-19.xml b/metadata/glsa/glsa-201401-19.xml
new file mode 100644
index 000000000000..6482f2f22593
--- /dev/null
+++ b/metadata/glsa/glsa-201401-19.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-19">
+  <title>GMime: Arbitrary code execution</title>
+  <synopsis>A buffer overflow error in GMime might allow remote attackers to
+    execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">gmime</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>308051</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/gmime" auto="yes" arch="*">
+      <unaffected range="ge">2.4.15</unaffected>
+      <unaffected range="rge">2.4.17</unaffected>
+      <unaffected range="rge">2.2.26</unaffected>
+      <vulnerable range="lt">2.4.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GMime is a C/C++ library which may be used for the creation and parsing
+      of messages using the Multipurpose Internet Mail Extension (MIME).
+    </p>
+  </background>
+  <description>
+    <p>GMime contains a buffer overflow flaw in the GMIME_UUENCODE_LEN macro in
+      gmime/gmime-encodings.h.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could possibly execute arbitrary code or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>GMime 2.4.x users on the PPC64 architecture should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/gmime-2.4.17"
+    </code>
+    
+    <p>GMime 2.4.x users on other architectures should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/gmime-2.4.15"
+    </code>
+    
+    <p>GMime 2.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/gmime-2.2.26"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0409">
+      CVE-2010-0409
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:54Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T19:00:40Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-20.xml b/metadata/glsa/glsa-201401-20.xml
new file mode 100644
index 000000000000..7be0c179af10
--- /dev/null
+++ b/metadata/glsa/glsa-201401-20.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-20">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, allowing
+    attackers to execute arbitrary code or perform XSS attacks.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>324031</bug>
+  <bug>480196</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">0.8.8b</unaffected>
+      <vulnerable range="lt">0.8.8b</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete network graphing solution designed to harness the
+      power of RRDTool’s data storage and graphing functionality.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary SQL commands via specially
+      crafted parameters, execute arbitrary shell code or inject malicious
+      script code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-0.8.8b"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1644">
+      CVE-2010-1644
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1645">
+      CVE-2010-1645
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2092">
+      CVE-2010-2092
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2543">
+      CVE-2010-2543
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2544">
+      CVE-2010-2544
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2545">
+      CVE-2010-2545
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1434">CVE-2013-1434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1435">CVE-2013-1435</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:37Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T19:02:25Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-21.xml b/metadata/glsa/glsa-201401-21.xml
new file mode 100644
index 000000000000..4383fd4bf716
--- /dev/null
+++ b/metadata/glsa/glsa-201401-21.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-21">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, allowing
+    remote attackers to execute arbitrary code or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>489720</bug>
+  <bug>496770</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.24.5</unaffected>
+      <vulnerable range="lt">0.24.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a cross-platform PDF rendering library originally based on
+      Xpdf. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF in
+      an application linked against Poppler, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.24.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4473">CVE-2013-4473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4474">CVE-2013-4474</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7296">CVE-2013-7296</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-12-17T17:04:54Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T19:03:29Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-22.xml b/metadata/glsa/glsa-201401-22.xml
new file mode 100644
index 000000000000..13de7822608a
--- /dev/null
+++ b/metadata/glsa/glsa-201401-22.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-22">
+  <title>Active Record: SQL injection</title>
+  <synopsis>A vulnerability in Active Record could allow a remote attacker to
+    inject SQL commands.
+  </synopsis>
+  <product type="ebuild">activerecord</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>449826</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/activerecord" auto="yes" arch="*">
+      <unaffected range="ge">2.3.14-r1</unaffected>
+      <vulnerable range="lt">2.3.14-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Active Record is a Ruby gem that allows database entries to be
+      manipulated as objects.
+    </p>
+  </background>
+  <description>
+    <p>An Active Record method parameter can mistakenly be used as a scope.</p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could use specially crafted input to execute arbitrary
+      SQL statements.
+    </p>
+  </impact>
+  <workaround>
+    <p>The vulnerability may be mitigated by converting the input to an
+      expected value. This is accomplished by changing instances of
+      ‘Post.find_by_id(params[:id])’ in code using Active Record to
+      ‘Post.find_by_id(params[:id].to_s)’
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Active Record users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/activerecord-2.3.14-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6496">CVE-2012-6496</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-12-11T02:08:41Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T20:21:31Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-23.xml b/metadata/glsa/glsa-201401-23.xml
new file mode 100644
index 000000000000..c5e37c4349a8
--- /dev/null
+++ b/metadata/glsa/glsa-201401-23.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-23">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>Multiple vulnerabilities have been found in sudo which could result
+    in privilege escalation.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>459722</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.6_p7</unaffected>
+      <vulnerable range="lt">1.8.6_p7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo allows a system administrator to give users the ability to run
+      commands as other users. Access to commands may also be granted on a
+      range to hosts.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in sudo:</p>
+    
+    <ul>
+      <li>sudo does not correctly validate the controlling terminal on a system
+        without /proc or when the tty_tickets option is enabled.
+      </li>
+      <li>sudo does not properly handle the clock when it is set to the epoch.</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker with sudo privileges could connect to the stdin,
+      stdout, and stderr of the terminal of a user who has authenticated with
+      sudo, allowing the attacker to hijack the authorization of the other
+      user. Additionally, a local or physically proximate attacker could set
+      the system clock to the epoch, bypassing time restrictions on sudo
+      authentication.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.6_p7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1775">CVE-2013-1775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1776">CVE-2013-1776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2776">CVE-2013-2776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2777">CVE-2013-2777</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-01-03T14:24:36Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T20:25:34Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-24.xml b/metadata/glsa/glsa-201401-24.xml
new file mode 100644
index 000000000000..60d46c63d597
--- /dev/null
+++ b/metadata/glsa/glsa-201401-24.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-24">
+  <title>INN: Man-in-the-middle attack</title>
+  <synopsis>A vulnerability in INN's STARTTLS implementation could allow a
+    remote attacker to conduct a man-in-the-middle attack.
+  </synopsis>
+  <product type="ebuild">inn</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>432002</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nntp/inn" auto="yes" arch="*">
+      <unaffected range="ge">2.5.3</unaffected>
+      <vulnerable range="lt">2.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>INN is a news server which can interface with Usenet.</p>
+  </background>
+  <description>
+    <p>INN’s I/O buffering is not correctly restricted.</p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could inject commands into encrypted NNTP sessions.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All INN users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-nntp/inn-2.5.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3523">CVE-2012-3523</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-16T21:56:39Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T20:26:02Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-25.xml b/metadata/glsa/glsa-201401-25.xml
new file mode 100644
index 000000000000..ba35e50cda01
--- /dev/null
+++ b/metadata/glsa/glsa-201401-25.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-25">
+  <title>ldns: Arbitrary code execution</title>
+  <synopsis>A heap-based buffer overflow in ldns might allow remote attackers
+    to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ldns</product>
+  <announced>2014-01-21</announced>
+  <revised count="1">2014-01-21</revised>
+  <bug>384249</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/ldns" auto="yes" arch="*">
+      <unaffected range="ge">1.6.11</unaffected>
+      <vulnerable range="lt">1.6.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ldns is a fast DNS library with the goal to simplify DNS programming and
+      to allow developers to easily create software conforming to current RFCs
+      and Internet drafts.
+    </p>
+  </background>
+  <description>
+    <p>ldns contains a heap-based buffer overflow in the
+      ldns_rr_new_frm_str_internal function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code or cause a Denial of
+      Service condition with a crafted Resource Record.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ldns users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/ldns-1.6.11"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since October 11, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3581">CVE-2011-3581</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:31Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-21T20:44:51Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-26.xml b/metadata/glsa/glsa-201401-26.xml
new file mode 100644
index 000000000000..26befef50802
--- /dev/null
+++ b/metadata/glsa/glsa-201401-26.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-26">
+  <title>Zabbix: Shell command injection</title>
+  <synopsis>A vulnerability in Zabbix could allow remote attackers to execute
+    arbitrary shell code.
+  </synopsis>
+  <product type="ebuild">zabbix</product>
+  <announced>2014-01-23</announced>
+  <revised count="2">2014-06-02</revised>
+  <bug>493250</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/zabbix" auto="yes" arch="*">
+      <unaffected range="ge">2.0.9-r1</unaffected>
+      <vulnerable range="lt">2.0.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Zabbix is software for monitoring applications, networks, and servers.</p>
+  </background>
+  <description>
+    <p>If a flexible user parameter is configured in Zabbix agent, including a
+      newline in the parameters will execute newline section as a separate
+      command even if UnsafeUserParameters are disabled.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary shell code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Zabbix 2.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/zabbix-2.2.0-r4"
+    </code>
+    
+    <p>All Zabbix 2.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/zabbix-2.0.9-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6824">CVE-2013-6824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-12-17T19:46:48Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-06-02T13:59:58Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-27.xml b/metadata/glsa/glsa-201401-27.xml
new file mode 100644
index 000000000000..31bf7e496718
--- /dev/null
+++ b/metadata/glsa/glsa-201401-27.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-27">
+  <title>GNU TeXmacs: Privilege escalation</title>
+  <synopsis>A vulnerability in GNU TeXmacs could result in privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">texmacs</product>
+  <announced>2014-01-26</announced>
+  <revised count="2">2014-01-26</revised>
+  <bug>337532</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-office/texmacs" auto="yes" arch="*">
+      <unaffected range="ge">1.0.7.2-r1</unaffected>
+      <vulnerable range="lt">1.0.7.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU TeXmacs is a free WYSIWYG editing platform with special features for
+      scientists.
+    </p>
+  </background>
+  <description>
+    <p>The texmacs and tm_mupad_help scripts in TeXmacs place a zero-length
+      directory name in the LD_LIBRARY_PATH, which might result in the current
+      working directory (.) to be included when searching for dynamically
+      linked libraries.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges via a specially crafted
+      shared library.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU TeXmacs users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/texmacs-1.0.7.2-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since April 02, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3394">
+      CVE-2010-3394
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:13Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-26T00:54:29Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-28.xml b/metadata/glsa/glsa-201401-28.xml
new file mode 100644
index 000000000000..383f80565edf
--- /dev/null
+++ b/metadata/glsa/glsa-201401-28.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-28">
+  <title>Tomboy: Privilege escalation</title>
+  <synopsis>A vulnerability in Tomboy could result in privilege escalation.</synopsis>
+  <product type="ebuild">tomboy</product>
+  <announced>2014-01-26</announced>
+  <revised count="1">2014-01-26</revised>
+  <bug>356583</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-misc/tomboy" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2-r1</unaffected>
+      <vulnerable range="lt">1.4.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tomboy is a desktop note-taking application. </p>
+  </background>
+  <description>
+    <p>Tomboy places a zero-length directory name in the LD_LIBRARY_PATH, which
+      might result in the current working directory (.) to be included when
+      searching for dynamically linked libraries.
+    </p>
+    
+    <p>NOTE: This vulnerability exists due to an incomplete fix for
+      CVE-2005-4790 (GLSA 200711-12).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could gain escalated privileges via a specially crafted
+      shared library.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tomboy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/tomboy-1.4.2-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since March 02, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4005">CVE-2010-4005</uri>
+    <uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-12.xml">GLSA
+      200711-12
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:58Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-26T01:22:06Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-29.xml b/metadata/glsa/glsa-201401-29.xml
new file mode 100644
index 000000000000..f345cbb3c420
--- /dev/null
+++ b/metadata/glsa/glsa-201401-29.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-29">
+  <title>VIPS: Privilege Escalation</title>
+  <synopsis>A vulnerability in VIPS could result in privilege escalation.</synopsis>
+  <product type="ebuild">vips</product>
+  <announced>2014-01-26</announced>
+  <revised count="1">2014-01-26</revised>
+  <bug>344561</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-libs/vips" auto="yes" arch="*">
+      <unaffected range="ge">7.22.4</unaffected>
+      <vulnerable range="lt">7.22.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VIPS is a free image processing system.</p>
+  </background>
+  <description>
+    <p>VIPS places a zero-length directory name in the LD_LIBRARY_PATH, which
+      might result in the current working directory (.) to be included when
+      searching for dynamically linked libraries.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could gain escalated privileges via a specially crafted
+      shared library.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VIPS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/vips-7.22.4"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since November 23, 2010. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3364">
+      CVE-2010-3364
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:13Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-26T19:04:41Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-30.xml b/metadata/glsa/glsa-201401-30.xml
new file mode 100644
index 000000000000..b30d51af1b2c
--- /dev/null
+++ b/metadata/glsa/glsa-201401-30.xml
@@ -0,0 +1,362 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-30">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Oracle JRE/JDK,
+    allowing attackers to cause unspecified impact.
+  </synopsis>
+  <product type="ebuild">sun-jre-bin sun-jdk oracle-jdk-bin oracle-jre-bin
+    emul-linux-x86-java
+  </product>
+  <announced>2014-01-27</announced>
+  <revised count="1">2014-01-27</revised>
+  <bug>404071</bug>
+  <bug>421073</bug>
+  <bug>433094</bug>
+  <bug>438706</bug>
+  <bug>451206</bug>
+  <bug>455174</bug>
+  <bug>458444</bug>
+  <bug>460360</bug>
+  <bug>466212</bug>
+  <bug>473830</bug>
+  <bug>473980</bug>
+  <bug>488210</bug>
+  <bug>498148</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-java/sun-jdk" auto="yes" arch="*">
+      <vulnerable range="le">1.6.0.45</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jdk-bin" auto="no" arch="*">
+      <unaffected range="ge">1.7.0.51</unaffected>
+      <vulnerable range="lt">1.7.0.51</vulnerable>
+    </package>
+    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
+      <vulnerable range="le">1.6.0.45</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jre-bin" auto="no" arch="*">
+      <unaffected range="ge">1.7.0.51</unaffected>
+      <vulnerable range="lt">1.7.0.51</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-java" auto="no" arch="*">
+      <unaffected range="ge">1.7.0.51</unaffected>
+      <vulnerable range="lt">1.7.0.51</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
+      the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
+      provide the Oracle Java platform (formerly known as Sun Java Platform).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been reported in the Oracle Java
+      implementation. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An unauthenticated, remote attacker could exploit these vulnerabilities
+      to execute arbitrary code.
+      Furthermore, a local or remote attacker could exploit these
+      vulnerabilities to cause unspecified impact, possibly including remote
+      execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JDK 1.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.7.0.51"
+    </code>
+    
+    <p>All Oracle JRE 1.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.7.0.51"
+    </code>
+    
+    <p>All users of the precompiled 32-bit Oracle JRE should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/emul-linux-x86-java-1.7.0.51"
+    </code>
+    
+    <p>All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
+      of the newer Oracle packages like dev-java/oracle-jdk-bin or
+      dev-java/oracle-jre-bin or choose another alternative we provide; eg. the
+      IBM JDK/JRE or the open source IcedTea.
+    </p>
+    
+    <p>NOTE: As Oracle has revoked the DLJ license for its Java implementation,
+      the packages can no longer be updated automatically. 
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563">CVE-2011-3563</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035">CVE-2011-5035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497">CVE-2012-0497</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498">CVE-2012-0498</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499">CVE-2012-0499</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500">CVE-2012-0500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501">CVE-2012-0501</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502">CVE-2012-0502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503">CVE-2012-0503</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504">CVE-2012-0504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505">CVE-2012-0505</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506">CVE-2012-0506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507">CVE-2012-0507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547">CVE-2012-0547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531">CVE-2012-1531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532">CVE-2012-1532</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533">CVE-2012-1533</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541">CVE-2012-1541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682">CVE-2012-1682</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711">CVE-2012-1711</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713">CVE-2012-1713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716">CVE-2012-1716</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717">CVE-2012-1717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718">CVE-2012-1718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719">CVE-2012-1719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721">CVE-2012-1721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722">CVE-2012-1722</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723">CVE-2012-1723</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724">CVE-2012-1724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725">CVE-2012-1725</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726">CVE-2012-1726</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136">CVE-2012-3136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143">CVE-2012-3143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159">CVE-2012-3159</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174">CVE-2012-3174</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213">CVE-2012-3213</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216">CVE-2012-3216</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342">CVE-2012-3342</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416">CVE-2012-4416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681">CVE-2012-4681</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067">CVE-2012-5067</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068">CVE-2012-5068</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069">CVE-2012-5069</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070">CVE-2012-5070</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071">CVE-2012-5071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072">CVE-2012-5072</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073">CVE-2012-5073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074">CVE-2012-5074</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075">CVE-2012-5075</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076">CVE-2012-5076</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077">CVE-2012-5077</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079">CVE-2012-5079</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081">CVE-2012-5081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083">CVE-2012-5083</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084">CVE-2012-5084</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085">CVE-2012-5085</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086">CVE-2012-5086</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087">CVE-2012-5087</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088">CVE-2012-5088</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089">CVE-2012-5089</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169">CVE-2013-0169</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351">CVE-2013-0351</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401">CVE-2013-0401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402">CVE-2013-0402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409">CVE-2013-0409</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419">CVE-2013-0419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422">CVE-2013-0422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423">CVE-2013-0423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430">CVE-2013-0430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437">CVE-2013-0437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438">CVE-2013-0438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445">CVE-2013-0445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446">CVE-2013-0446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448">CVE-2013-0448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449">CVE-2013-0449</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809">CVE-2013-0809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473">CVE-2013-1473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479">CVE-2013-1479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481">CVE-2013-1481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484">CVE-2013-1484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485">CVE-2013-1485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486">CVE-2013-1486</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487">CVE-2013-1487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488">CVE-2013-1488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491">CVE-2013-1491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493">CVE-2013-1493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500">CVE-2013-1500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518">CVE-2013-1518</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537">CVE-2013-1537</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540">CVE-2013-1540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557">CVE-2013-1557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558">CVE-2013-1558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561">CVE-2013-1561</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563">CVE-2013-1563</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564">CVE-2013-1564</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569">CVE-2013-1569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571">CVE-2013-1571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383">CVE-2013-2383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384">CVE-2013-2384</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394">CVE-2013-2394</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400">CVE-2013-2400</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407">CVE-2013-2407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412">CVE-2013-2412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414">CVE-2013-2414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415">CVE-2013-2415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416">CVE-2013-2416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417">CVE-2013-2417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418">CVE-2013-2418</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419">CVE-2013-2419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420">CVE-2013-2420</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421">CVE-2013-2421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422">CVE-2013-2422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423">CVE-2013-2423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424">CVE-2013-2424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425">CVE-2013-2425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426">CVE-2013-2426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427">CVE-2013-2427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428">CVE-2013-2428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429">CVE-2013-2429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430">CVE-2013-2430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431">CVE-2013-2431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432">CVE-2013-2432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433">CVE-2013-2433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434">CVE-2013-2434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435">CVE-2013-2435</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436">CVE-2013-2436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437">CVE-2013-2437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438">CVE-2013-2438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439">CVE-2013-2439</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440">CVE-2013-2440</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442">CVE-2013-2442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443">CVE-2013-2443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444">CVE-2013-2444</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445">CVE-2013-2445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446">CVE-2013-2446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447">CVE-2013-2447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448">CVE-2013-2448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449">CVE-2013-2449</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450">CVE-2013-2450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451">CVE-2013-2451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452">CVE-2013-2452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453">CVE-2013-2453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454">CVE-2013-2454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455">CVE-2013-2455</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456">CVE-2013-2456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457">CVE-2013-2457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458">CVE-2013-2458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459">CVE-2013-2459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460">CVE-2013-2460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461">CVE-2013-2461</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462">CVE-2013-2462</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463">CVE-2013-2463</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464">CVE-2013-2464</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465">CVE-2013-2465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466">CVE-2013-2466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467">CVE-2013-2467</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468">CVE-2013-2468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469">CVE-2013-2469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470">CVE-2013-2470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471">CVE-2013-2471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472">CVE-2013-2472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473">CVE-2013-2473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743">CVE-2013-3743</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744">CVE-2013-3744</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829">CVE-2013-3829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772">CVE-2013-5772</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774">CVE-2013-5774</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775">CVE-2013-5775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776">CVE-2013-5776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777">CVE-2013-5777</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778">CVE-2013-5778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780">CVE-2013-5780</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782">CVE-2013-5782</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783">CVE-2013-5783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784">CVE-2013-5784</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787">CVE-2013-5787</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788">CVE-2013-5788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789">CVE-2013-5789</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790">CVE-2013-5790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797">CVE-2013-5797</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800">CVE-2013-5800</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801">CVE-2013-5801</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802">CVE-2013-5802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803">CVE-2013-5803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804">CVE-2013-5804</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805">CVE-2013-5805</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806">CVE-2013-5806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809">CVE-2013-5809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810">CVE-2013-5810</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812">CVE-2013-5812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814">CVE-2013-5814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817">CVE-2013-5817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818">CVE-2013-5818</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819">CVE-2013-5819</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820">CVE-2013-5820</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823">CVE-2013-5823</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824">CVE-2013-5824</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825">CVE-2013-5825</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829">CVE-2013-5829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830">CVE-2013-5830</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831">CVE-2013-5831</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832">CVE-2013-5832</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838">CVE-2013-5838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840">CVE-2013-5840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842">CVE-2013-5842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843">CVE-2013-5843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844">CVE-2013-5844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846">CVE-2013-5846</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848">CVE-2013-5848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849">CVE-2013-5849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850">CVE-2013-5850</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851">CVE-2013-5851</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852">CVE-2013-5852</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854">CVE-2013-5854</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870">CVE-2013-5870</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878">CVE-2013-5878</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887">CVE-2013-5887</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888">CVE-2013-5888</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889">CVE-2013-5889</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893">CVE-2013-5893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895">CVE-2013-5895</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896">CVE-2013-5896</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898">CVE-2013-5898</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899">CVE-2013-5899</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902">CVE-2013-5902</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904">CVE-2013-5904</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905">CVE-2013-5905</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906">CVE-2013-5906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907">CVE-2013-5907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910">CVE-2013-5910</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368">CVE-2014-0368</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373">CVE-2014-0373</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375">CVE-2014-0375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376">CVE-2014-0376</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382">CVE-2014-0382</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385">CVE-2014-0385</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387">CVE-2014-0387</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403">CVE-2014-0403</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408">CVE-2014-0408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410">CVE-2014-0410</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411">CVE-2014-0411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415">CVE-2014-0415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416">CVE-2014-0416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417">CVE-2014-0417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418">CVE-2014-0418</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422">CVE-2014-0422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423">CVE-2014-0423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424">CVE-2014-0424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428">CVE-2014-0428</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-02-18T21:32:37Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-27T01:17:59Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-31.xml b/metadata/glsa/glsa-201401-31.xml
new file mode 100644
index 000000000000..aac922ac6feb
--- /dev/null
+++ b/metadata/glsa/glsa-201401-31.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-31">
+  <title>CEDET: Privilege escalation</title>
+  <synopsis>A vulnerability in CEDET could result in privilege escalation.</synopsis>
+  <product type="ebuild">cedet</product>
+  <announced>2014-01-27</announced>
+  <revised count="2">2014-01-27</revised>
+  <bug>398227</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emacs/cedet" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CEDET is a Collection of Emacs Development Environment Tools written
+      with the end goal of creating an advanced development environment in
+      Emacs.
+    </p>
+  </background>
+  <description>
+    <p>An untrusted search path vulnerability was discovered in CEDET.</p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate his privileges via a specially crafted
+      Lisp expression in a Project.ede file in the directory or a parent
+      directory of an opened file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CEDET users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emacs/cedet-1.0.1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since February  01, 2012. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0035">CVE-2012-0035</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-02-01T17:22:27Z">ago</metadata>
+  <metadata tag="submitter" timestamp="2014-01-27T09:57:54Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-32.xml b/metadata/glsa/glsa-201401-32.xml
new file mode 100644
index 000000000000..69ce81cd2d7b
--- /dev/null
+++ b/metadata/glsa/glsa-201401-32.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-32">
+  <title>Exim: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Exim, the worst of which
+    leading to remote execution of arbitrary code with root privileges.
+  </synopsis>
+  <product type="ebuild">Exim</product>
+  <announced>2014-01-27</announced>
+  <revised count="3">2014-01-27</revised>
+  <bug>322665</bug>
+  <bug>348249</bug>
+  <bug>353352</bug>
+  <bug>366369</bug>
+  <bug>439734</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.80.1</unaffected>
+      <vulnerable range="lt">4.80.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a highly configurable, drop-in replacement for sendmail.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Exim. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with root
+      privileges, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.80.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2023">CVE-2010-2023</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2024">CVE-2010-2024</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4344">CVE-2010-4344</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4345">CVE-2010-4345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0017">CVE-2011-0017</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1407">CVE-2011-1407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1764">CVE-2011-1764</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5671">CVE-2012-5671</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:21Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-01-27T13:05:26Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-33.xml b/metadata/glsa/glsa-201401-33.xml
new file mode 100644
index 000000000000..8dd9f2a20b9e
--- /dev/null
+++ b/metadata/glsa/glsa-201401-33.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-33">
+  <title>Perl Digest-Base module: Arbitrary code execution</title>
+  <synopsis>A vulnerability has been found in the Digest-Base Perl module,
+    allowing remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">digest-base</product>
+  <announced>2014-01-29</announced>
+  <revised count="1">2014-01-29</revised>
+  <bug>385487</bug>
+  <access>remote</access>
+  <affected>
+    <package name="perl-core/digest-base" auto="yes" arch="*">
+      <unaffected range="ge">1.170.0</unaffected>
+      <vulnerable range="lt">1.170.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Digest-Base is a set of Perl modules that calculate message digests</p>
+  </background>
+  <description>
+    <p>The vulnerability is caused due to the “Digest-&gt;new()” function
+      not properly sanitising input before using it in an “eval()” call.
+    </p>
+  </description>
+  <impact type="high">
+    <p>The vulnerability might allow an attacker to execute arbitrary code.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Digest-Base module users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=perl-core/digest-base-1.170.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3597">CVE-2011-3597</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-22T09:43:15Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-01-29T08:01:48Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201401-34.xml b/metadata/glsa/glsa-201401-34.xml
new file mode 100644
index 000000000000..9c7660a1ef4c
--- /dev/null
+++ b/metadata/glsa/glsa-201401-34.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201401-34">
+  <title>BIND: Denial of service</title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, possibly
+    resulting in Denial of Service.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2014-01-29</announced>
+  <revised count="1">2014-01-29</revised>
+  <bug>437828</bug>
+  <bug>446094</bug>
+  <bug>453974</bug>
+  <bug>463497</bug>
+  <bug>478316</bug>
+  <bug>483208</bug>
+  <bug>498016</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.9.4_p2</unaffected>
+      <vulnerable range="lt">9.9.4_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND is the Berkeley Internet Name Domain Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BIND users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.9.4_p2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166">CVE-2012-5166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688">CVE-2012-5688</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5689">CVE-2012-5689</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266">CVE-2013-2266</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3919">CVE-2013-3919</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4854">CVE-2013-4854</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0591">CVE-2014-0591</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-16T21:52:11Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-01-29T22:28:10Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-01.xml b/metadata/glsa/glsa-201402-01.xml
new file mode 100644
index 000000000000..1c8890bd0d8f
--- /dev/null
+++ b/metadata/glsa/glsa-201402-01.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-01">
+  <title>GNU libmicrohttpd: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in GNU libmicrohttpd, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libmicrohttpd</product>
+  <announced>2014-02-02</announced>
+  <revised count="1">2014-02-02</revised>
+  <bug>493450</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libmicrohttpd" auto="yes" arch="*">
+      <unaffected range="ge">0.9.32</unaffected>
+      <vulnerable range="lt">0.9.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU libmicrohttpd is a small C library that is supposed to make it easy
+      to run an HTTP server as part of another application.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU libmicrohttpd.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, or obtain sensitive
+      information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU libmicrohttpd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libmicrohttpd-0.9.32"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7038">CVE-2013-7038</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7039">CVE-2013-7039</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-01T21:37:58Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-02-02T17:09:10Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-02.xml b/metadata/glsa/glsa-201402-02.xml
new file mode 100644
index 000000000000..31e25236fe70
--- /dev/null
+++ b/metadata/glsa/glsa-201402-02.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-02">
+  <title>NVIDIA Drivers: Privilege Escalation</title>
+  <synopsis>A NVIDIA drivers bug allows unprivileged user-mode software to
+    access the GPU inappropriately, allowing for privilege escalation.
+  </synopsis>
+  <product type="ebuild">nvidia-drivers</product>
+  <announced>2014-02-02</announced>
+  <revised count="3">2014-03-13</revised>
+  <bug>493448</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
+      <unaffected range="ge">331.20</unaffected>
+      <unaffected range="rge">319.76</unaffected>
+      <unaffected range="rge">304.116</unaffected>
+      <unaffected range="rge">304.119</unaffected>
+      <unaffected range="rge">304.121</unaffected>
+      <vulnerable range="lt">331.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
+      boards.
+    </p>
+  </background>
+  <description>
+    <p>The vulnerability is caused due to the driver allowing unprivileged
+      user-mode software to access the GPU.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NVIDIA Drivers users using the 331 branch should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=x11-drivers/nvidia-drivers-331.20"
+    </code>
+    
+    <p>All NVIDIA Drivers users using the 319 branch  should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=x11-drivers/nvidia-drivers-319.76"
+    </code>
+    
+    <p>All NVIDIA Drivers users using the 304 branch should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=x11-drivers/nvidia-drivers-304.116"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5986">CVE-2013-5986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5987">CVE-2013-5987</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-12-14T04:12:07Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-03-13T06:49:59Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-03.xml b/metadata/glsa/glsa-201402-03.xml
new file mode 100644
index 000000000000..2a0487cf6686
--- /dev/null
+++ b/metadata/glsa/glsa-201402-03.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-03">
+  <title>Pixman: User-assisted execution of arbitrary code</title>
+  <synopsis>An integer underflow vulnerability in Pixman may allow a
+    context-dependent attacker to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">pixman</product>
+  <announced>2014-02-02</announced>
+  <revised count="1">2014-02-02</revised>
+  <bug>493292</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-libs/pixman" auto="yes" arch="*">
+      <unaffected range="ge">0.32.4</unaffected>
+      <vulnerable range="lt">0.32.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pixman is a pixel manipulation library.</p>
+  </background>
+  <description>
+    <p>The trapezoid handling code in Pixman contains an integer underflow
+      vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted file using an application linked against Pixman, possibly
+      resulting in  execution of arbitrary code with the privileges of the
+      process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pixman users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pixman-0.32.4"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6425">CVE-2013-6425</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-12-26T20:19:41Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-02-02T17:59:34Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-04.xml b/metadata/glsa/glsa-201402-04.xml
new file mode 100644
index 000000000000..642404b46353
--- /dev/null
+++ b/metadata/glsa/glsa-201402-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-04">
+  <title>libwww-perl: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libwww-perl, the worst
+    of which could allow attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libwww-perl</product>
+  <announced>2014-02-04</announced>
+  <revised count="1">2014-02-04</revised>
+  <bug>329943</bug>
+  <bug>386309</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/libwww-perl" auto="yes" arch="*">
+      <unaffected range="ge">6.30.0</unaffected>
+      <vulnerable range="lt">6.30.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libwww is a collection of Perl modules providing a consistent interface
+      to the World-Wide Web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libwww-perl. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to download a specially-crafted
+      file with an application linked against libwww-perl, which could result
+      in overwritten files or arbitrary code execution by writing to a dotfile
+      in the user’s home directory (such as .bashrc). Additionally, a remote
+      attacker could perform a Man-in-the-Middle attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libwww-perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-perl/libwww-perl-6.30.0"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since December 18, 2011. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2253">CVE-2010-2253</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0633">CVE-2011-0633</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:06Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-04T15:57:46Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-05.xml b/metadata/glsa/glsa-201402-05.xml
new file mode 100644
index 000000000000..3ee8a0aded6d
--- /dev/null
+++ b/metadata/glsa/glsa-201402-05.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-05">
+  <title>Banshee: Arbitrary code execution</title>
+  <synopsis>An environment variable processing error has been reported in
+    Banshee, possibly allowing local attacker to load a specially crafted
+    shared library.
+  </synopsis>
+  <product type="ebuild">banshee</product>
+  <announced>2014-02-05</announced>
+  <revised count="1">2014-02-05</revised>
+  <bug>345567</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/banshee" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0-r1</unaffected>
+      <vulnerable range="lt">1.8.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Banshee is a multimedia management and playback application for GNOME.</p>
+  </background>
+  <description>
+    <p>Banshee places a zero-length directory name in PATH, which allows
+      libraries to be loaded from the working directory.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A local attacker could put specially crafted library into working
+      directory of Banshee, possibly resulting in execution of arbitrary code
+      with the privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Banshee users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/banshee-1.8.0-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since November 17, 2010. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3998">CVE-2010-3998</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:16Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-02-05T10:53:24Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-06.xml b/metadata/glsa/glsa-201402-06.xml
new file mode 100644
index 000000000000..a1b41f6e5956
--- /dev/null
+++ b/metadata/glsa/glsa-201402-06.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-06">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which could result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2014-02-06</announced>
+  <revised count="1">2014-02-06</revised>
+  <bug>491148</bug>
+  <bug>493894</bug>
+  <bug>498170</bug>
+  <bug>500313</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.336</unaffected>
+      <vulnerable range="lt">11.2.202.336</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple unspecified vulnerabilities have been discovered in Adobe Flash
+      Player. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted SWF
+      file using Adobe Flash Player, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.336"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5329">CVE-2013-5329</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5330">CVE-2013-5330</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331">CVE-2013-5331</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332">CVE-2013-5332</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0491">CVE-2014-0491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0492">CVE-2014-0492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0497">CVE-2014-0497</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-11-15T06:52:08Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-06T10:58:54Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-07.xml b/metadata/glsa/glsa-201402-07.xml
new file mode 100644
index 000000000000..314ad585d36c
--- /dev/null
+++ b/metadata/glsa/glsa-201402-07.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-07">
+  <title>Freeciv: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in Freeciv may allow a remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">freeciv</product>
+  <announced>2014-02-06</announced>
+  <revised count="1">2014-02-06</revised>
+  <bug>329949</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-strategy/freeciv" auto="yes" arch="*">
+      <unaffected range="ge">2.2.1</unaffected>
+      <vulnerable range="lt">2.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Freeciv is an open-source empire building strategy game.</p>
+  </background>
+  <description>
+    <p>The Lua component of Freeciv does not restrict which modules may be
+      loaded by scenario scripts.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      scenario file, possibly resulting in execution of arbitrary code or
+      reading of arbitrary files with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Freeciv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-strategy/freeciv-2.2.1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since July 26, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2445">CVE-2010-2445</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-11T22:27:04Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-06T14:16:02Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-08.xml b/metadata/glsa/glsa-201402-08.xml
new file mode 100644
index 000000000000..a5d333109290
--- /dev/null
+++ b/metadata/glsa/glsa-201402-08.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-08">
+  <title>stunnel: Arbitrary code execution</title>
+  <synopsis>A vulnerability has been found in stunnel, allowing for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">stunnel</product>
+  <announced>2014-02-06</announced>
+  <revised count="4">2014-02-07</revised>
+  <bug>460278</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/stunnel" auto="yes" arch="*">
+      <unaffected range="ge">4.56-r1</unaffected>
+      <unaffected range="lt">4.00</unaffected>
+      <vulnerable range="lt">4.56-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The stunnel program is designed to work as an SSL encryption wrapper
+      between a client and a local or remote server.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow vulnerability has been discovered in stunnel. Please
+      review the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to connect to a malicious proxy
+      server, resulting in the execution of arbitrary code within the
+      configured chroot directory, with the privileges of the user running
+      stunnel. Please review the references below for details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All stunnel users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/stunnel-4.56-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1762">CVE-2013-1762</uri>
+    <uri link="https://www.stunnel.org/CVE-2013-1762.html">stunnel:
+      CVE-2013-1762
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-23T14:54:34Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-07T09:46:24Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-09.xml b/metadata/glsa/glsa-201402-09.xml
new file mode 100644
index 000000000000..0401b4f7ede8
--- /dev/null
+++ b/metadata/glsa/glsa-201402-09.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-09">
+  <title>Apache mod_fcgid: Arbitrary code execution </title>
+  <synopsis>A buffer overflow in Apache mod_fcgid might allow remote attackers
+    to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">mod_fcgid</product>
+  <announced>2014-02-07</announced>
+  <revised count="1">2014-02-07</revised>
+  <bug>487314</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_fcgid" auto="yes" arch="*">
+      <unaffected range="ge">2.3.9</unaffected>
+      <vulnerable range="lt">2.3.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache mod_fcgid is a binary-compatible alternative to mod_fastcgi with
+      better process management.
+    </p>
+  </background>
+  <description>
+    <p>Apache mod_fcgid fails to perform a boundary check on user-supplied
+      input, potentially resulting in a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can supply a crafted input, possibly resulting in
+      execution of arbitrary code or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache mod_fcgid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_fcgid-2.3.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4365">CVE-2013-4365</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-01-22T21:08:50Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-07T20:03:11Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-10.xml b/metadata/glsa/glsa-201402-10.xml
new file mode 100644
index 000000000000..7e0f0f37c025
--- /dev/null
+++ b/metadata/glsa/glsa-201402-10.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-10">
+  <title>PulseAudio: Insecure temporary file usage</title>
+  <synopsis>An insecure temporary file usage has been reported in PulseAudio,
+    possibly allowing symlink attacks.
+  </synopsis>
+  <product type="ebuild">pulseaudio</product>
+  <announced>2014-02-07</announced>
+  <revised count="1">2014-02-07</revised>
+  <bug>313329</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/pulseaudio" auto="yes" arch="*">
+      <unaffected range="ge">0.9.22</unaffected>
+      <vulnerable range="lt">0.9.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PulseAudio is a sound system for POSIX OSes.</p>
+  </background>
+  <description>
+    <p>The pa_make_secure_dir function in core-util.c does not handle temporary
+      files securely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PulseAudio users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/pulseaudio-0.9.22"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1299">CVE-2009-1299</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-08T22:12:38Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-02-07T20:28:06Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-11.xml b/metadata/glsa/glsa-201402-11.xml
new file mode 100644
index 000000000000..32b8a6329541
--- /dev/null
+++ b/metadata/glsa/glsa-201402-11.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-11">
+  <title>Links: Denial of service</title>
+  <synopsis>An integer overflow in Links might allow remote attackers to cause
+    a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">links</product>
+  <announced>2014-02-07</announced>
+  <revised count="1">2014-02-07</revised>
+  <bug>493138</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/links" auto="yes" arch="*">
+      <unaffected range="ge">2.8-r1</unaffected>
+      <vulnerable range="lt">2.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Links is a web browser which runs in both graphics and text modes.</p>
+  </background>
+  <description>
+    <p>An integer overflow vulnerability was found in the parsing of HTML
+      tables in the Links web browser when running in graphical mode.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Links users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/links-2.8-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6050">CVE-2013-6050</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-01-20T10:12:18Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-07T21:23:11Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-12.xml b/metadata/glsa/glsa-201402-12.xml
new file mode 100644
index 000000000000..dc4f1556080c
--- /dev/null
+++ b/metadata/glsa/glsa-201402-12.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-12">
+  <title>PAM S/Key: Information disclosure</title>
+  <synopsis>PAM S/Key does not clear provided credentials from memory, allowing
+    local attackers to gain access to cleartext credentials.
+  </synopsis>
+  <product type="ebuild">pam_skey</product>
+  <announced>2014-02-09</announced>
+  <revised count="1">2014-02-09</revised>
+  <bug>482588</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-auth/pam_skey" auto="yes" arch="*">
+      <unaffected range="ge">1.1.5-r5</unaffected>
+      <vulnerable range="lt">1.1.5-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PAM S/Key is a pluggable authentication module for the OpenBSD
+      Single-key Password system.
+    </p>
+  </background>
+  <description>
+    <p>Ulrich Müller reported that a Gentoo patch to PAM S/Key does not remove
+      credentials provided by the user from memory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker with privileged access could inspect a memory dump to
+      gain access to cleartext credentials provided by users.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PAM S/Key users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/pam_skey-1.1.5-r5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4285">CVE-2013-4285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-28T10:10:48Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2014-02-09T10:46:24Z">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-13.xml b/metadata/glsa/glsa-201402-13.xml
new file mode 100644
index 000000000000..9c237b9a2eeb
--- /dev/null
+++ b/metadata/glsa/glsa-201402-13.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-13">
+  <title>DjVu: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in DjVu could result in execution of arbitrary code
+    or Denial of Service.
+  </synopsis>
+  <product type="ebuild">djvu</product>
+  <announced>2014-02-09</announced>
+  <revised count="1">2014-02-09</revised>
+  <bug>497088</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/djvu" auto="yes" arch="*">
+      <unaffected range="ge">3.5.25.3</unaffected>
+      <vulnerable range="lt">3.5.25.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>DjVu is a web-centric format and software platform for distributing
+      documents and images.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in DjVu. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted DjVu
+      file, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All DjVu users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/djvu-3.5.25.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6535">CVE-2012-6535</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-07T22:03:24Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-02-09T12:15:30Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-14.xml b/metadata/glsa/glsa-201402-14.xml
new file mode 100644
index 000000000000..ffb27ce0e459
--- /dev/null
+++ b/metadata/glsa/glsa-201402-14.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-14">
+  <title>International Components for Unicode: Denial of service</title>
+  <synopsis>Two vulnerabilities in International Components for Unicode might
+    allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2014-02-10</announced>
+  <revised count="1">2014-02-10</revised>
+  <bug>460426</bug>
+  <bug>486948</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">51.2-r1</unaffected>
+      <vulnerable range="lt">51.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>International Components for Unicode is a set of C/C++ and Java
+      libraries providing Unicode and Globalization support for software
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in International
+      Components for Unicode. Please review the CVE identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All International Components for Unicode users should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-51.2-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900">CVE-2013-0900</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2924">CVE-2013-2924</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-11-15T07:06:44Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-10T10:38:54Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-15.xml b/metadata/glsa/glsa-201402-15.xml
new file mode 100644
index 000000000000..2245b5756df7
--- /dev/null
+++ b/metadata/glsa/glsa-201402-15.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-15">
+  <title>Roundcube: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Roundcube could result in arbitrary code
+    execution, SQL injection, or reading of arbitrary files.
+  </synopsis>
+  <product type="ebuild">roundcube</product>
+  <announced>2014-02-11</announced>
+  <revised count="1">2014-02-11</revised>
+  <bug>488954</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/roundcube" auto="yes" arch="*">
+      <unaffected range="ge">0.9.5</unaffected>
+      <unaffected range="rge">0.8.7</unaffected>
+      <vulnerable range="lt">0.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Roundcube is a browser-based multilingual IMAP client with an
+      application-like user interface.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in steps/utils/save_pref.inc allows remote attackers to
+      use the _session parameter to change configuration settings.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, inject SQL code, or read arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Roundcube 0.9 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/roundcube-0.9.5"
+    </code>
+    
+    <p>All Roundcube 0.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/roundcube-0.8.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6172">CVE-2013-6172</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-11-28T07:52:58Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-11T09:18:22Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-16.xml b/metadata/glsa/glsa-201402-16.xml
new file mode 100644
index 000000000000..91395e2fa3ca
--- /dev/null
+++ b/metadata/glsa/glsa-201402-16.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-16">
+  <title>FreeType: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeType, allowing
+    context-dependent attackers to possibly execute arbitrary code or cause
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2014-02-11</announced>
+  <revised count="1">2014-02-11</revised>
+  <bug>448550</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.4.11</unaffected>
+      <vulnerable range="lt">2.4.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeType is a high-quality and portable font engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeType. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted font, possibly resulting in execution of arbitrary code with the
+      privileges of the user running the application, or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Freetype users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.4.11"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5668">CVE-2012-5668</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5669">CVE-2012-5669</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5670">CVE-2012-5670</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-22T15:21:05Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-02-11T18:52:45Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-17.xml b/metadata/glsa/glsa-201402-17.xml
new file mode 100644
index 000000000000..dea7a7da74ee
--- /dev/null
+++ b/metadata/glsa/glsa-201402-17.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-17">
+  <title>Xpdf: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities in Xpdf could result in execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">xpdf</product>
+  <announced>2014-02-17</announced>
+  <revised count="1">2014-02-17</revised>
+  <bug>386271</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-text/xpdf" auto="yes" arch="*">
+      <vulnerable range="le">3.02-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xpdf is an X viewer for PDF files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xpdf. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Xpdf. We recommend that users
+      unmerge Xpdf:
+    </p>
+    
+    <code>
+      # emerge --unmerge "app-text/xpdf"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4035">CVE-2009-4035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702">CVE-2010-3702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704">CVE-2010-3704</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-02-29T22:01:40Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-17T19:53:35Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-18.xml b/metadata/glsa/glsa-201402-18.xml
new file mode 100644
index 000000000000..4cec967c43c4
--- /dev/null
+++ b/metadata/glsa/glsa-201402-18.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-18">
+  <title>GNU Midnight Commander: User-assisted execution of arbitrary code</title>
+  <synopsis>GNU Midnight Commander does not properly sanitize environment
+    variables, possibly resulting in execution of arbitrary code or Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">mc</product>
+  <announced>2014-02-20</announced>
+  <revised count="1">2014-02-20</revised>
+  <bug>436518</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/mc" auto="yes" arch="*">
+      <unaffected range="ge">4.8.7</unaffected>
+      <vulnerable range="lt">4.8.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Midnight Commander is a text based file manager.</p>
+  </background>
+  <description>
+    <p>GNU Midnight Commander does not properly sanitize environment variables.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive file using GNU Midnight Commander, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Midnight Commander users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/mc-4.8.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4463">CVE-2012-4463</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-15T21:11:02Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-02-20T10:53:52Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-19.xml b/metadata/glsa/glsa-201402-19.xml
new file mode 100644
index 000000000000..b6d222131b7e
--- /dev/null
+++ b/metadata/glsa/glsa-201402-19.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-19">
+  <title>libtar: Arbitraty code execution</title>
+  <synopsis>A buffer overflow in libtar might allow remote attackers to execute
+    arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libtar</product>
+  <announced>2014-02-21</announced>
+  <revised count="1">2014-02-21</revised>
+  <bug>487420</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libtar" auto="yes" arch="*">
+      <unaffected range="ge">1.2.20-r2</unaffected>
+      <vulnerable range="lt">1.2.20-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libtar is a C library for manipulating POSIX tar files.</p>
+  </background>
+  <description>
+    <p>An integer overflow error within the “th_read()” function when
+      processing long names or link extensions can be exploited to cause a
+      heap-based buffer overflow via a specially crafted archive.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using a program linked against libtar, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libtar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libtar-1.2.20-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4397">CVE-2013-4397</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-10-28T17:33:28Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-21T07:32:05Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-20.xml b/metadata/glsa/glsa-201402-20.xml
new file mode 100644
index 000000000000..ce87e92527f9
--- /dev/null
+++ b/metadata/glsa/glsa-201402-20.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-20">
+  <title>KVIrc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in KVIrc, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">kvirc</product>
+  <announced>2014-02-21</announced>
+  <revised count="1">2014-02-21</revised>
+  <bug>326149</bug>
+  <bug>330111</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/kvirc" auto="yes" arch="*">
+      <unaffected range="ge">4.1_pre4693</unaffected>
+      <vulnerable range="lt">4.1_pre4693</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KVIrc is a free portable IRC client based on Qt.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in KVIrc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of
+      Service condition, or overwrite arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KVIrc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/kvirc-4.1_pre4693"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since July 29, 2010. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2451">CVE-2010-2451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2452">CVE-2010-2452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2785">CVE-2010-2785</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:28Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-02-21T15:14:41Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-21.xml b/metadata/glsa/glsa-201402-21.xml
new file mode 100644
index 000000000000..78fda976d36a
--- /dev/null
+++ b/metadata/glsa/glsa-201402-21.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-21">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libTIFF, allowing
+    remote attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2014-02-21</announced>
+  <revised count="1">2014-02-21</revised>
+  <bug>440154</bug>
+  <bug>440944</bug>
+  <bug>468334</bug>
+  <bug>480466</bug>
+  <bug>486590</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">4.0.3-r6</unaffected>
+      <unaffected range="rge">3.9.7-r1</unaffected>
+      <vulnerable range="lt">4.0.3-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libTIFF provides support for reading and manipulating TIFF (Tagged Image
+      File Format) images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libTIFF. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted TIFF
+      file with an application making use of libTIFF, possibly resulting in
+      execution of arbitrary code with the privileges of the user running the
+      application or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libTIFF 4.* users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.0.3-r6"
+    </code>
+    
+    <p>All libTIFF 3.* users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.9.7-r1:3"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4447">CVE-2012-4447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4564">CVE-2012-4564</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1960">CVE-2013-1960</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1961">CVE-2013-1961</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4231">CVE-2013-4231</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4232">CVE-2013-4232</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4244">CVE-2013-4244</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-02T10:35:33Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-21T15:18:04Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-22.xml b/metadata/glsa/glsa-201402-22.xml
new file mode 100644
index 000000000000..178a0da0ae39
--- /dev/null
+++ b/metadata/glsa/glsa-201402-22.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-22">
+  <title>TCPTrack: Arbitrary code execution</title>
+  <synopsis>A heap-based buffer overflow in TCPTrack might allow a remote
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">tcptrack</product>
+  <announced>2014-02-21</announced>
+  <revised count="1">2014-02-21</revised>
+  <bug>377917</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/tcptrack" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TCPTrack is a simple libpcap based program for live TCP connection
+      monitoring.
+    </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow vulnerability exists in TCPTrack’s
+      parsing of command line arguments. This is only a vulnerability in
+      limited scenarios in which TCPTrack is “configured as a handler for
+      other applications.”
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition with a
+      specially crafted command-line argument.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TCPTrack users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tcptrack-1.4.2"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since August 06, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2903">CVE-2011-2903</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:14Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-21T15:21:47Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-23.xml b/metadata/glsa/glsa-201402-23.xml
new file mode 100644
index 000000000000..834773c14f1b
--- /dev/null
+++ b/metadata/glsa/glsa-201402-23.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-23">
+  <title>libXfont: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libXfont, the worst of
+    which allow for local privilege escalation.
+  </synopsis>
+  <product type="ebuild">libxfont</product>
+  <announced>2014-02-21</announced>
+  <revised count="1">2014-02-21</revised>
+  <bug>378797</bug>
+  <bug>497416</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.4.7 </unaffected>
+      <vulnerable range="lt">1.4.7 </vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libXfont is an X11 font rasterisation library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libXfont. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could use a specially crafted file to gain privileges
+      or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libXfont users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.4.7 "
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2895">CVE-2011-2895</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6462">CVE-2013-6462</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:46Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-21T15:29:10Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-24.xml b/metadata/glsa/glsa-201402-24.xml
new file mode 100644
index 000000000000..89c1d87d6077
--- /dev/null
+++ b/metadata/glsa/glsa-201402-24.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-24">
+  <title>GnuPG, Libgcrypt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in GnuPG and
+    Libgcrypt, which may result in execution of arbitrary code, Denial of
+    Service, or the disclosure of private keys.
+  </synopsis>
+  <product type="ebuild">gnupg libgcrypt</product>
+  <announced>2014-02-21</announced>
+  <revised count="3">2016-08-24</revised>
+  <bug>449546</bug>
+  <bug>478184</bug>
+  <bug>484836</bug>
+  <bug>487230</bug>
+  <bug>494658</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">2.0.22</unaffected>
+      <unaffected range="rge">1.4.16</unaffected>
+      <unaffected range="rge">1.4.17</unaffected>
+      <unaffected range="rge">1.4.18</unaffected>
+      <unaffected range="rge">1.4.19</unaffected>
+      <unaffected range="rge">1.4.20</unaffected>
+      <unaffected range="rge">1.4.21</unaffected>
+      <vulnerable range="lt">2.0.22</vulnerable>
+    </package>
+    <package name="dev-libs/libgcrypt" auto="yes" arch="*">
+      <unaffected range="ge">1.5.3</unaffected>
+      <vulnerable range="lt">1.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
+      cryptographic software. Libgcrypt is a cryptographic library based on
+      GnuPG.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker may be able to execute arbitrary code
+      with the privileges of the user running GnuPG, cause a Denial of Service
+      condition, or bypass security restrictions. Additionally, a side-channel
+      attack may allow a local attacker to recover a private key, please review
+      “Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
+      Attack” in the References section for further details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuPG 2.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-2.0.22"
+    </code>
+    
+    <p>All GnuPG 1.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.16"
+    </code>
+    
+    <p>All Libgcrypt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libgcrypt-1.5.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6085">CVE-2012-6085</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4242">CVE-2013-4242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4351">CVE-2013-4351</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4402">CVE-2013-4402</uri>
+    <uri link="https://eprint.iacr.org/2013/448">Flush+Reload: a High
+      Resolution, Low Noise, L3 Cache Side-Channel Attack
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-15T21:37:26Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2016-08-24T12:08:25Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-25.xml b/metadata/glsa/glsa-201402-25.xml
new file mode 100644
index 000000000000..927714d1a986
--- /dev/null
+++ b/metadata/glsa/glsa-201402-25.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-25">
+  <title>OpenSSL: Denial of service</title>
+  <synopsis>A vulnerability in OpenSSL's handling of TLS handshakes could
+    result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2014-02-21</announced>
+  <revised count="1">2014-02-21</revised>
+  <bug>497838</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1f</unaffected>
+      <unaffected range="lt">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1f</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>A flaw in the ssl3_take_mac function can result in a NULL pointer
+      dereference.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted TLS handshake,
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL 1.0.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.1f"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4353">CVE-2013-4353</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-01-28T06:18:59Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-21T15:36:48Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-26.xml b/metadata/glsa/glsa-201402-26.xml
new file mode 100644
index 000000000000..8574619fbb81
--- /dev/null
+++ b/metadata/glsa/glsa-201402-26.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-26">
+  <title>libssh: Arbitrary code execution</title>
+  <synopsis>Multiple vulnerabilities have been found in libssh, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">libssh</product>
+  <announced>2014-02-21</announced>
+  <revised count="1">2014-02-21</revised>
+  <bug>444147</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libssh" auto="yes" arch="*">
+      <unaffected range="ge">0.5.3</unaffected>
+      <vulnerable range="lt">0.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libssh is a C library providing SSHv2 and SSHv1.</p>
+  </background>
+  <description>
+    <p>Multiple buffer overflow, double free, and integer overflow
+      vulnerabilities have been discovered in libssh.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libssh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.5.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4559">CVE-2012-4559</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4560">CVE-2012-4560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4561">CVE-2012-4561</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4562">CVE-2012-4562</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6063">CVE-2012-6063</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-03T11:55:23Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-02-21T15:44:25Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-27.xml b/metadata/glsa/glsa-201402-27.xml
new file mode 100644
index 000000000000..d356bba13ff7
--- /dev/null
+++ b/metadata/glsa/glsa-201402-27.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-27">
+  <title>pidgin-knotify: Arbitrary code execution</title>
+  <synopsis>A vulnerability in pidgin-knotify might allow remote attackers to
+    execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">pidgin-knotify</product>
+  <announced>2014-02-26</announced>
+  <revised count="1">2014-02-26</revised>
+  <bug>336916</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-plugins/pidgin-knotify" auto="yes" arch="*">
+      <vulnerable range="le">0.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>pidgin-knotify is a Pidgin plug-in to display message notifications in
+      KDE.
+    </p>
+  </background>
+  <description>
+    <p>pidgin-knotify does not properly sanitize shell metacharacters from
+      received messages.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted instant message,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the Pidgin process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for pidgin-knotify. We recommend that
+      users unmerge pidgin-knotify:
+    </p>
+    
+    <code>
+      # emerge --unmerge "x11-plugins/pidgin-knotify"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3088">CVE-2010-3088</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-22T18:54:54Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-02-26T14:28:15Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-28.xml b/metadata/glsa/glsa-201402-28.xml
new file mode 100644
index 000000000000..dcf83d80cd89
--- /dev/null
+++ b/metadata/glsa/glsa-201402-28.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-28">
+  <title>Chrony: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chrony, possibly
+    allowing remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">chrony</product>
+  <announced>2014-02-28</announced>
+  <revised count="1">2014-02-28</revised>
+  <bug>480364</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/chrony" auto="yes" arch="*">
+      <unaffected range="ge">1.29</unaffected>
+      <vulnerable range="le">1.29</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chrony is a pair of programs which are used to maintain the accuracy of
+      the system clock on a computer.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chrony. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition by
+      sending specially crafted packets.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chrony users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/chrony-1.29"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4502">CVE-2012-4502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4503">CVE-2012-4503</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-19T13:39:51Z">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-02-28T10:05:17Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201402-29.xml b/metadata/glsa/glsa-201402-29.xml
new file mode 100644
index 000000000000..d9fd8769766e
--- /dev/null
+++ b/metadata/glsa/glsa-201402-29.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201402-29">
+  <title>ArgyllCMS: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple integer overflow vulnerabilities have been found in
+    ArgyllCMS which could allow attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">argyllcms</product>
+  <announced>2014-02-28</announced>
+  <revised count="1">2014-02-28</revised>
+  <bug>437652</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/argyllcms" auto="yes" arch="*">
+      <unaffected range="ge">1.4.0-r1</unaffected>
+      <vulnerable range="lt">1.4.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ArgyllCMS is an ICC compatible color management system that supports
+      accurate ICC profile creation for scanners, cameras and film recorders.
+    </p>
+  </background>
+  <description>
+    <p>Multiple integer overflow vulnerabilities have been discovered in the
+      ICC Format Library in ArgyllCMS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using ArgyllCMS, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ArgyllCMS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/argyllcms-1.4.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4405">CVE-2012-4405</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-02T14:48:08Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-02-28T10:11:22Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201403-01.xml b/metadata/glsa/glsa-201403-01.xml
new file mode 100644
index 000000000000..ffa1d0bb567b
--- /dev/null
+++ b/metadata/glsa/glsa-201403-01.xml
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201403-01">
+  <title>Chromium, V8: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium v8</product>
+  <announced>2014-03-05</announced>
+  <revised count="1">2014-03-05</revised>
+  <bug>486742</bug>
+  <bug>488148</bug>
+  <bug>491128</bug>
+  <bug>491326</bug>
+  <bug>493364</bug>
+  <bug>498168</bug>
+  <bug>499502</bug>
+  <bug>501948</bug>
+  <bug>503372</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">33.0.1750.146</unaffected>
+      <vulnerable range="lt">33.0.1750.146</vulnerable>
+    </package>
+    <package name="dev-lang/v8" auto="yes" arch="*">
+      <vulnerable range="lt">3.20.17.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project. V8 is Google’s open
+      source JavaScript engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
+      review the CVE identifiers and release notes referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted web site or JavaScript program using Chromium or V8, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition. Furthermore, a remote attacker
+      may be able to bypass security restrictions or have other unspecified
+      impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-33.0.1750.146"
+    </code>
+    
+    <p>Gentoo has discontinued support for separate V8 package. We recommend
+      that users unmerge V8:
+    </p>
+    
+    <code>
+      # emerge --unmerge "dev-lang/v8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906">CVE-2013-2906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907">CVE-2013-2907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908">CVE-2013-2908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909">CVE-2013-2909</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910">CVE-2013-2910</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911">CVE-2013-2911</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912">CVE-2013-2912</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913">CVE-2013-2913</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915">CVE-2013-2915</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916">CVE-2013-2916</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917">CVE-2013-2917</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918">CVE-2013-2918</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919">CVE-2013-2919</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920">CVE-2013-2920</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921">CVE-2013-2921</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922">CVE-2013-2922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923">CVE-2013-2923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925">CVE-2013-2925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926">CVE-2013-2926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927">CVE-2013-2927</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928">CVE-2013-2928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931">CVE-2013-2931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621">CVE-2013-6621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622">CVE-2013-6622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623">CVE-2013-6623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624">CVE-2013-6624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625">CVE-2013-6625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626">CVE-2013-6626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627">CVE-2013-6627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628">CVE-2013-6628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632">CVE-2013-6632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634">CVE-2013-6634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635">CVE-2013-6635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636">CVE-2013-6636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637">CVE-2013-6637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638">CVE-2013-6638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639">CVE-2013-6639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640">CVE-2013-6640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641">CVE-2013-6641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643">CVE-2013-6643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644">CVE-2013-6644</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645">CVE-2013-6645</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646">CVE-2013-6646</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649">CVE-2013-6649</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650">CVE-2013-6650</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652">CVE-2013-6652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653">CVE-2013-6653</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654">CVE-2013-6654</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655">CVE-2013-6655</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656">CVE-2013-6656</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657">CVE-2013-6657</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658">CVE-2013-6658</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659">CVE-2013-6659</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660">CVE-2013-6660</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661">CVE-2013-6661</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663">CVE-2013-6663</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664">CVE-2013-6664</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665">CVE-2013-6665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666">CVE-2013-6666</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667">CVE-2013-6667</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668">CVE-2013-6668</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802">CVE-2013-6802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681">CVE-2014-1681</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-10-04T06:36:15Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-03-05T10:57:09Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201403-02.xml b/metadata/glsa/glsa-201403-02.xml
new file mode 100644
index 000000000000..d6a3b02c2958
--- /dev/null
+++ b/metadata/glsa/glsa-201403-02.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201403-02">
+  <title>LibYAML: Arbitrary code execution</title>
+  <synopsis>A Vulnerability in LibYAML could result in execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">libyaml</product>
+  <announced>2014-03-08</announced>
+  <revised count="1">2014-03-08</revised>
+  <bug>499920</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libyaml" auto="yes" arch="*">
+      <unaffected range="ge">0.1.5</unaffected>
+      <vulnerable range="lt">0.1.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibYAML is a YAML 1.1 parser and emitter written in C.</p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow flaw was found in the way libyaml parsed
+      YAML tags.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could provide a specially-crafted YAML document which
+      when parsed by LibYAML, would cause the application to crash or,
+      potentially, execute arbitrary code with the privileges the user who is
+      running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibYAML users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libyaml-0.1.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6393">CVE-2013-6393</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-18T09:37:47Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-03-08T18:35:33Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201403-03.xml b/metadata/glsa/glsa-201403-03.xml
new file mode 100644
index 000000000000..b951172bdde8
--- /dev/null
+++ b/metadata/glsa/glsa-201403-03.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201403-03">
+  <title>file: Denial of service</title>
+  <synopsis>A vulnerability in file could result in Denial of Service.</synopsis>
+  <product type="ebuild">file</product>
+  <announced>2014-03-13</announced>
+  <revised count="1">2014-03-13</revised>
+  <bug>501574</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.17</unaffected>
+      <vulnerable range="lt">5.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>file is a utility that guesses a file format by scanning binary data for
+      patterns.
+    </p>
+  </background>
+  <description>
+    <p>A flaw was found in the way the file utility determines the type of a
+      file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.17"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943">CVE-2014-1943</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-22T08:49:09Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-03-13T16:36:21Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201403-04.xml b/metadata/glsa/glsa-201403-04.xml
new file mode 100644
index 000000000000..fddfad7996cb
--- /dev/null
+++ b/metadata/glsa/glsa-201403-04.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201403-04">
+  <title>QtCore: Denial of service</title>
+  <synopsis>A vulnerability in QXmlSimpleReader class can be used to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">qt-core</product>
+  <announced>2014-03-13</announced>
+  <revised count="1">2014-03-13</revised>
+  <bug>494728</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-qt/qtcore" auto="yes" arch="*">
+      <unaffected range="ge">4.8.5-r1</unaffected>
+      <vulnerable range="lt">4.8.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Qt toolkit is a comprehensive C++ application development framework.</p>
+  </background>
+  <description>
+    <p>A vulnerability in QXmlSimpleReader’s XML entity parsing has been
+      discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted XML
+      file using an application linked against QtCore, possibly resulting in
+      Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QtCore users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtcore-4.8.5-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4549">CVE-2013-4549</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-19T14:50:40Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-03-13T16:57:59Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201403-05.xml b/metadata/glsa/glsa-201403-05.xml
new file mode 100644
index 000000000000..c4ae0f7f9e7f
--- /dev/null
+++ b/metadata/glsa/glsa-201403-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201403-05">
+  <title>GNU Emacs: Multiple vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been found in GNU Emacs, possibly leading
+    to user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">emacs</product>
+  <announced>2014-03-20</announced>
+  <revised count="1">2014-03-20</revised>
+  <bug>398239</bug>
+  <bug>431178</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/emacs" auto="yes" arch="*">
+      <unaffected range="ge">24.1-r1</unaffected>
+      <unaffected range="rge">23.4-r4</unaffected>
+      <unaffected range="lt">23.2</unaffected>
+      <vulnerable range="lt">24.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Emacs is a highly extensible and customizable text editor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU Emacs:</p>
+    
+    <ul>
+      <li>When ‘global-ede-mode’ is enabled, EDE in Emacs automatically
+        loads a Project.ede file from the project directory (CVE-2012-0035).
+      </li>
+      <li>When ‘enable-local-variables’’ is set to ‘:safe’, Emacs
+        automatically processes eval forms (CVE-2012-3479).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Emacs 24.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/emacs-24.1-r1"
+    </code>
+    
+    <p>All GNU Emacs 23.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/emacs-23.4-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0035">CVE-2012-0035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3479">CVE-2012-3479</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-01-16T09:37:15Z">ago</metadata>
+  <metadata tag="submitter" timestamp="2014-03-20T10:30:13Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201403-06.xml b/metadata/glsa/glsa-201403-06.xml
new file mode 100644
index 000000000000..2a80fadef2c4
--- /dev/null
+++ b/metadata/glsa/glsa-201403-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201403-06">
+  <title>libupnp: Arbitrary code execution</title>
+  <synopsis>Multiple buffer overflow flaws in libupnp may allow execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">libupnp</product>
+  <announced>2014-03-26</announced>
+  <revised count="1">2014-03-26</revised>
+  <bug>454570</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libupnp" auto="yes" arch="*">
+      <unaffected range="ge">1.6.18</unaffected>
+      <vulnerable range="lt">1.6.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libupnp is a portable, open source, UPnP development kit.</p>
+  </background>
+  <description>
+    <p>Multiple buffer overflow vulnerabilities have been discovered in
+      libupnp. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libupnp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libupnp-1.6.18"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5958">CVE-2012-5958</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5959">CVE-2012-5959</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5960">CVE-2012-5960</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-17T15:38:12Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-03-26T10:27:19Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201403-07.xml b/metadata/glsa/glsa-201403-07.xml
new file mode 100644
index 000000000000..82b2421b17d6
--- /dev/null
+++ b/metadata/glsa/glsa-201403-07.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201403-07">
+  <title>grep: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in grep could result in execution of arbitrary code
+    or Denial of Service.
+  </synopsis>
+  <product type="ebuild">grep</product>
+  <announced>2014-03-26</announced>
+  <revised count="1">2014-03-26</revised>
+  <bug>448246</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/grep" auto="yes" arch="*">
+      <unaffected range="ge">2.12</unaffected>
+      <vulnerable range="lt">2.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>grep is the GNU regular expression matcher.</p>
+  </background>
+  <description>
+    <p>An integer overflow flaw has been discovered in grep.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could entice a user to run grep on a specially crafted file,
+      possibly resulting in  execution of arbitrary code with the privileges of
+      the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All grep users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/grep-2.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5667">CVE-2012-5667</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-26T16:52:28Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-03-26T15:39:34Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201403-08.xml b/metadata/glsa/glsa-201403-08.xml
new file mode 100644
index 000000000000..13b0ef1a1217
--- /dev/null
+++ b/metadata/glsa/glsa-201403-08.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201403-08">
+  <title>PlRPC: Arbitrary code execution</title>
+  <synopsis>PlRPC uses Storable which allows for code execution prior to
+    Authentication
+  </synopsis>
+  <product type="ebuild">PlRPC</product>
+  <announced>2014-03-27</announced>
+  <revised count="1">2014-03-27</revised>
+  <bug>497692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-perl/PlRPC" auto="yes" arch="*">
+      <unaffected range="ge">0.202.0-r2</unaffected>
+      <vulnerable range="lt">0.202.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Perl RPC Module is a Perl module that implements IDL-free RPCs.</p>
+  </background>
+  <description>
+    <p>PlRPC uses Storable module for serialization and deserialization of
+      untrusted data. Deserialized data can contain objects which can lead to
+      loading of foreign modules, and possible execution of arbitrary code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute
+      arbitrary code with the privileges of the process, or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>External authentication mechanism can be used with PlRPC such as TLS or
+      IPSEC.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All PlRPC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-perl/PlRPC-0.202.0-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7284">CVE-2013-7284</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-01-28T06:14:53Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-03-27T10:25:44Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201404-01.xml b/metadata/glsa/glsa-201404-01.xml
new file mode 100644
index 000000000000..8ee24615d8ca
--- /dev/null
+++ b/metadata/glsa/glsa-201404-01.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201404-01">
+  <title>CUPS: Arbitrary file read/write</title>
+  <synopsis>A vulnerability in CUPS may allow for arbitrary file access.</synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2014-04-07</announced>
+  <revised count="1">2014-04-07</revised>
+  <bug>442926</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">1.6.2-r5</unaffected>
+      <vulnerable range="lt">1.6.2-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CUPS, the Common Unix Printing System, is a full-featured print server.</p>
+  </background>
+  <description>
+    <p>Members of the lpadmin group have admin access to the web interface,
+      where they can
+      edit the config file and set some “dangerous” directives (like the
+      logfilenames), which enable them to read or write files as the user
+      running
+      the CUPS webserver.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly exploit this vulnerability to read or
+      write files as the user running the CUPS webserver.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CUPS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.6.2-r5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5519">CVE-2012-5519</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-30T11:14:06Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-04-07T07:41:06Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201404-02.xml b/metadata/glsa/glsa-201404-02.xml
new file mode 100644
index 000000000000..81ce914d5233
--- /dev/null
+++ b/metadata/glsa/glsa-201404-02.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201404-02">
+  <title>libproxy: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in libproxy might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libproxy</product>
+  <announced>2014-04-07</announced>
+  <revised count="1">2014-04-07</revised>
+  <bug>438146</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libproxy" auto="yes" arch="*">
+      <unaffected range="ge">0.4.10</unaffected>
+      <vulnerable range="lt">0.4.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libproxy is a library for automatic proxy configuration management.</p>
+  </background>
+  <description>
+    <p>A boundary error when processing the proxy.pac file could cause a
+      stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A man-in-the-middle attacker could provide a specially crafted proxy.pac
+      file on a remote server, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libproxy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libproxy-0.4.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4504">CVE-2012-4504</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-11-26T01:36:57Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-04-07T18:48:48Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201404-03.xml b/metadata/glsa/glsa-201404-03.xml
new file mode 100644
index 000000000000..80ee94e3ac34
--- /dev/null
+++ b/metadata/glsa/glsa-201404-03.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201404-03">
+  <title>OptiPNG: User-assisted execution of arbitrary code</title>
+  <synopsis>A use-after-free error in OptiPNG could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">optipng</product>
+  <announced>2014-04-07</announced>
+  <revised count="1">2014-04-07</revised>
+  <bug>435340</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/optipng" auto="yes" arch="*">
+      <unaffected range="ge">0.7.3</unaffected>
+      <vulnerable range="lt">0.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OptiPNG is a PNG optimizer that recompresses image files to a smaller
+      size, without losing any information.
+    </p>
+  </background>
+  <description>
+    <p>A use-after-free vulnerability exists in the palette reduction
+      functionality of OptiPNG.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file, possibly resulting in  execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OptiPNG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/optipng-0.7.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4432">CVE-2012-4432</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-22T16:00:25Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-04-07T20:09:15Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201404-04.xml b/metadata/glsa/glsa-201404-04.xml
new file mode 100644
index 000000000000..75cbe97a9652
--- /dev/null
+++ b/metadata/glsa/glsa-201404-04.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201404-04">
+  <title>Crack: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Crack might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">crack</product>
+  <announced>2014-04-07</announced>
+  <revised count="1">2014-04-07</revised>
+  <bug>460164</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/crack" auto="yes" arch="*">
+      <unaffected range="ge">0.3.2</unaffected>
+      <vulnerable range="lt">0.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Crack is a really simple JSON and XML parsing Ruby gem, ripped from Merb
+      and Rails.
+    </p>
+  </background>
+  <description>
+    <p>An XML parameter parsing vulnerability has been discovered in Crack. </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process, cause a Denial of
+      Service condition, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Crack users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/crack-0.3.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1800">CVE-2013-1800</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-17T18:59:21Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-04-07T20:37:34Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201404-05.xml b/metadata/glsa/glsa-201404-05.xml
new file mode 100644
index 000000000000..cab53ae9d8d4
--- /dev/null
+++ b/metadata/glsa/glsa-201404-05.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201404-05">
+  <title>OpenAFS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenAFS, worst of which
+    can allow attackers to execute arbitrary code
+  </synopsis>
+  <product type="ebuild">openafs</product>
+  <announced>2014-04-07</announced>
+  <revised count="1">2014-04-07</revised>
+  <bug>265538</bug>
+  <bug>355533</bug>
+  <bug>460494</bug>
+  <bug>478282</bug>
+  <bug>478296</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-fs/openafs" auto="yes" arch="*">
+      <unaffected range="ge">1.6.5</unaffected>
+      <vulnerable range="lt">1.6.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenAFS is an client-server program suite for federated file sharing and
+      replicated content distribution.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenAFS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could potentially execute arbitrary code with the
+      permissions of the user running the AFS server, cause a Denial of Service
+      condition, or gain access to sensitive information. Additionally, an
+      attacker could compromise a cell’s private key, allowing them to
+      impersonate any user in the cell.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenAFS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/openafs-1.6.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1250">CVE-2009-1250</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1251">CVE-2009-1251</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0430">CVE-2011-0430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0431">CVE-2011-0431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1794">CVE-2013-1794</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1795">CVE-2013-1795</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4134">CVE-2013-4134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4135">CVE-2013-4135</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:40Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-04-07T21:22:36Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201404-06.xml b/metadata/glsa/glsa-201404-06.xml
new file mode 100644
index 000000000000..09da42e418c5
--- /dev/null
+++ b/metadata/glsa/glsa-201404-06.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201404-06">
+  <title>Mesa: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Mesa could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">mesa</product>
+  <announced>2014-04-08</announced>
+  <revised count="1">2014-04-08</revised>
+  <bug>432400</bug>
+  <bug>445916</bug>
+  <bug>472280</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/mesa" auto="yes" arch="*">
+      <unaffected range="ge">9.1.4</unaffected>
+      <vulnerable range="lt">9.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mesa is an OpenGL-like graphic library for Linux.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mesa. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute
+      arbitrary code with the privileges of the process, or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mesa users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/mesa-9.1.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2864">CVE-2012-2864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5129">CVE-2012-5129</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1872">CVE-2013-1872</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-02T15:24:43Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-04-08T08:42:29Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201404-07.xml b/metadata/glsa/glsa-201404-07.xml
new file mode 100644
index 000000000000..1adb4991e35f
--- /dev/null
+++ b/metadata/glsa/glsa-201404-07.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201404-07">
+  <title>OpenSSL: Information Disclosure</title>
+  <synopsis>Multiple Information Disclosure vulnerabilities in OpenSSL allow
+    remote attackers to obtain sensitive information via various vectors.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2014-04-08</announced>
+  <revised count="4">2015-06-06</revised>
+  <bug>505278</bug>
+  <bug>507074</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1g</unaffected>
+      <unaffected range="rge">0.9.8y</unaffected>
+      <unaffected range="rge">0.9.8z_p1</unaffected>
+      <unaffected range="rge">0.9.8z_p2</unaffected>
+      <unaffected range="rge">0.9.8z_p3</unaffected>
+      <unaffected range="rge">0.9.8z_p4</unaffected>
+      <unaffected range="rge">0.9.8z_p5</unaffected>
+      <unaffected range="rge">0.9.8z_p6</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.1g</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in OpenSSL:</p>
+    
+    <ul>
+      <li>OpenSSL incorrectly handles memory in the TLS heartbeat extension,
+        leading to information disclosure of 64kb per request, possibly
+        including private keys (“Heartbleed bug”, OpenSSL 1.0.1 only,
+        CVE-2014-0160).
+      </li>
+      <li>The Montgomery ladder implementation of OpenSSL improperly handles
+        swap operations (CVE-2014-0076).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit these issues to disclose information,
+      including private keys or other sensitive information, or perform
+      side-channel attacks to obtain ECDSA nonces.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disabling the tls-heartbeat USE flag (enabled by default) provides a
+      workaround for the CVE-2014-0160 issue.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.1g"
+    </code>
+    
+    <p>Note: All services using OpenSSL to provide TLS connections have to be
+      restarted for the update to take effect. Utilities like
+      app-admin/lib_users can aid in identifying programs using OpenSSL.
+    </p>
+    
+    <p>As private keys may have been compromised using the Heartbleed attack,
+      it is recommended to regenerate them.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0076">CVE-2014-0076</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160">CVE-2014-0160</uri>
+    <uri link="http://heartbleed.com/">Heartbleed bug website</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-04-08T09:37:45Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2015-06-06T23:11:05Z">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-01.xml b/metadata/glsa/glsa-201405-01.xml
new file mode 100644
index 000000000000..4b428fbdce0a
--- /dev/null
+++ b/metadata/glsa/glsa-201405-01.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-01">
+  <title>udisks: Arbitrary code execution</title>
+  <synopsis>A stack-based buffer overflow vulnerability has been found in
+    udisks, allowing a local attacker to possibly execute arbitrary code or
+    cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">udisks</product>
+  <announced>2014-05-02</announced>
+  <revised count="1">2014-05-02</revised>
+  <bug>504100</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/udisks" auto="yes" arch="*">
+      <unaffected range="rge">1.0.5</unaffected>
+      <unaffected range="ge">2.1.3</unaffected>
+      <vulnerable range="lt">2.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>udisks is an abstraction for enumerating block devices and performing
+      operations on them. 
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow can be triggered when udisks is given a
+      long path name as a mount point.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All udisks 1.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/udisks-1.0.5:0"
+    </code>
+    
+    <p>All udisks 2.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/udisks-2.1.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0004">CVE-2014-0004</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-03-24T22:02:46Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-02T06:36:09Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-02.xml b/metadata/glsa/glsa-201405-02.xml
new file mode 100644
index 000000000000..ca980569f658
--- /dev/null
+++ b/metadata/glsa/glsa-201405-02.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-02">
+  <title>libSRTP: Denial of service</title>
+  <synopsis>A vulnerability in libSRTP can result in a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libsrtp</product>
+  <announced>2014-05-03</announced>
+  <revised count="1">2014-05-03</revised>
+  <bug>472302</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libsrtp" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4_p20121108-r1</unaffected>
+      <vulnerable range="lt">1.4.4_p20121108-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libSRTP is an Open-source implementation of the Secure Real-time
+      Transport Protocol.
+    </p>
+  </background>
+  <description>
+    <p>A flaw was found in how the crypto_policy_set_from_profile_for_rtp()
+      function applies cryptographic profiles to an srtp_policy in libSRTP.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit this vulnerability to crash an
+      application linked against libSRTP, resulting in Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libSRTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-libs/libsrtp-1.4.4_p20121108-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2139">CVE-2013-2139</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-04T14:44:21Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-05-03T13:23:32Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-03.xml b/metadata/glsa/glsa-201405-03.xml
new file mode 100644
index 000000000000..b41ae2c6e0b3
--- /dev/null
+++ b/metadata/glsa/glsa-201405-03.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-03">
+  <title>WeeChat: Multiple vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been found in WeeChat, the worst of which
+    may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">weechat</product>
+  <announced>2014-05-03</announced>
+  <revised count="1">2014-05-03</revised>
+  <bug>442600</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/weechat" auto="yes" arch="*">
+      <unaffected range="ge">0.3.9.2</unaffected>
+      <vulnerable range="lt">0.3.9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wee Enhanced Environment for Chat (WeeChat) is a light and extensible
+      console IRC client.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been discovered in WeeChat:</p>
+    
+    <ul>
+      <li>The hook_process() function does not properly handle shell expansions
+        (CVE-2012-5534).
+      </li>
+      <li>WeeChat does not properly decode colors which could cause a
+        heap-based buffer overflow (CVE-2012-5854).
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted script
+      or send messages with specially crafted colors, possibly resulting in
+      execution of arbitrary code with the privileges of the process, or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WeeChat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/weechat-0.3.9.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5534">CVE-2012-5534</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5854">CVE-2012-5854</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-11-21T20:56:00Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-05-03T13:54:42Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-04.xml b/metadata/glsa/glsa-201405-04.xml
new file mode 100644
index 000000000000..7601e78a1848
--- /dev/null
+++ b/metadata/glsa/glsa-201405-04.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-04">
+  <title>Adobe Flash Player: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which could result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2014-05-03</announced>
+  <revised count="1">2014-05-03</revised>
+  <bug>501960</bug>
+  <bug>504286</bug>
+  <bug>507176</bug>
+  <bug>508986</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.356</unaffected>
+      <vulnerable range="lt">11.2.202.356</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted SWF
+      file using Adobe Flash Player, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition. Furthermore, a remote attacker may be able to bypass the Same
+      Origin Policy or read the clipboard via unspecified vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.356"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498">CVE-2014-0498</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499">CVE-2014-0499</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502">CVE-2014-0502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503">CVE-2014-0503</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504">CVE-2014-0504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506">CVE-2014-0506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507">CVE-2014-0507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508">CVE-2014-0508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509">CVE-2014-0509</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515">CVE-2014-0515</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-26T14:21:18Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-03T18:43:48Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-05.xml b/metadata/glsa/glsa-201405-05.xml
new file mode 100644
index 000000000000..314dac66473d
--- /dev/null
+++ b/metadata/glsa/glsa-201405-05.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-05">
+  <title>Asterisk: Denial of service</title>
+  <synopsis>Multiple buffer overflows in Asterisk might allow remote attackers
+    to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2014-05-03</announced>
+  <revised count="1">2014-05-03</revised>
+  <bug>504180</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">11.8.1</unaffected>
+      <unaffected range="rge">1.8.26.1</unaffected>
+      <vulnerable range="lt">11.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Asterisk. Please review
+      the CVE identifiers and Asterisk Project Security Advisories referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk 11.* users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-11.8.1"
+    </code>
+    
+    <p>All Asterisk 1.8.* users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.26.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2014-001.pdf">
+      AST-2014-001
+    </uri>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2014-002.pdf">
+      AST-2014-002
+    </uri>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2014-003.pdf">
+      AST-2014-003
+    </uri>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2014-004.pdf">
+      AST-2014-004
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2286">CVE-2014-2286</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2287">CVE-2014-2287</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2288">CVE-2014-2288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2289">CVE-2014-2289</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-04-23T19:55:21Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-03T18:50:01Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-06.xml b/metadata/glsa/glsa-201405-06.xml
new file mode 100644
index 000000000000..9b1db626328d
--- /dev/null
+++ b/metadata/glsa/glsa-201405-06.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-06">
+  <title>OpenSSH: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2014-05-11</announced>
+  <revised count="1">2014-05-11</revised>
+  <bug>231292</bug>
+  <bug>247466</bug>
+  <bug>386307</bug>
+  <bug>410869</bug>
+  <bug>419357</bug>
+  <bug>456006</bug>
+  <bug>505066</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">6.6_p1-r1</unaffected>
+      <vulnerable range="lt">6.6_p1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes an SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code, cause a Denial of
+      Service condition, obtain sensitive information, or bypass environment
+      restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-6.6_p1-r1"
+    </code>
+    
+    <p>NOTE: One or more of the issues described in this advisory have been
+      fixed in previous updates. They are included in this advisory for the
+      sake of completeness. It is likely that your system is already no longer
+      affected by them.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161">
+      CVE-2008-5161
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4478">
+      CVE-2010-4478
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4755">
+      CVE-2010-4755
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5107">CVE-2010-5107</uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5000">
+      CVE-2011-5000
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0814">
+      CVE-2012-0814
+    </uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2532">
+      CVE-2014-2532
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:16Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-11T13:22:11Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-07.xml b/metadata/glsa/glsa-201405-07.xml
new file mode 100644
index 000000000000..810ca22c24a3
--- /dev/null
+++ b/metadata/glsa/glsa-201405-07.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-07">
+  <title>X.Org X Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org X Server,
+    allowing attackers to execute arbitrary code or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2014-05-15</announced>
+  <revised count="1">2014-05-15</revised>
+  <bug>466222</bug>
+  <bug>471098</bug>
+  <bug>487360</bug>
+  <bug>497836</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.14.3-r2</unaffected>
+      <vulnerable range="lt">1.14.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org X Server. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker could execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.14.3-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1056">CVE-2013-1056</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1940">CVE-2013-1940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1981">CVE-2013-1981</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1982">CVE-2013-1982</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1983">CVE-2013-1983</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1984">CVE-2013-1984</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1985">CVE-2013-1985</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1986">CVE-2013-1986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1987">CVE-2013-1987</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1988">CVE-2013-1988</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1989">CVE-2013-1989</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1990">CVE-2013-1990</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1991">CVE-2013-1991</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1992">CVE-2013-1992</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1993">CVE-2013-1993</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1994">CVE-2013-1994</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1995">CVE-2013-1995</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1996">CVE-2013-1996</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1997">CVE-2013-1997</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1998">CVE-2013-1998</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1999">CVE-2013-1999</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2000">CVE-2013-2000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2001">CVE-2013-2001</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2002">CVE-2013-2002</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2003">CVE-2013-2003</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2004">CVE-2013-2004</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2005">CVE-2013-2005</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2062">CVE-2013-2062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2063">CVE-2013-2063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2064">CVE-2013-2064</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2066">CVE-2013-2066</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4396">CVE-2013-4396</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-10-28T17:45:33Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-15T11:50:15Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-08.xml b/metadata/glsa/glsa-201405-08.xml
new file mode 100644
index 000000000000..8640a9ff9ca5
--- /dev/null
+++ b/metadata/glsa/glsa-201405-08.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-08">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ClamAV, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2014-05-16</announced>
+  <revised count="1">2014-05-16</revised>
+  <bug>462278</bug>
+  <bug>467710</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.98</unaffected>
+      <vulnerable range="lt">0.98</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Clam AntiVirus (ClamAV) is an anti-virus toolkit for UNIX, designed
+      especially for e-mail scanning on mail gateways. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ClamAV. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted file, leading to
+      arbitrary code execution or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.98"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2020">CVE-2013-2020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2021">CVE-2013-2021</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087">CVE-2013-7087</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088">CVE-2013-7088</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7089">CVE-2013-7089</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-11T04:06:14Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-16T12:36:41Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-09.xml b/metadata/glsa/glsa-201405-09.xml
new file mode 100644
index 000000000000..55207eef8b97
--- /dev/null
+++ b/metadata/glsa/glsa-201405-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-09">
+  <title>ImageMagick: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in ImageMagick, the
+    worst of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2014-05-17</announced>
+  <revised count="1">2014-05-17</revised>
+  <bug>409431</bug>
+  <bug>483032</bug>
+  <bug>500988</bug>
+  <bug>506562</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.8.8.10</unaffected>
+      <vulnerable range="lt">6.8.8.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ImageMagick is a collection of tools and libraries for manipulating
+      various image formats. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ImageMagick. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+    
+    <p>Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete
+      fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs
+      were addressed in GLSA 201203-09.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can utilize multiple vectors to execute arbitrary code
+      or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.8.8.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1185">CVE-2012-1185</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1186">CVE-2012-1186</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4298">CVE-2013-4298</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1947">CVE-2014-1947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2030">CVE-2014-2030</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-05-07T02:54:09Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-17T13:31:31Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-10.xml b/metadata/glsa/glsa-201405-10.xml
new file mode 100644
index 000000000000..c766f347be9b
--- /dev/null
+++ b/metadata/glsa/glsa-201405-10.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-10">
+  <title>Rack: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Rack, the worst of
+    which allow execution of arbitrary code. 
+  </synopsis>
+  <product type="ebuild">rack</product>
+  <announced>2014-05-17</announced>
+  <revised count="1">2014-05-17</revised>
+  <bug>451620</bug>
+  <bug>456176</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/rack" auto="yes" arch="*">
+      <unaffected range="ge">1.4.5</unaffected>
+      <unaffected range="rge">1.3.10</unaffected>
+      <unaffected range="rge">1.2.8</unaffected>
+      <unaffected range="rge">1.1.6</unaffected>
+      <vulnerable range="lt">1.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Rack is a modular Ruby web server interface.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Rack. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Rack 1.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rack-1.4.5"
+    </code>
+    
+    <p>All Rack 1.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rack-1.3.10"
+    </code>
+    
+    <p>All Rack 1.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rack-1.2.8"
+    </code>
+    
+    <p>All Rack 1.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rack-1.1.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6109">CVE-2012-6109</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0183">CVE-2013-0183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0184">CVE-2013-0184</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0262">CVE-2013-0262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0263">CVE-2013-0263</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-24T19:45:11Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-17T17:44:33Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-11.xml b/metadata/glsa/glsa-201405-11.xml
new file mode 100644
index 000000000000..14a3ad92629e
--- /dev/null
+++ b/metadata/glsa/glsa-201405-11.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-11">
+  <title>Bacula: Information disclosure</title>
+  <synopsis>A vulnerability in Bacula may allow remote attackers to obtain
+    sensitive information.
+  </synopsis>
+  <product type="ebuild">bacula</product>
+  <announced>2014-05-17</announced>
+  <revised count="1">2014-05-17</revised>
+  <bug>434878</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-backup/bacula" auto="yes" arch="*">
+      <unaffected range="ge">5.2.12</unaffected>
+      <vulnerable range="lt">5.2.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bacula is a network based backup suite.</p>
+  </background>
+  <description>
+    <p>Bacula does not properly enforce console access control lists. </p>
+  </description>
+  <impact type="low">
+    <p>A remote authenticated attacker may be able to bypass restrictions to
+      obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bacula users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-backup/bacula-5.2.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4430">CVE-2012-4430</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-16T21:54:47Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-05-17T17:45:37Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-12.xml b/metadata/glsa/glsa-201405-12.xml
new file mode 100644
index 000000000000..2960b2b6c96f
--- /dev/null
+++ b/metadata/glsa/glsa-201405-12.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-12">
+  <title>Ettercap: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Ettercap, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ettercap</product>
+  <announced>2014-05-17</announced>
+  <revised count="1">2014-05-17</revised>
+  <bug>340897</bug>
+  <bug>451198</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ettercap" auto="yes" arch="*">
+      <unaffected range="ge">0.7.5.2</unaffected>
+      <vulnerable range="lt">0.7.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ettercap is a suite of tools for content filtering, sniffing and man in
+      the middle attacks on a LAN.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ettercap:</p>
+    
+    <ul>
+      <li>Ettercap does not handle temporary files securely (CVE-2010-3843).</li>
+      <li>A format string flaw in Ettercap could cause a buffer overflow
+        (CVE-2010-3844).
+      </li>
+      <li>A stack-based buffer overflow exists in Ettercap (CVE-2013-0722).</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to load a specially crafted
+      configuration file using Ettercap, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition. 
+    </p>
+    
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ettercap users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ettercap-0.7.5.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3843">CVE-2010-3843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3844">CVE-2010-3844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0722">CVE-2013-0722</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-10-15T00:56:47Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-05-17T17:46:36Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-13.xml b/metadata/glsa/glsa-201405-13.xml
new file mode 100644
index 000000000000..7c1872692e0d
--- /dev/null
+++ b/metadata/glsa/glsa-201405-13.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-13">
+  <title>Pango: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Pango, the worst of
+    which allow execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">pango</product>
+  <announced>2014-05-17</announced>
+  <revised count="1">2014-05-17</revised>
+  <bug>268976</bug>
+  <bug>352087</bug>
+  <bug>357067</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-libs/pango" auto="yes" arch="*">
+      <unaffected range="ge">1.28.3-r1</unaffected>
+      <vulnerable range="lt">1.28.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pango is an internationalized text layout and rendering library</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pango. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to load specially
+      crafted text using an application linked against Pango, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pango users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pango-1.28.3-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since March 18, 2011. It is likely that your system is already
+      no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1194">CVE-2009-1194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2468">CVE-2009-2468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0020">CVE-2011-0020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0064">CVE-2011-0064</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:43Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-17T17:48:11Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-14.xml b/metadata/glsa/glsa-201405-14.xml
new file mode 100644
index 000000000000..cd8bcad2f577
--- /dev/null
+++ b/metadata/glsa/glsa-201405-14.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-14">
+  <title>Ruby OpenID: Denial of service</title>
+  <synopsis>A vulnerability in Ruby OpenID may lead to Denial of Service.</synopsis>
+  <product type="ebuild">ruby-openid</product>
+  <announced>2014-05-17</announced>
+  <revised count="1">2014-05-17</revised>
+  <bug>460156</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/ruby-openid" auto="yes" arch="*">
+      <unaffected range="ge">2.2.2</unaffected>
+      <vulnerable range="lt">2.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ruby OpenID is a robust library for verifying and serving OpenID
+      identities.
+    </p>
+  </background>
+  <description>
+    <p>An XML entity parsing error has been discovered in Ruby OpenID.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted XML file, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ruby OpenID users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/ruby-openid-2.2.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1812">CVE-2013-1812</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-04-09T22:41:55Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-05-17T17:48:57Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-15.xml b/metadata/glsa/glsa-201405-15.xml
new file mode 100644
index 000000000000..b0d64f46354b
--- /dev/null
+++ b/metadata/glsa/glsa-201405-15.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-15">
+  <title>util-linux: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in util-linux, the worst
+    of which may lead to Denial of Service.
+  </synopsis>
+  <product type="ebuild">util-linux</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>359759</bug>
+  <bug>450740</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/util-linux" auto="yes" arch="*">
+      <unaffected range="ge">2.22.2</unaffected>
+      <vulnerable range="lt">2.22.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>util-linux is a suite of Linux programs including mount and umount,
+      programs used to mount and unmount filesystems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in util-linux. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker may be able to cause a Denial of Service condition,
+      trigger corruption of /etc/mtab, obtain sensitive information, or have
+      other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All util-linux users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/util-linux-2.22.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1675">CVE-2011-1675</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1676">CVE-2011-1676</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1677">CVE-2011-1677</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0157">CVE-2013-0157</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:08Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T11:27:32Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-16.xml b/metadata/glsa/glsa-201405-16.xml
new file mode 100644
index 000000000000..744a1d2bc46f
--- /dev/null
+++ b/metadata/glsa/glsa-201405-16.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-16">
+  <title>Mono: Denial of service</title>
+  <synopsis>A hash collision vulnerability in Mono allows remote attackers to
+    cause a Denial of Service condition. 
+  </synopsis>
+  <product type="ebuild">mono</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>433768</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/mono" auto="yes" arch="*">
+      <unaffected range="ge">2.10.9-r2</unaffected>
+      <vulnerable range="lt">2.10.9-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mono is an open source implementation of Microsoft’s .NET Framework.</p>
+  </background>
+  <description>
+    <p>Mono does not properly randomize hash functions for form posts to
+      protect against hash collision attacks. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send specially crafted parameters, possibly
+      resulting in a Denial of Service condition. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mono users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/mono-2.10.9-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3543">CVE-2012-3543</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-16T21:55:51Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T11:28:30Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-17.xml b/metadata/glsa/glsa-201405-17.xml
new file mode 100644
index 000000000000..54a2313c9e0a
--- /dev/null
+++ b/metadata/glsa/glsa-201405-17.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-17">
+  <title>Munin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in Munin which may
+    lead to symlink attacks, file creation, or bypass of security restrictions.
+  </synopsis>
+  <product type="ebuild">munin</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>412881</bug>
+  <bug>445250</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/munin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.8-r2</unaffected>
+      <vulnerable range="lt">2.0.8-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Munin is an open source server monitoring tool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Munin. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+    
+    <p>A remote attacker could create files or load new Munin configuration
+      files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Munin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/munin-2.0.8-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2103">CVE-2012-2103</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3512">CVE-2012-3512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3513">CVE-2012-3513</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-23T00:14:15Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T11:35:16Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-18.xml b/metadata/glsa/glsa-201405-18.xml
new file mode 100644
index 000000000000..7afa2c980a8d
--- /dev/null
+++ b/metadata/glsa/glsa-201405-18.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-18">
+  <title>OpenConnect: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in OpenConnect could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">openconnect</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>457068</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openconnect" auto="yes" arch="*">
+      <unaffected range="ge">4.08</unaffected>
+      <vulnerable range="lt">4.08</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenConnect is a free client for Cisco AnyConnect SSL VPN software.</p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow error has been discovered in OpenConnect.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to connect to a malicious VPN
+      server, possibly resulting in  execution of arbitrary code with the
+      privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenConnect users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openconnect-4.08"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6128">CVE-2012-6128</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-04-08T22:03:55Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T11:36:30Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-19.xml b/metadata/glsa/glsa-201405-19.xml
new file mode 100644
index 000000000000..d16abbf4d38e
--- /dev/null
+++ b/metadata/glsa/glsa-201405-19.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-19">
+  <title>MCrypt: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in MCrypt, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">mcrypt</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>434112</bug>
+  <bug>440778</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mcrypt" auto="yes" arch="*">
+      <unaffected range="ge">2.6.8-r2</unaffected>
+      <vulnerable range="lt">2.6.8-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MCrypt is a replacement of the old unix crypt(1) utility.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MCrypt:</p>
+    
+    <ul>
+      <li>A boundary error in MCrypt could cause a stack-based buffer overflow
+        (CVE-2012-4409).
+      </li>
+      <li>MCrypt contains multiple format string errors (CVE-2012-4426).</li>
+      <li>MCrypt does not properly handle long file names, which could cause a
+        stack-based buffer overflow (CVE-2012-4527). 
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using MCrypt, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MCrypt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/mcrypt-2.6.8-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4409">CVE-2012-4409</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4426">CVE-2012-4426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4527">CVE-2012-4527</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-01T21:30:40Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T11:39:31Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-20.xml b/metadata/glsa/glsa-201405-20.xml
new file mode 100644
index 000000000000..c889f9dfe189
--- /dev/null
+++ b/metadata/glsa/glsa-201405-20.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-20">
+  <title>JBIG-KIT: Denial of service</title>
+  <synopsis>A stack-based buffer overflow in JBIG-KIT might allow remote
+    attackers to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">jbigkit</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>507254</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jbigkit" auto="yes" arch="*">
+      <unaffected range="ge">2.1</unaffected>
+      <vulnerable range="lt">2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>JBIG-KIT is a software implementation of the JBIG1 data compression
+      standard.
+    </p>
+  </background>
+  <description>
+    <p>JBIG-KIT contains a stack-based buffer overflow in the jbg_dec_in
+      function in libjbig/jbig.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      a specially crafted image file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All JBIG-KIT users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/jbigkit-2.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6369">CVE-2013-6369</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-15T03:04:08Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T12:48:40Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-21.xml b/metadata/glsa/glsa-201405-21.xml
new file mode 100644
index 000000000000..f95cfa4e1719
--- /dev/null
+++ b/metadata/glsa/glsa-201405-21.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-21">
+  <title>Charybdis, ShadowIRCd: Denial of service</title>
+  <synopsis>A vulnerability has been found in Charybdis and ShadowIRCd,
+    possibly resulting in remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">shadowircd</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>449544</bug>
+  <bug>449790</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/charybdis" auto="yes" arch="*">
+      <unaffected range="ge">3.4.2</unaffected>
+      <vulnerable range="lt">3.4.2</vulnerable>
+    </package>
+    <package name="net-irc/shadowircd" auto="yes" arch="*">
+      <unaffected range="ge">6.3.3</unaffected>
+      <vulnerable range="lt">6.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Charybdis is the Atheme Project’s IRC daemon based on ratbox.
+      ShadowIRCd is an IRC daemon based on Charybdis that adds several useful
+      features.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in Charybdis and ShadowIRCd. Please
+      review the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Charybdis users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/charybdis-3.4.2"
+    </code>
+    
+    <p>All ShadowIRCd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/shadowircd-6.3.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6084">CVE-2012-6084</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-03T17:21:58Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T17:28:17Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-22.xml b/metadata/glsa/glsa-201405-22.xml
new file mode 100644
index 000000000000..b72f172093d5
--- /dev/null
+++ b/metadata/glsa/glsa-201405-22.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-22">
+  <title>Pidgin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in Pidgin may allow execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">pidgin</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>457580</bug>
+  <bug>499596</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/pidgin" auto="yes" arch="*">
+      <unaffected range="ge">2.10.9</unaffected>
+      <unaffected range="rge">2.10.9-r1</unaffected>
+      <vulnerable range="lt">2.10.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pidgin is a GTK Instant Messenger client for a variety of instant
+      messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pidgin. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the Pidgin process, cause a Denial of Service condition,
+      overwrite files, or spoof traffic.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pidgin users on HPPA or users of GNOME 3.8 and later on AMD64 or X86
+      should upgrade to the latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.10.9-r1"
+    </code>
+    
+    <p>All Pidgin users on ALPHA, PPC, PPC64, SPARC, and users of GNOME before
+      3.8 on AMD64 and X86 should upgrade to the latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.10.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6152">CVE-2012-6152</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0271">CVE-2013-0271</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0272">CVE-2013-0272</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0273">CVE-2013-0273</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0274">CVE-2013-0274</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6477">CVE-2013-6477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6478">CVE-2013-6478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6479">CVE-2013-6479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6481">CVE-2013-6481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6482">CVE-2013-6482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6483">CVE-2013-6483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6484">CVE-2013-6484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6485">CVE-2013-6485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6487">CVE-2013-6487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6489">CVE-2013-6489</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6490">CVE-2013-6490</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0020">CVE-2014-0020</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-03-17T15:51:12Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T17:28:53Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-23.xml b/metadata/glsa/glsa-201405-23.xml
new file mode 100644
index 000000000000..21b4c63c06c4
--- /dev/null
+++ b/metadata/glsa/glsa-201405-23.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-23">
+  <title>lib3ds: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in lib3ds might allow a remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">lib3ds</product>
+  <announced>2014-05-18</announced>
+  <revised count="2">2014-12-10</revised>
+  <bug>308033</bug>
+  <bug>519936</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/lib3ds" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0_rc1</unaffected>
+      <unaffected range="rge">1.3.0-r1</unaffected>
+      <vulnerable range="lt">2.0.0_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files.</p>
+  </background>
+  <description>
+    <p>An array index error has been discovered in lib3ds.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted 3DS
+      file using an application linked against lib3ds, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All lib3ds 2.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/lib3ds-2.0.0_rc1"
+    </code>
+    
+    <p>All lib3ds 1.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/lib3ds-1.3.0-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0280">CVE-2010-0280</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-30T23:22:44Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-10T00:42:02Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-24.xml b/metadata/glsa/glsa-201405-24.xml
new file mode 100644
index 000000000000..412fdc38ca6e
--- /dev/null
+++ b/metadata/glsa/glsa-201405-24.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-24">
+  <title>Apache Portable Runtime, APR Utility Library: Denial of service</title>
+  <synopsis>Memory consumption errors in Apache Portable Runtime and APR
+    Utility Library could result in Denial of Service.
+  </synopsis>
+  <product type="ebuild">apr apr-util</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>339527</bug>
+  <bug>366903</bug>
+  <bug>368651</bug>
+  <bug>399089</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/apr" auto="yes" arch="*">
+      <unaffected range="ge">1.4.8-r1</unaffected>
+      <vulnerable range="lt">1.4.8-r1</vulnerable>
+    </package>
+    <package name="dev-libs/apr-util" auto="yes" arch="*">
+      <unaffected range="ge">1.3.10</unaffected>
+      <vulnerable range="lt">1.3.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache Portable Runtime (aka APR) provides a set of APIs for
+      creating platform-independent applications. The Apache Portable Runtime
+      Utility Library (aka APR-Util) provides an interface to functionality
+      such as XML parsing, string matching and database connections. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache Portable Runtime
+      and APR Utility Library. Please review the CVE identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Portable Runtime users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/apr-1.4.8-r1"
+    </code>
+    
+    <p>All users of the APR Utility Library should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/apr-util-1.3.10"
+    </code>
+    
+    <p>Packages which depend on these libraries may need to be recompiled.
+      Tools such as revdep-rebuild may assist in identifying some of these
+      packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1623">CVE-2010-1623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0419">CVE-2011-0419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1928">CVE-2011-1928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0840">CVE-2012-0840</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:24Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T17:30:44Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-25.xml b/metadata/glsa/glsa-201405-25.xml
new file mode 100644
index 000000000000..05a9a27dcbe7
--- /dev/null
+++ b/metadata/glsa/glsa-201405-25.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-25">
+  <title>Symfony: Information disclosure</title>
+  <synopsis>A vulnerability in Symfony may allow remote attackers to read
+    arbitrary files.
+  </synopsis>
+  <product type="ebuild">symfony</product>
+  <announced>2014-05-18</announced>
+  <revised count="1">2014-05-18</revised>
+  <bug>444696</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/symfony" auto="yes" arch="*">
+      <vulnerable range="lt">1.4.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Symfony is a professional, open-source PHP5 web development framework.</p>
+  </background>
+  <description>
+    <p>Symfony does not properly sanitize input for upload requests.</p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send a specially crafted file upload request,
+      possibly resulting in disclosure of sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Symfony. We recommend that users
+      unmerge Symfony:
+    </p>
+    
+    <code>
+      # emerge --unmerge "dev-php/symfony"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5574">CVE-2012-5574</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-17T03:37:50Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-18T17:31:18Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-26.xml b/metadata/glsa/glsa-201405-26.xml
new file mode 100644
index 000000000000..edc73ab71638
--- /dev/null
+++ b/metadata/glsa/glsa-201405-26.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-26">
+  <title>X2Go Server: Privilege Escalation</title>
+  <synopsis>A local privilege escalation vulnerability has been discovered in
+    X2Go Server.
+  </synopsis>
+  <product type="ebuild">x2go</product>
+  <announced>2014-05-19</announced>
+  <revised count="1">2014-05-19</revised>
+  <bug>497260</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/x2goserver" auto="yes" arch="*">
+      <unaffected range="ge">4.0.1.12</unaffected>
+      <vulnerable range="lt">4.0.1.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X2Go is an open source terminal server project.</p>
+  </background>
+  <description>
+    <p>X2Go Server is prone to a local privilege-escalation vulnerability.</p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X2Go Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/x2goserver-4.0.1.12"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7383">CVE-2013-7383</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-03-04T17:00:01Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-19T07:13:54Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-27.xml b/metadata/glsa/glsa-201405-27.xml
new file mode 100644
index 000000000000..f3273d99db87
--- /dev/null
+++ b/metadata/glsa/glsa-201405-27.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-27">
+  <title>LibYAML: Arbitrary code execution</title>
+  <synopsis>A vulnerability in LibYAML could allow an attacker to execute
+    arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libyaml</product>
+  <announced>2014-05-23</announced>
+  <revised count="1">2014-05-23</revised>
+  <bug>505948</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libyaml" auto="yes" arch="*">
+      <unaffected range="ge">0.1.6</unaffected>
+      <vulnerable range="lt">0.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibYAML is a YAML 1.1 parser and emitter written in C.</p>
+  </background>
+  <description>
+    <p>The yaml_parser_scan_uri_escapes() function does not properly expand
+      strings passed as input, which can result in a heap-based buffer
+      overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could provide a specially-crafted YAML document, which, when
+      parsed by LibYAML, could result in arbitrary code execution or cause the
+      application to crash.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibYAML users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libyaml-0.1.6"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2525">CVE-2014-2525</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-15T03:39:38Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-23T08:42:20Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201405-28.xml b/metadata/glsa/glsa-201405-28.xml
new file mode 100644
index 000000000000..af86322b917f
--- /dev/null
+++ b/metadata/glsa/glsa-201405-28.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201405-28">
+  <title>xmonad-contrib: Arbitrary code execution</title>
+  <synopsis>A remote command injection vulnerability has been discovered in
+    xmonad-contrib.
+  </synopsis>
+  <product type="ebuild">xmonad-contrib</product>
+  <announced>2014-05-28</announced>
+  <revised count="1">2014-05-28</revised>
+  <bug>478288</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-wm/xmonad-contrib" auto="yes" arch="*">
+      <unaffected range="ge">0.11.2</unaffected>
+      <vulnerable range="lt">0.11.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>xmonad-contrib is a set of third party tiling algorithms,
+      configurations, and scripts for xmonad.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a
+      malicious website with a specially crafted title to inject commands into
+      the title bar which would be executed when the bar is clicked.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All xmonad-contrib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-wm/xmonad-contrib-0.11.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1436">CVE-2013-1436</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-27T13:53:05Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-05-28T06:50:25Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-01.xml b/metadata/glsa/glsa-201406-01.xml
new file mode 100644
index 000000000000..f0687386203b
--- /dev/null
+++ b/metadata/glsa/glsa-201406-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-01">
+  <title>D-Bus, GLib: Privilege escalation</title>
+  <synopsis>A vulnerability has been found in D-Bus which allows local
+    attackers to gain escalated privileges.
+  </synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2014-06-01</announced>
+  <revised count="1">2014-06-01</revised>
+  <bug>436028</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.6.8</unaffected>
+      <vulnerable range="lt">1.6.8</vulnerable>
+    </package>
+    <package name="dev-libs/glib" auto="yes" arch="*">
+      <unaffected range="ge">2.32.4-r1</unaffected>
+      <vulnerable range="lt">2.32.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a daemon providing a framework for applications to communicate
+      with one another. GLib is a library providing a number of GNOME’s core
+      objects and functions.
+    </p>
+  </background>
+  <description>
+    <p>When libdbus is used in a setuid program, a user can gain escalated
+      privileges by leveraging the DBUS_SYSTEM_BUS_ADDRESS variable. GLib can
+      be used in a setuid context with D-Bus, and so can trigger this
+      vulnerability. Please review the CVE identifier below for more details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could gain escalated privileges and execute arbitrary
+      code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.6.8"
+    </code>
+    
+    <p>All GLib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.32.4-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3524">CVE-2012-3524</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-10-14T18:04:56Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-06-01T14:05:31Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-02.xml b/metadata/glsa/glsa-201406-02.xml
new file mode 100644
index 000000000000..98d4ead1e30f
--- /dev/null
+++ b/metadata/glsa/glsa-201406-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-02">
+  <title>libarchive: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libarchive, some of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libarchive</product>
+  <announced>2014-06-01</announced>
+  <revised count="1">2014-06-01</revised>
+  <bug>366687</bug>
+  <bug>463632</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/libarchive" auto="yes" arch="*">
+      <unaffected range="ge">3.1.2-r1</unaffected>
+      <vulnerable range="lt">3.1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libarchive is a library for manipulating different streaming archive
+      formats, including certain tar variants, several cpio formats, and both
+      BSD and GNU ar variants.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libarchive. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated process to open a
+      specially crafted archive using an application linked against libarchive,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libarchive users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/libarchive-3.1.2-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4666">CVE-2010-4666</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1777">CVE-2011-1777</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1778">CVE-2011-1778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1779">CVE-2011-1779</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0211">CVE-2013-0211</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-01-22T19:10:06Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-01T15:10:38Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-03.xml b/metadata/glsa/glsa-201406-03.xml
new file mode 100644
index 000000000000..6f24c0492faa
--- /dev/null
+++ b/metadata/glsa/glsa-201406-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-03">
+  <title>Fail2ban: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Fail2ban, the worst of
+    which allows remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">fail2ban</product>
+  <announced>2014-06-01</announced>
+  <revised count="1">2014-06-01</revised>
+  <bug>364883</bug>
+  <bug>473118</bug>
+  <bug>499802</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/fail2ban" auto="yes" arch="*">
+      <unaffected range="ge">0.8.12</unaffected>
+      <vulnerable range="lt">0.8.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Fail2ban is a tool for parsing log files and banning IP addresses which
+      show suspicious behavior.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Fail2ban. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a crafted URL to a web site which, when
+      parsed by Fail2ban, would deny a specific IP address. Also, errors in
+      regular expressions within certain filters can cause arbitrary IP
+      addresses to be banned. Furthermore, a local attacker could perform
+      symlink attacks to overwrite arbitrary files with the privileges of the
+      user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Fail2ban users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/fail2ban-0.8.12
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5023">CVE-2009-5023</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2178">CVE-2013-2178</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7176">CVE-2013-7176</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:06Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-06-01T15:17:17Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-04.xml b/metadata/glsa/glsa-201406-04.xml
new file mode 100644
index 000000000000..a99c235d5a1f
--- /dev/null
+++ b/metadata/glsa/glsa-201406-04.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-04">
+  <title>SystemTap: Denial of service</title>
+  <synopsis>A vulnerability in SystemTap could allow a local attacker to create
+    a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">systemtap</product>
+  <announced>2014-06-05</announced>
+  <revised count="1">2014-06-05</revised>
+  <bug>405345</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-util/systemtap" auto="yes" arch="*">
+      <unaffected range="ge">2.0</unaffected>
+      <vulnerable range="lt">2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SystemTap is a kernel profiling and instrumentation tool.</p>
+  </background>
+  <description>
+    <p>SystemTap does not properly handle DWARF expressions when unwinding the
+      stack.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker with SystemTap permissions could trigger a kernel
+      panic, causing a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disabling unprivileged mode is a temporary workaround for this
+      vulnerability.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All SystemTap users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/systemtap-2.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0875">CVE-2012-0875</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-30T22:59:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-05T00:18:26Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-05.xml b/metadata/glsa/glsa-201406-05.xml
new file mode 100644
index 000000000000..f04f8b375ac6
--- /dev/null
+++ b/metadata/glsa/glsa-201406-05.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-05">
+  <title>Mutt: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Mutt could allow remote attackers to execute
+    arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">mutt</product>
+  <announced>2014-06-05</announced>
+  <revised count="1">2014-06-05</revised>
+  <bug>504462</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">1.5.22-r3</unaffected>
+      <vulnerable range="lt">1.5.22-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but powerful text-based mail client. </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow has been discovered in the mutt_copy_hdr
+      function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted message, possibly
+      resulting in execution of arbitrary code with the privileges of the user
+      running Mutt or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-1.5.22-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0467">CVE-2014-0467</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-20T03:40:42Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-05T00:18:36Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-06.xml b/metadata/glsa/glsa-201406-06.xml
new file mode 100644
index 000000000000..83a71b867393
--- /dev/null
+++ b/metadata/glsa/glsa-201406-06.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-06">
+  <title>Mumble: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mumble, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">mumble</product>
+  <announced>2014-06-06</announced>
+  <revised count="1">2014-06-06</revised>
+  <bug>500486</bug>
+  <bug>510380</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mumble" auto="yes" arch="*">
+      <unaffected range="ge">1.2.6</unaffected>
+      <vulnerable range="lt">1.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mumble is low-latency voice chat software intended for use with gaming.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mumble:</p>
+    
+    <ul>
+      <li>A crafted length prefix value can trigger a heap-based buffer
+        overflow or NULL pointer dereference in the
+        opus_packet_get_samples_per_frame function (CVE-2014-0044)
+      </li>
+      <li>A crafted packet can trigger an error in the opus_decode_float
+        function, leading to a heap-based buffer overflow (CVE-2014-0045)
+      </li>
+      <li>A crafted SVG referencing local files can lead to resource exhaustion
+        or hangs (CVE-2014-3755)
+      </li>
+      <li>Mumble does not properly escape HTML in some external strings before
+        displaying them (CVE-2014-3756)
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mumble users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/mumble-1.2.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0044">CVE-2014-0044</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0045">CVE-2014-0045</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3755">CVE-2014-3755</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3756">CVE-2014-3756</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-21T03:01:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-06T12:14:42Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-07.xml b/metadata/glsa/glsa-201406-07.xml
new file mode 100644
index 000000000000..cea16bf5800d
--- /dev/null
+++ b/metadata/glsa/glsa-201406-07.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-07">
+  <title>Echoping: Buffer Overflow Vulnerabilities</title>
+  <synopsis>A buffer overflow in Echoping might allow remote attackers to cause
+    a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">echoping</product>
+  <announced>2014-06-06</announced>
+  <revised count="1">2014-06-06</revised>
+  <bug>349569</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/echoping" auto="yes" arch="*">
+      <unaffected range="ge">6.0.2_p434</unaffected>
+      <vulnerable range="lt">6.0.2_p434</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Echoping is a small program to test performances of a
+      remote host by sending it TCP packets.
+    </p>
+  </background>
+  <description>
+    <p>A boundary error exists within the “TLS_readline()” function, which
+      can be exploited to overflow a global buffer by sending an overly long
+      encrypted HTTP reply to Echoping. Also, a similar boundary error exists
+      within the “SSL_readline()” function, which can be exploited in the
+      same manner.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted HTTP reply, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Echoping users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/echoping-6.0.2_p434"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5111">CVE-2010-5111</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-10-17T11:46:53Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-06T12:23:36Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-08.xml b/metadata/glsa/glsa-201406-08.xml
new file mode 100644
index 000000000000..c32fdcefe1aa
--- /dev/null
+++ b/metadata/glsa/glsa-201406-08.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-08">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player,
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2014-06-10</announced>
+  <revised count="1">2014-06-10</revised>
+  <bug>510278</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.359</unaffected>
+      <vulnerable range="lt">11.2.202.359</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute
+      arbitrary code with the privileges of the process, or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.359"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510">CVE-2014-0510</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516">CVE-2014-0516</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517">CVE-2014-0517</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518">CVE-2014-0518</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519">CVE-2014-0519</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520">CVE-2014-0520</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-14T09:40:39Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-06-10T09:22:32Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-09.xml b/metadata/glsa/glsa-201406-09.xml
new file mode 100644
index 000000000000..3dbbc91410ac
--- /dev/null
+++ b/metadata/glsa/glsa-201406-09.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-09">
+  <title>GnuTLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in GnuTLS, the worst
+    of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2014-06-13</announced>
+  <revised count="1">2014-06-13</revised>
+  <bug>501282</bug>
+  <bug>503394</bug>
+  <bug>511840</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">2.12.23-r6</unaffected>
+      <vulnerable range="lt">2.12.23-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0
+      protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GnuTLS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could utilize multiple vectors to spoof arbitrary SSL
+      servers via a crafted certificate, execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-2.12.23-r6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0092">CVE-2014-0092</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1959">CVE-2014-1959</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3465">CVE-2014-3465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3466">CVE-2014-3466</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-03-24T21:52:06Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-13T19:35:08Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-10.xml b/metadata/glsa/glsa-201406-10.xml
new file mode 100644
index 000000000000..b433da16c7d4
--- /dev/null
+++ b/metadata/glsa/glsa-201406-10.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-10">
+  <title>lighttpd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in lighttpd, allowing
+    remote attackers cause a Denial of Service condition or execute arbitrary
+    SQL statements.
+  </synopsis>
+  <product type="ebuild">lighttpd</product>
+  <announced>2014-06-13</announced>
+  <revised count="1">2014-06-13</revised>
+  <bug>392581</bug>
+  <bug>444179</bug>
+  <bug>490432</bug>
+  <bug>491154</bug>
+  <bug>504330</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/lighttpd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.35</unaffected>
+      <vulnerable range="lt">1.4.35</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>lighttpd is a lightweight high-performance web server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in lighttpd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could create a Denial of Service condition.
+      Futhermore, a remote attacker may be able to execute arbitrary SQL
+      statements.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All lighttpd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/lighttpd-1.4.35"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4362">CVE-2011-4362</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5533">CVE-2012-5533</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4508">CVE-2013-4508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4559">CVE-2013-4559</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4560">CVE-2013-4560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2323">CVE-2014-2323</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-03-06T01:13:56Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-06-13T20:40:42Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-11.xml b/metadata/glsa/glsa-201406-11.xml
new file mode 100644
index 000000000000..7d51ae825dbc
--- /dev/null
+++ b/metadata/glsa/glsa-201406-11.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-11">
+  <title>libXfont: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libXfont, the worst of
+    which allow for local privilege escalation. 
+  </synopsis>
+  <product type="ebuild">libXfont</product>
+  <announced>2014-06-14</announced>
+  <revised count="1">2014-06-14</revised>
+  <bug>510250</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.4.8</unaffected>
+      <vulnerable range="lt">1.4.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libXfont is an X11 font rasterisation library. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libXfont. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker could use a specially crafted file to gain
+      privileges, cause a Denial of Service condition or possibly execute
+      arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libXfont users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.4.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0209">CVE-2014-0209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0210">CVE-2014-0210</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0211">CVE-2014-0211</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-10T00:46:03Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-14T08:39:05Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-12.xml b/metadata/glsa/glsa-201406-12.xml
new file mode 100644
index 000000000000..25b550027560
--- /dev/null
+++ b/metadata/glsa/glsa-201406-12.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-12">
+  <title>FreeRADIUS: Arbitrary code execution</title>
+  <synopsis>A vulnerability in FreeRADIUS can lead to arbitrary code execution
+    or Denial of Service by authenticated users.
+  </synopsis>
+  <product type="ebuild">freeradius</product>
+  <announced>2014-06-15</announced>
+  <revised count="1">2014-06-15</revised>
+  <bug>501754</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5</unaffected>
+      <vulnerable range="lt">2.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeRADIUS is an open source RADIUS authentication server.</p>
+  </background>
+  <description>
+    <p>Large passwords can trigger a stack-based buffer overflow in
+      FreeRADIUS’s rlm_pap module when authenticating against an LDAP server.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An authenticated user could set a specially crafted long password,
+      possibly leading to arbitrary code execution or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeRADIUS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/freeradius-2.2.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2015">CVE-2014-2015</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-20T04:12:59Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-15T00:12:35Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-13.xml b/metadata/glsa/glsa-201406-13.xml
new file mode 100644
index 000000000000..edee5ee1a35b
--- /dev/null
+++ b/metadata/glsa/glsa-201406-13.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-13">
+  <title>memcached: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in memcached, allowing
+    remote attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">memcached</product>
+  <announced>2014-06-15</announced>
+  <revised count="1">2014-06-15</revised>
+  <bug>279386</bug>
+  <bug>452098</bug>
+  <bug>467962</bug>
+  <bug>496506</bug>
+  <bug>498078</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/memcached" auto="yes" arch="*">
+      <unaffected range="ge">1.4.17</unaffected>
+      <vulnerable range="lt">1.4.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>memcached is a high-performance, distributed memory object caching
+      system
+    </p>
+  </background>
+  <description>
+    <p>memcached authentication could be bypassed when using SASL due to a flaw
+      related to SASL authentication state. Also several heap-based buffer
+      overflows due to integer conversions when parsing certain length
+      attributes were discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute
+      arbitrary code with the privileges of the process, cause a Denial of
+      Service condition or authenticate with invalid SASL credentials,
+      bypassing memcached authentication completely.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All memcached users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/memcached-1.4.17"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2415">CVE-2009-2415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7239">CVE-2013-7239</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4971">CVE-2011-4971</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0179">CVE-2013-0179</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7290">CVE-2013-7290</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7291">CVE-2013-7291</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-01-28T06:07:00Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-15T00:21:52Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-14.xml b/metadata/glsa/glsa-201406-14.xml
new file mode 100644
index 000000000000..5c3b5f8f06b2
--- /dev/null
+++ b/metadata/glsa/glsa-201406-14.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-14">
+  <title>Opera: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Opera, the worst of
+    which may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">opera</product>
+  <announced>2014-06-15</announced>
+  <revised count="1">2014-06-15</revised>
+  <bug>442044</bug>
+  <bug>444040</bug>
+  <bug>446096</bug>
+  <bug>454654</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/opera" auto="yes" arch="*">
+      <unaffected range="ge">12.13_p1734</unaffected>
+      <vulnerable range="lt">12.13_p1734</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Opera is a fast web browser that is available free of charge.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Opera. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      page using Opera, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+      Furthermore, a remote attacker may be able to obtain sensitive
+      information, conduct Cross-Site Scripting (XSS) attacks, or bypass
+      security restrictions.
+    </p>
+    
+    <p>A local attacker may be able to obtain sensitive information.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Opera users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/opera-12.13_p1734"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6461">CVE-2012-6461</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6462">CVE-2012-6462</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6463">CVE-2012-6463</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6464">CVE-2012-6464</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6465">CVE-2012-6465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6466">CVE-2012-6466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6467">CVE-2012-6467</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6468">CVE-2012-6468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6469">CVE-2012-6469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6470">CVE-2012-6470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6471">CVE-2012-6471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6472">CVE-2012-6472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1618">CVE-2013-1618</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1637">CVE-2013-1637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1638">CVE-2013-1638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1639">CVE-2013-1639</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-11-13T00:45:56Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-06-15T00:23:54Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-15.xml b/metadata/glsa/glsa-201406-15.xml
new file mode 100644
index 000000000000..a3cbc86bc149
--- /dev/null
+++ b/metadata/glsa/glsa-201406-15.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-15">
+  <title>KDirStat: Arbitrary command execution</title>
+  <synopsis>A vulnerability in KDirStat could allow local attackers to execute
+    arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">kdirstat</product>
+  <announced>2014-06-15</announced>
+  <revised count="1">2014-06-15</revised>
+  <bug>504994</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-misc/kdirstat" auto="yes" arch="*">
+      <unaffected range="ge">2.7.5</unaffected>
+      <vulnerable range="lt">2.7.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KDirStat is a graphical disk usage utility for KDE.</p>
+  </background>
+  <description>
+    <p>Missing escape of executable shell command in KDirStat can be used to
+      insert malicious shell commands.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly execute arbitrary shell command with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KDirStat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-misc/kdirstat-2.7.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2527">CVE-2014-2527</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-03-21T08:40:23Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-15T16:22:38Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-16.xml b/metadata/glsa/glsa-201406-16.xml
new file mode 100644
index 000000000000..5bca73ef3470
--- /dev/null
+++ b/metadata/glsa/glsa-201406-16.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-16">
+  <title>cups-filters: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cups-filters, worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">cups-filters</product>
+  <announced>2014-06-16</announced>
+  <revised count="1">2014-06-16</revised>
+  <bug>504474</bug>
+  <bug>506518</bug>
+  <bug>508844</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-print/cups-filters" auto="yes" arch="*">
+      <unaffected range="ge">1.0.53</unaffected>
+      <vulnerable range="lt">1.0.53</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cups-filters is an OpenPrinting CUPS Filters.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cups-filters. Please
+      review the CVE identifiers referenced below for more details about the
+      vulnerabilities. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker(s) could possibly execute arbitrary code utilizing
+      multiple attack vectors, or a local attacker could gain escalated
+      privileges via a specially crafted shared library.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cups-filters users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-filters-1.0.53"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6473">CVE-2013-6473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6474">CVE-2013-6474</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6475">CVE-2013-6475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6476">CVE-2013-6476</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2707">CVE-2014-2707</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-16T05:04:01Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-16T17:40:51Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-17.xml b/metadata/glsa/glsa-201406-17.xml
new file mode 100644
index 000000000000..5361610e6a37
--- /dev/null
+++ b/metadata/glsa/glsa-201406-17.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-17">
+  <title>Adobe Flash Player: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player,
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2014-06-17</announced>
+  <revised count="1">2014-06-17</revised>
+  <bug>512888</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.378 </unaffected>
+      <vulnerable range="lt">11.2.202.378 </vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, conduct
+      Cross-Site Scripting (XSS) attacks, or bypass 
+      security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.378 "
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0531">CVE-2014-0531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0532">CVE-2014-0532</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0533">CVE-2014-0533</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0534">CVE-2014-0534</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0535">CVE-2014-0535</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0536">CVE-2014-0536</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-10T21:21:15Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-06-17T05:52:17Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-18.xml b/metadata/glsa/glsa-201406-18.xml
new file mode 100644
index 000000000000..b9f2d0d9c5a3
--- /dev/null
+++ b/metadata/glsa/glsa-201406-18.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-18">
+  <title>rxvt-unicode: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in rxvt-unicode may allow a remote attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rxvt-unicode</product>
+  <announced>2014-06-19</announced>
+  <revised count="1">2014-06-19</revised>
+  <bug>509174</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-terms/rxvt-unicode" auto="yes" arch="*">
+      <unaffected range="ge">9.20</unaffected>
+      <vulnerable range="lt">9.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>rxvt-unicode (urxvt) is a clone of the rxvt terminal emulator.</p>
+  </background>
+  <description>
+    <p>rxvt-unicode does not properly handle OSC escape sequences, including
+      those used to read and write X window properties.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to run a specially crafted file
+      using rxvt-unicode, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rxvt-unicode users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-terms/rxvt-unicode-9.20"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3121">CVE-2014-3121</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-20T04:08:05Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-19T11:53:01Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-19.xml b/metadata/glsa/glsa-201406-19.xml
new file mode 100644
index 000000000000..596ac2e9d082
--- /dev/null
+++ b/metadata/glsa/glsa-201406-19.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-19">
+  <title>Mozilla Network Security Service: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been discovered in Mozilla Network
+    Security Service, the worst of which could lead to Denial of Service. 
+  </synopsis>
+  <product type="ebuild">nss</product>
+  <announced>2014-06-21</announced>
+  <revised count="1">2014-06-21</revised>
+  <bug>455558</bug>
+  <bug>486114</bug>
+  <bug>491234</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.15.3</unaffected>
+      <vulnerable range="lt">3.15.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Mozilla Network Security Service is a library implementing security
+      features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
+      S/MIME and X.509 certificates. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Mozilla Network
+      Security Service. Please review the CVE identifiers referenced below for
+      more details about the vulnerabilities. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Network Security Service users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.15.3"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1620">CVE-2013-1620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1739">CVE-2013-1739</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741">CVE-2013-1741</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566">CVE-2013-2566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605">CVE-2013-5605</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606">CVE-2013-5606</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607">CVE-2013-5607</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T01:57:31Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-21T21:43:15Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-20.xml b/metadata/glsa/glsa-201406-20.xml
new file mode 100644
index 000000000000..117d2ba4e281
--- /dev/null
+++ b/metadata/glsa/glsa-201406-20.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-20">
+  <title>nginx: Arbitrary code execution</title>
+  <synopsis>A vulnerability has been found in nginx which may allow execution
+    of arbitrary code. 
+  </synopsis>
+  <product type="ebuild">nginx</product>
+  <announced>2014-06-22</announced>
+  <revised count="1">2014-06-22</revised>
+  <bug>505018</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge">1.4.7</unaffected>
+      <vulnerable range="lt">1.4.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server. 
+    </p>
+  </background>
+  <description>
+    <p>A bug in the SPDY implementation in nginx was found which might cause a
+      heap memory buffer overflow in a worker process by using a specially
+      crafted request. The SPDY implementation is not enabled in default
+      configurations.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause execution of arbitrary code by using a
+      specially crafted request.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable the spdy module in NGINX_MODULES_HTTP. </p>
+  </workaround>
+  <resolution>
+    <p>All nginx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.4.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133">CVE-2014-0133</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-18T23:50:11Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-22T11:57:03Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-21.xml b/metadata/glsa/glsa-201406-21.xml
new file mode 100644
index 000000000000..b090cc9eb73c
--- /dev/null
+++ b/metadata/glsa/glsa-201406-21.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-21">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in cURL, the worst of
+    which could lead to man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2014-06-22</announced>
+  <revised count="1">2014-06-22</revised>
+  <bug>505864</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.36.0</unaffected>
+      <vulnerable range="lt">7.36.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cURL is a command line tool for transferring files with URL syntax,
+      supporting numerous protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a man-in-the-middle attack via a crafted
+      certificate issued by a legitimate certification authority. Furthermore,
+      a context-dependent attacker may be able to bypass security restrictions
+      by connecting as other users.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.36.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0138">CVE-2014-0138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0139">CVE-2014-0139</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-10T01:49:53Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-22T13:14:51Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-22.xml b/metadata/glsa/glsa-201406-22.xml
new file mode 100644
index 000000000000..008a86b66e80
--- /dev/null
+++ b/metadata/glsa/glsa-201406-22.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-22">
+  <title>Network Audio System: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Network Audio System,
+    the worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">nas</product>
+  <announced>2014-06-25</announced>
+  <revised count="1">2014-06-25</revised>
+  <bug>484480</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/nas" auto="yes" arch="*">
+      <unaffected range="ge">1.9.4</unaffected>
+      <vulnerable range="lt">1.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Network Audio System is a network transparent, client/server audio
+      transport system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Network Audio System.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could possibly execute arbitrary code with
+      the privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Network Audio System users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/nas-1.9.4"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4256">CVE-2013-4256</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4258">CVE-2013-4258</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T02:31:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-25T20:32:15Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-23.xml b/metadata/glsa/glsa-201406-23.xml
new file mode 100644
index 000000000000..e80c53dc8e7b
--- /dev/null
+++ b/metadata/glsa/glsa-201406-23.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-23">
+  <title>DenyHosts: Denial of service</title>
+  <synopsis>A vulnerability in DenyHosts could allow a remote attacker to
+    create a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">denyhost</product>
+  <announced>2014-06-25</announced>
+  <revised count="1">2014-06-25</revised>
+  <bug>495130</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/denyhosts" auto="yes" arch="*">
+      <unaffected range="ge">2.6-r9</unaffected>
+      <vulnerable range="lt">2.6-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>DenyHosts is a script intended to be run by Linux system administrators
+      to help thwart SSH server attacks.
+    </p>
+  </background>
+  <description>
+    <p>DenyHosts does not properly define the regular expressions used when
+      parsing SSH authentication logs.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      a crafted login name.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All DenyHost users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/denyhosts-2.6-r9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6890">CVE-2013-6890</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-16T04:56:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-25T20:54:12Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-24.xml b/metadata/glsa/glsa-201406-24.xml
new file mode 100644
index 000000000000..ee4e6c46930e
--- /dev/null
+++ b/metadata/glsa/glsa-201406-24.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-24">
+  <title>Dnsmasq: Denial of Service </title>
+  <synopsis>A vulnerability in Dnsmasq can lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">dnsmasq</product>
+  <announced>2014-06-25</announced>
+  <revised count="1">2014-06-25</revised>
+  <bug>436894</bug>
+  <bug>453170</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.66</unaffected>
+      <vulnerable range="lt">2.66</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
+      server. 
+    </p>
+  </background>
+  <description>
+    <p>When used with certain libvirt configurations Dnsmasq replies to queries
+      from prohibited interfaces. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attackers can cause a Denial of Service via spoofed TCP based
+      DNS queries. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dnsmasq users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.66"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3411">CVE-2012-3411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0198">CVE-2013-0198</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T03:08:23Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-25T21:36:31Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-25.xml b/metadata/glsa/glsa-201406-25.xml
new file mode 100644
index 000000000000..8703f2b446d9
--- /dev/null
+++ b/metadata/glsa/glsa-201406-25.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-25">
+  <title>Asterisk: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been discovered in Asterisk, the
+    worst of which could allow privileged users to execute arbitrary system
+    shell commands.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2014-06-25</announced>
+  <revised count="2">2014-06-25</revised>
+  <bug>513102</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">11.10.2</unaffected>
+      <unaffected range="rge">1.8.28.2</unaffected>
+      <vulnerable range="lt">11.10.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Asterisk. Please review
+      the CVE identifiers below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker that gains access to a privileged Asterisk account can
+      execute arbitrary system shell commands. Furthermore an unprivileged
+      remote attacker could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk 11 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-11.10.2"
+    </code>
+    
+    <p>All Asterisk 1.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.28.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4046">CVE-2014-4046</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4047">CVE-2014-4047</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-24T02:00:18Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-25T21:51:56Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-26.xml b/metadata/glsa/glsa-201406-26.xml
new file mode 100644
index 000000000000..d6f1285460e2
--- /dev/null
+++ b/metadata/glsa/glsa-201406-26.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-26">
+  <title>Django: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found Django, the worst of which
+    may allow a remote attacker to execute code.
+  </synopsis>
+  <product type="ebuild">django</product>
+  <announced>2014-06-26</announced>
+  <revised count="2">2014-12-03</revised>
+  <bug>508514</bug>
+  <bug>510382</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/django" auto="yes" arch="*">
+      <unaffected range="ge">1.6.5</unaffected>
+      <unaffected range="rge">1.5.8</unaffected>
+      <unaffected range="rge">1.4.13</unaffected>
+      <unaffected range="rge">1.5.10</unaffected>
+      <unaffected range="rge">1.4.15</unaffected>
+      <vulnerable range="lt">1.6.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Django is a Python-based web framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Django. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute code with the privileges of the process,
+      modify SQL queries, or disclose sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Django 1.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.6.5"
+    </code>
+    
+    <p>All Django 1.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.5.8"
+    </code>
+    
+    <p>All Django 1.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.4.13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0472">CVE-2014-0472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0473">CVE-2014-0473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0474">CVE-2014-0474</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1418">CVE-2014-1418</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-02T18:37:13Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-03T01:03:38Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-27.xml b/metadata/glsa/glsa-201406-27.xml
new file mode 100644
index 000000000000..9707a95f53a1
--- /dev/null
+++ b/metadata/glsa/glsa-201406-27.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-27">
+  <title>polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation</title>
+  <synopsis>A race condition in polkit could allow a local attacker to gain
+    escalated privileges.
+  </synopsis>
+  <product type="ebuild">polkit spice-gtk systemd hplip libvirt</product>
+  <announced>2014-06-26</announced>
+  <revised count="1">2014-06-26</revised>
+  <bug>484486</bug>
+  <bug>484488</bug>
+  <bug>485420</bug>
+  <bug>485546</bug>
+  <bug>485904</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-print/hplip" auto="yes" arch="*">
+      <unaffected range="ge">3.14.1</unaffected>
+      <vulnerable range="lt">3.14.1</vulnerable>
+    </package>
+    <package name="net-misc/spice-gtk" auto="yes" arch="*">
+      <unaffected range="ge">0.21</unaffected>
+      <vulnerable range="lt">0.21</vulnerable>
+    </package>
+    <package name="sys-apps/systemd" auto="yes" arch="*">
+      <unaffected range="ge">204-r1</unaffected>
+      <vulnerable range="lt">204-r1</vulnerable>
+    </package>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2-r3</unaffected>
+      <vulnerable range="lt">1.1.2-r3</vulnerable>
+    </package>
+    <package name="sys-auth/polkit" auto="yes" arch="*">
+      <unaffected range="ge">0.112</unaffected>
+      <vulnerable range="lt">0.112</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>polkit is a toolkit for managing policies relating to unprivileged
+      processes communicating with privileged processes.
+    </p>
+  </background>
+  <description>
+    <p>polkit has a race condition which potentially allows a process to change
+      its UID/EUID via suid or pkexec before authentication is completed.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could start a suid or pkexec process through a
+      polkit-enabled application, which could result in privilege escalation or
+      bypass of polkit restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All polkit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/polkit-0.112"
+    </code>
+    
+    <p>All HPLIP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/hplip-3.14.1"
+    </code>
+    
+    <p>All Spice-Gtk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/spice-gtk-0.21"
+    </code>
+    
+    <p>All systemd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/systemd-204-r1"
+    </code>
+    
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-1.1.2-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4288">CVE-2013-4288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4311">CVE-2013-4311</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4324">CVE-2013-4324</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4325">CVE-2013-4325</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4327">CVE-2013-4327</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-09-29T15:18:50Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-06-26T22:23:13Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-28.xml b/metadata/glsa/glsa-201406-28.xml
new file mode 100644
index 000000000000..b5d1cf6ee761
--- /dev/null
+++ b/metadata/glsa/glsa-201406-28.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-28">
+  <title>Libav: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Libav, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">libav</product>
+  <announced>2014-06-26</announced>
+  <revised count="1">2014-06-26</revised>
+  <bug>439052</bug>
+  <bug>452202</bug>
+  <bug>470734</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/libav" auto="yes" arch="*">
+      <unaffected range="ge">0.8.7</unaffected>
+      <vulnerable range="lt">0.8.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libav is a complete solution to record, convert and stream audio and
+      video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Libav. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file in an application linked against Libav, possibly resulting in
+      execution of arbitrary code with the privileges of the application or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/libav-0.8.7"
+    </code>
+    <p>Packages which depend on this library may need to be recompiled. Tools such
+    as revdep-rebuild may assist in identifying these packages.
+    </p>
+</resolution>
+<references>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772">CVE-2012-2772</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775">CVE-2012-2775</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776">CVE-2012-2776</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777">CVE-2012-2777</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779">CVE-2012-2779</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783">CVE-2012-2783</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784">CVE-2012-2784</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786">CVE-2012-2786</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787">CVE-2012-2787</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788">CVE-2012-2788</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789">CVE-2012-2789</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790">CVE-2012-2790</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791">CVE-2012-2791</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793">CVE-2012-2793</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794">CVE-2012-2794</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796">CVE-2012-2796</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797">CVE-2012-2797</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798">CVE-2012-2798</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800">CVE-2012-2800</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801">CVE-2012-2801</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802">CVE-2012-2802</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803">CVE-2012-2803</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804">CVE-2012-2804</uri>
+  <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144">CVE-2012-5144</uri>
+</references>
+<metadata tag="requester" timestamp="2012-12-01T19:41:59Z">ackle</metadata>
+<metadata tag="submitter" timestamp="2014-06-26T23:11:02Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-29.xml b/metadata/glsa/glsa-201406-29.xml
new file mode 100644
index 000000000000..c7e574adf784
--- /dev/null
+++ b/metadata/glsa/glsa-201406-29.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-29">
+  <title>spice-gtk: Privilege escalation</title>
+  <synopsis>A vulnerability in spice-gtk could allow local attackers to gain
+    escalated privileges.
+  </synopsis>
+  <product type="ebuild">spice-gtk</product>
+  <announced>2014-06-26</announced>
+  <revised count="1">2014-06-26</revised>
+  <bug>435694</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/spice-gtk" auto="yes" arch="*">
+      <unaffected range="ge">0.14</unaffected>
+      <vulnerable range="lt">0.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>spice-gtk is a set of GObject and Gtk objects for connecting to Spice
+      servers and a client GUI.
+    </p>
+  </background>
+  <description>
+    <p>spice-gtk does not properly sanitize the DBUS_SYSTEM_BUS_ADDRESS
+      environment variable.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All spice-gtk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/spice-gtk-0.14"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4425">CVE-2012-4425</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-16T21:53:39Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-06-26T23:23:49Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-30.xml b/metadata/glsa/glsa-201406-30.xml
new file mode 100644
index 000000000000..e0a5069376cf
--- /dev/null
+++ b/metadata/glsa/glsa-201406-30.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-30">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>A vulnerability has been found in sudo allowing a local attacker to
+    gain elevated privileges. 
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2014-06-27</announced>
+  <revised count="1">2014-06-27</revised>
+  <bug>503586</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5</unaffected>
+      <unaffected range="lt">1.6.9</unaffected>
+      <vulnerable range="lt">1.8.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo allows a system administrator to give users the ability to run
+      commands as other users. Access to commands may also be granted on a
+      range to hosts. 
+    </p>
+  </background>
+  <description>
+    <p>When the Sudo env_reset option is disabled (it is enabled by default),
+      certain environment variables are not blacklisted as expected.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker, authorized to run commands using sudo, can use this
+      flaw to execute arbitrary code or escalate his privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0106">CVE-2014-0106</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-18T23:56:18Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-27T08:30:38Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-31.xml b/metadata/glsa/glsa-201406-31.xml
new file mode 100644
index 000000000000..bfab1b121282
--- /dev/null
+++ b/metadata/glsa/glsa-201406-31.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-31">
+  <title>Konqueror: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Konqueror, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">konqueror</product>
+  <announced>2014-06-27</announced>
+  <revised count="1">2014-06-27</revised>
+  <bug>438452</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-base/konqueror" auto="yes" arch="*">
+      <unaffected range="ge">4.9.3-r1</unaffected>
+      <vulnerable range="lt">4.9.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Konqueror is the KDE web browser and file manager.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Konqueror. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted web
+      site using Konqueror, possibly resulting in the execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Konqueror users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-base/konqueror-4.9.3-r1"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
+      available since November 11, 2012. It is likely that your system is
+      already no longer affected by this issue.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4512">CVE-2012-4512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4513">CVE-2012-4513</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4514">CVE-2012-4514</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4515">CVE-2012-4515</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-01T14:03:35Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-06-27T14:04:10Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-32.xml b/metadata/glsa/glsa-201406-32.xml
new file mode 100644
index 000000000000..4765829ff1a7
--- /dev/null
+++ b/metadata/glsa/glsa-201406-32.xml
@@ -0,0 +1,305 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-32">
+  <title>IcedTea JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the IcedTea JDK, the
+    worst of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">icedtea-bin</product>
+  <announced>2014-06-29</announced>
+  <revised count="2">2016-04-19</revised>
+  <bug>312297</bug>
+  <bug>330205</bug>
+  <bug>340819</bug>
+  <bug>346799</bug>
+  <bug>352035</bug>
+  <bug>353418</bug>
+  <bug>354231</bug>
+  <bug>355127</bug>
+  <bug>370787</bug>
+  <bug>387637</bug>
+  <bug>404095</bug>
+  <bug>421031</bug>
+  <bug>429522</bug>
+  <bug>433389</bug>
+  <bug>438750</bug>
+  <bug>442478</bug>
+  <bug>457206</bug>
+  <bug>458410</bug>
+  <bug>461714</bug>
+  <bug>466822</bug>
+  <bug>477210</bug>
+  <bug>489570</bug>
+  <bug>508270</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge">6.1.13.3</unaffected>
+      <unaffected range="lt">6</unaffected>
+      <vulnerable range="lt">6.1.13.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>IcedTea is a distribution of the Java OpenJDK source code built with
+      free build tools.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the IcedTea JDK. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, bypass intended security policies, or have other
+      unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All IcedTea JDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-6.1.13.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555">CVE-2009-3555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548">CVE-2010-2548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783">CVE-2010-2783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541">CVE-2010-3541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548">CVE-2010-3548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549">CVE-2010-3549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551">CVE-2010-3551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553">CVE-2010-3553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554">CVE-2010-3554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557">CVE-2010-3557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561">CVE-2010-3561</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562">CVE-2010-3562</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564">CVE-2010-3564</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565">CVE-2010-3565</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566">CVE-2010-3566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567">CVE-2010-3567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568">CVE-2010-3568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569">CVE-2010-3569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573">CVE-2010-3573</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574">CVE-2010-3574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860">CVE-2010-3860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351">CVE-2010-4351</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448">CVE-2010-4448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450">CVE-2010-4450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465">CVE-2010-4465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467">CVE-2010-4467</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469">CVE-2010-4469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470">CVE-2010-4470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471">CVE-2010-4471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472">CVE-2010-4472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476">CVE-2010-4476</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025">CVE-2011-0025</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706">CVE-2011-0706</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815">CVE-2011-0815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822">CVE-2011-0822</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862">CVE-2011-0862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864">CVE-2011-0864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865">CVE-2011-0865</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868">CVE-2011-0868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869">CVE-2011-0869</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870">CVE-2011-0870</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871">CVE-2011-0871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872">CVE-2011-0872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389">CVE-2011-3389</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521">CVE-2011-3521</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544">CVE-2011-3544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547">CVE-2011-3547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548">CVE-2011-3548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551">CVE-2011-3551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552">CVE-2011-3552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553">CVE-2011-3553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554">CVE-2011-3554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556">CVE-2011-3556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557">CVE-2011-3557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558">CVE-2011-3558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560">CVE-2011-3560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563">CVE-2011-3563</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571">CVE-2011-3571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035">CVE-2011-5035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497">CVE-2012-0497</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501">CVE-2012-0501</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502">CVE-2012-0502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503">CVE-2012-0503</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505">CVE-2012-0505</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506">CVE-2012-0506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547">CVE-2012-0547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711">CVE-2012-1711</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713">CVE-2012-1713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716">CVE-2012-1716</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717">CVE-2012-1717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718">CVE-2012-1718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719">CVE-2012-1719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723">CVE-2012-1723</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724">CVE-2012-1724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725">CVE-2012-1725</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726">CVE-2012-1726</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216">CVE-2012-3216</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422">CVE-2012-3422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423">CVE-2012-3423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416">CVE-2012-4416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540">CVE-2012-4540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068">CVE-2012-5068</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069">CVE-2012-5069</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070">CVE-2012-5070</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071">CVE-2012-5071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072">CVE-2012-5072</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073">CVE-2012-5073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074">CVE-2012-5074</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075">CVE-2012-5075</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076">CVE-2012-5076</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077">CVE-2012-5077</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081">CVE-2012-5081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084">CVE-2012-5084</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085">CVE-2012-5085</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086">CVE-2012-5086</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087">CVE-2012-5087</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089">CVE-2012-5089</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979">CVE-2012-5979</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169">CVE-2013-0169</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401">CVE-2013-0401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424">CVE-2013-0424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425">CVE-2013-0425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426">CVE-2013-0426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427">CVE-2013-0427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428">CVE-2013-0428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429">CVE-2013-0429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431">CVE-2013-0431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432">CVE-2013-0432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433">CVE-2013-0433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434">CVE-2013-0434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435">CVE-2013-0435</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440">CVE-2013-0440</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441">CVE-2013-0441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442">CVE-2013-0442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443">CVE-2013-0443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444">CVE-2013-0444</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450">CVE-2013-0450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809">CVE-2013-0809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475">CVE-2013-1475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476">CVE-2013-1476</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478">CVE-2013-1478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480">CVE-2013-1480</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484">CVE-2013-1484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485">CVE-2013-1485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486">CVE-2013-1486</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488">CVE-2013-1488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493">CVE-2013-1493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500">CVE-2013-1500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518">CVE-2013-1518</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537">CVE-2013-1537</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557">CVE-2013-1557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569">CVE-2013-1569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571">CVE-2013-1571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383">CVE-2013-2383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384">CVE-2013-2384</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407">CVE-2013-2407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412">CVE-2013-2412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415">CVE-2013-2415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417">CVE-2013-2417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419">CVE-2013-2419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420">CVE-2013-2420</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421">CVE-2013-2421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422">CVE-2013-2422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423">CVE-2013-2423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424">CVE-2013-2424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426">CVE-2013-2426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429">CVE-2013-2429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430">CVE-2013-2430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431">CVE-2013-2431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436">CVE-2013-2436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443">CVE-2013-2443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444">CVE-2013-2444</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445">CVE-2013-2445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446">CVE-2013-2446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447">CVE-2013-2447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448">CVE-2013-2448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449">CVE-2013-2449</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450">CVE-2013-2450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451">CVE-2013-2451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452">CVE-2013-2452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453">CVE-2013-2453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454">CVE-2013-2454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455">CVE-2013-2455</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456">CVE-2013-2456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457">CVE-2013-2457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458">CVE-2013-2458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459">CVE-2013-2459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460">CVE-2013-2460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461">CVE-2013-2461</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463">CVE-2013-2463</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465">CVE-2013-2465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469">CVE-2013-2469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470">CVE-2013-2470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471">CVE-2013-2471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472">CVE-2013-2472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473">CVE-2013-2473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829">CVE-2013-3829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002">CVE-2013-4002</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772">CVE-2013-5772</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774">CVE-2013-5774</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778">CVE-2013-5778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780">CVE-2013-5780</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782">CVE-2013-5782</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783">CVE-2013-5783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784">CVE-2013-5784</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790">CVE-2013-5790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797">CVE-2013-5797</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800">CVE-2013-5800</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802">CVE-2013-5802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803">CVE-2013-5803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804">CVE-2013-5804</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805">CVE-2013-5805</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806">CVE-2013-5806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809">CVE-2013-5809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814">CVE-2013-5814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817">CVE-2013-5817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820">CVE-2013-5820</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823">CVE-2013-5823</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825">CVE-2013-5825</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829">CVE-2013-5829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830">CVE-2013-5830</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840">CVE-2013-5840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842">CVE-2013-5842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849">CVE-2013-5849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850">CVE-2013-5850</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851">CVE-2013-5851</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629">CVE-2013-6629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954">CVE-2013-6954</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429">CVE-2014-0429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446">CVE-2014-0446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451">CVE-2014-0451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452">CVE-2014-0452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453">CVE-2014-0453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456">CVE-2014-0456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457">CVE-2014-0457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458">CVE-2014-0458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459">CVE-2014-0459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460">CVE-2014-0460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461">CVE-2014-0461</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876">CVE-2014-1876</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397">CVE-2014-2397</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398">CVE-2014-2398</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403">CVE-2014-2403</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412">CVE-2014-2412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414">CVE-2014-2414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421">CVE-2014-2421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423">CVE-2014-2423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427">CVE-2014-2427</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:56Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-04-19T21:29:08Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-33.xml b/metadata/glsa/glsa-201406-33.xml
new file mode 100644
index 000000000000..851973038a51
--- /dev/null
+++ b/metadata/glsa/glsa-201406-33.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-33">
+  <title>Wireshark: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2014-06-29</announced>
+  <revised count="1">2014-06-29</revised>
+  <bug>503792</bug>
+  <bug>507298</bug>
+  <bug>508506</bug>
+  <bug>513094</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="rge">1.8.15</unaffected>
+      <unaffected range="ge">1.10.8</unaffected>
+      <vulnerable range="lt">1.10.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause arbitrary code execution or a Denial of
+      Service condition via a specially crafted packet.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark 1.8.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.8.15"
+    </code>
+    
+    <p>All Wireshark 1.10.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.10.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2281">CVE-2014-2281</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2282">CVE-2014-2282</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2283">CVE-2014-2283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2299">CVE-2014-2299</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2907">CVE-2014-2907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4020">CVE-2014-4020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4174">CVE-2014-4174</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-03-24T22:48:06Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-29T15:53:26Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-34.xml b/metadata/glsa/glsa-201406-34.xml
new file mode 100644
index 000000000000..88b999181402
--- /dev/null
+++ b/metadata/glsa/glsa-201406-34.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-34">
+  <title>KDE Libraries: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in KDE Libraries, the
+    worst of which could lead to man-in-the-middle attacks.
+  </synopsis>
+  <product type="ebuild">kdelibs</product>
+  <announced>2014-06-29</announced>
+  <revised count="1">2014-06-29</revised>
+  <bug>358025</bug>
+  <bug>384227</bug>
+  <bug>469140</bug>
+  <bug>513726</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="kde-base/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">4.12.5-r1</unaffected>
+      <vulnerable range="lt">4.12.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KDE is a feature-rich graphical desktop environment for Linux and
+      Unix-like operating systems. KDE Libraries contains libraries needed by
+      all KDE applications. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in KDE Libraries. Please
+      review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a man-in-the-middle attack via any 
+      certificate issued by a legitimate certification authority. Furthermore,
+      a local attacker may gain knowledge of user passwords through an
+      information leak.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KDE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-base/kdelibs-4.12.5-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1094">CVE-2011-1094</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365">CVE-2011-3365</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2074">CVE-2013-2074</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3494">CVE-2014-3494</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T02:43:30Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-29T20:18:59Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-35.xml b/metadata/glsa/glsa-201406-35.xml
new file mode 100644
index 000000000000..b4dffc6c0aff
--- /dev/null
+++ b/metadata/glsa/glsa-201406-35.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-35">
+  <title>Openfire: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Openfire, the worst of
+    which could lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openfire</product>
+  <announced>2014-06-30</announced>
+  <revised count="1">2014-06-30</revised>
+  <bug>266129</bug>
+  <bug>507242</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/openfire" auto="yes" arch="*">
+      <unaffected range="ge">3.9.2-r1</unaffected>
+      <vulnerable range="lt">3.9.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Openfire is a real time collaboration (RTC) server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Openfire. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition or
+      bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Openfire users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/openfire-3.9.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1595">CVE-2009-1595</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1596">CVE-2009-1596</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2741">CVE-2014-2741</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-10T01:12:58Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-30T17:52:11Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201406-36.xml b/metadata/glsa/glsa-201406-36.xml
new file mode 100644
index 000000000000..6b74642de664
--- /dev/null
+++ b/metadata/glsa/glsa-201406-36.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201406-36">
+  <title>OpenLDAP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in OpenLDAP, allowing for
+    Denial of Service or a man-in-the-middle attack.
+  </synopsis>
+  <product type="ebuild">OpenLDAP</product>
+  <announced>2014-06-30</announced>
+  <revised count="1">2014-06-30</revised>
+  <bug>290345</bug>
+  <bug>323777</bug>
+  <bug>355333</bug>
+  <bug>388605</bug>
+  <bug>407941</bug>
+  <bug>424167</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nds/openldap" auto="yes" arch="*">
+      <unaffected range="ge">2.4.35</unaffected>
+      <vulnerable range="lt">2.4.35</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenLDAP is an LDAP suite of application and development tools.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenLDAP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might employ a specially crafted certificate to
+      conduct man-in-the-middle attacks on SSL connections made using OpenLDAP,
+      bypass security restrictions or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenLDAP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-nds/openldap-2.4.35"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3767">CVE-2009-3767</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0211">CVE-2010-0211</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0212">CVE-2010-0212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1024">CVE-2011-1024</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1025">CVE-2011-1025</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1081">CVE-2011-1081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4079">CVE-2011-4079</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1164">CVE-2012-1164</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2668">CVE-2012-2668</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:10Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-06-30T19:44:53Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201407-01.xml b/metadata/glsa/glsa-201407-01.xml
new file mode 100644
index 000000000000..4a84a78e2233
--- /dev/null
+++ b/metadata/glsa/glsa-201407-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201407-01">
+  <title>OpenTTD: Denial of service</title>
+  <synopsis>A vulnerability in OpenTTD could allow a remote attacker to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openttd</product>
+  <announced>2014-07-07</announced>
+  <revised count="1">2014-07-07</revised>
+  <bug>492876</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-simulation/openttd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.3</unaffected>
+      <vulnerable range="lt">1.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenTTD is a clone of Transport Tycoon Deluxe.</p>
+  </background>
+  <description>
+    <p>The vulnerability is caused due to missing out-of-bound check within the
+      “HandleCrashedAircraft()” function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenTTD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-simulation/openttd-1.3.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6411">CVE-2013-6411</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T01:41:36Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-07-07T16:03:44Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201407-02.xml b/metadata/glsa/glsa-201407-02.xml
new file mode 100644
index 000000000000..97f933e5523f
--- /dev/null
+++ b/metadata/glsa/glsa-201407-02.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201407-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player,
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2014-07-09</announced>
+  <revised count="1">2014-07-09</revised>
+  <bug>516750</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.394</unaffected>
+      <vulnerable range="lt">11.2.202.394</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.394"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0537">CVE-2014-0537</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0539">CVE-2014-0539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4671">CVE-2014-4671</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-09T12:42:39Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-07-09T13:23:49Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201407-03.xml b/metadata/glsa/glsa-201407-03.xml
new file mode 100644
index 000000000000..e5a2e5dc67c4
--- /dev/null
+++ b/metadata/glsa/glsa-201407-03.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201407-03">
+  <title>Xen: Multiple Vunlerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2014-07-16</announced>
+  <revised count="1">2014-07-16</revised>
+  <bug>440768</bug>
+  <bug>484478</bug>
+  <bug>486354</bug>
+  <bug>497082</bug>
+  <bug>497084</bug>
+  <bug>497086</bug>
+  <bug>499054</bug>
+  <bug>499124</bug>
+  <bug>500528</bug>
+  <bug>500530</bug>
+  <bug>500536</bug>
+  <bug>501080</bug>
+  <bug>501906</bug>
+  <bug>505714</bug>
+  <bug>509054</bug>
+  <bug>513824</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulations/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.3.2-r4</unaffected>
+      <unaffected range="rge">4.2.4-r4</unaffected>
+      <vulnerable range="lt">4.3.2-r4</vulnerable>
+    </package>
+    <package name="app-emulations/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.3.2-r5</unaffected>
+      <unaffected range="rge">4.2.4-r6</unaffected>
+      <vulnerable range="lt">4.3.2-r5</vulnerable>
+    </package>
+    <package name="app-emulations/xen-pvgrub" auto="yes" arch="*">
+      <unaffected range="rge">4.3.2</unaffected>
+      <unaffected range="rge">4.2.4</unaffected>
+      <vulnerable range="lt">4.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker can utilize multiple vectors to execute arbitrary
+      code, cause Denial of Service, or gain access to data on the host.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen 4.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulations/xen-4.3.2-r2"
+    </code>
+    
+    <p>All Xen 4.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulations/xen-4.2.4-r2"
+    </code>
+    
+    <p>All xen-tools 4.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulations/xen-tools-4.3.2-r2"
+    </code>
+    
+    <p>All xen-tools 4.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulations/xen-tools-4.2.4-r2"
+    </code>
+    
+    <p>All Xen PVGRUB 4.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulations/xen-pvgrub-4.3.2"
+    </code>
+    
+    <p>All Xen PVGRUB 4.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulations/xen-pvgrub-4.2.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442">CVE-2013-1442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329">CVE-2013-4329</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355">CVE-2013-4355</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356">CVE-2013-4356</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361">CVE-2013-4361</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368">CVE-2013-4368</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369">CVE-2013-4369</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370">CVE-2013-4370</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371">CVE-2013-4371</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375">CVE-2013-4375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416">CVE-2013-4416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494">CVE-2013-4494</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551">CVE-2013-4551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553">CVE-2013-4553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554">CVE-2013-4554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375">CVE-2013-6375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400">CVE-2013-6400</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885">CVE-2013-6885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885">CVE-2013-6885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642">CVE-2014-1642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666">CVE-2014-1666</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891">CVE-2014-1891</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892">CVE-2014-1892</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893">CVE-2014-1893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894">CVE-2014-1894</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895">CVE-2014-1895</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896">CVE-2014-1896</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599">CVE-2014-2599</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124">CVE-2014-3124</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021">CVE-2014-4021</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-21T02:43:17Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-07-16T16:10:46Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201407-04.xml b/metadata/glsa/glsa-201407-04.xml
new file mode 100644
index 000000000000..92f3af8d0116
--- /dev/null
+++ b/metadata/glsa/glsa-201407-04.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201407-04">
+  <title>GnuPG: Denial of service</title>
+  <synopsis>A vulnerability in GnuPG can lead to a Denial of Service condition.</synopsis>
+  <product type="ebuild">GnuPG. </product>
+  <announced>2014-07-16</announced>
+  <revised count="1">2014-07-16</revised>
+  <bug>514718</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">2.0.24</unaffected>
+      <unaffected range="rge">1.4.17</unaffected>
+      <unaffected range="rge">1.4.18</unaffected>
+      <unaffected range="rge">1.4.19</unaffected>
+      <unaffected range="rge">1.4.20</unaffected>
+      <unaffected range="rge">1.4.21</unaffected>
+      <vulnerable range="lt">2.0.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
+      cryptographic software.
+    </p>
+  </background>
+  <description>
+    <p>GnuPG does not properly handle a specially crated compressed packet
+      resulting in an infinite loop.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker can cause a Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuPG 2.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-2.0.24"
+    </code>
+    
+    <p>All GnuPG 1.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.17"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4617">CVE-2014-4617</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-05T11:31:33Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-07-16T16:57:44Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201407-05.xml b/metadata/glsa/glsa-201407-05.xml
new file mode 100644
index 000000000000..ebd278ccbdf1
--- /dev/null
+++ b/metadata/glsa/glsa-201407-05.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201407-05">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, possibly
+    allowing remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2014-07-27</announced>
+  <revised count="2">2015-06-06</revised>
+  <bug>512506</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1h-r1</unaffected>
+      <unaffected range="rge">1.0.0m</unaffected>
+      <unaffected range="rge">0.9.8z_p1</unaffected>
+      <unaffected range="rge">0.9.8z_p2</unaffected>
+      <unaffected range="rge">0.9.8z_p3</unaffected>
+      <unaffected range="rge">0.9.8z_p4</unaffected>
+      <unaffected range="rge">0.9.8z_p5</unaffected>
+      <unaffected range="rge">0.9.8z_p6</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.1h-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers
+      referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send specially crafted DTLS fragments to an
+      OpenSSL DTLS client or server to possibly execute arbitrary code with the
+      privileges of the process using OpenSSL.
+    </p>
+    
+    <p>Furthermore, an attacker could force the use of weak keying material in
+      OpenSSL SSL/TLS clients and servers, inject data across sessions, or
+      cause a Denial of Service via various vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.1h-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298">CVE-2010-5298</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195">CVE-2014-0195</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198">CVE-2014-0198</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221">CVE-2014-0221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224">CVE-2014-0224</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470">CVE-2014-3470</uri>
+    <uri link="https://www.openssl.org/news/secadv_20140605.txt">OpenSSL
+      Security Advisory [05 Jun 2014]
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-06T10:20:51Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-06-06T23:12:08Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-01.xml b/metadata/glsa/glsa-201408-01.xml
new file mode 100644
index 000000000000..1e72ebdd00dd
--- /dev/null
+++ b/metadata/glsa/glsa-201408-01.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-01">
+  <title>Zend Framework: SQL injection</title>
+  <synopsis>A vulnerability in Zend Framework could allow a remote attacker to
+    inject SQL commands. 
+  </synopsis>
+  <product type="ebuild">ZendFramework</product>
+  <announced>2014-08-04</announced>
+  <revised count="1">2014-08-04</revised>
+  <bug>369139</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/ZendFramework" auto="yes" arch="*">
+      <unaffected range="ge">1.11.6</unaffected>
+      <vulnerable range="lt">1.11.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Zend Framework is a high quality and open source framework for
+      developing Web Applications.
+    </p>
+  </background>
+  <description>
+    <p>Developers using non-ASCII-compatible encodings in conjunction with the
+      MySQL PDO driver of PHP may be vulnerable to SQL injection attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could use specially crafted input to execute arbitrary
+      SQL statements. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZendFramework users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/ZendFramework-1.11.6"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures have
+      been
+      available since 2011-06-07. It is likely that your system is already
+      updated
+      to no longer be affected by this issue. 
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1939">CVE-2011-1939</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-08T21:42:50Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-08-04T09:08:18Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-02.xml b/metadata/glsa/glsa-201408-02.xml
new file mode 100644
index 000000000000..4e87ec5c2c98
--- /dev/null
+++ b/metadata/glsa/glsa-201408-02.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-02">
+  <title>FreeType: Arbitrary code execution</title>
+  <synopsis>A vulnerability in FreeType could result in execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2014-08-09</announced>
+  <revised count="1">2014-08-09</revised>
+  <bug>504088</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.5.3-r1</unaffected>
+      <vulnerable range="lt">2.5.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeType is a high-quality and portable font engine.</p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow exists in Freetype’s cf2_hintmap_build
+      function in cff/cf2hints.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code or cause a
+      Denial of Service condition via specially crafted font file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeType users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.5.3-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2240">CVE-2014-2240</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-15T20:29:39Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-08-09T19:09:10Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-03.xml b/metadata/glsa/glsa-201408-03.xml
new file mode 100644
index 000000000000..b9f8bd63e9f7
--- /dev/null
+++ b/metadata/glsa/glsa-201408-03.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-03">
+  <title>LibSSH: Information disclosure</title>
+  <synopsis>A vulnerability in LibSSH can result in leakage of private key
+    information. 
+  </synopsis>
+  <product type="ebuild">libssh</product>
+  <announced>2014-08-10</announced>
+  <revised count="1">2014-08-10</revised>
+  <bug>503504</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-libs/libssh" auto="yes" arch="*">
+      <unaffected range="ge">0.6.3</unaffected>
+      <vulnerable range="lt">0.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibSSH is a C library providing SSHv2 and SSHv1.</p>
+  </background>
+  <description>
+    <p>A new connection inherits the state of the PRNG without re-seeding with
+      random data.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Servers using ECC (ECDSA) or DSA certificates in non-deterministic mode
+      may under certain conditions leak their private key.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.6.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0017">CVE-2014-0017</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-04T19:25:42Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-08-10T16:35:47Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-04.xml b/metadata/glsa/glsa-201408-04.xml
new file mode 100644
index 000000000000..59adb216da58
--- /dev/null
+++ b/metadata/glsa/glsa-201408-04.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-04">
+  <title>Catfish: Multiple Vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Catfish, allowing local
+    attackers to escalate their privileges.
+  </synopsis>
+  <product type="ebuild">catfish</product>
+  <announced>2014-08-13</announced>
+  <revised count="1">2014-08-13</revised>
+  <bug>502536</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-util/catfish" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Catfish is a versatile file searching tool. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Catfish. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could gain escalated privileges via a specially crafted
+      shared library.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Catfish users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/catfish-1.0.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2093">CVE-2014-2093</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2094">CVE-2014-2094</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2095">CVE-2014-2095</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2096">CVE-2014-2096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-02T18:47:34Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-08-13T18:12:10Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-05.xml b/metadata/glsa/glsa-201408-05.xml
new file mode 100644
index 000000000000..975b8ea69a14
--- /dev/null
+++ b/metadata/glsa/glsa-201408-05.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-05">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player,
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2014-08-14</announced>
+  <revised count="1">2014-08-14</revised>
+  <bug>519790</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.400</unaffected>
+      <vulnerable range="lt">11.2.202.400</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition or bypass
+      security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.400"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538">CVE-2014-0538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540">CVE-2014-0540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541">CVE-2014-0541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542">CVE-2014-0542</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543">CVE-2014-0543</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544">CVE-2014-0544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545">CVE-2014-0545</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-13T13:32:27Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-08-14T13:09:44Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-06.xml b/metadata/glsa/glsa-201408-06.xml
new file mode 100644
index 000000000000..0b93b3cd0086
--- /dev/null
+++ b/metadata/glsa/glsa-201408-06.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-06">
+  <title>libpng: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in libpng which can
+    allow a remote attacker to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2014-08-14</announced>
+  <revised count="4">2015-06-06</revised>
+  <bug>503014</bug>
+  <bug>507378</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.6.10</unaffected>
+      <unaffected range="lt">1.3</unaffected>
+      <unaffected range="rge">1.5.18</unaffected>
+      <unaffected range="rge">1.5.19</unaffected>
+      <unaffected range="rge">1.5.20</unaffected>
+      <unaffected range="rge">1.5.21</unaffected>
+      <unaffected range="rge">1.5.22</unaffected>
+      <unaffected range="rge">1.5.23</unaffected>
+      <unaffected range="rge">1.5.24</unaffected>
+      <unaffected range="rge">1.5.25</unaffected>
+      <vulnerable range="lt">1.6.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpng is a standard library used to process PNG (Portable Network
+      Graphics) images. It is used by several programs, including web browsers
+      and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>The png_push_read_chunk function in pngpread.c in the progressive
+      decoder enters an infinite loop, when it encounters a zero-length IDAT
+      chunk. In addition certain integer overflows have been detected and
+      corrected.
+    </p>
+    
+    <p>The 1.2 branch is not affected by these vulnerabilities.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PNG
+      file using an application linked against libpng, possibly resulting in
+      Denial of Service. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpng users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.6.10"
+    </code>
+    
+    <p>Users with current installs in the 1.5 branch should also upgrade this
+      using:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.5.18:1.5"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7353">CVE-2013-7353</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7354">CVE-2013-7354</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0333">CVE-2014-0333</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-15T04:38:43Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-06-06T23:44:55Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-07.xml b/metadata/glsa/glsa-201408-07.xml
new file mode 100644
index 000000000000..c3d308c6429d
--- /dev/null
+++ b/metadata/glsa/glsa-201408-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-07">
+  <title>ModPlug XMMS Plugin: Multiple vulnerabilities</title>
+  <synopsis> 	
+    
+    Multiple vulnerabilities have been found in ModPlug XMMS Plugin, worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">modplug</product>
+  <announced>2014-08-16</announced>
+  <revised count="1">2014-08-16</revised>
+  <bug>480388</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libmodplug" auto="yes" arch="*">
+      <unaffected range="ge">0.8.8.5</unaffected>
+      <vulnerable range="lt">0.8.8.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ModPlug XMMS Plugin is a library for playing MOD-like music files</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ModPlug XMMS Plugin.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ModPlug XMMS Plugin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libmodplug-0.8.8.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4233">CVE-2013-4233</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4234">CVE-2013-4234</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-15T23:38:01Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-08-16T17:57:57Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-08.xml b/metadata/glsa/glsa-201408-08.xml
new file mode 100644
index 000000000000..a5e640f0f807
--- /dev/null
+++ b/metadata/glsa/glsa-201408-08.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-08">
+  <title>file: Denial of service</title>
+  <synopsis>A vulnerability in file could result in Denial of Service. </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2014-08-26</announced>
+  <revised count="6">2014-08-29</revised>
+  <bug>505534</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.15</unaffected>
+      <vulnerable range="lt">5.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>file is a utility that guesses a file format by scanning binary data for
+      patterns. 
+    </p>
+  </background>
+  <description>
+    <p>BEGIN regular expression in the awk script detector in
+      magic/Magdir/commands uses multiple wildcards with unlimited repetitions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted file,
+      possibly resulting in a Denial of Service condition. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345">CVE-2013-7345</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-06T21:48:15Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-08-29T12:33:10Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-09.xml b/metadata/glsa/glsa-201408-09.xml
new file mode 100644
index 000000000000..efcb1ea70444
--- /dev/null
+++ b/metadata/glsa/glsa-201408-09.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-09">
+  <title>GNU Libtasn1: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in GNU Libtasn1, the
+    worse of which can allow a context-dependent attacker to cause a Denial of
+    Service condition. 
+  </synopsis>
+  <product type="ebuild">libtasn1</product>
+  <announced>2014-08-29</announced>
+  <revised count="1">2014-08-29</revised>
+  <bug>511536</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libtasn1" auto="yes" arch="*">
+      <unaffected range="ge">3.6</unaffected>
+      <vulnerable range="lt">3.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The ASN.1 library used in GNUTLS.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU Libtasn1. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could possibly cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Libtasn1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libtasn1-3.6"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages. 
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3467">CVE-2014-3467</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3468">CVE-2014-3468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3469">CVE-2014-3469</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-17T17:44:50Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-08-29T09:17:19Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-10.xml b/metadata/glsa/glsa-201408-10.xml
new file mode 100644
index 000000000000..706dc506c87f
--- /dev/null
+++ b/metadata/glsa/glsa-201408-10.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-10">
+  <title>Libgcrypt: Side-channel attack</title>
+  <synopsis>A vulnerability in Libgcrypt could allow a remote attacker to
+    extract ElGamal private key information. 
+  </synopsis>
+  <product type="ebuild">libgcrypt,side-channel,elgamal</product>
+  <announced>2014-08-29</announced>
+  <revised count="1">2014-08-29</revised>
+  <bug>519396</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libgcrypt" auto="yes" arch="*">
+      <unaffected range="ge">1.5.4</unaffected>
+      <vulnerable range="lt">1.5.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libgcrypt is a general purpose cryptographic library derived out of
+      GnuPG. 
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in the implementation of ElGamal decryption procedures
+      of Libgcrypt leaks information to various side-channels.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A physical side-channel attack allows a remote attacker to fully extract
+      decryption keys during the decryption of a chosen ciphertext.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libgcrypt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libgcrypt-1.5.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5270">CVE-2014-5270</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-24T09:53:40Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-08-29T10:08:01Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-11.xml b/metadata/glsa/glsa-201408-11.xml
new file mode 100644
index 000000000000..41f211aa87cf
--- /dev/null
+++ b/metadata/glsa/glsa-201408-11.xml
@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-11">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of
+    which could lead to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2014-08-29</announced>
+  <revised count="4">2015-08-22</revised>
+  <bug>459904</bug>
+  <bug>472204</bug>
+  <bug>472558</bug>
+  <bug>474656</bug>
+  <bug>476570</bug>
+  <bug>481004</bug>
+  <bug>483212</bug>
+  <bug>485252</bug>
+  <bug>492784</bug>
+  <bug>493982</bug>
+  <bug>501312</bug>
+  <bug>503630</bug>
+  <bug>503670</bug>
+  <bug>505172</bug>
+  <bug>505712</bug>
+  <bug>509132</bug>
+  <bug>512288</bug>
+  <bug>512492</bug>
+  <bug>513032</bug>
+  <bug>516994</bug>
+  <bug>519932</bug>
+  <bug>520134</bug>
+  <bug>520438</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.5.16</unaffected>
+      <unaffected range="rge">5.4.32</unaffected>
+      <unaffected range="rge">5.3.29</unaffected>
+      <unaffected range="rge">5.4.34</unaffected>
+      <unaffected range="rge">5.4.35</unaffected>
+      <unaffected range="rge">5.4.36</unaffected>
+      <unaffected range="rge">5.4.37</unaffected>
+      <unaffected range="rge">5.4.38</unaffected>
+      <unaffected range="rge">5.4.39</unaffected>
+      <unaffected range="rge">5.4.40</unaffected>
+      <unaffected range="rge">5.4.41</unaffected>
+      <unaffected range="rge">5.4.42</unaffected>
+      <unaffected range="rge">5.4.43</unaffected>
+      <unaffected range="rge">5.4.44</unaffected>
+      <unaffected range="rge">5.4.45</unaffected>
+      <unaffected range="rge">5.4.46</unaffected>
+      <vulnerable range="lt">5.5.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker can cause arbitrary code execution, create
+      a Denial of Service condition, read or write arbitrary files, impersonate
+      other servers, hijack a web session, or have other unspecified impact.
+      Additionally, a local attacker could gain escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.5.16"
+    </code>
+    
+    <p>All PHP 5.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.4.32"
+    </code>
+    
+    <p>All PHP 5.3 users should upgrade to the latest version. This release
+      marks the end of life of the PHP 5.3 series. Future releases of this
+      series are not planned. All PHP 5.3 users are encouraged to upgrade to
+      the current stable version of PHP 5.5 or previous stable version of PHP
+      5.4, which are supported till at least 2016 and 2015 respectively.
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.3.29"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718">CVE-2011-4718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635">CVE-2013-1635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643">CVE-2013-1643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824">CVE-2013-1824</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110">CVE-2013-2110</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735">CVE-2013-3735</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113">CVE-2013-4113</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248">CVE-2013-4248</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635">CVE-2013-4635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636">CVE-2013-4636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420">CVE-2013-6420</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712">CVE-2013-6712</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226">CVE-2013-7226</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327">CVE-2013-7327</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345">CVE-2013-7345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185">CVE-2014-0185</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237">CVE-2014-0237</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238">CVE-2014-0238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943">CVE-2014-1943</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270">CVE-2014-2270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497">CVE-2014-2497</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597">CVE-2014-3597</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981">CVE-2014-3981</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049">CVE-2014-4049</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670">CVE-2014-4670</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120">CVE-2014-5120</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-08-23T14:19:36Z">
+    creffett
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-08-22T22:25:57Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-12.xml b/metadata/glsa/glsa-201408-12.xml
new file mode 100644
index 000000000000..35482ae3e690
--- /dev/null
+++ b/metadata/glsa/glsa-201408-12.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-12">
+  <title>Apache HTTP Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in Apache HTTP
+    Server, the worse of which could lead to execution of arbitrary code or a
+    Denial of Service condition
+  </synopsis>
+  <product type="ebuild">apache,dos,ace</product>
+  <announced>2014-08-29</announced>
+  <revised count="1">2014-08-29</revised>
+  <bug>504990</bug>
+  <bug>507866</bug>
+  <bug>517298</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.2.27-r4</unaffected>
+      <vulnerable range="lt">2.2.27-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache HTTP Server is one of the most popular web servers on the
+      Internet. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Apache HTTP Server. Please
+      review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted request to possibly
+      execute arbitrary code, cause Denial of Service, or obtain sensitive
+      information. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache HTTP Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.27-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6438">CVE-2013-6438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0098">CVE-2014-0098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0226">CVE-2014-0226</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-20T22:08:40Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-08-29T10:56:11Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-13.xml b/metadata/glsa/glsa-201408-13.xml
new file mode 100644
index 000000000000..1eca4cf0e367
--- /dev/null
+++ b/metadata/glsa/glsa-201408-13.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-13">
+  <title>Jinja2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Jinja2, allowing local
+    attackers to escalate their privileges.
+  </synopsis>
+  <product type="ebuild">jinja</product>
+  <announced>2014-08-29</announced>
+  <revised count="1">2014-08-29</revised>
+  <bug>497690</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-python/jinja" auto="yes" arch="*">
+      <unaffected range="ge">2.7.3</unaffected>
+      <vulnerable range="lt">2.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Jinja2 is a template engine written in pure Python.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Jinja2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could gain escalated privileges via a specially crafted
+      cache file or  pre-created temporary directory.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Jinja2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/jinja-2.7.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0012">CVE-2014-0012</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1402">CVE-2014-1402</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-19T05:23:15Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-08-29T18:36:00Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-14.xml b/metadata/glsa/glsa-201408-14.xml
new file mode 100644
index 000000000000..596005e30178
--- /dev/null
+++ b/metadata/glsa/glsa-201408-14.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-14">
+  <title>stunnel: Information disclosure</title>
+  <synopsis>A vulnerability in stunnel might allow remote attackers to gain
+    access to private key information.
+  </synopsis>
+  <product type="ebuild">stunnel</product>
+  <announced>2014-08-29</announced>
+  <revised count="1">2014-08-29</revised>
+  <bug>503506</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/stunnel" auto="yes" arch="*">
+      <unaffected range="ge">5.02</unaffected>
+      <vulnerable range="lt">5.02</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The stunnel program is designed to work as an SSL encryption wrapper
+      between a client and a local or remote server. 
+    </p>
+  </background>
+  <description>
+    <p>stunnel does not properly update the state of the pseudo-random
+      generator after fork-threading which causes subsequent children with the
+      same process ID to use the same entropy pool. ECDSA and DSA keys, when
+      not used in deterministic mode (RFC6979), rely on random data for its k
+      parameter to not leak private key information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may gain access to private key information from ECDSA
+      or DSA keys.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All stunnel users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/stunnel-5.02"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0016">CVE-2014-0016</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-06T22:44:37Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-08-29T18:54:29Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-15.xml b/metadata/glsa/glsa-201408-15.xml
new file mode 100644
index 000000000000..a4a24e06290a
--- /dev/null
+++ b/metadata/glsa/glsa-201408-15.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-15">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which may allow remote Denial of Service.
+  </synopsis>
+  <product type="ebuild">postgresql-server</product>
+  <announced>2014-08-29</announced>
+  <revised count="1">2014-08-29</revised>
+  <bug>456080</bug>
+  <bug>463884</bug>
+  <bug>501946</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql-server" auto="yes" arch="*">
+      <unaffected range="ge">9.3.3</unaffected>
+      <unaffected range="rge">9.2.7</unaffected>
+      <unaffected range="rge">9.1.12</unaffected>
+      <unaffected range="rge">9.0.16</unaffected>
+      <unaffected range="rge">8.4.20</unaffected>
+      <vulnerable range="lt">9.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker may be able to create a Denial of
+      Service condition, bypass security restrictions, or have other
+      unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-9.3.3"
+    </code>
+    
+    <p>All PostgreSQL 9.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-9.2.7"
+    </code>
+    
+    <p>All PostgreSQL 9.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-9.1.12"
+    </code>
+    
+    <p>All PostgreSQL 9.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-9.0.16"
+    </code>
+    
+    <p>All PostgreSQL 8.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-server-8.4.20"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0255">CVE-2013-0255</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1899">CVE-2013-1899</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1900">CVE-2013-1900</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1901">CVE-2013-1901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0060">CVE-2014-0060</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0061">CVE-2014-0061</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0062">CVE-2014-0062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0063">CVE-2014-0063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0064">CVE-2014-0064</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0065">CVE-2014-0065</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0066">CVE-2014-0066</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2669">CVE-2014-2669</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-04-10T20:45:35Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-08-29T23:33:40Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-16.xml b/metadata/glsa/glsa-201408-16.xml
new file mode 100644
index 000000000000..d86d8a986b15
--- /dev/null
+++ b/metadata/glsa/glsa-201408-16.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-16">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which can allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2014-08-30</announced>
+  <revised count="1">2014-08-30</revised>
+  <bug>504328</bug>
+  <bug>504890</bug>
+  <bug>507212</bug>
+  <bug>508788</bug>
+  <bug>510288</bug>
+  <bug>510904</bug>
+  <bug>512944</bug>
+  <bug>517304</bug>
+  <bug>519788</bug>
+  <bug>521276</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">37.0.2062.94</unaffected>
+      <vulnerable range="lt">37.0.2062.94</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could conduct a number of attacks which include: cross
+      site scripting attacks, bypassing of sandbox protection,  potential
+      execution of arbitrary code with the privileges of the process, or cause
+      a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-37.0.2062.94"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741">
+      CVE-2014-1741
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538">CVE-2014-0538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700">CVE-2014-1700</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701">CVE-2014-1701</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702">CVE-2014-1702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703">CVE-2014-1703</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704">CVE-2014-1704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705">CVE-2014-1705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713">CVE-2014-1713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714">CVE-2014-1714</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715">CVE-2014-1715</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716">CVE-2014-1716</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717">CVE-2014-1717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718">CVE-2014-1718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719">CVE-2014-1719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720">CVE-2014-1720</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721">CVE-2014-1721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722">CVE-2014-1722</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723">CVE-2014-1723</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724">CVE-2014-1724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725">CVE-2014-1725</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726">CVE-2014-1726</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727">CVE-2014-1727</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728">CVE-2014-1728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729">CVE-2014-1729</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730">CVE-2014-1730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731">CVE-2014-1731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732">CVE-2014-1732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733">CVE-2014-1733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734">CVE-2014-1734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735">CVE-2014-1735</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740">CVE-2014-1740</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742">CVE-2014-1742</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743">CVE-2014-1743</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744">CVE-2014-1744</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745">CVE-2014-1745</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746">CVE-2014-1746</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747">CVE-2014-1747</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748">CVE-2014-1748</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749">CVE-2014-1749</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154">CVE-2014-3154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155">CVE-2014-3155</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156">CVE-2014-3156</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157">CVE-2014-3157</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160">CVE-2014-3160</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162">CVE-2014-3162</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165">CVE-2014-3165</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166">CVE-2014-3166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167">CVE-2014-3167</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168">CVE-2014-3168</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169">CVE-2014-3169</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170">CVE-2014-3170</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171">CVE-2014-3171</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172">CVE-2014-3172</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173">CVE-2014-3173</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174">CVE-2014-3174</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175">CVE-2014-3175</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176">CVE-2014-3176</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177">CVE-2014-3177</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-03-20T12:20:02Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-08-30T00:34:13Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-17.xml b/metadata/glsa/glsa-201408-17.xml
new file mode 100644
index 000000000000..fd864eacbdfa
--- /dev/null
+++ b/metadata/glsa/glsa-201408-17.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-17">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, worst of which
+    allows local attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2014-08-30</announced>
+  <revised count="3">2014-09-02</revised>
+  <bug>201434</bug>
+  <bug>486352</bug>
+  <bug>505946</bug>
+  <bug>507692</bug>
+  <bug>507790</bug>
+  <bug>507796</bug>
+  <bug>510208</bug>
+  <bug>510234</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0-r1</unaffected>
+      <vulnerable range="lt">2.0.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.0.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6227">CVE-2007-6227</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4377">CVE-2013-4377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4544">CVE-2013-4544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0142">CVE-2014-0142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0143">CVE-2014-0143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0144">CVE-2014-0144</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0145">CVE-2014-0145</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0146">CVE-2014-0146</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0147">CVE-2014-0147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0150">CVE-2014-0150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0222">CVE-2014-0222</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0223">CVE-2014-0223</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2894">CVE-2014-2894</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3461">CVE-2014-3461</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-14T02:33:03Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-09-02T09:23:53Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-18.xml b/metadata/glsa/glsa-201408-18.xml
new file mode 100644
index 000000000000..e735e9ead478
--- /dev/null
+++ b/metadata/glsa/glsa-201408-18.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-18">
+  <title>NRPE: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NRPE, the worst of
+    which can allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nrpe</product>
+  <announced>2014-08-30</announced>
+  <revised count="1">2014-08-30</revised>
+  <bug>397603</bug>
+  <bug>459870</bug>
+  <bug>508122</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/nrpe" auto="yes" arch="*">
+      <unaffected range="ge">2.15</unaffected>
+      <vulnerable range="lt">2.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nagios Remote Plugin Executor (NRPE) remotely executes Nagios plugins on
+      other Linux/Unix machines.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NRPE. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can utilize multiple vectors to execute arbitrary
+      code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NRPE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nrpe-2.15"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1362">CVE-2013-1362</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2913">CVE-2014-2913</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-09-21T17:08:14Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-08-30T01:17:35Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201408-19.xml b/metadata/glsa/glsa-201408-19.xml
new file mode 100644
index 000000000000..6736d322061b
--- /dev/null
+++ b/metadata/glsa/glsa-201408-19.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201408-19">
+  <title>OpenOffice, LibreOffice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenOffice and
+    LibreOffice, the worst of which may result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openoffice</product>
+  <announced>2014-08-31</announced>
+  <revised count="1">2014-08-31</revised>
+  <bug>283370</bug>
+  <bug>305195</bug>
+  <bug>320491</bug>
+  <bug>332321</bug>
+  <bug>352864</bug>
+  <bug>386081</bug>
+  <bug>409509</bug>
+  <bug>429482</bug>
+  <bug>514886</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">3.5.5.3</unaffected>
+      <vulnerable range="lt">3.5.5.3</vulnerable>
+    </package>
+    <package name="app-office/openoffice" auto="yes" arch="*">
+      <vulnerable range="le">3.5.5.3</vulnerable>
+    </package>
+    <package name="app-office/libreoffice" auto="yes" arch="*">
+      <unaffected range="ge">4.2.5.2</unaffected>
+      <vulnerable range="lt">4.2.5.2</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">4.2.5.2</unaffected>
+      <vulnerable range="lt">4.2.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenOffice is the open source version of StarOffice, a full office
+      productivity suite. LibreOffice is a fork of OpenOffice.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenOffice and
+      Libreoffice. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using OpenOffice, possibly resulting in execution of arbitrary code with
+      the privileges of the process, a Denial of Service condition, execution
+      of arbitrary Python code, authentication bypass, or reading and writing
+      of arbitrary files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenOffice (binary) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/openoffice-bin-3.5.5.3"
+    </code>
+    
+    <p>All LibreOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-4.2.5.2"
+    </code>
+    
+    <p>All LibreOffice (binary) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-4.2.5.2"
+    </code>
+    
+    <p>We recommend that users unmerge OpenOffice:</p>
+    
+    <code>
+      # emerge --unmerge "app-office/openoffice"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339">CVE-2006-4339</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200">CVE-2009-0200</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201">CVE-2009-0201</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217">CVE-2009-0217</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949">CVE-2009-2949</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950">CVE-2009-2950</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301">CVE-2009-3301</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302">CVE-2009-3302</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395">CVE-2010-0395</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935">CVE-2010-2935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936">CVE-2010-2936</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450">CVE-2010-3450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451">CVE-2010-3451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452">CVE-2010-3452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453">CVE-2010-3453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454">CVE-2010-3454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689">CVE-2010-3689</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253">CVE-2010-4253</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643">CVE-2010-4643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713">CVE-2011-2713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037">CVE-2012-0037</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149">CVE-2012-1149</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149">CVE-2012-2149</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334">CVE-2012-2334</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665">CVE-2012-2665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247">CVE-2014-0247</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:58Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-08-31T14:48:34Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-01.xml b/metadata/glsa/glsa-201409-01.xml
new file mode 100644
index 000000000000..1a1d1983749a
--- /dev/null
+++ b/metadata/glsa/glsa-201409-01.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-01">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark which could
+    allow remote attackers to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2014-09-01</announced>
+  <revised count="1">2014-09-01</revised>
+  <bug>519014</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.10.9</unaffected>
+      <vulnerable range="lt">1.10.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause a Denial of Service condition via specially
+      crafted packets. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.10.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5161">CVE-2014-5161</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5162">CVE-2014-5162</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5163">CVE-2014-5163</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5164">CVE-2014-5164</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5165">CVE-2014-5165</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-25T20:18:05Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-09-01T15:52:10Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-02.xml b/metadata/glsa/glsa-201409-02.xml
new file mode 100644
index 000000000000..8fd46bf3bab9
--- /dev/null
+++ b/metadata/glsa/glsa-201409-02.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-02">
+  <title>Net-SNMP: Denial of service</title>
+  <synopsis>Multiple vulnerabilities have been found in Net-SNMP which could
+    allow remote attackers to cause Denial of Service. 
+  </synopsis>
+  <product type="ebuild">net-snmp</product>
+  <announced>2014-09-01</announced>
+  <revised count="1">2014-09-01</revised>
+  <bug>431752</bug>
+  <bug>493296</bug>
+  <bug>502968</bug>
+  <bug>509110</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.7.3_pre3</unaffected>
+      <vulnerable range="lt">5.7.3_pre3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Net-SNMP bundles software for generating and retrieving SNMP data.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Net-SNMP. Please review
+      the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could create a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All net-snmp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/net-snmp-5.7.3_pre3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2141">CVE-2012-2141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6151">CVE-2012-6151</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2284">CVE-2014-2284</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2285">CVE-2014-2285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-11T17:40:35Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-09-01T21:23:11Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-03.xml b/metadata/glsa/glsa-201409-03.xml
new file mode 100644
index 000000000000..b79f392b77e6
--- /dev/null
+++ b/metadata/glsa/glsa-201409-03.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-03">
+  <title>dhcpcd: Denial of service</title>
+  <synopsis>A vulnerability in dhcpcd can lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">dhcpcd</product>
+  <announced>2014-09-03</announced>
+  <revised count="1">2014-09-03</revised>
+  <bug>518596</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcpcd" auto="yes" arch="*">
+      <unaffected range="ge">6.4.3</unaffected>
+      <vulnerable range="lt">6.4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP
+      client. 
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in dhcpcd. A malicious dhcp server
+      can set flags as part of the dhcp reply that can cause a Denial of
+      Service condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All dhcpcd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcpcd-6.4.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6060">CVE-2014-6060</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-01T20:16:47Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-09-03T15:31:47Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-04.xml b/metadata/glsa/glsa-201409-04.xml
new file mode 100644
index 000000000000..fc4e0e838898
--- /dev/null
+++ b/metadata/glsa/glsa-201409-04.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-04">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MySQL, worst of which
+    allows local attackers to escalate their privileges.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2014-09-04</announced>
+  <revised count="1">2014-09-04</revised>
+  <bug>460748</bug>
+  <bug>488212</bug>
+  <bug>498164</bug>
+  <bug>500260</bug>
+  <bug>507802</bug>
+  <bug>518718</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.5.39</unaffected>
+      <vulnerable range="lt">5.5.39</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly gain escalated privileges. A remote
+      attacker could send a specially crafted SQL query, possibly resulting in
+      a Denial of Service condition. A remote attacker could entice a user to
+      connect to specially crafted MySQL server, possibly resulting in
+      execution of arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.5.39"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1861">CVE-2013-1861</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2134">CVE-2013-2134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3839">CVE-2013-3839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5767">CVE-2013-5767</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5770">CVE-2013-5770</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5786">CVE-2013-5786</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5793">CVE-2013-5793</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5807">CVE-2013-5807</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5860">CVE-2013-5860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5881">CVE-2013-5881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5882">CVE-2013-5882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5891">CVE-2013-5891</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5894">CVE-2013-5894</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5908">CVE-2013-5908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0001">CVE-2014-0001</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0384">CVE-2014-0384</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0386">CVE-2014-0386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0393">CVE-2014-0393</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0401">CVE-2014-0401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0402">CVE-2014-0402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0412">CVE-2014-0412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0420">CVE-2014-0420</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0427">CVE-2014-0427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0430">CVE-2014-0430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0431">CVE-2014-0431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0433">CVE-2014-0433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0437">CVE-2014-0437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2419">CVE-2014-2419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2430">CVE-2014-2430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2431">CVE-2014-2431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2432">CVE-2014-2432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2434">CVE-2014-2434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2435">CVE-2014-2435</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2436">CVE-2014-2436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2438">CVE-2014-2438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2440">CVE-2014-2440</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-27T14:34:22Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-09-04T08:34:34Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-05.xml b/metadata/glsa/glsa-201409-05.xml
new file mode 100644
index 000000000000..ee82cd9396a7
--- /dev/null
+++ b/metadata/glsa/glsa-201409-05.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-05">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2014-09-19</announced>
+  <revised count="1">2014-09-19</revised>
+  <bug>522448</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.406</unaffected>
+      <vulnerable range="lt">11.2.202.406</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.406"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0547">CVE-2014-0547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0548">CVE-2014-0548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0549">CVE-2014-0549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0550">CVE-2014-0550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0551">CVE-2014-0551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0552">CVE-2014-0552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0553">CVE-2014-0553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0554">CVE-2014-0554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0555">CVE-2014-0555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0556">CVE-2014-0556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0557">CVE-2014-0557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0559">CVE-2014-0559</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-10T21:41:02Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-09-19T18:29:47Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-06.xml b/metadata/glsa/glsa-201409-06.xml
new file mode 100644
index 000000000000..e3ac39dbe565
--- /dev/null
+++ b/metadata/glsa/glsa-201409-06.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-06">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which can allow remote attackers to cause Denial of Service. 
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2014-09-19</announced>
+  <revised count="1">2014-09-19</revised>
+  <bug>522484</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">37.0.2062.120</unaffected>
+      <vulnerable range="lt">37.0.2062.120</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service condition or
+      possibly have other unspecified impact by leveraging improper handling of
+      render-tree inconsistencies.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-37.0.2062.120"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3178">CVE-2014-3178</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3179">CVE-2014-3179</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-11T17:05:58Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-09-19T18:50:35Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-07.xml b/metadata/glsa/glsa-201409-07.xml
new file mode 100644
index 000000000000..d67dc7b8101b
--- /dev/null
+++ b/metadata/glsa/glsa-201409-07.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-07">
+  <title>c-icap: Denial of service</title>
+  <synopsis>A vulnerability in c-icap could result in Denial of Service. </synopsis>
+  <product type="ebuild">c-icap,DoS</product>
+  <announced>2014-09-19</announced>
+  <revised count="1">2014-09-19</revised>
+  <bug>455324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/c-icap" auto="yes" arch="*">
+      <unaffected range="ge">0.2.6</unaffected>
+      <vulnerable range="lt">0.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>c-icap is an implementation of an ICAP server. It can be used with HTTP
+      proxies that support the ICAP protocol to implement content adaptation
+      and filtering services. 
+    </p>
+  </background>
+  <description>
+    <p>c-icap contains a flaw in the parse_request() function of request.c that
+      may allow a remote denial of service. The issue is triggered when the
+      buffer fails to contain a ‘ ‘ or ‘?’ symbol, which will cause the
+      end pointer to increase and surpass allocated memory. With a specially
+      crafted request (e.g. via the OPTIONS method), a remote attacker can
+      cause a loss of availability for the program.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All c-icap users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/c-icap-0.2.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7401">CVE-2013-7401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7402">CVE-2013-7402</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-04T19:33:11Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-09-19T18:54:16Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-08.xml b/metadata/glsa/glsa-201409-08.xml
new file mode 100644
index 000000000000..8fa255a5fbee
--- /dev/null
+++ b/metadata/glsa/glsa-201409-08.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-08">
+  <title>libxml2: Denial of service</title>
+  <synopsis>A vulnerability in libxml2 allows a remote attacker to cause Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2014-09-19</announced>
+  <revised count="1">2014-09-19</revised>
+  <bug>509834</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.1-r4</unaffected>
+      <vulnerable range="lt">2.9.1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML C parser and toolkit developed for the Gnome project.</p>
+  </background>
+  <description>
+    <p>A vulnerability in the xmlParserHandlePEReference() function of
+      parser.c, when expanding entity references, can be exploited to consume
+      large amounts of memory and cause a crash or hang.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause Denial of Service via a specially
+      crafted XML file containing malicious attributes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.1-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0191">CVE-2014-0191</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-17T21:06:15Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-09-19T18:56:04Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-09.xml b/metadata/glsa/glsa-201409-09.xml
new file mode 100644
index 000000000000..6a97564649d7
--- /dev/null
+++ b/metadata/glsa/glsa-201409-09.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-09">
+  <title>Bash: Code Injection</title>
+  <synopsis>A parsing flaw related to functions and environments in Bash could
+    allow attackers to inject code.
+  </synopsis>
+  <product type="ebuild">bash</product>
+  <announced>2014-09-24</announced>
+  <revised count="4">2014-10-04</revised>
+  <bug>523592</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-shells/bash" auto="yes" arch="*">
+      <unaffected range="rge">3.1_p18</unaffected>
+      <unaffected range="rge">3.2_p52</unaffected>
+      <unaffected range="rge">4.0_p39</unaffected>
+      <unaffected range="rge">4.1_p12</unaffected>
+      <unaffected range="ge">4.2_p48</unaffected>
+      <vulnerable range="lt">4.2_p48</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bash is the standard GNU Bourne Again SHell. </p>
+  </background>
+  <description>
+    <p>Stephane Chazelas reported that Bash incorrectly handles function
+      definitions, allowing attackers to inject arbitrary code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could exploit this vulnerability to execute arbitrary
+      commands even in restricted environments.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bash 3.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-3.1_p18:3.1"
+    </code>
+    
+    <p>All Bash 3.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-3.2_p52:3.2"
+    </code>
+    
+    <p>All Bash 4.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.0_p39:4.0"
+    </code>
+    
+    <p>All Bash 4.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.1_p12:4.1"
+    </code>
+    
+    <p>All Bash 4.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.2_p48"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6271">CVE-2014-6271</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-24T16:00:19Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2014-10-04T22:25:14Z">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201409-10.xml b/metadata/glsa/glsa-201409-10.xml
new file mode 100644
index 000000000000..fcebaf8a6bda
--- /dev/null
+++ b/metadata/glsa/glsa-201409-10.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201409-10">
+  <title>Bash: Code Injection (Updated fix for GLSA 201409-09)</title>
+  <synopsis>A parsing flaw related to functions and environments in Bash could
+    allow attackers to inject code. The unaffected packages listed in GLSA
+    201409-09 had an incomplete fix.
+  </synopsis>
+  <product type="ebuild">bash</product>
+  <announced>2014-09-25</announced>
+  <revised count="2">2014-10-04</revised>
+  <bug>523592</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-shells/bash" auto="yes" arch="*">
+      <unaffected range="rge">3.1_p18-r1</unaffected>
+      <unaffected range="rge">3.2_p52-r1</unaffected>
+      <unaffected range="rge">4.0_p39-r1</unaffected>
+      <unaffected range="rge">4.1_p12-r1</unaffected>
+      <unaffected range="ge">4.2_p48-r1</unaffected>
+      <vulnerable range="lt">4.2_p48-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bash is the standard GNU Bourne Again SHell.</p>
+  </background>
+  <description>
+    <p>Stephane Chazelas reported that Bash incorrectly handles function
+      definitions, allowing attackers to inject arbitrary code (CVE-2014-6271).
+      Gentoo Linux informed about this issue in GLSA 201409-09.
+    </p>
+    
+    <p>Tavis Ormandy reported that the patch for CVE-2014-6271 was incomplete.
+      As such, this GLSA supersedes GLSA 201409-09.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could exploit this vulnerability to execute arbitrary
+      commands even in restricted environments.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bash 3.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-3.1_p18-r1:3.1"
+    </code>
+    
+    <p>All Bash 3.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-3.2_p52-r1:3.2"
+    </code>
+    
+    <p>All Bash 4.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.0_p39-r1:4.0"
+    </code>
+    
+    <p>All Bash 4.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.1_p12-r1:4.1"
+    </code>
+    
+    <p>All Bash 4.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.2_p48-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7169">CVE-2014-7169</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-25T12:49:54Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-10-04T22:27:37Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201410-01.xml b/metadata/glsa/glsa-201410-01.xml
new file mode 100644
index 000000000000..d74388e868d9
--- /dev/null
+++ b/metadata/glsa/glsa-201410-01.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201410-01">
+  <title>Bash: Multiple vulnerabilities</title>
+  <synopsis>Multiple parsing flaws in Bash could allow remote attackers to
+    inject code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">bash</product>
+  <announced>2014-10-04</announced>
+  <revised count="1">2014-10-04</revised>
+  <bug>523742</bug>
+  <bug>524256</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-shells/bash" auto="yes" arch="*">
+      <unaffected range="rge">3.1_p22</unaffected>
+      <unaffected range="rge">3.2_p56</unaffected>
+      <unaffected range="rge">4.0_p43</unaffected>
+      <unaffected range="rge">4.1_p16</unaffected>
+      <unaffected range="ge">4.2_p52</unaffected>
+      <vulnerable range="lt">4.2_p52</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bash is the standard GNU Bourne Again SHell.</p>
+  </background>
+  <description>
+    <p>Florian Weimer, Todd Sabin, Michal Zalewski et al. discovered further
+      parsing flaws in Bash. The unaffected Gentoo packages listed in this GLSA
+      contain the official patches to fix the issues tracked as CVE-2014-6277,
+      CVE-2014-7186, and CVE-2014-7187. Furthermore, the official patch known
+      as “function prefix patch” is included which prevents the
+      exploitation of CVE-2014-6278.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could exploit these vulnerabilities to execute
+      arbitrary commands or cause a Denial of Service condition via various
+      vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bash 3.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-3.1_p22:3.1"
+    </code>
+    
+    <p>All Bash 3.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-3.2_p56:3.2"
+    </code>
+    
+    <p>All Bash 4.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.0_p43:4.0"
+    </code>
+    
+    <p>All Bash 4.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.1_p16:4.1"
+    </code>
+    
+    <p>All Bash 4.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.2_p52"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6277">CVE-2014-6277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6278">CVE-2014-6278</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7186">CVE-2014-7186</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7187">CVE-2014-7187</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-10-04T17:29:28Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-10-04T22:13:43Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201410-02.xml b/metadata/glsa/glsa-201410-02.xml
new file mode 100644
index 000000000000..9fc185310af6
--- /dev/null
+++ b/metadata/glsa/glsa-201410-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201410-02">
+  <title>Perl, Perl Locale-Maketext module: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Perl
+    Locale-Maketext module, allowing remote attackers to inject and execute
+    arbitrary Perl code.
+  </synopsis>
+  <product type="ebuild">Locale-Maketext</product>
+  <announced>2014-10-12</announced>
+  <revised count="2">2014-12-29</revised>
+  <bug>446376</bug>
+  <access>remote</access>
+  <affected>
+    <package name="perl-core/Locale-Maketext" auto="yes" arch="*">
+      <unaffected range="ge">1.230.0</unaffected>
+      <vulnerable range="lt">1.230.0</vulnerable>
+    </package>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.17.7</unaffected>
+      <vulnerable range="lt">5.17.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Locale-Maketext - Perl framework for localization</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been reported in the Locale-Maketext module for
+      Perl, which can be exploited by malicious users to compromise an
+      application using the module.
+    </p>
+    
+    <p>The vulnerabilities are caused due to the “_compile()” function not
+      properly sanitising input, which can be exploited to inject and execute
+      arbitrary Perl code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All users of the Locale-Maketext module should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=perl-core/Locale-Maketext-1.230.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6329">CVE-2012-6329</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-01-01T20:38:14Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-29T20:02:06Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-01.xml b/metadata/glsa/glsa-201411-01.xml
new file mode 100644
index 000000000000..243cdc64dd10
--- /dev/null
+++ b/metadata/glsa/glsa-201411-01.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-01">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VLC, the worst of which
+    could lead to user-assisted execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">VLC</product>
+  <announced>2014-11-05</announced>
+  <revised count="1">2014-11-05</revised>
+  <bug>279340</bug>
+  <bug>285370</bug>
+  <bug>316709</bug>
+  <bug>332361</bug>
+  <bug>350933</bug>
+  <bug>352206</bug>
+  <bug>352776</bug>
+  <bug>353326</bug>
+  <bug>360189</bug>
+  <bug>363359</bug>
+  <bug>370321</bug>
+  <bug>375167</bug>
+  <bug>385953</bug>
+  <bug>395543</bug>
+  <bug>408881</bug>
+  <bug>414409</bug>
+  <bug>424435</bug>
+  <bug>442758</bug>
+  <bug>450438</bug>
+  <bug>454650</bug>
+  <bug>476436</bug>
+  <bug>486902</bug>
+  <bug>493710</bug>
+  <bug>499806</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">2.1.2</unaffected>
+      <vulnerable range="lt">2.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VLC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file using VLC, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-2.1.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1441">CVE-2010-1441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1442">CVE-2010-1442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1443">CVE-2010-1443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1444">CVE-2010-1444</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1445">CVE-2010-1445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2062">CVE-2010-2062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2937">CVE-2010-2937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3124">CVE-2010-3124</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3275">CVE-2010-3275</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3276">CVE-2010-3276</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3907">CVE-2010-3907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0021">CVE-2011-0021</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0522">CVE-2011-0522</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0531">CVE-2011-0531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1087">CVE-2011-1087</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1684">CVE-2011-1684</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2194">CVE-2011-2194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2587">CVE-2011-2587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2588">CVE-2011-2588</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3623">CVE-2011-3623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0023">CVE-2012-0023</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1775">CVE-2012-1775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1776">CVE-2012-1776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2396">CVE-2012-2396</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3377">CVE-2012-3377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5470">CVE-2012-5470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5855">CVE-2012-5855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1868">CVE-2013-1868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1954">CVE-2013-1954</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3245">CVE-2013-3245</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4388">CVE-2013-4388</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6283">CVE-2013-6283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6934">CVE-2013-6934</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:33Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2014-11-05T21:31:51Z">
+    underling
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-02.xml b/metadata/glsa/glsa-201411-02.xml
new file mode 100644
index 000000000000..8137c0f002ef
--- /dev/null
+++ b/metadata/glsa/glsa-201411-02.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-02">
+  <title>MySQL, MariaDB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the MySQL and MariaDB,
+    possibly allowing attackers to cause unspecified impact.
+  </synopsis>
+  <product type="ebuild">mysql mariadb</product>
+  <announced>2014-11-05</announced>
+  <revised count="1">2014-11-05</revised>
+  <bug>525504</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.5.40</unaffected>
+      <vulnerable range="lt">5.5.40</vulnerable>
+    </package>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge">5.5.40-r1</unaffected>
+      <vulnerable range="lt">5.5.40-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
+      enhanced, drop-in replacement for MySQL.
+    </p>
+  </background>
+  <description>
+    <p>Multiple unspecified vulnerabilities have been discovered in MySQL.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit these vulnerabilities to cause
+      unspecified impact, possibly including remote execution of arbitrary
+      code, Denial of Service, or disclosure of sensitive information. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.5.40"
+    </code>
+    
+    <p>All MariaDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-5.5.40-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464">CVE-2014-6464</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469">CVE-2014-6469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491">CVE-2014-6491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494">CVE-2014-6494</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496">CVE-2014-6496</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500">CVE-2014-6500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507">CVE-2014-6507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555">CVE-2014-6555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559">CVE-2014-6559</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-10-22T22:45:02Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-11-05T23:49:01Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-03.xml b/metadata/glsa/glsa-201411-03.xml
new file mode 100644
index 000000000000..0b0735784fb3
--- /dev/null
+++ b/metadata/glsa/glsa-201411-03.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-03">
+  <title>TigerVNC: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in TigerVNC could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">tigervnc</product>
+  <announced>2014-11-05</announced>
+  <revised count="1">2014-11-05</revised>
+  <bug>505170</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tigervnc" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1</unaffected>
+      <vulnerable range="lt">1.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TigerVNC is a high-performance VNC server/client.</p>
+  </background>
+  <description>
+    <p>Two boundary errors in TigerVNC could lead to a heap-based buffer
+      overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to connect to a malicious VNC
+      server using TigerVNC, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TigerVNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tigervnc-1.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0011">CVE-2014-0011</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-26T21:44:21Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-11-05T23:50:26Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-04.xml b/metadata/glsa/glsa-201411-04.xml
new file mode 100644
index 000000000000..6bb6b3330079
--- /dev/null
+++ b/metadata/glsa/glsa-201411-04.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-04">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of
+    which could lead to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2014-11-09</announced>
+  <revised count="3">2015-08-22</revised>
+  <bug>525960</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.5.18</unaffected>
+      <unaffected range="rge">5.4.34</unaffected>
+      <unaffected range="rge">5.3.29</unaffected>
+      <unaffected range="rge">5.4.36</unaffected>
+      <unaffected range="rge">5.4.37</unaffected>
+      <unaffected range="rge">5.4.38</unaffected>
+      <unaffected range="rge">5.4.39</unaffected>
+      <unaffected range="rge">5.4.35</unaffected>
+      <unaffected range="rge">5.4.40</unaffected>
+      <unaffected range="rge">5.4.41</unaffected>
+      <unaffected range="rge">5.4.42</unaffected>
+      <unaffected range="rge">5.4.43</unaffected>
+      <unaffected range="rge">5.4.44</unaffected>
+      <unaffected range="rge">5.4.45</unaffected>
+      <unaffected range="rge">5.4.46</unaffected>
+      <vulnerable range="lt">5.5.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker can possibly execute arbitrary code or
+      create a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.5.18"
+    </code>
+    
+    <p>All PHP 5.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.4.34"
+    </code>
+    
+    <p>All PHP 5.3 users should upgrade to the latest version. This release
+      marks the end of life of the PHP 5.3 series. Future releases of this
+      series are not planned. All PHP 5.3 users are encouraged to upgrade to
+      the current stable version of PHP 5.5 or previous stable version of PHP
+      5.4, which are supported till at least 2016 and 2015 respectively.
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.3.29"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3668">CVE-2014-3668</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3669">CVE-2014-3669</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3670">CVE-2014-3670</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-11-03T23:38:25Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2015-08-22T22:31:28Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-05.xml b/metadata/glsa/glsa-201411-05.xml
new file mode 100644
index 000000000000..17bd48941252
--- /dev/null
+++ b/metadata/glsa/glsa-201411-05.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-05">
+  <title>GNU Wget: Arbitrary code execution</title>
+  <synopsis>An absolute path traversal vulnerability could lead to arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2014-11-16</announced>
+  <revised count="1">2014-11-16</revised>
+  <bug>527056</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.16</unaffected>
+      <vulnerable range="lt">1.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols. 
+    </p>
+  </background>
+  <description>
+    <p>An absolute path traversal vulnerability has been found in GNU Wget.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote FTP server is able to write to arbitrary files, and
+      consequently execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.16"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4877">CVE-2014-4877</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-11-09T09:21:36Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-11-16T08:06:22Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-06.xml b/metadata/glsa/glsa-201411-06.xml
new file mode 100644
index 000000000000..736cc5bdbc70
--- /dev/null
+++ b/metadata/glsa/glsa-201411-06.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-06">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2014-11-21</announced>
+  <revised count="2">2014-11-21</revised>
+  <bug>525430</bug>
+  <bug>529088</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.418</unaffected>
+      <vulnerable range="lt">11.2.202.418</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.418"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558">CVE-2014-0558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564">CVE-2014-0564</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569">CVE-2014-0569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573">CVE-2014-0573</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574">CVE-2014-0574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576">CVE-2014-0576</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577">CVE-2014-0577</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581">CVE-2014-0581</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582">CVE-2014-0582</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583">CVE-2014-0583</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584">CVE-2014-0584</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585">CVE-2014-0585</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586">CVE-2014-0586</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588">CVE-2014-0588</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589">CVE-2014-0589</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590">CVE-2014-0590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437">CVE-2014-8437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438">CVE-2014-8438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440">CVE-2014-8440</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441">CVE-2014-8441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442">CVE-2014-8442</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-11-16T14:56:06Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-11-21T12:07:58Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-07.xml b/metadata/glsa/glsa-201411-07.xml
new file mode 100644
index 000000000000..626953bd8ccb
--- /dev/null
+++ b/metadata/glsa/glsa-201411-07.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-07">
+  <title>Openswan: Denial of service</title>
+  <synopsis>A NULL pointer dereference in Openswan may allow remote attackers
+    to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">openswan</product>
+  <announced>2014-11-23</announced>
+  <revised count="1">2014-11-23</revised>
+  <bug>499870</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openswan" auto="yes" arch="*">
+      <vulnerable range="le">2.6.39-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Openswan is an implementation of IPsec for Linux.</p>
+  </background>
+  <description>
+    <p>A NULL pointer dereference has been found in Openswan.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could create a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Openswan. We recommend that users
+      unmerge Openswan:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-misc/openswan"
+    </code>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining Openswan have discontinued
+      support at this time. It may be possible that a new Gentoo developer will
+      update Openswan at a later date. Alternatives packages such as Libreswan
+      and strongSwan are currently available in Gentoo Portage.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6466">CVE-2013-6466</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T01:21:40Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-11-23T17:45:46Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-08.xml b/metadata/glsa/glsa-201411-08.xml
new file mode 100644
index 000000000000..804ccf23a4e2
--- /dev/null
+++ b/metadata/glsa/glsa-201411-08.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-08">
+  <title>Aircrack-ng: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in Aircrack-ng, possibly
+    resulting in local privilege escalation, remote code execution, or Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">aircrack-ng</product>
+  <announced>2014-11-23</announced>
+  <revised count="1">2014-11-23</revised>
+  <bug>528132</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-wireless/aircrack-ng" auto="yes" arch="*">
+      <unaffected range="ge">1.2_rc1</unaffected>
+      <vulnerable range="lt">1.2_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can
+      recover keys once enough data packets have been captured.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Aircrack-ng. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker can use this flaw to execute arbitrary code or gain
+      escalated privileges. A remote attacker execute arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Aircrack-ng users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-wireless/aircrack-ng-1.2_rc1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8321">CVE-2014-8321</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8322">CVE-2014-8322</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8323">CVE-2014-8323</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8324">CVE-2014-8324</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-11-10T22:39:08Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-11-23T17:49:06Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-09.xml b/metadata/glsa/glsa-201411-09.xml
new file mode 100644
index 000000000000..884c5644b345
--- /dev/null
+++ b/metadata/glsa/glsa-201411-09.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-09">
+  <title>Ansible: Privilege escalation</title>
+  <synopsis>Multiple vulnerabilities has been found in Ansible which may allow
+    local privilege escalation.
+  </synopsis>
+  <product type="ebuild">ansible</product>
+  <announced>2014-11-23</announced>
+  <revised count="1">2014-11-23</revised>
+  <bug>516564</bug>
+  <bug>517770</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/ansible" auto="yes" arch="*">
+      <unaffected range="ge">1.6.8</unaffected>
+      <vulnerable range="lt">1.6.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ansible is a radically simple IT automation platform.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ansible. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ansible users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/ansible-1.6.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4657">CVE-2014-4657</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4678">CVE-2014-4678</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4966">CVE-2014-4966</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4967">CVE-2014-4967</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-31T06:05:38Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-11-23T17:50:42Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-10.xml b/metadata/glsa/glsa-201411-10.xml
new file mode 100644
index 000000000000..5be49c64d595
--- /dev/null
+++ b/metadata/glsa/glsa-201411-10.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-10">
+  <title>Asterisk: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
+    which could lead to Denial of Service. 
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2014-11-23</announced>
+  <revised count="1">2014-11-23</revised>
+  <bug>523216</bug>
+  <bug>526208</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">11.13.1</unaffected>
+      <vulnerable range="lt">11.13.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>Multiple unspecified vulnerabilities have been discovered in Asterisk.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit the vulnerabilities to cause a man in
+      the middle attack or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-11.13.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566">CVE-2014-3566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6610">CVE-2014-6610</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-22T19:18:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-11-23T17:54:08Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201411-11.xml b/metadata/glsa/glsa-201411-11.xml
new file mode 100644
index 000000000000..5a35d2ab27ce
--- /dev/null
+++ b/metadata/glsa/glsa-201411-11.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201411-11">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Squid, allowing remote
+    attackers to execute arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2014-11-27</announced>
+  <revised count="1">2014-11-27</revised>
+  <bug>504176</bug>
+  <bug>522498</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">3.3.13-r1</unaffected>
+      <vulnerable range="lt">3.3.13-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and
+      more. 
+    </p>
+  </background>
+  <description>
+    <p>An assertion failure in processing of SSL-Bump has been found in Squid. 
+      Heap based overflow is discovered when processing SNMP requests.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in a executing of arbitrary code or Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Squid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-3.3.13-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0128">CVE-2014-0128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7141">CVE-2014-7141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7142">CVE-2014-7142</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-04T19:12:15Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-11-27T14:39:02Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-01.xml b/metadata/glsa/glsa-201412-01.xml
new file mode 100644
index 000000000000..4028f8574858
--- /dev/null
+++ b/metadata/glsa/glsa-201412-01.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-01">
+  <title>QEMU: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which allows context dependent attackers to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2014-12-08</announced>
+  <revised count="1">2014-12-08</revised>
+  <bug>514680</bug>
+  <bug>519506</bug>
+  <bug>520688</bug>
+  <bug>522364</bug>
+  <bug>523428</bug>
+  <bug>527088</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.1.2-r1</unaffected>
+      <vulnerable range="lt">2.1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could cause a Denial of Service condition
+      and a local user can obtain sensitive information. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.1.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3471">CVE-2014-3471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3615">CVE-2014-3615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3640">CVE-2014-3640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5263">CVE-2014-5263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5388">CVE-2014-5388</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7815">CVE-2014-7815</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-10-05T01:51:26Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-08T22:33:07Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-02.xml b/metadata/glsa/glsa-201412-02.xml
new file mode 100644
index 000000000000..c64bb1ebce4c
--- /dev/null
+++ b/metadata/glsa/glsa-201412-02.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-02">
+  <title>nfs-utils: Information disclosure</title>
+  <synopsis>A vulnerability in nfs-utils might allow remote attackers to gain
+    access to restricted information.
+  </synopsis>
+  <product type="ebuild">nfs-utils</product>
+  <announced>2014-12-08</announced>
+  <revised count="1">2014-12-08</revised>
+  <bug>464636</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/nfs-utils" auto="yes" arch="*">
+      <unaffected range="ge">1.2.8</unaffected>
+      <vulnerable range="lt">1.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nfs-utils contains the client and daemon implementations for the NFS
+      protocol.
+    </p>
+  </background>
+  <description>
+    <p>rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending
+      on PTR resolution for GSSAPI authentication, allowing for data to be
+      submitted to a malicious server without the knowledge of the user.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to obtain sensitive information. </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nfs-utils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/nfs-utils-1.2.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1923">CVE-2013-1923</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-27T21:18:15Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-08T22:50:14Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-03.xml b/metadata/glsa/glsa-201412-03.xml
new file mode 100644
index 000000000000..d43330517284
--- /dev/null
+++ b/metadata/glsa/glsa-201412-03.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-03">
+  <title>Dovecot: Denial of service</title>
+  <synopsis>A vulnerability in Dovecot could allow a remote attacker to create
+    a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2014-12-08</announced>
+  <revised count="1">2014-12-08</revised>
+  <bug>509954</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.2.13</unaffected>
+      <vulnerable range="lt">2.2.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>Dovecot does not properly close connections, allowing a resource
+      exhaustion for incomplete SSL/TLS handshakes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.2.13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3430">CVE-2014-3430</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-04T18:57:07Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-08T22:57:38Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-04.xml b/metadata/glsa/glsa-201412-04.xml
new file mode 100644
index 000000000000..893f27f165ec
--- /dev/null
+++ b/metadata/glsa/glsa-201412-04.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-04">
+  <title>libvirt: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in libvirt, worst of which
+    allows context-dependent attackers to escalate privileges.
+  </synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2014-12-08</announced>
+  <revised count="1">2014-12-08</revised>
+  <bug>483048</bug>
+  <bug>484014</bug>
+  <bug>485520</bug>
+  <bug>487684</bug>
+  <bug>489374</bug>
+  <bug>494072</bug>
+  <bug>496204</bug>
+  <bug>498534</bug>
+  <bug>502232</bug>
+  <bug>504996</bug>
+  <bug>509858</bug>
+  <bug>524184</bug>
+  <bug>528440</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">1.2.9-r2</unaffected>
+      <vulnerable range="lt">1.2.9-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libvirt. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to cause a Denial of Service or cause
+      information leakage. A local attacker may be able to escalate privileges,
+      cause a Denial of Service or possibly execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-1.2.9-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4292">CVE-2013-4292</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4296">CVE-2013-4296</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4297">CVE-2013-4297</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4399">CVE-2013-4399</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4400">CVE-2013-4400</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4401">CVE-2013-4401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5651">CVE-2013-5651</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6436">CVE-2013-6436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6456">CVE-2013-6456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6457">CVE-2013-6457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6458">CVE-2013-6458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7336">CVE-2013-7336</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0028">CVE-2014-0028</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0179">CVE-2014-0179</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1447">CVE-2014-1447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3633">CVE-2014-3633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5177">CVE-2014-5177</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7823">CVE-2014-7823</uri>
+  </references>
+  <metadata tag="requester" timestamp="2013-10-02T09:12:28Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-08T23:26:05Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-05.xml b/metadata/glsa/glsa-201412-05.xml
new file mode 100644
index 000000000000..a0d48f74c473
--- /dev/null
+++ b/metadata/glsa/glsa-201412-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-05">
+  <title>Clam AntiVirus: Denial of service</title>
+  <synopsis>A vulnerability in Clam AntiVirus can lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2014-12-09</announced>
+  <revised count="2">2014-12-09</revised>
+  <bug>529728</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.98.5</unaffected>
+      <vulnerable range="lt">0.98.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
+      designed especially for e-mail scanning on mail gateways.
+    </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow exists in the cli_scanpe function in
+      libclamav/pe.c in ClamAV.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      a specially crafted file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Clam AntiVirus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.98.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9050">CVE-2014-9050</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-07T19:55:16Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-09T12:58:59Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-06.xml b/metadata/glsa/glsa-201412-06.xml
new file mode 100644
index 000000000000..c993e4d34892
--- /dev/null
+++ b/metadata/glsa/glsa-201412-06.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-06">
+  <title>libxml2: Denial of service</title>
+  <synopsis>A vulnerability in libxml2 could result in Denial of Service.</synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2014-12-10</announced>
+  <revised count="1">2014-12-10</revised>
+  <bug>525656</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.2</unaffected>
+      <vulnerable range="lt">2.9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML C parser and toolkit developed for the Gnome project.</p>
+  </background>
+  <description>
+    <p>parser.c in libxml2 before 2.9.2 does not properly prevent entity
+      expansion even when entity substitution has been disabled.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to a specially crafted
+      XML file using an application linked against libxml2, possibly resulting
+      in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.2"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3660">CVE-2014-3660</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-09T18:18:43Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-10T08:06:04Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-07.xml b/metadata/glsa/glsa-201412-07.xml
new file mode 100644
index 000000000000..dec22ba9c8c1
--- /dev/null
+++ b/metadata/glsa/glsa-201412-07.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-07">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">flash,ACE</product>
+  <announced>2014-12-11</announced>
+  <revised count="1">2014-12-11</revised>
+  <bug>530692</bug>
+  <bug>532074</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.425</unaffected>
+      <vulnerable range="lt">11.2.202.425</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.425"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0580">CVE-2014-0580</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0587">CVE-2014-0587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8439">CVE-2014-8439</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8443">CVE-2014-8443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9162">CVE-2014-9162</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9163">CVE-2014-9163</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9164">CVE-2014-9164</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-09T20:43:22Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-11T06:58:45Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-08.xml b/metadata/glsa/glsa-201412-08.xml
new file mode 100644
index 000000000000..956fd24a1a38
--- /dev/null
+++ b/metadata/glsa/glsa-201412-08.xml
@@ -0,0 +1,428 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-08">
+  <title>Multiple packages, Multiple vulnerabilities fixed in 2010</title>
+  <synopsis>This GLSA contains notification of vulnerabilities found in several
+    Gentoo packages which have been fixed prior to January 1, 2011. The worst
+    of these vulnerabilities could lead to local privilege escalation and
+    remote code execution. Please see the package list and CVE identifiers
+    below for more information.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2014-12-11</announced>
+  <revised count="1">2014-12-11</revised>
+  <bug>159556</bug>
+  <bug>208464</bug>
+  <bug>253822</bug>
+  <bug>259968</bug>
+  <bug>298067</bug>
+  <bug>300375</bug>
+  <bug>300943</bug>
+  <bug>302478</bug>
+  <bug>307525</bug>
+  <bug>307633</bug>
+  <bug>315235</bug>
+  <bug>316697</bug>
+  <bug>319719</bug>
+  <bug>320961</bug>
+  <bug>322457</bug>
+  <bug>325507</bug>
+  <bug>326759</bug>
+  <bug>326953</bug>
+  <bug>329125</bug>
+  <bug>329939</bug>
+  <bug>331421</bug>
+  <bug>332527</bug>
+  <bug>333661</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-util/insight" auto="yes" arch="*">
+      <unaffected range="ge">6.7.1-r1</unaffected>
+      <vulnerable range="lt">6.7.1-r1</vulnerable>
+    </package>
+    <package name="dev-perl/perl-tk" auto="yes" arch="*">
+      <unaffected range="ge">804.028-r2</unaffected>
+      <vulnerable range="lt">804.028-r2</vulnerable>
+    </package>
+    <package name="dev-util/sourcenav" auto="yes" arch="*">
+      <unaffected range="ge">5.1.4</unaffected>
+      <vulnerable range="lt">5.1.4</vulnerable>
+    </package>
+    <package name="dev-lang/tk" auto="yes" arch="*">
+      <unaffected range="ge">8.4.18-r1</unaffected>
+      <vulnerable range="lt">8.4.18-r1</vulnerable>
+    </package>
+    <package name="sys-block/partimage" auto="yes" arch="*">
+      <unaffected range="ge">0.6.8</unaffected>
+      <vulnerable range="lt">0.6.8</vulnerable>
+    </package>
+    <package name="app-antivirus/bitdefender-console" auto="yes" arch="*">
+      <vulnerable range="le">7.1</vulnerable>
+    </package>
+    <package name="net-mail/mlmmj" auto="yes" arch="*">
+      <unaffected range="ge">1.2.17.1</unaffected>
+      <vulnerable range="lt">1.2.17.1</vulnerable>
+    </package>
+    <package name="sys-apps/acl" auto="yes" arch="*">
+      <unaffected range="ge">2.2.49</unaffected>
+      <vulnerable range="lt">2.2.49</vulnerable>
+    </package>
+    <package name="x11-apps/xinit" auto="yes" arch="*">
+      <unaffected range="ge">1.2.0-r4</unaffected>
+      <vulnerable range="lt">1.2.0-r4</vulnerable>
+    </package>
+    <package name="app-arch/gzip" auto="yes" arch="*">
+      <unaffected range="ge">1.4</unaffected>
+      <vulnerable range="lt">1.4</vulnerable>
+    </package>
+    <package name="app-arch/ncompress" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4.3</unaffected>
+      <vulnerable range="lt">4.2.4.3</vulnerable>
+    </package>
+    <package name="dev-libs/liblzw" auto="yes" arch="*">
+      <unaffected range="ge">0.2</unaffected>
+      <vulnerable range="lt">0.2</vulnerable>
+    </package>
+    <package name="media-gfx/splashutils" auto="yes" arch="*">
+      <unaffected range="ge">1.5.4.3-r3</unaffected>
+      <vulnerable range="lt">1.5.4.3-r3</vulnerable>
+    </package>
+    <package name="sys-devel/m4" auto="yes" arch="*">
+      <unaffected range="ge">1.4.14-r1</unaffected>
+      <vulnerable range="lt">1.4.14-r1</vulnerable>
+    </package>
+    <package name="kde-base/kdm" auto="yes" arch="*">
+      <unaffected range="ge">4.3.5-r1</unaffected>
+      <vulnerable range="lt">4.3.5-r1</vulnerable>
+    </package>
+    <package name="x11-libs/gtk+" auto="yes" arch="*">
+      <unaffected range="ge">2.18.7</unaffected>
+      <vulnerable range="lt">2.18.7</vulnerable>
+    </package>
+    <package name="kde-base/kget" auto="yes" arch="*">
+      <unaffected range="ge">4.3.5-r1</unaffected>
+      <vulnerable range="lt">4.3.5-r1</vulnerable>
+    </package>
+    <package name="app-text/dvipng" auto="yes" arch="*">
+      <unaffected range="ge">1.13</unaffected>
+      <vulnerable range="lt">1.13</vulnerable>
+    </package>
+    <package name="app-misc/beanstalkd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.6</unaffected>
+      <vulnerable range="lt">1.4.6</vulnerable>
+    </package>
+    <package name="sys-apps/pmount" auto="yes" arch="*">
+      <unaffected range="ge">0.9.23</unaffected>
+      <vulnerable range="lt">0.9.23</vulnerable>
+    </package>
+    <package name="sys-auth/pam_krb5" auto="yes" arch="*">
+      <unaffected range="ge">4.3</unaffected>
+      <vulnerable range="lt">4.3</vulnerable>
+    </package>
+    <package name="app-text/gv" auto="yes" arch="*">
+      <unaffected range="ge">3.7.1</unaffected>
+      <vulnerable range="lt">3.7.1</vulnerable>
+    </package>
+    <package name="net-ftp/lftp" auto="yes" arch="*">
+      <unaffected range="ge">4.0.6</unaffected>
+      <vulnerable range="lt">4.0.6</vulnerable>
+    </package>
+    <package name="www-client/uzbl" auto="yes" arch="*">
+      <unaffected range="ge">2010.08.05</unaffected>
+      <vulnerable range="lt">2010.08.05</vulnerable>
+    </package>
+    <package name="x11-misc/slim" auto="yes" arch="*">
+      <unaffected range="ge">1.3.2</unaffected>
+      <vulnerable range="lt">1.3.2</vulnerable>
+    </package>
+    <package name="net-misc/iputils" auto="yes" arch="*">
+      <unaffected range="ge">20100418</unaffected>
+      <vulnerable range="lt">20100418</vulnerable>
+    </package>
+    <package name="media-tv/dvbstreamer" auto="yes" arch="*">
+      <unaffected range="ge">1.1-r1</unaffected>
+      <vulnerable range="lt">1.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>For more information on the packages listed in this GLSA, please see
+      their homepage referenced in the ebuild. 
+    </p>
+  </background>
+  <description>
+    <p>Vulnerabilities have been discovered in the packages listed below.
+      Please review the CVE identifiers in the Reference section for details.
+    </p>
+    
+    <ul>
+      <li>Insight</li>
+      <li>Perl Tk Module</li>
+      <li>Source-Navigator</li>
+      <li>Tk</li>
+      <li>Partimage</li>
+      <li>Mlmmj</li>
+      <li>acl</li>
+      <li>Xinit</li>
+      <li>gzip</li>
+      <li>ncompress</li>
+      <li>liblzw</li>
+      <li>splashutils</li>
+      <li>GNU M4</li>
+      <li>KDE Display Manager</li>
+      <li>GTK+</li>
+      <li>KGet</li>
+      <li>dvipng</li>
+      <li>Beanstalk</li>
+      <li>Policy Mount</li>
+      <li>pam_krb5</li>
+      <li>GNU gv</li>
+      <li>LFTP</li>
+      <li>Uzbl</li>
+      <li>Slim</li>
+      <li>Bitdefender Console</li>
+      <li>iputils</li>
+      <li>DVBStreamer</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker may be able to gain escalated privileges,
+      execute arbitrary code, cause Denial of Service, obtain sensitive
+      information, or otherwise bypass security restrictions. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Insight users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/insight-6.7.1-r1"
+    </code>
+    
+    <p>All Perl Tk Module users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-perl/perl-tk-804.028-r2"
+    </code>
+    
+    <p>All Source-Navigator users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/sourcenav-5.1.4"
+    </code>
+    
+    <p>All Tk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/tk-8.4.18-r1"
+    </code>
+    
+    <p>All Partimage users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-block/partimage-0.6.8"
+    </code>
+    
+    <p>All Mlmmj users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/mlmmj-1.2.17.1"
+    </code>
+    
+    <p>All acl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/acl-2.2.49"
+    </code>
+    
+    <p>All Xinit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-apps/xinit-1.2.0-r4"
+    </code>
+    
+    <p>All gzip users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/gzip-1.4"
+    </code>
+    
+    <p>All ncompress users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/ncompress-4.2.4.3"
+    </code>
+    
+    <p>All liblzw users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/liblzw-0.2"
+    </code>
+    
+    <p>All splashutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-gfx/splashutils-1.5.4.3-r3"
+    </code>
+    
+    <p>All GNU M4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/m4-1.4.14-r1"
+    </code>
+    
+    <p>All KDE Display Manager users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-base/kdm-4.3.5-r1"
+    </code>
+    
+    <p>All GTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/gtk+-2.18.7"
+    </code>
+    
+    <p>All KGet 4.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-base/kget-4.3.5-r1"
+    </code>
+    
+    <p>All dvipng users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/dvipng-1.13"
+    </code>
+    
+    <p>All Beanstalk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/beanstalkd-1.4.6"
+    </code>
+    
+    <p>All Policy Mount users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/pmount-0.9.23"
+    </code>
+    
+    <p>All pam_krb5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/pam_krb5-4.3"
+    </code>
+    
+    <p>All GNU gv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/gv-3.7.1"
+    </code>
+    
+    <p>All LFTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/lftp-4.0.6"
+    </code>
+    
+    <p>All Uzbl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/uzbl-2010.08.05"
+    </code>
+    
+    <p>All Slim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-misc/slim-1.3.2"
+    </code>
+    
+    <p>All iputils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/iputils-20100418"
+    </code>
+    
+    <p>All DVBStreamer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-tv/dvbstreamer-1.1-r1"
+    </code>
+    
+    <p>Gentoo has discontinued support for Bitdefender Console. We recommend
+      that users unmerge Bitdefender Console:
+    </p>
+    
+    <code>
+      # emerge --unmerge "app-antivirus/bitdefender-console"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures have
+      been available since 2011. It is likely that your system is already no
+      longer affected by these issues.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005">CVE-2006-3005</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741">CVE-2007-2741</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553">CVE-2008-0553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382">CVE-2008-1382</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907">CVE-2008-5907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218">CVE-2008-6218</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661">CVE-2008-6661</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040">CVE-2009-0040</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360">CVE-2009-0360</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361">CVE-2009-0361</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946">CVE-2009-0946</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042">CVE-2009-2042</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624">CVE-2009-2624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736">CVE-2009-3736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029">CVE-2009-4029</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411">CVE-2009-4411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896">CVE-2009-4896</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001">CVE-2010-0001</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436">CVE-2010-0436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732">CVE-2010-0732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829">CVE-2010-0829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000">CVE-2010-1000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205">CVE-2010-1205</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511">CVE-2010-1511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056">CVE-2010-2056</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060">CVE-2010-2060</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192">CVE-2010-2192</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251">CVE-2010-2251</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529">CVE-2010-2529</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809">CVE-2010-2809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945">CVE-2010-2945</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-16T10:53:22Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-11T23:30:24Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-09.xml b/metadata/glsa/glsa-201412-09.xml
new file mode 100644
index 000000000000..cde3c49b85c9
--- /dev/null
+++ b/metadata/glsa/glsa-201412-09.xml
@@ -0,0 +1,439 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-09">
+  <title>Multiple packages, Multiple vulnerabilities fixed in 2011</title>
+  <synopsis>This GLSA contains notification of vulnerabilities found in several
+    Gentoo packages which have been fixed prior to January 1, 2012. The worst
+    of these vulnerabilities could lead to local privilege escalation and
+    remote code execution. Please see the package list and CVE identifiers
+    below for more information.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2014-12-11</announced>
+  <revised count="2">2014-12-11</revised>
+  <bug>194151</bug>
+  <bug>294253</bug>
+  <bug>294256</bug>
+  <bug>334087</bug>
+  <bug>344059</bug>
+  <bug>346897</bug>
+  <bug>350598</bug>
+  <bug>352608</bug>
+  <bug>354209</bug>
+  <bug>355207</bug>
+  <bug>356893</bug>
+  <bug>358611</bug>
+  <bug>358785</bug>
+  <bug>358789</bug>
+  <bug>360891</bug>
+  <bug>361397</bug>
+  <bug>362185</bug>
+  <bug>366697</bug>
+  <bug>366699</bug>
+  <bug>369069</bug>
+  <bug>370839</bug>
+  <bug>372971</bug>
+  <bug>376793</bug>
+  <bug>381169</bug>
+  <bug>386321</bug>
+  <bug>386361</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="games-sports/racer-bin" auto="yes" arch="*">
+      <vulnerable range="ge">0.5.0-r1</vulnerable>
+    </package>
+    <package name="media-libs/fmod" auto="yes" arch="*">
+      <unaffected range="ge">4.38.00</unaffected>
+      <vulnerable range="lt">4.38.00</vulnerable>
+    </package>
+    <package name="dev-php/PEAR-Mail" auto="yes" arch="*">
+      <unaffected range="ge">1.2.0</unaffected>
+      <vulnerable range="lt">1.2.0</vulnerable>
+    </package>
+    <package name="sys-fs/lvm2" auto="yes" arch="*">
+      <unaffected range="ge">2.02.72</unaffected>
+      <vulnerable range="lt">2.02.72</vulnerable>
+    </package>
+    <package name="app-office/gnucash" auto="yes" arch="*">
+      <unaffected range="ge">2.4.4</unaffected>
+      <vulnerable range="lt">2.4.4</vulnerable>
+    </package>
+    <package name="media-libs/xine-lib" auto="yes" arch="*">
+      <unaffected range="ge">1.1.19</unaffected>
+      <vulnerable range="lt">1.1.19</vulnerable>
+    </package>
+    <package name="media-sound/lastfmplayer" auto="yes" arch="*">
+      <unaffected range="ge">1.5.4.26862-r3</unaffected>
+      <vulnerable range="lt">1.5.4.26862-r3</vulnerable>
+    </package>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">1.2.7</unaffected>
+      <vulnerable range="lt">1.2.7</vulnerable>
+    </package>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.1.4.3</unaffected>
+      <vulnerable range="lt">4.1.4.3</vulnerable>
+    </package>
+    <package name="dev-php/PEAR-PEAR" auto="yes" arch="*">
+      <unaffected range="ge">1.9.2-r1</unaffected>
+      <vulnerable range="lt">1.9.2-r1</vulnerable>
+    </package>
+    <package name="dev-db/unixODBC" auto="yes" arch="*">
+      <unaffected range="ge">2.3.0-r1</unaffected>
+      <vulnerable range="lt">2.3.0-r1</vulnerable>
+    </package>
+    <package name="sys-cluster/resource-agents" auto="yes" arch="*">
+      <unaffected range="ge">1.0.4-r1</unaffected>
+      <vulnerable range="lt">1.0.4-r1</vulnerable>
+    </package>
+    <package name="net-misc/mrouted" auto="yes" arch="*">
+      <unaffected range="ge">3.9.5</unaffected>
+      <vulnerable range="lt">3.9.5</vulnerable>
+    </package>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">3.0.8</unaffected>
+      <vulnerable range="lt">3.0.8</vulnerable>
+    </package>
+    <package name="dev-libs/xmlsec" auto="yes" arch="*">
+      <unaffected range="ge">1.2.17</unaffected>
+      <vulnerable range="lt">1.2.17</vulnerable>
+    </package>
+    <package name="x11-apps/xrdb" auto="yes" arch="*">
+      <unaffected range="ge">1.0.9</unaffected>
+      <vulnerable range="lt">1.0.9</vulnerable>
+    </package>
+    <package name="net-misc/vino" auto="yes" arch="*">
+      <unaffected range="ge">2.32.2</unaffected>
+      <vulnerable range="lt">2.32.2</vulnerable>
+    </package>
+    <package name="dev-util/oprofile" auto="yes" arch="*">
+      <unaffected range="ge">0.9.6-r1</unaffected>
+      <vulnerable range="lt">0.9.6-r1</vulnerable>
+    </package>
+    <package name="app-admin/syslog-ng" auto="yes" arch="*">
+      <unaffected range="ge">3.2.4</unaffected>
+      <vulnerable range="lt">3.2.4</vulnerable>
+    </package>
+    <package name="net-analyzer/sflowtool" auto="yes" arch="*">
+      <unaffected range="ge">3.20</unaffected>
+      <vulnerable range="lt">3.20</vulnerable>
+    </package>
+    <package name="gnome-base/gdm" auto="yes" arch="*">
+      <unaffected range="ge">3.8.4-r3</unaffected>
+      <vulnerable range="lt">3.8.4-r3</vulnerable>
+    </package>
+    <package name="net-libs/libsoup" auto="yes" arch="*">
+      <unaffected range="ge">2.34.3</unaffected>
+      <vulnerable range="lt">2.34.3</vulnerable>
+    </package>
+    <package name="app-misc/ca-certificates" auto="yes" arch="*">
+      <unaffected range="ge">20110502-r1</unaffected>
+      <vulnerable range="lt">20110502-r1</vulnerable>
+    </package>
+    <package name="dev-vcs/gitolite" auto="yes" arch="*">
+      <unaffected range="ge">1.5.9.1</unaffected>
+      <vulnerable range="lt">1.5.9.1</vulnerable>
+    </package>
+    <package name="dev-util/qt-creator" auto="yes" arch="*">
+      <unaffected range="ge">2.1.0</unaffected>
+      <vulnerable range="lt">2.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>For more information on the packages listed in this GLSA, please see
+      their homepage referenced in the ebuild.
+    </p>
+  </background>
+  <description>
+    <p>Vulnerabilities have been discovered in the packages listed below.
+      Please review the CVE identifiers in the Reference section for details.
+    </p>
+    
+    <ul>
+      <li>FMOD Studio</li>
+      <li>PEAR Mail</li>
+      <li>LVM2</li>
+      <li>GnuCash</li>
+      <li>xine-lib</li>
+      <li>Last.fm Scrobbler</li>
+      <li>WebKitGTK+</li>
+      <li>shadow tool suite</li>
+      <li>PEAR</li>
+      <li>unixODBC</li>
+      <li>Resource Agents</li>
+      <li>mrouted</li>
+      <li>rsync</li>
+      <li>XML Security Library</li>
+      <li>xrdb</li>
+      <li>Vino</li>
+      <li>OProfile</li>
+      <li>syslog-ng</li>
+      <li>sFlow Toolkit</li>
+      <li>GNOME Display Manager</li>
+      <li>libsoup</li>
+      <li>CA Certificates</li>
+      <li>Gitolite</li>
+      <li>QtCreator</li>
+      <li>Racer</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker may be able to gain escalated privileges,
+      execute arbitrary code, cause Denial of Service, obtain sensitive
+      information, or otherwise bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FMOD Studio users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/fmod-4.38.00"
+    </code>
+    
+    <p>All PEAR Mail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-Mail-1.2.0"
+    </code>
+    
+    <p>All LVM2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/lvm2-2.02.72"
+    </code>
+    
+    <p>All GnuCash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/gnucash-2.4.4"
+    </code>
+    
+    <p>All xine-lib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/xine-lib-1.1.19"
+    </code>
+    
+    <p>All Last.fm Scrobbler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-sound/lastfmplayer-1.5.4.26862-r3"
+    </code>
+    
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-1.2.7"
+    </code>
+    
+    <p>All shadow tool suite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.1.4.3"
+    </code>
+    
+    <p>All PEAR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-PEAR-1.9.2-r1"
+    </code>
+    
+    <p>All unixODBC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/unixODBC-2.3.0-r1"
+    </code>
+    
+    <p>All Resource Agents users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=sys-cluster/resource-agents-1.0.4-r1"
+    </code>
+    
+    <p>All mrouted users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/mrouted-3.9.5"
+    </code>
+    
+    <p>All rsync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-3.0.8"
+    </code>
+    
+    <p>All XML Security Library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/xmlsec-1.2.17"
+    </code>
+    
+    <p>All xrdb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-apps/xrdb-1.0.9"
+    </code>
+    
+    <p>All Vino users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/vino-2.32.2"
+    </code>
+    
+    <p>All OProfile users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/oprofile-0.9.6-r1"
+    </code>
+    
+    <p>All syslog-ng users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/syslog-ng-3.2.4"
+    </code>
+    
+    <p>All sFlow Toolkit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/sflowtool-3.20"
+    </code>
+    
+    <p>All GNOME Display Manager users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=gnome-base/gdm-3.8.4-r3"
+    </code>
+    
+    <p>All libsoup users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libsoup-2.34.3"
+    </code>
+    
+    <p>All CA Certificates users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-misc/ca-certificates-20110502-r1"
+    </code>
+    
+    <p>All Gitolite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/gitolite-1.5.9.1"
+    </code>
+    
+    <p>All QtCreator users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/qt-creator-2.1.0"
+    </code>
+    
+    <p>Gentoo has discontinued support for Racer. We recommend that users
+      unmerge Racer:
+    </p>
+    
+    <code>
+      # emerge --unmerge "games-sports/racer-bin"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures have
+      been available since 2012. It is likely that your system is already no
+      longer affected by these issues.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370">CVE-2007-4370</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023">CVE-2009-4023</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111">CVE-2009-4111</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778">CVE-2010-0778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780">CVE-2010-1780</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782">CVE-2010-1782</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783">CVE-2010-1783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784">CVE-2010-1784</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785">CVE-2010-1785</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786">CVE-2010-1786</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787">CVE-2010-1787</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788">CVE-2010-1788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790">CVE-2010-1790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791">CVE-2010-1791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792">CVE-2010-1792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793">CVE-2010-1793</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807">CVE-2010-1807</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812">CVE-2010-1812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814">CVE-2010-1814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815">CVE-2010-1815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526">CVE-2010-2526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901">CVE-2010-2901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255">CVE-2010-3255</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257">CVE-2010-3257</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259">CVE-2010-3259</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362">CVE-2010-3362</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374">CVE-2010-3374</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389">CVE-2010-3389</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812">CVE-2010-3812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813">CVE-2010-3813</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999">CVE-2010-3999</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042">CVE-2010-4042</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197">CVE-2010-4197</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198">CVE-2010-4198</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204">CVE-2010-4204</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206">CVE-2010-4206</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492">CVE-2010-4492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493">CVE-2010-4493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577">CVE-2010-4577</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578">CVE-2010-4578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007">CVE-2011-0007</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465">CVE-2011-0465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482">CVE-2011-0482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721">CVE-2011-0721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727">CVE-2011-0727</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904">CVE-2011-0904</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905">CVE-2011-0905</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072">CVE-2011-1072</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097">CVE-2011-1097</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144">CVE-2011-1144</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425">CVE-2011-1425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572">CVE-2011-1572</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760">CVE-2011-1760</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951">CVE-2011-1951</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471">CVE-2011-2471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472">CVE-2011-2472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473">CVE-2011-2473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524">CVE-2011-2524</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365">CVE-2011-3365</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366">CVE-2011-3366</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367">CVE-2011-3367</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-05T19:34:29Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-11T23:55:16Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-10.xml b/metadata/glsa/glsa-201412-10.xml
new file mode 100644
index 000000000000..a736377a2d10
--- /dev/null
+++ b/metadata/glsa/glsa-201412-10.xml
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-10">
+  <title>Multiple packages, Multiple vulnerabilities fixed in 2012</title>
+  <synopsis>This GLSA contains notification of vulnerabilities found in several
+    Gentoo packages which have been fixed prior to January 1, 2013. The worst
+    of these vulnerabilities could lead to local privilege escalation and
+    remote code execution. Please see the package list and CVE identifiers
+    below for more information.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2014-12-11</announced>
+  <revised count="1">2014-12-11</revised>
+  <bug>284536</bug>
+  <bug>300903</bug>
+  <bug>334475</bug>
+  <bug>358787</bug>
+  <bug>371320</bug>
+  <bug>372905</bug>
+  <bug>399427</bug>
+  <bug>401645</bug>
+  <bug>427802</bug>
+  <bug>428776</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-apps/egroupware" auto="yes" arch="*">
+      <unaffected range="ge">1.8.004.20120613</unaffected>
+      <vulnerable range="lt">1.8.004.20120613</vulnerable>
+    </package>
+    <package name="x11-libs/vte" auto="yes" arch="*">
+      <unaffected range="ge">0.32.2</unaffected>
+      <unaffected range="rge">0.28.2-r204</unaffected>
+      <unaffected range="rge">0.28.2-r206</unaffected>
+      <vulnerable range="lt">0.32.2</vulnerable>
+    </package>
+    <package name="net-analyzer/lft" auto="yes" arch="*">
+      <unaffected range="ge">3.33</unaffected>
+      <vulnerable range="lt">3.33</vulnerable>
+    </package>
+    <package name="dev-php/suhosin" auto="yes" arch="*">
+      <unaffected range="ge">0.9.33</unaffected>
+      <vulnerable range="lt">0.9.33</vulnerable>
+    </package>
+    <package name="x11-misc/slock" auto="yes" arch="*">
+      <unaffected range="ge">1.0</unaffected>
+      <vulnerable range="lt">1.0</vulnerable>
+    </package>
+    <package name="sys-cluster/ganglia" auto="yes" arch="*">
+      <unaffected range="ge">3.3.7</unaffected>
+      <vulnerable range="lt">3.3.7</vulnerable>
+    </package>
+    <package name="net-im/gg-transport" auto="yes" arch="*">
+      <unaffected range="ge">2.2.4</unaffected>
+      <vulnerable range="lt">2.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>For more information on the packages listed in this GLSA, please see
+      their homepage referenced in the ebuild.
+    </p>
+  </background>
+  <description>
+    <p>Vulnerabilities have been discovered in the packages listed below.
+      Please review the CVE identifiers in the Reference section for details.
+    </p>
+    
+    <ul>
+      <li>EGroupware</li>
+      <li>VTE</li>
+      <li>Layer Four Traceroute (LFT)</li>
+      <li>Suhosin</li>
+      <li>Slock</li>
+      <li>Ganglia</li>
+      <li>Jabber to GaduGadu Gateway</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker may be able to gain escalated privileges,
+      execute arbitrary code, cause Denial of Service, obtain sensitive
+      information, or otherwise bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All EGroupware users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-apps/egroupware-1.8.004.20120613"
+    </code>
+    
+    <p>All VTE 0.32 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/vte-0.32.2"
+    </code>
+    
+    <p>All VTE 0.28 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/vte-0.28.2-r204"
+    </code>
+    
+    <p>All Layer Four Traceroute users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/lft-3.33"
+    </code>
+    
+    <p>All Suhosin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/suhosin-0.9.33"
+    </code>
+    
+    <p>All Slock users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-misc/slock-1.0"
+    </code>
+    
+    <p>All Ganglia users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/ganglia-3.3.7"
+    </code>
+    
+    <p>All Jabber to GaduGadu Gateway users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/gg-transport-2.2.4"
+    </code>
+    
+    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures have
+      been available since 2013. It is likely that your system is already no
+      longer affected by these issues.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4776">CVE-2008-4776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2713">CVE-2010-2713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3313">CVE-2010-3313</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3314">CVE-2010-3314</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0765">CVE-2011-0765</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2198">CVE-2011-2198</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0807">CVE-2012-0807</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0808">CVE-2012-0808</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1620">CVE-2012-1620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2738">CVE-2012-2738</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3448">CVE-2012-3448</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-05T19:34:43Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-11T23:30:44Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-11.xml b/metadata/glsa/glsa-201412-11.xml
new file mode 100644
index 000000000000..cd7a6ced5a2f
--- /dev/null
+++ b/metadata/glsa/glsa-201412-11.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-11">
+  <title>AMD64 x86 emulation base libraries: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in AMD64 x86 emulation
+    base libraries, the worst of which may allow remote execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">emul-linux-x86-baselibs</product>
+  <announced>2014-12-12</announced>
+  <revised count="1">2014-12-12</revised>
+  <bug>196865</bug>
+  <bug>335508</bug>
+  <bug>483632</bug>
+  <bug>508322</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="*">
+      <unaffected range="ge">20140406-r1</unaffected>
+      <vulnerable range="lt">20140406-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>AMD64 x86 emulation base libraries provides pre-compiled 32-bit
+      libraries. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in AMD64 x86 emulation
+      base libraries. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker may be able to execute arbitrary code,
+      cause a Denial of Service condition, or obtain sensitive information. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All users of the AMD64 x86 emulation base libraries should upgrade to
+      the latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/emul-linux-x86-baselibs-20140406-r1"
+    </code>
+    
+    <p>NOTE: One or more of the issues described in this advisory have been
+      fixed in previous updates. They are included in this advisory for the
+      sake of completeness. It is likely that your system is already no longer
+      affected by them.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720">CVE-2007-0720</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536">CVE-2007-1536</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026">CVE-2007-2026</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445">CVE-2007-2445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741">CVE-2007-2741</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108">CVE-2007-3108</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995">CVE-2007-4995</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116">CVE-2007-5116</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135">CVE-2007-5135</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266">CVE-2007-5266</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268">CVE-2007-5268</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269">CVE-2007-5269</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849">CVE-2007-5849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205">CVE-2010-1205</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338">CVE-2013-0338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339">CVE-2013-0339</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664">CVE-2013-1664</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969">CVE-2013-1969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877">CVE-2013-2877</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160">CVE-2014-0160</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:06Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-12T00:46:06Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-12.xml b/metadata/glsa/glsa-201412-12.xml
new file mode 100644
index 000000000000..0584e44cd132
--- /dev/null
+++ b/metadata/glsa/glsa-201412-12.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-12">
+  <title>D-Bus: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in D-Bus, possibly
+    resulting in local Denial of Service.
+  </synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>512940</bug>
+  <bug>516080</bug>
+  <bug>522982</bug>
+  <bug>528900</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.8.10</unaffected>
+      <vulnerable range="lt">1.8.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system, a simple way for applications to talk to
+      one another.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in D-Bus. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.8.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3477">CVE-2014-3477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3532">CVE-2014-3532</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3533">CVE-2014-3533</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3635">CVE-2014-3635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3636">CVE-2014-3636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3637">CVE-2014-3637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3638">CVE-2014-3638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3639">CVE-2014-3639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7824">CVE-2014-7824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-06T15:00:32Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T14:54:26Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-13.xml b/metadata/glsa/glsa-201412-13.xml
new file mode 100644
index 000000000000..867422c4d3a1
--- /dev/null
+++ b/metadata/glsa/glsa-201412-13.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-13">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which can allow remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>524764</bug>
+  <bug>529858</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">39.0.2171.65</unaffected>
+      <vulnerable range="lt">39.0.2171.65</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-39.0.2171.65"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3188">CVE-2014-3188</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3189">CVE-2014-3189</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3190">CVE-2014-3190</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3191">CVE-2014-3191</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3192">CVE-2014-3192</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3193">CVE-2014-3193</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3194">CVE-2014-3194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3195">CVE-2014-3195</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3197">CVE-2014-3197</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3198">CVE-2014-3198</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3199">CVE-2014-3199</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3200">CVE-2014-3200</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7899">CVE-2014-7899</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7900">CVE-2014-7900</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7901">CVE-2014-7901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7902">CVE-2014-7902</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7903">CVE-2014-7903</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7904">CVE-2014-7904</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7906">CVE-2014-7906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7907">CVE-2014-7907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7908">CVE-2014-7908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7909">CVE-2014-7909</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7910">CVE-2014-7910</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-10-15T04:33:14Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T16:36:21Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-14.xml b/metadata/glsa/glsa-201412-14.xml
new file mode 100644
index 000000000000..202a6baa83bf
--- /dev/null
+++ b/metadata/glsa/glsa-201412-14.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-14">
+  <title>Xfig: User-assisted execution of arbitrary code</title>
+  <synopsis>Two vulnerabilities have been found in Xfig, possibly resulting in
+    execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">xfig</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>297379</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/xfig" auto="yes" arch="*">
+      <unaffected range="ge">3.2.5c</unaffected>
+      <vulnerable range="lt">3.2.5c</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xfig is an interactive drawing tool.</p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow and a stack consumption vulnerability have
+      been found in Xfig. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially-crafted file,
+      potentially resulting in arbitrary code execution or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xfig users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/xfig-3.2.5c"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4227">CVE-2009-4227</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4228">CVE-2009-4228</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-11-10T22:27:51Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T17:06:33Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-15.xml b/metadata/glsa/glsa-201412-15.xml
new file mode 100644
index 000000000000..6b3c81fbd9ef
--- /dev/null
+++ b/metadata/glsa/glsa-201412-15.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-15">
+  <title>MCollective: Privilege escalation</title>
+  <synopsis>Two vulnerabilities have been found in MCollective, the worst of
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">mcollective</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>513292</bug>
+  <bug>517286</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/mcollective" auto="yes" arch="*">
+      <unaffected range="ge">2.5.3</unaffected>
+      <vulnerable range="lt">2.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MCollective is a framework to build server orchestration or parallel job
+      execution systems.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in MCollective:</p>
+    
+    <ul>
+      <li>An untrusted search path vulnerability exists in MCollective
+        (CVE-2014-3248)
+      </li>
+      <li>MCollective does not properly validate server certificates
+        (CVE-2014-3251)
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A local attacker can execute arbitrary a Trojan horse shared library,
+      potentially resulting in arbitrary code execution and privilege
+      escalation. Furthermore, a local attacker may be able to establish
+      unauthorized MCollective connections.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MCollective users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/mcollective-2.5.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3248">CVE-2014-3248</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3251">CVE-2014-3251</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-22T21:26:18Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T17:06:37Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-16.xml b/metadata/glsa/glsa-201412-16.xml
new file mode 100644
index 000000000000..cb189790d79d
--- /dev/null
+++ b/metadata/glsa/glsa-201412-16.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-16">
+  <title>CouchDB: Denial of service</title>
+  <synopsis>A vulnerability in CouchDB could result in Denial of Service.</synopsis>
+  <product type="ebuild">couchdb</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>506354</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/couchdb" auto="yes" arch="*">
+      <unaffected range="ge">1.5.1</unaffected>
+      <vulnerable range="lt">1.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache CouchDB is a distributed, fault-tolerant and schema-free
+      document-oriented database.
+    </p>
+  </background>
+  <description>
+    <p>CouchDB does not properly sanitize the count parameter for Universally
+      Unique Identifiers (UUID) requests. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request to CouchDB,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>The /_uuids handler can be disabled in local.ini with the following
+      configuration:
+    </p>
+    
+    <p>[httpd_global_handlers]
+      _uuids =
+    </p>
+  </workaround>
+  <resolution>
+    <p>All CouchDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/couchdb-1.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2668">CVE-2014-2668</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-04T19:24:09Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T17:06:39Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-17.xml b/metadata/glsa/glsa-201412-17.xml
new file mode 100644
index 000000000000..03bd221dbfa7
--- /dev/null
+++ b/metadata/glsa/glsa-201412-17.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-17">
+  <title>GPL Ghostscript: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ghostscript-gpl</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>264594</bug>
+  <bug>300192</bug>
+  <bug>332061</bug>
+  <bug>437654</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">9.10-r2</unaffected>
+      <vulnerable range="lt">9.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted PostScript file or PDF using GPL Ghostscript, possibly resulting
+      in execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-text/ghostscript-gpl-9.10-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0196">CVE-2009-0196</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0792">CVE-2009-0792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3743">CVE-2009-3743</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4270">CVE-2009-4270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4897">CVE-2009-4897</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1628">CVE-2010-1628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2055">CVE-2010-2055</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4054">CVE-2010-4054</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4405">CVE-2012-4405</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:17Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T17:06:42Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-18.xml b/metadata/glsa/glsa-201412-18.xml
new file mode 100644
index 000000000000..16bba45a52af
--- /dev/null
+++ b/metadata/glsa/glsa-201412-18.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-18">
+  <title>FreeRDP: User-assisted execution of arbitrary code</title>
+  <synopsis>An integer overflow in FreeRDP couuld result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">freerdp</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>511688</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/freerdp" auto="yes" arch="*">
+      <unaffected range="ge">1.1.0_beta1_p20130710-r1</unaffected>
+      <vulnerable range="lt">1.1.0_beta1_p20130710-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeRDP is a free implementation of the remote desktop protocol.</p>
+  </background>
+  <description>
+    <p>FreeRDP does not properly validate user-supplied input, which could lead
+      to an integer overflow in the xf_Pointer_New() function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeRDP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-misc/freerdp-1.1.0_beta1_p20130710-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0250">CVE-2014-0250</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-05T13:32:41Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T17:06:45Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-19.xml b/metadata/glsa/glsa-201412-19.xml
new file mode 100644
index 000000000000..70ed68f9640f
--- /dev/null
+++ b/metadata/glsa/glsa-201412-19.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-19">
+  <title>PPP: Information disclosure</title>
+  <synopsis>An integer overflow in PPP might allow local attackers to obtain
+    sensitive information.
+  </synopsis>
+  <product type="ebuild">ppp</product>
+  <announced>2014-12-13</announced>
+  <revised count="2">2014-12-13</revised>
+  <bug>519650</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dialup/ppp" auto="yes" arch="*">
+      <unaffected range="ge">2.4.7 </unaffected>
+      <vulnerable range="lt">2.4.7 </vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PPP is a Unix implementation of the Point-to-Point Protocol</p>
+  </background>
+  <description>
+    <p>Integer overflow is discovered in the getword function in options.c in
+      PPP
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute process with extremely long options list,
+      possibly obtaining sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PPP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/ppp-2.4.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3158">CVE-2014-3158</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-21T10:14:30Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:01:42Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-20.xml b/metadata/glsa/glsa-201412-20.xml
new file mode 100644
index 000000000000..80222f85754b
--- /dev/null
+++ b/metadata/glsa/glsa-201412-20.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-20">
+  <title>GNUstep Base library: Denial of service</title>
+  <synopsis>A vulnerability in GNUstep Base library could lead to Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">gnustep-base</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>508370</bug>
+  <access>remote</access>
+  <affected>
+    <package name="gnustep-base/gnustep-base" auto="yes" arch="*">
+      <unaffected range="ge">1.24.6-r1</unaffected>
+      <vulnerable range="lt">1.24.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNUstep Base library is a free software package implementing the API of
+      the OpenStep Foundation Kit (tm), including later additions.
+    </p>
+  </background>
+  <description>
+    <p>GNUstep Base library does not properly handle the file descriptor for
+      logging, when run as a daemon.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNUstep Base library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=gnustep-base/gnustep-base-1.24.6-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2980">CVE-2014-2980</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-04T19:07:11Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:03:50Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-21.xml b/metadata/glsa/glsa-201412-21.xml
new file mode 100644
index 000000000000..8d0bc81ec05b
--- /dev/null
+++ b/metadata/glsa/glsa-201412-21.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-21">
+  <title>mod_wsgi: Privilege escalation</title>
+  <synopsis>Two vulnerabilities have been found in mod_wsgi, the worst of which
+    could result in local privilege escalation.
+  </synopsis>
+  <product type="ebuild">mod_wsgi</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>510938</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-apache/mod_wsgi" auto="yes" arch="*">
+      <unaffected range="ge">3.5</unaffected>
+      <vulnerable range="lt">3.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mod_wsgi is an Apache2 module for running Python WSGI applications.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been found in mod_wsgi:</p>
+    
+    <ul>
+      <li>Error codes returned by setuid are not properly handled
+        (CVE-2014-0240)
+      </li>
+      <li>A memory leak exists via the “Content-Type” header
+        (CVE-2014-0242)
+      </li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to gain escalated privileges. Furthermore,
+      a remote attacker may be able to obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mod_wsgi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_wsgi-3.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0240">CVE-2014-0240</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0242">CVE-2014-0242</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-14T02:20:25Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:03:56Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-22.xml b/metadata/glsa/glsa-201412-22.xml
new file mode 100644
index 000000000000..04fab3b843c2
--- /dev/null
+++ b/metadata/glsa/glsa-201412-22.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-22">
+  <title>Django: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Django, the worst of
+    which may lead to Denial of Service.
+  </synopsis>
+  <product type="ebuild">django</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>521324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/django" auto="yes" arch="*">
+      <unaffected range="ge">1.6.7</unaffected>
+      <unaffected range="rge">1.5.10</unaffected>
+      <unaffected range="rge">1.4.15</unaffected>
+      <vulnerable range="lt">1.6.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Django is a Python-based web framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Django. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to create a Denial of Service condition,
+      obtain sensitive information, or hijack web sessions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Django 1.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.6.7"
+    </code>
+    
+    <p>All Django 1.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.5.10"
+    </code>
+    
+    <p>All Django 1.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.4.15"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0480">CVE-2014-0480</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0481">CVE-2014-0481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0482">CVE-2014-0482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0483">CVE-2014-0483</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-04T18:15:07Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:08:48Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-23.xml b/metadata/glsa/glsa-201412-23.xml
new file mode 100644
index 000000000000..0f42b518767a
--- /dev/null
+++ b/metadata/glsa/glsa-201412-23.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-23">
+  <title>Nagios: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Nagios, the worst of
+    which may allow remote code execution.
+  </synopsis>
+  <product type="ebuild">nagios-core</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>447802</bug>
+  <bug>495132</bug>
+  <bug>501200</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/nagios-core" auto="yes" arch="*">
+      <unaffected range="ge">3.5.1</unaffected>
+      <vulnerable range="lt">3.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nagios is an open source host, service and network monitoring program.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Nagios. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code, cause a Denial
+      of Service condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nagios users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nagios-core-3.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6096">CVE-2012-6096</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7108">CVE-2013-7108</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7205">CVE-2013-7205</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-07T20:13:43Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:55:06Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-24.xml b/metadata/glsa/glsa-201412-24.xml
new file mode 100644
index 000000000000..efd7b71adc8d
--- /dev/null
+++ b/metadata/glsa/glsa-201412-24.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-24">
+  <title>OpenJPEG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJPEG, the worst of
+    which may result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openjpeg</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>484802</bug>
+  <bug>493662</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openjpeg" auto="yes" arch="*">
+      <unaffected range="ge">1.5.2</unaffected>
+      <vulnerable range="lt">1.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJPEG is an open-source JPEG 2000 library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted JPEG
+      file, possibly resulting in execution of arbitrary code or a Denial of
+      Service condition. Furthermore, a remote attacker may be able to obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJPEG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-1.5.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1447">CVE-2013-1447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4289">CVE-2013-4289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4290">CVE-2013-4290</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6045">CVE-2013-6045</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6052">CVE-2013-6052</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6053">CVE-2013-6053</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6054">CVE-2013-6054</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6887">CVE-2013-6887</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-20T00:46:34Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:55:13Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-25.xml b/metadata/glsa/glsa-201412-25.xml
new file mode 100644
index 000000000000..59936b32dce3
--- /dev/null
+++ b/metadata/glsa/glsa-201412-25.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-25">
+  <title>QtGui: Denial of service</title>
+  <synopsis>A NULL pointer dereference in QtGui could lead to Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">qtgui</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>508984</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-qt/qtgui" auto="yes" arch="*">
+      <unaffected range="ge">4.8.5-r2</unaffected>
+      <vulnerable range="lt">4.8.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QtGui is the GUI module and platform plugins for the Qt5 framework.</p>
+  </background>
+  <description>
+    <p>A NULL pointer dereference has been found in QtGui.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted GIF image, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QtGui users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtgui-4.8.5-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0190">CVE-2014-0190</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-09T13:56:15Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:55:19Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-26.xml b/metadata/glsa/glsa-201412-26.xml
new file mode 100644
index 000000000000..35085b83756b
--- /dev/null
+++ b/metadata/glsa/glsa-201412-26.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-26">
+  <title>strongSwan: Multiple Vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been found in strongSwan, possibly
+    resulting in Denial of Service or a bypass in authentication restrictions. 
+  </synopsis>
+  <product type="ebuild">strongswan</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>507722</bug>
+  <bug>509832</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/strongswan" auto="yes" arch="*">
+      <unaffected range="ge">5.1.3</unaffected>
+      <vulnerable range="lt">5.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>strongSwan is an IPSec implementation for Linux.</p>
+  </background>
+  <description>
+    <p>A NULL pointer dereference and an error in the IKEv2 implementation have
+      been found in strongSwan.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could create a Denial of Service condition or bypass
+      security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All strongSwan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/strongswan-5.1.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2338">CVE-2014-2338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2891">CVE-2014-2891</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-04T19:27:51Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:56:21Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-27.xml b/metadata/glsa/glsa-201412-27.xml
new file mode 100644
index 000000000000..5fa51c8a8165
--- /dev/null
+++ b/metadata/glsa/glsa-201412-27.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-27">
+  <title>Ruby: Denial of service</title>
+  <synopsis>Multiple vulnerabilities have been found in Ruby, allowing
+    context-dependent attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">Ruby</product>
+  <announced>2014-12-13</announced>
+  <revised count="1">2014-12-13</revised>
+  <bug>355439</bug>
+  <bug>369141</bug>
+  <bug>396301</bug>
+  <bug>437366</bug>
+  <bug>442580</bug>
+  <bug>458776</bug>
+  <bug>492282</bug>
+  <bug>527084</bug>
+  <bug>529216</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="rge">1.9.3_p551</unaffected>
+      <unaffected range="ge">2.0.0_p598</unaffected>
+      <vulnerable range="lt">2.0.0_p598</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ruby is an object-oriented scripting language.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ruby. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could possibly execute arbitrary code with
+      the privileges of the process, cause a Denial of Service condition, or
+      bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ruby 1.9 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-1.9.3_p551"
+    </code>
+    
+    <p>All Ruby 2.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-2.0.0_p598"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188">CVE-2011-0188</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004">CVE-2011-1004</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005">CVE-2011-1005</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815">CVE-2011-4815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481">CVE-2012-4481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371">CVE-2012-5371</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269">CVE-2013-0269</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821">CVE-2013-1821</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164">CVE-2013-4164</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080">CVE-2014-8080</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090">CVE-2014-8090</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:04Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-13T18:56:30Z">craig</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-28.xml b/metadata/glsa/glsa-201412-28.xml
new file mode 100644
index 000000000000..32a2c1173f10
--- /dev/null
+++ b/metadata/glsa/glsa-201412-28.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-28">
+  <title>Ruby on Rails: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Ruby on Rails, the worst of
+    which allowing for execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">rails</product>
+  <announced>2014-12-14</announced>
+  <revised count="1">2014-12-14</revised>
+  <bug>354249</bug>
+  <bug>379511</bug>
+  <bug>386377</bug>
+  <bug>450974</bug>
+  <bug>453844</bug>
+  <bug>456840</bug>
+  <bug>462452</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/rails" auto="no" arch="*">
+      <unaffected range="ge">2.3.18</unaffected>
+      <vulnerable range="lt">2.3.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ruby on Rails is a web-application and persistence framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ruby on Rails. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code or cause a Denial of
+      Service condition. Furthermore, a remote attacker may be able to execute
+      arbitrary SQL commands, change parameter names for form inputs and make
+      changes to arbitrary records in the system, bypass intended access
+      restrictions, render arbitrary views, inject arbitrary web script or
+      HTML, or conduct cross-site request forgery (CSRF) attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ruby on Rails 2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rails-2.3.18"
+    </code>
+    
+    <p>NOTE: All applications using Ruby on Rails should also be configured to
+      use the latest version available by running “rake rails:update”
+      inside the application directory.
+    </p>
+    
+    <p>NOTE: This is a legacy GLSA and stable updates for Ruby on Rails,
+      including the unaffected version listed above, are no longer available
+      from Gentoo. It may be possible to upgrade to the 3.2, 4.0, or 4.1
+      branches, however these packages are not currently stable.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3933">CVE-2010-3933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0446">CVE-2011-0446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0447">CVE-2011-0447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0448">CVE-2011-0448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0449">CVE-2011-0449</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2929">CVE-2011-2929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2930">CVE-2011-2930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2931">CVE-2011-2931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2932">CVE-2011-2932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3186">CVE-2011-3186</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0155">CVE-2013-0155</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0156">CVE-2013-0156</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0276">CVE-2013-0276</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0277">CVE-2013-0277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0333">CVE-2013-0333</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1854">CVE-2013-1854</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1855">CVE-2013-1855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1856">CVE-2013-1856</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1857">CVE-2013-1857</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-08T22:28:02Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-12-14T20:13:16Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-29.xml b/metadata/glsa/glsa-201412-29.xml
new file mode 100644
index 000000000000..6e8e0cba393d
--- /dev/null
+++ b/metadata/glsa/glsa-201412-29.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-29">
+  <title>Apache Tomcat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache Tomcat, the
+    worst of which may result in Denial of Service.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2014-12-15</announced>
+  <revised count="2">2016-03-20</revised>
+  <bug>442014</bug>
+  <bug>469434</bug>
+  <bug>500600</bug>
+  <bug>511762</bug>
+  <bug>517630</bug>
+  <bug>519590</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge">7.0.56</unaffected>
+      <unaffected range="rge">6.0.41</unaffected>
+      <unaffected range="rge">6.0.42</unaffected>
+      <unaffected range="rge">6.0.43</unaffected>
+      <unaffected range="rge">6.0.44</unaffected>
+      <unaffected range="rge">6.0.45</unaffected>
+      <unaffected range="rge">6.0.46</unaffected>
+      <unaffected range="rge">6.0.47</unaffected>
+      <unaffected range="rge">6.0.48</unaffected>
+      <vulnerable range="lt">7.0.56</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tomcat. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service condition as
+      well as obtain sensitive information, bypass protection mechanisms and
+      authentication restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tomcat 6.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-6.0.41"
+    </code>
+    
+    <p>All Tomcat 7.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-7.0.56"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733">CVE-2012-2733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544">CVE-2012-3544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546">CVE-2012-3546</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431">CVE-2012-4431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534">CVE-2012-4534</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885">CVE-2012-5885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886">CVE-2012-5886</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887">CVE-2012-5887</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067">CVE-2013-2067</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071">CVE-2013-2071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286">CVE-2013-4286</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322">CVE-2013-4322</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590">CVE-2013-4590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033">CVE-2014-0033</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050">CVE-2014-0050</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075">CVE-2014-0075</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096">CVE-2014-0096</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099">CVE-2014-0099</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119">CVE-2014-0119</uri>
+  </references>
+  <metadata tag="requester" timestamp="2012-12-16T22:03:30Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2016-03-20T14:13:30Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-30.xml b/metadata/glsa/glsa-201412-30.xml
new file mode 100644
index 000000000000..04b8e52f486b
--- /dev/null
+++ b/metadata/glsa/glsa-201412-30.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-30">
+  <title>Varnish: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Varnish, the worst of
+    which could allow a remote attacker to create a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">varnish</product>
+  <announced>2014-12-15</announced>
+  <revised count="1">2014-12-15</revised>
+  <bug>458888</bug>
+  <bug>489944</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-servers/varnish" auto="yes" arch="*">
+      <unaffected range="ge">3.0.5</unaffected>
+      <vulnerable range="lt">3.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Varnish is a web application accelerator.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Varnish. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition via a
+      specially crafted GET request. Furthermore a local attacker could obtain
+      sensitive information through insecure permissions on logfiles. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Varnish users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/varnish-3.0.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0345">CVE-2013-0345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4484">CVE-2013-4484</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T02:10:40Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-15T11:43:22Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-31.xml b/metadata/glsa/glsa-201412-31.xml
new file mode 100644
index 000000000000..9cd7dee0126e
--- /dev/null
+++ b/metadata/glsa/glsa-201412-31.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-31">
+  <title>ZNC: Denial of service</title>
+  <synopsis>Multiple vulnerabilities in ZNC could lead to Denial of Service.</synopsis>
+  <product type="ebuild">znc</product>
+  <announced>2014-12-19</announced>
+  <revised count="1">2014-12-19</revised>
+  <bug>471738</bug>
+  <bug>507794</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/znc" auto="yes" arch="*">
+      <unaffected range="ge">1.2-r1</unaffected>
+      <vulnerable range="lt">1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ZNC is an advanced IRC bouncer.</p>
+  </background>
+  <description>
+    <p>Multiple NULL pointer dereferences have been found in ZNC. </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/znc-1.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2130">CVE-2013-2130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9403">CVE-2014-9403</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T02:41:24Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-19T00:46:22Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-32.xml b/metadata/glsa/glsa-201412-32.xml
new file mode 100644
index 000000000000..77f42d08bef4
--- /dev/null
+++ b/metadata/glsa/glsa-201412-32.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-32">
+  <title>sendmail: Information disclosure</title>
+  <synopsis>A vulnerability in sendmail could allow a local attacker to obtain
+    sensitive information.
+  </synopsis>
+  <product type="ebuild">sendmail</product>
+  <announced>2014-12-22</announced>
+  <revised count="1">2014-12-22</revised>
+  <bug>511760</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-mta/sendmail" auto="yes" arch="*">
+      <unaffected range="ge">8.14.9</unaffected>
+      <vulnerable range="lt">8.14.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sendmail is a widely-used Mail Transport Agent (MTA).</p>
+  </background>
+  <description>
+    <p>The sm_close_on_exec function in conf.c has arguments in the wrong
+      order.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could get access to unintended high-numbered file
+      descriptors via a specially crafted program.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sendmail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/sendmail-8.14.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3956">CVE-2014-3956</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-10T01:42:47Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-22T14:46:39Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-33.xml b/metadata/glsa/glsa-201412-33.xml
new file mode 100644
index 000000000000..3db974ee809c
--- /dev/null
+++ b/metadata/glsa/glsa-201412-33.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-33">
+  <title>PowerDNS Recursor: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PowerDNS Recursor, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pdns-recursor</product>
+  <announced>2014-12-22</announced>
+  <revised count="1">2014-12-22</revised>
+  <bug>299942</bug>
+  <bug>404377</bug>
+  <bug>514946</bug>
+  <bug>531992</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdns-recursor" auto="yes" arch="*">
+      <unaffected range="ge">3.6.1-r1</unaffected>
+      <vulnerable range="lt">3.6.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PowerDNS Recursor is a high-end, high-performance resolving name server</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PowerDNS Recursor.
+      Please review the CVE identifiers and PowerDNS blog post referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to send specially crafted packets,
+      possibly resulting in arbitrary code execution or a Denial of Service
+      condition. Furthermore, a remote attacker may be able to spoof DNS data.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PowerDNS Recursor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-recursor-3.6.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4009">CVE-2009-4009</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4010">CVE-2009-4010</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1193">CVE-2012-1193</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8601">CVE-2014-8601</uri>
+    <uri link="https://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recursor-configuration-file-guidance/">
+      Related to recent DoS attacks: Recursor configuration file guidance
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:24Z">craig</metadata>
+  <metadata tag="submitter" timestamp="2014-12-22T21:55:57Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-34.xml b/metadata/glsa/glsa-201412-34.xml
new file mode 100644
index 000000000000..aef798faa5c6
--- /dev/null
+++ b/metadata/glsa/glsa-201412-34.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-34">
+  <title>NTP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NTP, the worst of which
+    could result in remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2014-12-24</announced>
+  <revised count="2">2014-12-24</revised>
+  <bug>533076</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.8</unaffected>
+      <vulnerable range="lt">4.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTP is a protocol designed to synchronize the clocks of computers over a
+      network. The net-misc/ntp package contains the official reference
+      implementation by the NTP Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NTP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote unauthenticated attacker may be able to execute arbitrary code
+      with the privileges of the process, cause a Denial of Service condition,
+      and obtain sensitive information that could assist in other attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293">CVE-2014-9293</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294">CVE-2014-9294</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295">CVE-2014-9295</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296">CVE-2014-9296</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-23T23:07:31Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-24T19:20:24Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-35.xml b/metadata/glsa/glsa-201412-35.xml
new file mode 100644
index 000000000000..18211d95da93
--- /dev/null
+++ b/metadata/glsa/glsa-201412-35.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-35">
+  <title>RSYSLOG: Denial of service</title>
+  <synopsis>Multiple vulnerabilities have been found in RSYSLOG, allowing
+    attackers to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">rsyslog</product>
+  <announced>2014-12-24</announced>
+  <revised count="1">2014-12-24</revised>
+  <bug>395709</bug>
+  <bug>491856</bug>
+  <bug>524058</bug>
+  <bug>524290</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-admin/rsyslog" auto="yes" arch="*">
+      <unaffected range="ge">8.4.2</unaffected>
+      <vulnerable range="lt">8.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RSYSLOG is an enhanced multi-threaded syslogd with database support and
+      more.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in RSYSLOG. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker may be able to create a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RSYSLOG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/rsyslog-8.4.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4623">CVE-2011-4623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3634">CVE-2014-3634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3683">CVE-2014-3683</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-05T19:34:54Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-24T20:04:37Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-36.xml b/metadata/glsa/glsa-201412-36.xml
new file mode 100644
index 000000000000..b654cff79b00
--- /dev/null
+++ b/metadata/glsa/glsa-201412-36.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-36">
+  <title>libvirt: Denial of service</title>
+  <synopsis>Multiple vulnerabilities have been found in libvirt, worst of which
+    allows context-dependent attackers to cause Denial of Service. 
+  </synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2014-12-24</announced>
+  <revised count="1">2014-12-24</revised>
+  <bug>532204</bug>
+  <bug>533286</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">1.2.10-r3</unaffected>
+      <vulnerable range="lt">1.2.10-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libvirt. Please review
+      the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker may be able to cause Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-1.2.10-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8131">CVE-2014-8131</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8135">CVE-2014-8135</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8136">CVE-2014-8136</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-24T14:21:18Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-24T20:40:55Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-37.xml b/metadata/glsa/glsa-201412-37.xml
new file mode 100644
index 000000000000..2b238ea083b9
--- /dev/null
+++ b/metadata/glsa/glsa-201412-37.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-37">
+  <title>QEMU: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could result in execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2014-12-24</announced>
+  <revised count="1">2014-12-24</revised>
+  <bug>528922</bug>
+  <bug>529030</bug>
+  <bug>531666</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.1.2-r2</unaffected>
+      <vulnerable range="lt">2.1.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker may be able to execute arbitrary code,
+      cause a Denial of Service condition, obtain sensitive information, or
+      bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.1.2-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3689">CVE-2014-3689</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7840">CVE-2014-7840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8106">CVE-2014-8106</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-22T03:02:15Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-24T20:51:55Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-38.xml b/metadata/glsa/glsa-201412-38.xml
new file mode 100644
index 000000000000..fbfeb8a656d7
--- /dev/null
+++ b/metadata/glsa/glsa-201412-38.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-38">
+  <title>Icecast: Multiple Vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been found in Icecast, possibly resulting
+    in privilege escalation or disclosure of information.
+  </synopsis>
+  <product type="ebuild">icecast</product>
+  <announced>2014-12-26</announced>
+  <revised count="1">2014-12-26</revised>
+  <bug>529956</bug>
+  <bug>530784</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/icecast" auto="yes" arch="*">
+      <unaffected range="ge">2.4.1</unaffected>
+      <vulnerable range="lt">2.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Icecast is an open source alternative to SHOUTcast that supports MP3,
+      OGG (Vorbis/Theora) and AAC streaming.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been discovered in Icecast:</p>
+    
+    <ul>
+      <li>Icecast does not properly handle shared file descriptors
+        (CVE-2014-9018)
+      </li>
+      <li>Supplementary group privileges are not changed (CVE-2014-9091)</li>
+    </ul>
+  </description>
+  <impact type="high">
+    <p>A local attacker can possibly gain escalated privileges or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Icecast users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/icecast-2.4.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9018">CVE-2014-9018</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9091">CVE-2014-9091</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-12T05:16:19Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-26T00:40:23Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-39.xml b/metadata/glsa/glsa-201412-39.xml
new file mode 100644
index 000000000000..51e0d9d3f0c6
--- /dev/null
+++ b/metadata/glsa/glsa-201412-39.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-39">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which could result in Denial of Service or Man-in-the-Middle attacks.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2014-12-26</announced>
+  <revised count="2">2015-06-06</revised>
+  <bug>494816</bug>
+  <bug>519264</bug>
+  <bug>525468</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1j</unaffected>
+      <unaffected range="rge">0.9.8z_p2</unaffected>
+      <unaffected range="rge">0.9.8z_p3</unaffected>
+      <unaffected range="rge">0.9.8z_p4</unaffected>
+      <unaffected range="rge">0.9.8z_p5</unaffected>
+      <unaffected range="rge">0.9.8z_p6</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.1j</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service condition,
+      perform Man-in-the-Middle attacks, obtain sensitive information, or
+      bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL 1.0.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.1j"
+    </code>
+    
+    <p>All OpenSSL 0.9.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8z_p2"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449">CVE-2013-6449</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450">CVE-2013-6450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505">CVE-2014-3505</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506">CVE-2014-3506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507">CVE-2014-3507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509">CVE-2014-3509</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510">CVE-2014-3510</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511">CVE-2014-3511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512">CVE-2014-3512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513">CVE-2014-3513</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567">CVE-2014-3567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568">CVE-2014-3568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139">CVE-2014-5139</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-04T10:53:11Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-06-06T23:14:38Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-40.xml b/metadata/glsa/glsa-201412-40.xml
new file mode 100644
index 000000000000..eb1203f71132
--- /dev/null
+++ b/metadata/glsa/glsa-201412-40.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-40">
+  <title>FLAC: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in FLAC could lead to execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">flac</product>
+  <announced>2014-12-26</announced>
+  <revised count="1">2014-12-26</revised>
+  <bug>530288</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/flac" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1-r1</unaffected>
+      <vulnerable range="lt">1.3.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Free Lossless Audio Codec (FLAC) library is the reference
+      implementation of the FLAC audio file format.
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow flaw has been discovered in FLAC.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted .flac
+      file using an application linked against FLAC, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FLAC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/flac-1.3.1-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8962">CVE-2014-8962</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-03T00:54:43Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-26T00:40:42Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-41.xml b/metadata/glsa/glsa-201412-41.xml
new file mode 100644
index 000000000000..d7c4486aebaa
--- /dev/null
+++ b/metadata/glsa/glsa-201412-41.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-41">
+  <title>OpenVPN: Denial of service</title>
+  <synopsis>A vulnerability in OpenVPN could lead to Denial of Service.</synopsis>
+  <product type="ebuild">openvpn</product>
+  <announced>2014-12-26</announced>
+  <revised count="1">2014-12-26</revised>
+  <bug>531308</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openvpn" auto="yes" arch="*">
+      <unaffected range="ge">2.3.6</unaffected>
+      <vulnerable range="lt">2.3.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenVPN is a multi-platform, full-featured SSL VPN solution.</p>
+  </background>
+  <description>
+    <p>OpenVPN does not properly handle control channel packets that are too
+      small.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker could send a specially crafted control
+      channel packet, possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenVPN users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openvpn-2.3.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8104">CVE-2014-8104</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-04T00:38:51Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-26T17:10:38Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-42.xml b/metadata/glsa/glsa-201412-42.xml
new file mode 100644
index 000000000000..d0c8d9c3f85e
--- /dev/null
+++ b/metadata/glsa/glsa-201412-42.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-42">
+  <title>Xen: Denial of service</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, possibly resulting
+    in Denial of Service.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2014-12-26</announced>
+  <revised count="2">2014-12-31</revised>
+  <bug>523524</bug>
+  <bug>524200</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="rge">4.2.5-r1</unaffected>
+      <unaffected range="ge">4.3.3-r3</unaffected>
+      <vulnerable range="lt">4.3.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local user could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.2.5-r1"
+    </code>
+    
+    <p>All xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.3.3-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7154">CVE-2014-7154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7155">CVE-2014-7155</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7156">CVE-2014-7156</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7188">CVE-2014-7188</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-10-15T01:33:19Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-31T14:18:28Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-43.xml b/metadata/glsa/glsa-201412-43.xml
new file mode 100644
index 000000000000..1a220818faa3
--- /dev/null
+++ b/metadata/glsa/glsa-201412-43.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-43">
+  <title>MuPDF: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in MuPDF, possibly
+    resulting in remote code execution or Denial of Service.
+  </synopsis>
+  <product type="ebuild">mupdf</product>
+  <announced>2014-12-26</announced>
+  <revised count="1">2014-12-26</revised>
+  <bug>358029</bug>
+  <bug>498876</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/mupdf" auto="yes" arch="*">
+      <unaffected range="ge">1.3_p20140118</unaffected>
+      <vulnerable range="lt">1.3_p20140118</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MuPDF is a lightweight PDF viewer and toolkit written in portable C. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MuPDF. Please review
+      the CVE identifier and Secunia Research referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      using MuPDF, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MuPDF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/mupdf-1.3_p20140118"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2013">CVE-2014-2013</uri>
+    <uri link="https://secunia.com/secunia_research/2011-12/">Secunia Research:
+      MuPDF Two Integer Overflow Vulnerabilities
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:37:03Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-26T17:54:11Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-44.xml b/metadata/glsa/glsa-201412-44.xml
new file mode 100644
index 000000000000..9face7df7839
--- /dev/null
+++ b/metadata/glsa/glsa-201412-44.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-44">
+  <title>policycoreutils: Privilege escalation</title>
+  <synopsis>A vulnerability in policycoreutils could lead to local privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">policycoreutils</product>
+  <announced>2014-12-26</announced>
+  <revised count="1">2014-12-26</revised>
+  <bug>509896</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/policycoreutils" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5-r4</unaffected>
+      <vulnerable range="lt">2.2.5-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>policycoreutils is a collection of SELinux policy utilities.</p>
+  </background>
+  <description>
+    <p>The seunshare utility is owned by root with 4755 permissions which can
+      be exploited by a setuid system call.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All policycoreutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=sys-apps/policycoreutils-2.2.5-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3215">CVE-2014-3215</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-19T04:53:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-26T18:53:38Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-45.xml b/metadata/glsa/glsa-201412-45.xml
new file mode 100644
index 000000000000..ffa682fec95f
--- /dev/null
+++ b/metadata/glsa/glsa-201412-45.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-45">
+  <title>Facter: Privilege escalation</title>
+  <synopsis>An untrusted search path vulnerability in Facter could lead to
+    local privilege escalation.
+  </synopsis>
+  <product type="ebuild">facter</product>
+  <announced>2014-12-26</announced>
+  <revised count="1">2014-12-26</revised>
+  <bug>514476</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-ruby/facter" auto="yes" arch="*">
+      <unaffected range="ge">1.7.6</unaffected>
+      <vulnerable range="lt">1.7.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Facter is a cross-platform Ruby library for retrieving facts from
+      operating systems.
+    </p>
+  </background>
+  <description>
+    <p>Facter includes the current working directory in the search path.</p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to gain escalated privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Facter users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/facter-1.7.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3248">CVE-2014-3248</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-16T21:34:38Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-26T18:59:01Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-46.xml b/metadata/glsa/glsa-201412-46.xml
new file mode 100644
index 000000000000..6dda6c616e29
--- /dev/null
+++ b/metadata/glsa/glsa-201412-46.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-46">
+  <title>LittleCMS: Denial of service</title>
+  <synopsis>Multiple buffer overflow flaws and a parser error in LittleCMS
+    could cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">lcms</product>
+  <announced>2014-12-26</announced>
+  <revised count="1">2014-12-26</revised>
+  <bug>479874</bug>
+  <bug>507788</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/lcms" auto="yes" arch="*">
+      <unaffected range="ge">2.6-r1</unaffected>
+      <vulnerable range="lt">2.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LittleCMS, or short lcms, is a color management system for working with
+      ICC profiles. It is used by many applications including GIMP and Firefox.
+    </p>
+  </background>
+  <description>
+    <p>Multiple stack-based buffer overflows and a profile parser error have
+      been found in LittleCMS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to open a
+      specially crafted file containing a malicious ICC profile, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LittleCMS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/lcms-2.6-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+    
+    <p>NOTE: Gentoo has discontinued support for the LittleCMS 1.9 branch. </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4276">CVE-2013-4276</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459">CVE-2014-0459</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-11-10T21:58:45Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2014-12-26T19:04:58Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-47.xml b/metadata/glsa/glsa-201412-47.xml
new file mode 100644
index 000000000000..e96ce7acb230
--- /dev/null
+++ b/metadata/glsa/glsa-201412-47.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-47">
+  <title>TORQUE Resource Manager: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in TORQUE Resource
+    Manager, possibly resulting in escalation of privileges or remote code
+    execution.
+  </synopsis>
+  <product type="ebuild">torque</product>
+  <announced>2014-12-26</announced>
+  <revised count="1">2014-12-26</revised>
+  <bug>372959</bug>
+  <bug>378805</bug>
+  <bug>390167</bug>
+  <bug>484320</bug>
+  <bug>491270</bug>
+  <bug>510726</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-cluster/torque" auto="yes" arch="*">
+      <unaffected range="ge">4.1.7</unaffected>
+      <unaffected range="rge">2.5.13</unaffected>
+      <vulnerable range="lt">4.1.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TORQUE is a resource manager and queuing system based on OpenPBS.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in TORQUE Resource
+      Manager. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker may be able to gain escalated privileges,
+      execute arbitrary code, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TORQUE Resource Manager 4.x users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/torque-4.1.7"
+    </code>
+    
+    <p>All TORQUE Resource Manager 2.x users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/torque-2.5.13"
+    </code>
+    
+    <p>NOTE: One or more of the issues described in this advisory have been
+      fixed in previous updates. They are included in this advisory for the
+      sake of completeness. It is likely that your system is already no longer
+      affected by them.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2193">CVE-2011-2193</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2907">CVE-2011-2907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4925">CVE-2011-4925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319">CVE-2013-4319</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4495">CVE-2013-4495</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0749">CVE-2014-0749</uri>
+  </references>
+  <metadata tag="requester" timestamp="2011-10-07T23:38:08Z">
+    underling
+  </metadata>
+  <metadata tag="submitter" timestamp="2014-12-26T19:24:57Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-48.xml b/metadata/glsa/glsa-201412-48.xml
new file mode 100644
index 000000000000..be51de898fa4
--- /dev/null
+++ b/metadata/glsa/glsa-201412-48.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-48">
+  <title>file: Denial of service</title>
+  <synopsis>A vulnerability in file could allow a context-dependent attack to
+    create a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2014-12-27</announced>
+  <revised count="1">2014-12-27</revised>
+  <bug>532686</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.21</unaffected>
+      <vulnerable range="lt">5.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The file utility attempts to identify a file’s format by scanning
+      binary data for patterns.
+    </p>
+  </background>
+  <description>
+    <p>An issue with the ELF parser used by the file utility can cause a
+      resource consumption when reading a  specially-crafted ELF binary.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker may be able to cause Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.21"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8117">CVE-2014-8117</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-26T19:35:05Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-12-27T11:11:58Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-49.xml b/metadata/glsa/glsa-201412-49.xml
new file mode 100644
index 000000000000..4a29b33da07f
--- /dev/null
+++ b/metadata/glsa/glsa-201412-49.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-49">
+  <title>fish: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in fish, the worst of
+    which could result in local privilege escalation or remote arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">fish</product>
+  <announced>2014-12-28</announced>
+  <revised count="1">2014-12-28</revised>
+  <bug>509044</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-shells/fish" auto="yes" arch="*">
+      <unaffected range="ge">2.1.1</unaffected>
+      <vulnerable range="lt">2.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>fish is the Friendly Interactive SHell.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in fish. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to gain escalated privileges or overwrite
+      arbitrary files. Furthermore, a remote attacker may be able to execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All fish users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/fish-2.1.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2905">CVE-2014-2905</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2906">CVE-2014-2906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2914">CVE-2014-2914</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3219">CVE-2014-3219</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-26T19:46:39Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-12-28T08:15:27Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-50.xml b/metadata/glsa/glsa-201412-50.xml
new file mode 100644
index 000000000000..69b66ce820e9
--- /dev/null
+++ b/metadata/glsa/glsa-201412-50.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-50">
+  <title>getmail: Information disclosure</title>
+  <synopsis>Multiple vulnerabilities have been discovered in getmail, allowing
+    remote attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">getmail</product>
+  <announced>2014-12-28</announced>
+  <revised count="1">2014-12-28</revised>
+  <bug>524684</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/getmail" auto="yes" arch="*">
+      <unaffected range="ge">4.46.0</unaffected>
+      <vulnerable range="lt">4.46.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>getmail is a POP3 mail retriever with reliable Maildir and mbox
+      delivery.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in getmail. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a man-in-the-middle attack via multiple
+      vectors to obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All getmail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/getmail-4.46.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7273">CVE-2014-7273</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7274">CVE-2014-7274</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7275">CVE-2014-7275</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-28T09:32:32Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-12-28T17:37:18Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-51.xml b/metadata/glsa/glsa-201412-51.xml
new file mode 100644
index 000000000000..e71795294cac
--- /dev/null
+++ b/metadata/glsa/glsa-201412-51.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-51">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
+    which could lead to Denial of Service, bypass intended ACL restrictions or
+    allow an authenticated user to gain escalated privileges. 
+  </synopsis>
+  <product type="ebuild">asterisk,dos,escalated,acl</product>
+  <announced>2014-12-28</announced>
+  <revised count="1">2014-12-28</revised>
+  <bug>530056</bug>
+  <bug>532242</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">11.14.2</unaffected>
+      <vulnerable range="lt">11.14.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Asterisk is an open source telephony engine and toolkit.</p>
+  </background>
+  <description>
+    <p>Multiple unspecified vulnerabilities have been discovered in Asterisk.
+      Please review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Unauthenticated remote attackers can cause Denial of Service or bypass
+      intended ACL restrictions. Authenticated remote attackers can gain
+      escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-11.14.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8412">CVE-2014-8412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8414">CVE-2014-8414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8417">CVE-2014-8417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8418">CVE-2014-8418</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9374">CVE-2014-9374</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-28T15:16:03Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2014-12-28T18:45:10Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-52.xml b/metadata/glsa/glsa-201412-52.xml
new file mode 100644
index 000000000000..ec734ed900e4
--- /dev/null
+++ b/metadata/glsa/glsa-201412-52.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-52">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark which could
+    allow remote attackers to cause Denial of Service. 
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2014-12-28</announced>
+  <revised count="1">2014-12-28</revised>
+  <bug>522968</bug>
+  <bug>529100</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.12.2</unaffected>
+      <vulnerable range="lt">1.12.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause a Denial of Service condition via specially
+      crafted packets. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.12.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6421">CVE-2014-6421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6422">CVE-2014-6422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6423">CVE-2014-6423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6424">CVE-2014-6424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6425">CVE-2014-6425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6426">CVE-2014-6426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6427">CVE-2014-6427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6428">CVE-2014-6428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6429">CVE-2014-6429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6430">CVE-2014-6430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6431">CVE-2014-6431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6432">CVE-2014-6432</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-28T19:18:05Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-12-28T22:15:09Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201412-53.xml b/metadata/glsa/glsa-201412-53.xml
new file mode 100644
index 000000000000..d63d0b4fd4ff
--- /dev/null
+++ b/metadata/glsa/glsa-201412-53.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201412-53">
+  <title>MIT Kerberos 5: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in MIT Kerberos 5, possibly
+    resulting in arbitrary code execution or a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2014-12-31</announced>
+  <revised count="1">2014-12-31</revised>
+  <bug>516334</bug>
+  <bug>517936</bug>
+  <bug>519518</bug>
+  <bug>523506</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.13</unaffected>
+      <vulnerable range="lt">1.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MIT Kerberos 5 is a suite of applications that implement the Kerberos
+      network protocol. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MIT Kerberos 5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341">CVE-2014-4341</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343">CVE-2014-4343</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345">CVE-2014-4345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351">CVE-2014-5351</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-28T07:58:32Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2014-12-31T14:20:08Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-01.xml b/metadata/glsa/glsa-201502-01.xml
new file mode 100644
index 000000000000..4d63c1613534
--- /dev/null
+++ b/metadata/glsa/glsa-201502-01.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-01">
+  <title>mpg123: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in mpg123, which could result in
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">mpg123</product>
+  <announced>2015-02-06</announced>
+  <revised count="1">2015-02-06</revised>
+  <bug>500262</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mpg123" auto="yes" arch="*">
+      <unaffected range="ge">1.18.1</unaffected>
+      <vulnerable range="lt">1.18.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and
+      3.
+    </p>
+  </background>
+  <description>
+    <p>An issue has been found in mpg123 when decoding specifically crafted MP3
+      file, that causes a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted MPEG
+      file using mpg123, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mpg123 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/mpg123-1.18.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9497">CVE-2014-9497</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-10T00:30:07Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-02-06T14:40:46Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-02.xml b/metadata/glsa/glsa-201502-02.xml
new file mode 100644
index 000000000000..fa0c0bb0a492
--- /dev/null
+++ b/metadata/glsa/glsa-201502-02.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2015-02-06</announced>
+  <revised count="1">2015-02-06</revised>
+  <bug>536562</bug>
+  <bug>537378</bug>
+  <bug>537426</bug>
+  <bug>538982</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.442</unaffected>
+      <vulnerable range="lt">11.2.202.442</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.442"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0301">CVE-2015-0301</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0302">CVE-2015-0302</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0303">CVE-2015-0303</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0304">CVE-2015-0304</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0305">CVE-2015-0305</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0306">CVE-2015-0306</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0307">CVE-2015-0307</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0308">CVE-2015-0308</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0309">CVE-2015-0309</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0310">CVE-2015-0310</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0311">CVE-2015-0311</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0314">CVE-2015-0314</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0315">CVE-2015-0315</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0316">CVE-2015-0316</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0317">CVE-2015-0317</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0318">CVE-2015-0318</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0319">CVE-2015-0319</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0320">CVE-2015-0320</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0321">CVE-2015-0321</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0322">CVE-2015-0322</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0323">CVE-2015-0323</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0324">CVE-2015-0324</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0325">CVE-2015-0325</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0326">CVE-2015-0326</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0327">CVE-2015-0327</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0328">CVE-2015-0328</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0329">CVE-2015-0329</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0330">CVE-2015-0330</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-17T18:35:19Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2015-02-06T19:04:05Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-03.xml b/metadata/glsa/glsa-201502-03.xml
new file mode 100644
index 000000000000..cbf57d011280
--- /dev/null
+++ b/metadata/glsa/glsa-201502-03.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-03">
+  <title>BIND: Multiple Vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, allowing remote
+    attackers to cause a
+    denial of service condition.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2015-02-07</announced>
+  <revised count="1">2015-02-07</revised>
+  <bug>531998</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.10.1_p1</unaffected>
+      <vulnerable range="lt">9.10.1_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause a denial of service condition by the lack of
+      GeoIP databases, or via a large or infinite number of referrals.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All bind users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.10.1_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3214">CVE-2014-3214</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8500">CVE-2014-8500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8680">CVE-2014-8680</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-29T00:38:51Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-02-07T16:05:19Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-04.xml b/metadata/glsa/glsa-201502-04.xml
new file mode 100644
index 000000000000..601acd4dae22
--- /dev/null
+++ b/metadata/glsa/glsa-201502-04.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-04">
+  <title>MediaWiki: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mediawiki</product>
+  <announced>2015-02-07</announced>
+  <revised count="1">2015-02-07</revised>
+  <bug>498064</bug>
+  <bug>499632</bug>
+  <bug>503012</bug>
+  <bug>506018</bug>
+  <bug>515138</bug>
+  <bug>518608</bug>
+  <bug>523852</bug>
+  <bug>524364</bug>
+  <bug>532920</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.23.8</unaffected>
+      <unaffected range="rge">1.22.15</unaffected>
+      <unaffected range="rge">1.19.23</unaffected>
+      <vulnerable range="lt">1.23.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MediaWiki is a collaborative editing software used by large projects
+      such as Wikipedia.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MediaWiki. Please
+      review the CVE identifiers and MediaWiki announcement referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to execute arbitrary code with the
+      privileges of the process, create a Denial of Service condition, obtain
+      sensitive information, bypass security restrictions, and inject arbitrary
+      web script or HTML.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MediaWiki 1.23 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.23.8"
+    </code>
+    
+    <p>All MediaWiki 1.22 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.22.15"
+    </code>
+    
+    <p>All MediaWiki 1.19 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.19.23"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6451">CVE-2013-6451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6452">CVE-2013-6452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6453">CVE-2013-6453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6454">CVE-2013-6454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6472">CVE-2013-6472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1610">CVE-2014-1610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2242">CVE-2014-2242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2243">CVE-2014-2243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2244">CVE-2014-2244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2665">CVE-2014-2665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2853">CVE-2014-2853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5241">CVE-2014-5241</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5242">CVE-2014-5242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5243">CVE-2014-5243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7199">CVE-2014-7199</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7295">CVE-2014-7295</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9276">CVE-2014-9276</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9277">CVE-2014-9277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9475">CVE-2014-9475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9476">CVE-2014-9476</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9477">CVE-2014-9477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9478">CVE-2014-9478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9479">CVE-2014-9479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9480">CVE-2014-9480</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9481">CVE-2014-9481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9487">CVE-2014-9487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9507">CVE-2014-9507</uri>
+    <uri link="https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000155.html">
+      MediaWiki Security and Maintenance Releases: 1.19.17, 1.21.11, 1.22.8 and
+      1.23.1
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-02-09T10:34:22Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-02-07T17:27:17Z">
+    sdamashek
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-05.xml b/metadata/glsa/glsa-201502-05.xml
new file mode 100644
index 000000000000..7064d10028a2
--- /dev/null
+++ b/metadata/glsa/glsa-201502-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-05">
+  <title>tcpdump: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in tcpdump could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">tcpdump</product>
+  <announced>2015-02-07</announced>
+  <revised count="1">2015-02-07</revised>
+  <bug>534660</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/tcpdump" auto="yes" arch="*">
+      <unaffected range="ge">4.6.2-r1</unaffected>
+      <vulnerable range="lt">4.6.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tcpdump is a tool for capturing and inspecting network traffic.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in tcpdump:</p>
+    
+    <ul>
+      <li>The olsr_print function function contains an integer underflow error
+        (CVE-2014-8767)
+      </li>
+      <li>The geonet_print function function contains multiple integer
+        underflow errors (CVE-2014-8768)
+      </li>
+      <li>The decoder for the Ad hoc On-Demand Distance Vector protocol
+        contains an out-of-bounds memory access error (CVE-2014-8769)
+      </li>
+      <li>The ppp_hdlc function contains a buffer overflow error
+        (CVE-2014-9140)
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to send a specially crafted packet,
+      possibly resulting in execution of arbitrary code or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tcpdump users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tcpdump-4.6.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8767">CVE-2014-8767</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8768">CVE-2014-8768</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8769">CVE-2014-8769</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9140">CVE-2014-9140</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-17T19:41:40Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2015-02-07T20:04:53Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-06.xml b/metadata/glsa/glsa-201502-06.xml
new file mode 100644
index 000000000000..d7f77934bd03
--- /dev/null
+++ b/metadata/glsa/glsa-201502-06.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-06">
+  <title>nginx: Information disclosure</title>
+  <synopsis>An SSL session fixation vulnerability in nginx may allow remote
+    attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">nginx</product>
+  <announced>2015-02-07</announced>
+  <revised count="1">2015-02-07</revised>
+  <bug>522994</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge">1.7.6</unaffected>
+      <vulnerable range="lt">1.7.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server.
+    </p>
+  </background>
+  <description>
+    <p>An SSL session fixation vulnerability has been found in nginx when
+      multiple servers use the same shared ssl_session_cache or
+      ssl_session_ticket_key.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to obtain sensitive information.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nginx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.7.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616">CVE-2014-3616</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-05T00:39:58Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-02-07T20:30:19Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-07.xml b/metadata/glsa/glsa-201502-07.xml
new file mode 100644
index 000000000000..7a2b08f7dde7
--- /dev/null
+++ b/metadata/glsa/glsa-201502-07.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-07">
+  <title>libevent: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple integer overflow errors in libevent could result in
+    execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libevent</product>
+  <announced>2015-02-07</announced>
+  <revised count="1">2015-02-07</revised>
+  <bug>535774</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libevent" auto="yes" arch="*">
+      <unaffected range="ge">2.0.22</unaffected>
+      <vulnerable range="lt">2.0.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libevent is a library to execute a function when a specific event occurs
+      on a file descriptor.
+    </p>
+  </background>
+  <description>
+    <p>Multiple integer overflow errors in libevent could cause a heap-based
+      buffer overflow. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could cause an application linked against
+      libevent to pass an excessively long input through evbuffer, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libevent users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libevent-2.0.22"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6272">CVE-2014-6272</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-17T19:27:12Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2015-02-07T20:31:58Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-08.xml b/metadata/glsa/glsa-201502-08.xml
new file mode 100644
index 000000000000..95b4150d0a80
--- /dev/null
+++ b/metadata/glsa/glsa-201502-08.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-08">
+  <title>Libav: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Libav, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">libav</product>
+  <announced>2015-02-07</announced>
+  <revised count="1">2015-02-07</revised>
+  <bug>492582</bug>
+  <bug>515234</bug>
+  <bug>531832</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/libav" auto="yes" arch="*">
+      <unaffected range="ge">9.17</unaffected>
+      <vulnerable range="lt">9.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libav is a complete solution to record, convert and stream audio and
+      video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Libav. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file in an application linked against Libav, possibly resulting in
+      execution of arbitrary code with the privileges of the application or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/libav-9.17"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3934">CVE-2011-3934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3935">CVE-2011-3935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3946">CVE-2011-3946</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0848">CVE-2013-0848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0851">CVE-2013-0851</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0852">CVE-2013-0852</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0860">CVE-2013-0860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0868">CVE-2013-0868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3672">CVE-2013-3672</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3674">CVE-2013-3674</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4609">CVE-2014-4609</uri>
+    <uri link="https://libav.org/news.html#0.8.9">Libav News November 2, 2013</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-07T02:04:44Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-02-07T20:33:22Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-09.xml b/metadata/glsa/glsa-201502-09.xml
new file mode 100644
index 000000000000..748e00bbeda8
--- /dev/null
+++ b/metadata/glsa/glsa-201502-09.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-09">
+  <title>Antiword: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in Antiword could result in
+    execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">antiword</product>
+  <announced>2015-02-07</announced>
+  <revised count="1">2015-02-07</revised>
+  <bug>531404</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/antiword" auto="yes" arch="*">
+      <unaffected range="ge">0.37-r1</unaffected>
+      <vulnerable range="lt">0.37-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Antiword is a free MS Word reader.</p>
+  </background>
+  <description>
+    <p>A buffer overflow vulnerability has been found in wordole.c in Antiword.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      document using Antiword, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Antiword users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/antiword-0.37-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8123">CVE-2014-8123</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-11T21:48:35Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2015-02-07T20:39:20Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-10.xml b/metadata/glsa/glsa-201502-10.xml
new file mode 100644
index 000000000000..7fb6d42ac045
--- /dev/null
+++ b/metadata/glsa/glsa-201502-10.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-10">
+  <title>libpng: User-assisted execution of arbitrary code</title>
+  <synopsis>Two vulnerabilities have been found in libpng, possibly resulting
+    in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2015-02-15</announced>
+  <revised count="3">2017-01-03</revised>
+  <bug>531264</bug>
+  <bug>533358</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.6.16</unaffected>
+      <unaffected range="ge" slot="1.5">1.5.21</unaffected>
+      <unaffected range="ge" slot="1.2">1.2.52</unaffected>
+      <vulnerable range="lt">1.6.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpng is a standard library used to process PNG (Portable Network
+      Graphics) images. It is used by several programs, including web browsers
+      and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been discovered in libpng:</p>
+    
+    <ul>
+      <li>The png_user_version_check function contains an out-of-bounds memory
+        access error (libpng 1.6.15 Release Notes)
+      </li>
+      <li>The png_combine_row function contains an integer overflow error,
+        which could result in a heap-based buffer overflow (CVE-2014-9495)
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted PNG file using an application linked against libpng, possibly
+      resulting in execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpng 1.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.6.16"
+    </code>
+    
+    <p>All libpng 1.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.5.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9495">CVE-2014-9495</uri>
+    <uri link="http://www.libpng.org/pub/png/src/libpng-1.6.15-README.txt">
+      libpng 1.6.15 Release Notes
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-15T22:55:48Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2017-01-03T04:39:38Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-11.xml b/metadata/glsa/glsa-201502-11.xml
new file mode 100644
index 000000000000..c0d401758aa3
--- /dev/null
+++ b/metadata/glsa/glsa-201502-11.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-11">
+  <title>GNU cpio: Multiple vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been found in GNU cpio, the worst of which
+    could result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cpio</product>
+  <announced>2015-02-15</announced>
+  <revised count="1">2015-02-15</revised>
+  <bug>530512</bug>
+  <bug>536010</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/cpio" auto="yes" arch="*">
+      <unaffected range="ge">2.11-r3</unaffected>
+      <vulnerable range="lt">2.11-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU cpio copies files into or out of a cpio or tar archive.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities have been discovered in GNU cpio:</p>
+    
+    <ul>
+      <li>The list_file function in GNU cpio contains a heap-based buffer
+        overflow vulnerability (CVE-2014-9112)
+      </li>
+      <li>A directory traversal vulnerability has been found in GNU cpio
+        (CVE-2015-1197)
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to entice a user to open a specially
+      crafted archive using GNU cpio, possibly resulting in execution of
+      arbitrary code, a Denial of Service condition, or overwriting arbitrary
+      files. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU cpio users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/cpio-2.11-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9112">CVE-2014-9112</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1197">CVE-2015-1197</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-17T20:25:43Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2015-02-15T14:35:14Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-12.xml b/metadata/glsa/glsa-201502-12.xml
new file mode 100644
index 000000000000..1975edd5b5c4
--- /dev/null
+++ b/metadata/glsa/glsa-201502-12.xml
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-12">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's Java SE
+    Development Kit and Runtime Environment, the worst of which could lead to
+    execution of arbitrary code. 
+  </synopsis>
+  <product type="ebuild">oracle jre, oracle jdk</product>
+  <announced>2015-02-15</announced>
+  <revised count="1">2015-02-15</revised>
+  <bug>507798</bug>
+  <bug>508716</bug>
+  <bug>517220</bug>
+  <bug>525464</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.0.71</unaffected>
+      <vulnerable range="lt">1.7.0.71</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.7.0.71</unaffected>
+      <vulnerable range="lt">1.7.0.71</vulnerable>
+    </package>
+    <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
+      <unaffected range="ge">1.7.0.71</unaffected>
+      <vulnerable range="lt">1.7.0.71</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Oracle’s Java SE Development Kit and Runtime Environment</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oracle’s Java SE
+      Development Kit and Runtime Environment. Please review the CVE
+      identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker may be able to execute arbitrary code,
+      disclose, update, insert, or delete certain data.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JRE 1.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.7.0.71"
+    </code>
+    
+    <p>All Oracle JDK 1.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.7.0.71"
+    </code>
+    
+    <p>All users of the precompiled 32-bit Oracle JRE should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/emul-linux-x86-java-1.7.0.71"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429">CVE-2014-0429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432">CVE-2014-0432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446">CVE-2014-0446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448">CVE-2014-0448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449">CVE-2014-0449</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451">CVE-2014-0451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452">CVE-2014-0452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453">CVE-2014-0453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454">CVE-2014-0454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455">CVE-2014-0455</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456">CVE-2014-0456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457">CVE-2014-0457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458">CVE-2014-0458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459">CVE-2014-0459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460">CVE-2014-0460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461">CVE-2014-0461</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463">CVE-2014-0463</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464">CVE-2014-0464</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397">CVE-2014-2397</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398">CVE-2014-2398</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401">CVE-2014-2401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402">CVE-2014-2402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403">CVE-2014-2403</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409">CVE-2014-2409</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410">CVE-2014-2410</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412">CVE-2014-2412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413">CVE-2014-2413</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414">CVE-2014-2414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420">CVE-2014-2420</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421">CVE-2014-2421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422">CVE-2014-2422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423">CVE-2014-2423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427">CVE-2014-2427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428">CVE-2014-2428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483">CVE-2014-2483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490">CVE-2014-2490</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208">CVE-2014-4208</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209">CVE-2014-4209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216">CVE-2014-4216</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218">CVE-2014-4218</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219">CVE-2014-4219</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220">CVE-2014-4220</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221">CVE-2014-4221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223">CVE-2014-4223</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227">CVE-2014-4227</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244">CVE-2014-4244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247">CVE-2014-4247</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252">CVE-2014-4252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262">CVE-2014-4262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263">CVE-2014-4263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264">CVE-2014-4264</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265">CVE-2014-4265</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266">CVE-2014-4266</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268">CVE-2014-4268</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288">CVE-2014-4288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456">CVE-2014-6456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457">CVE-2014-6457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458">CVE-2014-6458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466">CVE-2014-6466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468">CVE-2014-6468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476">CVE-2014-6476</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485">CVE-2014-6485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492">CVE-2014-6492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493">CVE-2014-6493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502">CVE-2014-6502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503">CVE-2014-6503</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504">CVE-2014-6504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506">CVE-2014-6506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511">CVE-2014-6511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512">CVE-2014-6512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513">CVE-2014-6513</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515">CVE-2014-6515</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517">CVE-2014-6517</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519">CVE-2014-6519</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527">CVE-2014-6527</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531">CVE-2014-6531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532">CVE-2014-6532</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558">CVE-2014-6558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562">CVE-2014-6562</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-17T22:53:14Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-02-15T14:36:11Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-13.xml b/metadata/glsa/glsa-201502-13.xml
new file mode 100644
index 000000000000..c4c3d83f9050
--- /dev/null
+++ b/metadata/glsa/glsa-201502-13.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-13">
+  <title>Chromium: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which can allow remote attackers to cause Denial of Service or gain
+    escalated privileges. 
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2015-02-17</announced>
+  <revised count="1">2015-02-17</revised>
+  <bug>537366</bug>
+  <bug>539094</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">40.0.2214.111</unaffected>
+      <vulnerable range="lt">40.0.2214.111</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service condition,
+      gain privileges via a filesystem: URI, or have other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-40.0.2214.111"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923">CVE-2014-7923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924">CVE-2014-7924</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925">CVE-2014-7925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926">CVE-2014-7926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927">CVE-2014-7927</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928">CVE-2014-7928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929">CVE-2014-7929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930">CVE-2014-7930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931">CVE-2014-7931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932">CVE-2014-7932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933">CVE-2014-7933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934">CVE-2014-7934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935">CVE-2014-7935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936">CVE-2014-7936</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937">CVE-2014-7937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938">CVE-2014-7938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939">CVE-2014-7939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940">CVE-2014-7940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941">CVE-2014-7941</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942">CVE-2014-7942</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943">CVE-2014-7943</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944">CVE-2014-7944</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945">CVE-2014-7945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946">CVE-2014-7946</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947">CVE-2014-7947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948">CVE-2014-7948</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646">CVE-2014-9646</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647">CVE-2014-9647</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648">CVE-2014-9648</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205">CVE-2015-1205</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209">CVE-2015-1209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210">CVE-2015-1210</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211">CVE-2015-1211</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212">CVE-2015-1212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346">CVE-2015-1346</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359">CVE-2015-1359</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360">CVE-2015-1360</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361">CVE-2015-1361</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-23T22:37:02Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-02-17T22:01:01Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-14.xml b/metadata/glsa/glsa-201502-14.xml
new file mode 100644
index 000000000000..6f94fb697306
--- /dev/null
+++ b/metadata/glsa/glsa-201502-14.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-14">
+  <title>grep: Denial of service</title>
+  <synopsis>A vulnerability in grep could result in Denial of Service. </synopsis>
+  <product type="ebuild">grep,dos</product>
+  <announced>2015-02-25</announced>
+  <revised count="1">2015-02-25</revised>
+  <bug>537046</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/grep" auto="yes" arch="*">
+      <unaffected range="ge">2.21-r1</unaffected>
+      <vulnerable range="lt">2.21-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>grep is the GNU regular expression matcher.</p>
+  </background>
+  <description>
+    <p>A heap buffer overrun has been fixed in the bmexec_trans function in
+      kwset.c. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local user can cause Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All grep users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/grep-2.21-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1345">CVE-2015-1345</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-24T06:32:56Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-02-25T10:22:12Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201502-15.xml b/metadata/glsa/glsa-201502-15.xml
new file mode 100644
index 000000000000..d41a3b3e3e88
--- /dev/null
+++ b/metadata/glsa/glsa-201502-15.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201502-15">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which allowing a context-dependent attacker to bypass intended file
+    restrictions, cause a Denial of Service or execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2015-02-25</announced>
+  <revised count="1">2015-02-25</revised>
+  <bug>479868</bug>
+  <bug>491070</bug>
+  <bug>493664</bug>
+  <bug>504494</bug>
+  <bug>511764</bug>
+  <bug>514676</bug>
+  <bug>541182</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.6.25</unaffected>
+      <vulnerable range="lt">3.6.25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A context-dependent attacker may be able to execute arbitrary code,
+      cause a Denial of Service condition, bypass intended file restrictions,
+      or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-3.6.25"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6150">CVE-2012-6150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4124">CVE-2013-4124</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4408">CVE-2013-4408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4475">CVE-2013-4475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4476">CVE-2013-4476</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4496">CVE-2013-4496</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0178">CVE-2014-0178</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0239">CVE-2014-0239</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0244">CVE-2014-0244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3493">CVE-2014-3493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0240">CVE-2015-0240</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-21T04:10:53Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-02-25T22:04:57Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-01.xml b/metadata/glsa/glsa-201503-01.xml
new file mode 100644
index 000000000000..5ce46ba2b527
--- /dev/null
+++ b/metadata/glsa/glsa-201503-01.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-01">
+  <title>JasPer: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in JasPer, the worst of
+    which could could allow an attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">jasper</product>
+  <announced>2015-03-06</announced>
+  <revised count="1">2015-03-06</revised>
+  <bug>531688</bug>
+  <bug>533744</bug>
+  <bug>537530</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jasper" auto="yes" arch="*">
+      <unaffected range="ge">1.900.1-r9</unaffected>
+      <vulnerable range="lt">1.900.1-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>JasPer is a software-based implementation of the codec specified in the
+      JPEG-2000 Part-1 standard.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in JasPer. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using JasPer, possibly resulting in execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All jasper users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/jasper-1.900.1-r9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8137">CVE-2014-8137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8138">CVE-2014-8138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8157">CVE-2014-8157</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8158">CVE-2014-8158</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9029">CVE-2014-9029</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-07T23:22:20Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-03-06T15:11:02Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-02.xml b/metadata/glsa/glsa-201503-02.xml
new file mode 100644
index 000000000000..28f58b933d39
--- /dev/null
+++ b/metadata/glsa/glsa-201503-02.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-02">
+  <title>D-Bus: Denial of service</title>
+  <synopsis>A vulnerability has been found in D-Bus, possibly resulting in
+    local Denial of Service.
+  </synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2015-03-07</announced>
+  <revised count="1">2015-03-07</revised>
+  <bug>539482</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.8.16</unaffected>
+      <vulnerable range="lt">1.8.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system, a simple way for applications to talk to
+      one another.
+    </p>
+  </background>
+  <description>
+    <p>D-Bus doesn’t validate the source of ActivationFailure signals.</p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.8.16"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0245">CVE-2015-0245</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-25T04:08:15Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-03-07T08:59:46Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-03.xml b/metadata/glsa/glsa-201503-03.xml
new file mode 100644
index 000000000000..bf9970990aa3
--- /dev/null
+++ b/metadata/glsa/glsa-201503-03.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-03">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of
+    which could lead to remote execution of arbitrary code. 
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2015-03-08</announced>
+  <revised count="2">2015-08-22</revised>
+  <bug>530820</bug>
+  <bug>532914</bug>
+  <bug>533998</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.5.21</unaffected>
+      <unaffected range="rge">5.4.37</unaffected>
+      <unaffected range="rge">5.4.38</unaffected>
+      <unaffected range="rge">5.4.39</unaffected>
+      <unaffected range="rge">5.4.40</unaffected>
+      <unaffected range="rge">5.4.41</unaffected>
+      <unaffected range="rge">5.4.42</unaffected>
+      <unaffected range="rge">5.4.43</unaffected>
+      <unaffected range="rge">5.4.44</unaffected>
+      <unaffected range="rge">5.4.45</unaffected>
+      <vulnerable range="lt">5.5.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can leverage these vulnerabilities to execute
+      arbitrary code or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.5.21"
+    </code>
+    
+    <p>All PHP 5.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.4.37"
+    </code>
+    
+    <p>All PHP 5.3 users should upgrade to the latest version. This branch is
+      currently past the end of life and it will no longer receive security
+      fixes. All PHP 5.3 users are strongly recommended to upgrade to the
+      current stable version of PHP 5.5 or previous stable version of PHP 5.4,
+      which are supported till at least 2016 and 2015 respectively. 
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710">CVE-2014-3710</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8142">CVE-2014-8142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9425">CVE-2014-9425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9427">CVE-2014-9427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231">CVE-2015-0231</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0232">CVE-2015-0232</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-29T01:51:48Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-08-22T22:32:31Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-04.xml b/metadata/glsa/glsa-201503-04.xml
new file mode 100644
index 000000000000..24bffbca5eb9
--- /dev/null
+++ b/metadata/glsa/glsa-201503-04.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-04">
+  <title>GNU C Library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GNU C Library,  the
+    worst of which allowing a local attacker to execute arbitrary code or cause
+    a Denial of Service .
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2015-03-08</announced>
+  <revised count="1">2015-03-08</revised>
+  <bug>431218</bug>
+  <bug>434408</bug>
+  <bug>454862</bug>
+  <bug>464634</bug>
+  <bug>477330</bug>
+  <bug>480734</bug>
+  <bug>484646</bug>
+  <bug>488084</bug>
+  <bug>489234</bug>
+  <bug>501196</bug>
+  <bug>513090</bug>
+  <bug>521930</bug>
+  <bug>537990</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.19-r1</unaffected>
+      <vulnerable range="lt">2.19-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU C library is the standard C library used by Gentoo Linux
+      systems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the GNU C Library.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker may be able to execute arbitrary code or cause a Denial
+      of Service condition,.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All glibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.19-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3404">CVE-2012-3404</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3405">CVE-2012-3405</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3406">CVE-2012-3406</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3480">CVE-2012-3480</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412">CVE-2012-4412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4424">CVE-2012-4424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6656">CVE-2012-6656</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0242">CVE-2013-0242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1914">CVE-2013-1914</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2207">CVE-2013-2207</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4237">CVE-2013-4237</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4332">CVE-2013-4332</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4458">CVE-2013-4458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4788">CVE-2013-4788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4043">CVE-2014-4043</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0235">CVE-2015-0235</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-30T23:06:40Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-03-08T14:38:42Z">
+    creffett
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-05.xml b/metadata/glsa/glsa-201503-05.xml
new file mode 100644
index 000000000000..3e7763a91034
--- /dev/null
+++ b/metadata/glsa/glsa-201503-05.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-05">
+  <title>FreeType: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeType, possibly
+    resulting in Denial of Service.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2015-03-08</announced>
+  <revised count="1">2015-03-08</revised>
+  <bug>532152</bug>
+  <bug>539796</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.5.5</unaffected>
+      <vulnerable range="lt">2.5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeType is a high-quality and portable font engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeType. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeType users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.5.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9656">CVE-2014-9656</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9657">CVE-2014-9657</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9658">CVE-2014-9658</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9659">CVE-2014-9659</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9660">CVE-2014-9660</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9661">CVE-2014-9661</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9662">CVE-2014-9662</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9663">CVE-2014-9663</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9664">CVE-2014-9664</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9665">CVE-2014-9665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9666">CVE-2014-9666</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9667">CVE-2014-9667</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9668">CVE-2014-9668</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9669">CVE-2014-9669</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9670">CVE-2014-9670</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9671">CVE-2014-9671</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9672">CVE-2014-9672</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9673">CVE-2014-9673</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9674">CVE-2014-9674</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9675">CVE-2014-9675</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-26T01:14:38Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-03-08T14:40:17Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-06.xml b/metadata/glsa/glsa-201503-06.xml
new file mode 100644
index 000000000000..715df8a4a1b4
--- /dev/null
+++ b/metadata/glsa/glsa-201503-06.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-06">
+  <title>ICU: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ICU, possibly resulting
+    in Denial of Service.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2015-03-14</announced>
+  <revised count="1">2015-03-14</revised>
+  <bug>537560</bug>
+  <bug>539108</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">54.1-r1</unaffected>
+      <vulnerable range="lt">54.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ICU is a mature, widely used set of C/C++ and Java libraries providing
+      Unicode and Globalization support for software applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ICU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ICU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-54.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923">CVE-2014-7923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926">CVE-2014-7926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940">CVE-2014-7940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9654">CVE-2014-9654</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-25T04:20:24Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-03-14T18:20:46Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-07.xml b/metadata/glsa/glsa-201503-07.xml
new file mode 100644
index 000000000000..cb2982765929
--- /dev/null
+++ b/metadata/glsa/glsa-201503-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-07">
+  <title>hivex: User-assisted execution of arbitrary code</title>
+  <synopsis>An out-of-bounds error in hivex may result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">hivex</product>
+  <announced>2015-03-14</announced>
+  <revised count="1">2015-03-14</revised>
+  <bug>490990</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-misc/hivex" auto="yes" arch="*">
+      <unaffected range="ge">1.3.11</unaffected>
+      <vulnerable range="lt">1.3.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>hivex is a library for reading and writing Windows Registry ‘hive’
+      binary files.
+    </p>
+  </background>
+  <description>
+    <p>Manipulating a short or truncated hive file may trigger an out-of-bounds
+      read or write in hivex.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could cause an application linked against
+      hivex to pass a short or truncated hive file, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All hivex users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/hivex-1.3.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9273">CVE-2014-9273</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-15T23:12:47Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-03-14T18:22:22Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-08.xml b/metadata/glsa/glsa-201503-08.xml
new file mode 100644
index 000000000000..d38e5342a11f
--- /dev/null
+++ b/metadata/glsa/glsa-201503-08.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-08">
+  <title>file: Denial of service</title>
+  <synopsis>Vulnerabilities in file could allow a context-dependent attack to
+    create a Denial of Service condition. 
+  </synopsis>
+  <product type="ebuild">file,Dos</product>
+  <announced>2015-03-16</announced>
+  <revised count="1">2015-03-16</revised>
+  <bug>503582</bug>
+  <bug>532768</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.22</unaffected>
+      <vulnerable range="lt">5.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The file utility attempts to identify a file’s format by scanning
+      binary data for patterns.
+    </p>
+  </background>
+  <description>
+    <p>Multiple issues with the ELF parser used by the file utility have been
+      detected and fixed.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker can cause Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.22"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270">CVE-2014-2270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9620">CVE-2014-9620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9621">CVE-2014-9621</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-18T02:25:52Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-03-16T19:34:27Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-09.xml b/metadata/glsa/glsa-201503-09.xml
new file mode 100644
index 000000000000..21abca4a1c78
--- /dev/null
+++ b/metadata/glsa/glsa-201503-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-09">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">flash,ACE,DoS</product>
+  <announced>2015-03-16</announced>
+  <revised count="1">2015-03-16</revised>
+  <bug>543112</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.451</unaffected>
+      <vulnerable range="lt">11.2.202.451</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or bypass
+      security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All adobe-flash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.451"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0332">CVE-2015-0332</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0333">CVE-2015-0333</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0334">CVE-2015-0334</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0335">CVE-2015-0335</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0336">CVE-2015-0336</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0337">CVE-2015-0337</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0338">CVE-2015-0338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0339">CVE-2015-0339</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0340">CVE-2015-0340</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0341">CVE-2015-0341</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0342">CVE-2015-0342</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-03-14T00:47:30Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-03-16T21:01:07Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-10.xml b/metadata/glsa/glsa-201503-10.xml
new file mode 100644
index 000000000000..52c86ad82e0e
--- /dev/null
+++ b/metadata/glsa/glsa-201503-10.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-10">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2015-03-18</announced>
+  <revised count="2">2015-06-17</revised>
+  <bug>495224</bug>
+  <bug>500518</bug>
+  <bug>505068</bug>
+  <bug>506084</bug>
+  <bug>514686</bug>
+  <bug>523792</bug>
+  <bug>532232</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">3.3.5-r1</unaffected>
+      <unaffected range="ge">2.7.9-r1</unaffected>
+      <vulnerable range="lt">3.3.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker may be able to execute arbitrary code or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 3.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.3.5-r1"
+    </code>
+    
+    <p>All Python 2.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.9-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752">CVE-2013-1752</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338">CVE-2013-7338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912">CVE-2014-1912</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667">CVE-2014-2667</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616">CVE-2014-4616</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185">CVE-2014-7185</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365">CVE-2014-9365</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-18T20:14:36Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-06-17T19:35:55Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-11.xml b/metadata/glsa/glsa-201503-11.xml
new file mode 100644
index 000000000000..c4c25061c999
--- /dev/null
+++ b/metadata/glsa/glsa-201503-11.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-11">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL that can result
+    in either Denial of Service or information disclosure.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2015-03-19</announced>
+  <revised count="2">2015-06-06</revised>
+  <bug>543552</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1l-r1</unaffected>
+      <unaffected range="rge">0.9.8z_p5</unaffected>
+      <unaffected range="rge">0.9.8z_p6</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.1l-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in OpenSSL. Please review the
+      CVE identifiers and the upstream advisory referenced below for details:
+    </p>
+    
+    <ul>
+      <li>RSA silently downgrades to EXPORT_RSA [Client] (Reclassified)
+        (CVE-2015-0204)
+      </li>
+      <li>Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)</li>
+      <li>ASN.1 structure reuse memory corruption (CVE-2015-0287)</li>
+      <li>X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)</li>
+      <li>PKCS7 NULL pointer dereferences (CVE-2015-0289)</li>
+      <li>Base64 decode (CVE-2015-0292)</li>
+      <li>DoS via reachable assert in SSLv2 servers (CVE-2015-0293)</li>
+      <li>Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)</li>
+    </ul>
+    
+    <p>The following issues affect OpenSSL 1.0.2 only which is not part of the
+      supported Gentoo stable tree:
+    </p>
+    
+    <ul>
+      <li>OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)</li>
+      <li>Multiblock corrupted pointer (CVE-2015-0290)</li>
+      <li>Segmentation fault in DTLSv1_listen (CVE-2015-0207)</li>
+      <li>Segmentation fault for invalid PSS parameters (CVE-2015-0208)</li>
+      <li>Empty CKE with client auth and DHE (CVE-2015-1787)</li>
+      <li>Handshake with unseeded PRNG (CVE-2015-0285)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can utilize multiple vectors to cause Denial of
+      Service or Information Disclosure.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL 1.0.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.1l-r1"
+    </code>
+    
+    <p>All OpenSSL 0.9.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8z_p5-r1"
+    </code>
+    
+    <p>Packages which depend on the OpenSSL library need to be restarted for
+      the upgrade to take effect. Some packages may need to be recompiled.
+      Tools such as revdep-rebuild may assist in identifying some of these
+      packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204">CVE-2015-0204</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207">CVE-2015-0207</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208">CVE-2015-0208</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209">CVE-2015-0209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285">CVE-2015-0285</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287">CVE-2015-0287</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288">CVE-2015-0288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289">CVE-2015-0289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290">CVE-2015-0290</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291">CVE-2015-0291</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292">CVE-2015-0292</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293">CVE-2015-0293</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787">CVE-2015-1787</uri>
+    <uri link="https://openssl.org/news/secadv_20150319.txt">OpenSSL Security
+      Advisory [19 Mar 2015]
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-03-19T09:52:36Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2015-06-06T23:16:23Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-12.xml b/metadata/glsa/glsa-201503-12.xml
new file mode 100644
index 000000000000..baf77316cf89
--- /dev/null
+++ b/metadata/glsa/glsa-201503-12.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-12">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which can allow remote attackers to cause Denial of Service or bypass
+    security restrictions. 
+  </synopsis>
+  <product type="ebuild">chromimu</product>
+  <announced>2015-03-22</announced>
+  <revised count="1">2015-03-22</revised>
+  <bug>542090</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">41.0.2272.76</unaffected>
+      <vulnerable range="lt">41.0.2272.76</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause a Denial of Service condition,
+      bypass security restrictions, or have other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-41.0.2272.76"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1213">CVE-2015-1213</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1214">CVE-2015-1214</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1215">CVE-2015-1215</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1216">CVE-2015-1216</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1217">CVE-2015-1217</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1218">CVE-2015-1218</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1219">CVE-2015-1219</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1220">CVE-2015-1220</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1221">CVE-2015-1221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1222">CVE-2015-1222</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1223">CVE-2015-1223</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1224">CVE-2015-1224</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1225">CVE-2015-1225</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1226">CVE-2015-1226</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1227">CVE-2015-1227</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1228">CVE-2015-1228</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1229">CVE-2015-1229</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1230">CVE-2015-1230</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1231">CVE-2015-1231</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1232">CVE-2015-1232</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-03-21T14:01:08Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-03-22T22:04:32Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201503-13.xml b/metadata/glsa/glsa-201503-13.xml
new file mode 100644
index 000000000000..9565811f41f0
--- /dev/null
+++ b/metadata/glsa/glsa-201503-13.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201503-13">
+  <title>BusyBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BusyBox, allowing
+    context dependent attackers to load arbitrary kernel modules, execute
+    arbitrary files, or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">busybox</product>
+  <announced>2015-03-29</announced>
+  <revised count="1">2015-03-29</revised>
+  <bug>515254</bug>
+  <bug>537978</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/busybox" auto="yes" arch="*">
+      <unaffected range="ge">1.23.1</unaffected>
+      <vulnerable range="lt">1.23.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BusyBox is set of tools for embedded systems and is a replacement for
+      GNU Coreutils.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BusyBox.  Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker can load kernel modules without privileges
+      by nullifying enforced module
+      prefixes. Execution of arbitrary files or a Denial of Service can be
+      caused through the included vulnerable LZO library.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BusyBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/busybox-1.23.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4607">CVE-2014-4607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9645">CVE-2014-9645</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-03-18T18:23:03Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-03-29T17:08:00Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201504-01.xml b/metadata/glsa/glsa-201504-01.xml
new file mode 100644
index 000000000000..9662114294f5
--- /dev/null
+++ b/metadata/glsa/glsa-201504-01.xml
@@ -0,0 +1,304 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201504-01">
+  <title>Mozilla Products: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox,
+    Thunderbird, and SeaMonkey, the worst of which may allow user-assisted
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox thunderbird seamonkey</product>
+  <announced>2015-04-07</announced>
+  <revised count="2">2015-04-08</revised>
+  <bug>489796</bug>
+  <bug>491234</bug>
+  <bug>493850</bug>
+  <bug>500320</bug>
+  <bug>505072</bug>
+  <bug>509050</bug>
+  <bug>512896</bug>
+  <bug>517876</bug>
+  <bug>522020</bug>
+  <bug>523652</bug>
+  <bug>525474</bug>
+  <bug>531408</bug>
+  <bug>536564</bug>
+  <bug>541316</bug>
+  <bug>544056</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">31.5.3</unaffected>
+      <vulnerable range="lt">31.5.3</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">31.5.3</unaffected>
+      <vulnerable range="lt">31.5.3</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">31.5.0</unaffected>
+      <vulnerable range="lt">31.5.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">31.5.0</unaffected>
+      <vulnerable range="lt">31.5.0</vulnerable>
+    </package>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">2.33.1</unaffected>
+      <vulnerable range="lt">2.33.1</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.33.1</unaffected>
+      <vulnerable range="lt">2.33.1</vulnerable>
+    </package>
+    <package name="dev-libs/nspr" auto="yes" arch="*">
+      <unaffected range="ge">4.10.6</unaffected>
+      <vulnerable range="lt">4.10.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an
+      open-source email client, both from the Mozilla Project. The SeaMonkey
+      project is a community effort to deliver production-quality releases of
+      code derived from the application formerly known as the ‘Mozilla
+      Application Suite’.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Firefox, Thunderbird,
+      and SeaMonkey. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page or email, possibly resulting in execution of arbitrary code or a
+      Denial of Service condition. Furthermore, a remote attacker may be able
+      to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
+      the address bar, conduct clickjacking attacks, bypass security
+      restrictions and protection mechanisms,  or have other unspecified
+      impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-31.5.3"
+    </code>
+    
+    <p>All firefox-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-31.5.3"
+    </code>
+    
+    <p>All thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-31.5.0"
+    </code>
+    
+    <p>All thunderbird-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-31.5.0"
+    </code>
+    
+    <p>All seamonkey users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-2.33.1"
+    </code>
+    
+    <p>All seamonkey-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-2.33.1"
+    </code>
+    
+    <p>All nspr users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nspr-4.10.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741">CVE-2013-1741</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566">CVE-2013-2566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590">CVE-2013-5590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591">CVE-2013-5591</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592">CVE-2013-5592</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593">CVE-2013-5593</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595">CVE-2013-5595</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596">CVE-2013-5596</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597">CVE-2013-5597</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598">CVE-2013-5598</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599">CVE-2013-5599</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600">CVE-2013-5600</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601">CVE-2013-5601</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602">CVE-2013-5602</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603">CVE-2013-5603</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604">CVE-2013-5604</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605">CVE-2013-5605</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606">CVE-2013-5606</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607">CVE-2013-5607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609">CVE-2013-5609</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610">CVE-2013-5610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612">CVE-2013-5612</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613">CVE-2013-5613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614">CVE-2013-5614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615">CVE-2013-5615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616">CVE-2013-5616</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618">CVE-2013-5618</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619">CVE-2013-5619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671">CVE-2013-6671</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672">CVE-2013-6672</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673">CVE-2013-6673</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477">CVE-2014-1477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478">CVE-2014-1478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479">CVE-2014-1479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480">CVE-2014-1480</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481">CVE-2014-1481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482">CVE-2014-1482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483">CVE-2014-1483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485">CVE-2014-1485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486">CVE-2014-1486</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487">CVE-2014-1487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488">CVE-2014-1488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489">CVE-2014-1489</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490">CVE-2014-1490</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491">CVE-2014-1491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492">CVE-2014-1492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493">CVE-2014-1493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494">CVE-2014-1494</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496">CVE-2014-1496</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497">CVE-2014-1497</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498">CVE-2014-1498</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499">CVE-2014-1499</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500">CVE-2014-1500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502">CVE-2014-1502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1504">CVE-2014-1504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505">CVE-2014-1505</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508">CVE-2014-1508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509">CVE-2014-1509</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510">CVE-2014-1510</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511">CVE-2014-1511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512">CVE-2014-1512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513">CVE-2014-1513</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514">CVE-2014-1514</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518">CVE-2014-1518</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519">CVE-2014-1519</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520">CVE-2014-1520</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522">CVE-2014-1522</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523">CVE-2014-1523</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524">CVE-2014-1524</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525">CVE-2014-1525</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526">CVE-2014-1526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529">CVE-2014-1529</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530">CVE-2014-1530</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531">CVE-2014-1531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532">CVE-2014-1532</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533">CVE-2014-1533</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534">CVE-2014-1534</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536">CVE-2014-1536</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537">CVE-2014-1537</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538">CVE-2014-1538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539">CVE-2014-1539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540">CVE-2014-1540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541">CVE-2014-1541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542">CVE-2014-1542</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543">CVE-2014-1543</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544">CVE-2014-1544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545">CVE-2014-1545</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547">CVE-2014-1547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548">CVE-2014-1548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549">CVE-2014-1549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550">CVE-2014-1550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551">CVE-2014-1551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552">CVE-2014-1552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553">CVE-2014-1553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554">CVE-2014-1554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555">CVE-2014-1555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556">CVE-2014-1556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557">CVE-2014-1557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558">CVE-2014-1558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559">CVE-2014-1559</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560">CVE-2014-1560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561">CVE-2014-1561</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562">CVE-2014-1562</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563">CVE-2014-1563</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564">CVE-2014-1564</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565">CVE-2014-1565</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566">CVE-2014-1566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567">CVE-2014-1567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568">CVE-2014-1568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574">CVE-2014-1574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575">CVE-2014-1575</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576">CVE-2014-1576</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577">CVE-2014-1577</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578">CVE-2014-1578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580">CVE-2014-1580</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581">CVE-2014-1581</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582">CVE-2014-1582</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583">CVE-2014-1583</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584">CVE-2014-1584</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585">CVE-2014-1585</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586">CVE-2014-1586</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587">CVE-2014-1587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588">CVE-2014-1588</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589">CVE-2014-1589</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590">CVE-2014-1590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591">CVE-2014-1591</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592">CVE-2014-1592</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593">CVE-2014-1593</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594">CVE-2014-1594</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369">CVE-2014-5369</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631">CVE-2014-8631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632">CVE-2014-8632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634">CVE-2014-8634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635">CVE-2014-8635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636">CVE-2014-8636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637">CVE-2014-8637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638">CVE-2014-8638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639">CVE-2014-8639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640">CVE-2014-8640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641">CVE-2014-8641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642">CVE-2014-8642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817">CVE-2015-0817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818">CVE-2015-0818</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819">CVE-2015-0819</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820">CVE-2015-0820</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821">CVE-2015-0821</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822">CVE-2015-0822</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823">CVE-2015-0823</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824">CVE-2015-0824</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825">CVE-2015-0825</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826">CVE-2015-0826</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827">CVE-2015-0827</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828">CVE-2015-0828</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829">CVE-2015-0829</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830">CVE-2015-0830</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831">CVE-2015-0831</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832">CVE-2015-0832</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833">CVE-2015-0833</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834">CVE-2015-0834</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835">CVE-2015-0835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836">CVE-2015-0836</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-05-21T03:07:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-04-08T20:01:24Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201504-02.xml b/metadata/glsa/glsa-201504-02.xml
new file mode 100644
index 000000000000..97f9ef384fd7
--- /dev/null
+++ b/metadata/glsa/glsa-201504-02.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201504-02">
+  <title>sudo: Information disclosure</title>
+  <synopsis>A vulnerability in sudo could allow a local attacker to read
+    arbitrary files or bypass security restrictions.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2015-04-11</announced>
+  <revised count="1">2015-04-11</revised>
+  <bug>539532</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.12</unaffected>
+      <vulnerable range="lt">1.8.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo allows a system administrator to give users the ability to run
+      commands as other users. Access to commands may also be granted on a
+      range to hosts. 
+    </p>
+  </background>
+  <description>
+    <p>sudo does not handle the TZ environment variable properly.</p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker may be able to read arbitrary files or information from
+      device special files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9680">CVE-2014-9680</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-03-29T16:50:29Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-04-11T14:50:58Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201504-03.xml b/metadata/glsa/glsa-201504-03.xml
new file mode 100644
index 000000000000..bfdeabb67ae5
--- /dev/null
+++ b/metadata/glsa/glsa-201504-03.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201504-03">
+  <title>Apache: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Apache HTTP Server, the
+    worst of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2015-04-11</announced>
+  <revised count="2">2015-04-19</revised>
+  <bug>535948</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.2.29</unaffected>
+      <vulnerable range="lt">2.2.29</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache HTTP Server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache HTTP Server.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.29"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5704">CVE-2013-5704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0118">CVE-2014-0118</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0226">CVE-2014-0226</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0231">CVE-2014-0231</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-25T02:07:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-04-19T00:06:25Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201504-04.xml b/metadata/glsa/glsa-201504-04.xml
new file mode 100644
index 000000000000..b6a520bf0b2f
--- /dev/null
+++ b/metadata/glsa/glsa-201504-04.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201504-04">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    can allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2015-04-11</announced>
+  <revised count="1">2015-04-11</revised>
+  <bug>478280</bug>
+  <bug>482138</bug>
+  <bug>512294</bug>
+  <bug>519800</bug>
+  <bug>530182</bug>
+  <bug>530980</bug>
+  <bug>532030</bug>
+  <bug>536220</bug>
+  <bug>542266</bug>
+  <bug>543304</bug>
+  <bug>545144</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.4.2-r1</unaffected>
+      <unaffected range="rge">4.2.5-r8</unaffected>
+      <vulnerable range="lt">4.4.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen.  Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could possibly cause a Denial of Service condition or
+      obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen 4.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.4.2-r1"
+    </code>
+    
+    <p>All Xen 4.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.2.5-r8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2212">CVE-2013-2212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3495">CVE-2013-3495</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3967">CVE-2014-3967</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3968">CVE-2014-3968</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5146">CVE-2014-5146</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5149">CVE-2014-5149</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8594">CVE-2014-8594</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8595">CVE-2014-8595</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8866">CVE-2014-8866</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8867">CVE-2014-8867</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9030">CVE-2014-9030</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9065">CVE-2014-9065</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9066">CVE-2014-9066</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0361">CVE-2015-0361</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2044">CVE-2015-2044</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2045">CVE-2015-2045</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2152">CVE-2015-2152</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2751">CVE-2015-2751</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2752">CVE-2015-2752</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2756">CVE-2015-2756</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-01T02:14:06Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-04-11T20:08:49Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201504-05.xml b/metadata/glsa/glsa-201504-05.xml
new file mode 100644
index 000000000000..3b60db2ecd8e
--- /dev/null
+++ b/metadata/glsa/glsa-201504-05.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201504-05">
+  <title>MySQL and MariaDB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MySQL and MariaDB, the
+    worst of which can allow remote attackers to cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">mysql mariadb</product>
+  <announced>2015-04-11</announced>
+  <revised count="1">2015-04-11</revised>
+  <bug>537216</bug>
+  <bug>537262</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.22</unaffected>
+      <vulnerable range="lt">5.6.22</vulnerable>
+    </package>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge">10.0.16</unaffected>
+      <unaffected range="rge">5.5.49</unaffected>
+      <vulnerable range="lt">10.0.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
+      enhanced, drop-in replacement for MySQL.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL and MariaDB. 
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit vulnerabilities to possibly cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.22"
+    </code>
+    
+    <p>All MariaDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.0.16"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6568">CVE-2014-6568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0374">CVE-2015-0374</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0381">CVE-2015-0381</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0382">CVE-2015-0382</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0385">CVE-2015-0385</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0391">CVE-2015-0391</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0409">CVE-2015-0409</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0411">CVE-2015-0411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0432">CVE-2015-0432</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-16T14:04:19Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-04-11T20:11:58Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201504-06.xml b/metadata/glsa/glsa-201504-06.xml
new file mode 100644
index 000000000000..6a2a13c95a94
--- /dev/null
+++ b/metadata/glsa/glsa-201504-06.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201504-06">
+  <title>X.Org X Server: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org X Server,
+    allowing attackers to execute arbitrary code or cause a Denial of Service
+    condition. 
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2015-04-17</announced>
+  <revised count="2">2015-04-17</revised>
+  <bug>532086</bug>
+  <bug>539692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.12.4-r4</unaffected>
+      <vulnerable range="lt">1.12.4-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org X Server. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.12.4-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8091">CVE-2014-8091</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8092">CVE-2014-8092</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8093">CVE-2014-8093</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8094">CVE-2014-8094</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8095">CVE-2014-8095</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8096">CVE-2014-8096</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8097">CVE-2014-8097</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8098">CVE-2014-8098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8099">CVE-2014-8099</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8100">CVE-2014-8100</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8101">CVE-2014-8101</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8102">CVE-2014-8102</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8103">CVE-2014-8103</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0255">CVE-2015-0255</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-31T19:25:14Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-04-17T12:55:13Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201504-07.xml b/metadata/glsa/glsa-201504-07.xml
new file mode 100644
index 000000000000..40f19c42d858
--- /dev/null
+++ b/metadata/glsa/glsa-201504-07.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201504-07">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2015-04-17</announced>
+  <revised count="1">2015-04-17</revised>
+  <bug>546706</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.457</unaffected>
+      <vulnerable range="lt">11.2.202.457</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.457"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0346">CVE-2015-0346</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0347">CVE-2015-0347</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0348">CVE-2015-0348</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0349">CVE-2015-0349</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0350">CVE-2015-0350</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0351">CVE-2015-0351</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0352">CVE-2015-0352</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0353">CVE-2015-0353</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0354">CVE-2015-0354</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0355">CVE-2015-0355</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0356">CVE-2015-0356</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0357">CVE-2015-0357</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0358">CVE-2015-0358</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0359">CVE-2015-0359</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0360">CVE-2015-0360</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3038">CVE-2015-3038</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3039">CVE-2015-3039</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3040">CVE-2015-3040</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3041">CVE-2015-3041</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3042">CVE-2015-3042</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3043">CVE-2015-3043</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3044">CVE-2015-3044</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-17T12:25:20Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-04-17T15:29:39Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201505-01.xml b/metadata/glsa/glsa-201505-01.xml
new file mode 100644
index 000000000000..f362bdee66a3
--- /dev/null
+++ b/metadata/glsa/glsa-201505-01.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201505-01">
+  <title>Ettercap: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Ettercap, the worst of
+    which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">ettercap</product>
+  <announced>2015-05-13</announced>
+  <revised count="1">2015-05-13</revised>
+  <bug>532764</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/ettercap" auto="yes" arch="*">
+      <unaffected range="ge">0.8.2</unaffected>
+      <vulnerable range="lt">0.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ettercap is a comprehensive suite for man in the middle attacks.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ettercap. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ettercap users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ettercap-0.8.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6395">CVE-2014-6395</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6396">CVE-2014-6396</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9376">CVE-2014-9376</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9377">CVE-2014-9377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9378">CVE-2014-9378</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9379">CVE-2014-9379</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9380">CVE-2014-9380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9381">CVE-2014-9381</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-06T04:38:40Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-05-13T09:24:38Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201505-02.xml b/metadata/glsa/glsa-201505-02.xml
new file mode 100644
index 000000000000..899f72c91ee5
--- /dev/null
+++ b/metadata/glsa/glsa-201505-02.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201505-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2015-05-31</announced>
+  <revised count="1">2015-05-31</revised>
+  <bug>549388</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.460 </unaffected>
+      <vulnerable range="lt">11.2.202.460 </vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.460"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3044">CVE-2015-3044</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3077">CVE-2015-3077</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3078">CVE-2015-3078</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3079">CVE-2015-3079</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3080">CVE-2015-3080</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3081">CVE-2015-3081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3082">CVE-2015-3082</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3083">CVE-2015-3083</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3084">CVE-2015-3084</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3085">CVE-2015-3085</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3086">CVE-2015-3086</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3087">CVE-2015-3087</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3088">CVE-2015-3088</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3089">CVE-2015-3089</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3090">CVE-2015-3090</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3091">CVE-2015-3091</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3092">CVE-2015-3092</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3093">CVE-2015-3093</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-14T08:52:43Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-05-31T19:09:10Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201505-03.xml b/metadata/glsa/glsa-201505-03.xml
new file mode 100644
index 000000000000..9b2a7e89719e
--- /dev/null
+++ b/metadata/glsa/glsa-201505-03.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201505-03">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in phpMyAdmin, the worst
+    of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">phpMyAdmin</product>
+  <announced>2015-05-31</announced>
+  <revised count="2">2016-05-14</revised>
+  <bug>517858</bug>
+  <bug>522844</bug>
+  <bug>530054</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">4.2.13</unaffected>
+      <unaffected range="rge">4.1.14.7</unaffected>
+      <unaffected range="rge">4.0.10.6</unaffected>
+      <unaffected range="rge">4.0.10.15</unaffected>
+      <unaffected range="rge">4.0.10.16</unaffected>
+      <unaffected range="rge">4.0.10.17</unaffected>
+      <unaffected range="rge">4.0.10.18</unaffected>
+      <vulnerable range="lt">4.2.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in phpMyAdmin.  Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote authenticated attacker could exploit these vulnerabilities to
+      include and execute arbitrary local files via a crafted parameter, inject
+      SQL code, or to conduct Cross-Site Scripting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin 4.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.2.13"
+    </code>
+    
+    <p>All phpMyAdmin 4.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.1.14.7"
+    </code>
+    
+    <p>All phpMyAdmin 4.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.0.10.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4986">CVE-2014-4986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4987">CVE-2014-4987</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6300">CVE-2014-6300</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8958">CVE-2014-8958</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8959">CVE-2014-8959</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8960">CVE-2014-8960</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8961">CVE-2014-8961</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-03-14T15:47:49Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-05-14T20:55:11Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201506-01.xml b/metadata/glsa/glsa-201506-01.xml
new file mode 100644
index 000000000000..007d711041a3
--- /dev/null
+++ b/metadata/glsa/glsa-201506-01.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201506-01">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2015-06-21</announced>
+  <revised count="1">2015-06-21</revised>
+  <bug>551658</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.466</unaffected>
+      <vulnerable range="lt">11.2.202.466</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.466"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096">CVE-2015-3096</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097">CVE-2015-3097</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098">CVE-2015-3098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099">CVE-2015-3099</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100">CVE-2015-3100</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101">CVE-2015-3101</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102">CVE-2015-3102</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103">CVE-2015-3103</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104">CVE-2015-3104</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105">CVE-2015-3105</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106">CVE-2015-3106</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107">CVE-2015-3107</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108">CVE-2015-3108</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472">CVE-2015-4472</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-17T05:51:26Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-06-21T17:17:03Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201506-02.xml b/metadata/glsa/glsa-201506-02.xml
new file mode 100644
index 000000000000..10a2fff63371
--- /dev/null
+++ b/metadata/glsa/glsa-201506-02.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201506-02">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL that can result
+    in either Denial of Service or information disclosure. 
+  </synopsis>
+  <product type="ebuild">dos</product>
+  <announced>2015-06-22</announced>
+  <revised count="2">2016-02-26</revised>
+  <bug>551832</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1o</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.1o</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      and Transport Layer Security as well as a general purpose cryptography
+      library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in OpenSSL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause Denial of Service and information
+      disclosure.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL 1.0.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.1o"
+    </code>
+    
+    <p>All OpenSSL 0.9.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8z_p7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176">CVE-2014-8176</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788">CVE-2015-1788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789">CVE-2015-1789</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790">CVE-2015-1790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791">CVE-2015-1791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792">CVE-2015-1792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000">CVE-2015-4000</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-21T18:19:42Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-02-26T14:45:26Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201506-03.xml b/metadata/glsa/glsa-201506-03.xml
new file mode 100644
index 000000000000..c851080b7baf
--- /dev/null
+++ b/metadata/glsa/glsa-201506-03.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201506-03">
+  <title>GnuTLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been fixed in GnuTLS, the worst of
+    which can cause Denial of Service
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2015-06-22</announced>
+  <revised count="1">2015-06-22</revised>
+  <bug>546760</bug>
+  <bug>548636</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">3.3.15</unaffected>
+      <vulnerable range="lt">3.3.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS and SSL protocols. </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GnuTLS. Please review
+      the CVE identifiers and external references below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker can cause a denial of service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-3.3.15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3308">CVE-2015-3308</uri>
+    <uri link="https://www.gnutls.org/security.html#GNUTLS-SA-2015-2">
+      GNUTLS-SA-2015-2
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-21T03:15:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-06-22T21:37:44Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201506-04.xml b/metadata/glsa/glsa-201506-04.xml
new file mode 100644
index 000000000000..3dea7fe20f2e
--- /dev/null
+++ b/metadata/glsa/glsa-201506-04.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201506-04">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been fixed in Chromium, the worst of
+    which can cause arbitrary remote code execution.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2015-06-23</announced>
+  <revised count="1">2015-06-23</revised>
+  <bug>545300</bug>
+  <bug>546728</bug>
+  <bug>548108</bug>
+  <bug>549944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">43.0.2357.65</unaffected>
+      <vulnerable range="lt">43.0.2357.65</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause arbitrary remote code execution, Denial of
+      Service or bypass of security mechanisms.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-43.0.2357.65"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1233">CVE-2015-1233</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1234">CVE-2015-1234</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1235">CVE-2015-1235</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1236">CVE-2015-1236</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1237">CVE-2015-1237</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1238">CVE-2015-1238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1240">CVE-2015-1240</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1241">CVE-2015-1241</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1242">CVE-2015-1242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1243">CVE-2015-1243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1244">CVE-2015-1244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1245">CVE-2015-1245</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1246">CVE-2015-1246</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1247">CVE-2015-1247</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1248">CVE-2015-1248</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1250">CVE-2015-1250</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1251">CVE-2015-1251</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1252">CVE-2015-1252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1253">CVE-2015-1253</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1254">CVE-2015-1254</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1255">CVE-2015-1255</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1256">CVE-2015-1256</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1257">CVE-2015-1257</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1258">CVE-2015-1258</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1259">CVE-2015-1259</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1260">CVE-2015-1260</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1262">CVE-2015-1262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1263">CVE-2015-1263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1264">CVE-2015-1264</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1265">CVE-2015-1265</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-10T23:20:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-06-23T03:28:25Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-01.xml b/metadata/glsa/glsa-201507-01.xml
new file mode 100644
index 000000000000..124f3779a8ad
--- /dev/null
+++ b/metadata/glsa/glsa-201507-01.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-01">
+  <title>chrony: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in chrony, the worst of
+    which can cause arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">chrony</product>
+  <announced>2015-07-05</announced>
+  <revised count="1">2015-07-05</revised>
+  <bug>545918</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/chrony" auto="yes" arch="*">
+      <unaffected range="ge">1.31.1</unaffected>
+      <vulnerable range="lt">1.31.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>chrony is a versatile implementation of the Network Time Protocol (NTP).</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in chrony. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can cause arbitrary remote code execution or Denial of
+      service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All chrony users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/chrony-1.31.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1821">CVE-2015-1821</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1822">CVE-2015-1822</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1853">CVE-2015-1853</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-13T23:36:26Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-05T16:16:15Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-02.xml b/metadata/glsa/glsa-201507-02.xml
new file mode 100644
index 000000000000..6f71d87dd7da
--- /dev/null
+++ b/metadata/glsa/glsa-201507-02.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-02">
+  <title>Tor: Denial of service</title>
+  <synopsis>Two vulnerabilities have been found in Tor, the worst of which can
+    allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2015-07-06</announced>
+  <revised count="1">2015-07-06</revised>
+  <bug>545940</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.2.6.7</unaffected>
+      <vulnerable range="lt">0.2.6.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tor is an implementation of second generation Onion Routing, a
+      connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>Tor does not handle data correctly when specifically crafted data is
+      sent, and also fails to properly verify a descriptor provided by a hidden
+      service directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition in both a
+      Tor client or a Tor server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.2.6.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2928">CVE-2015-2928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2929">CVE-2015-2929</uri>
+    <uri link="https://blog.torproject.org/blog/tor-02512-and-0267-are-released">
+      Upstream announcement
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-30T22:21:11Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-06T19:00:59Z">stanley</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-03.xml b/metadata/glsa/glsa-201507-03.xml
new file mode 100644
index 000000000000..aa82322b4b1b
--- /dev/null
+++ b/metadata/glsa/glsa-201507-03.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-03">
+  <title>Exiv2: Denial of service</title>
+  <synopsis>A vulnerability in Exiv2 could lead to Denial of Service condition.</synopsis>
+  <product type="ebuild">exiv2</product>
+  <announced>2015-07-07</announced>
+  <revised count="1">2015-07-07</revised>
+  <bug>534608</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/exiv2" auto="yes" arch="*">
+      <unaffected range="ge">0.24-r1</unaffected>
+      <vulnerable range="lt">0.24-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exiv2 is a C++ library and a command line utility to manage image
+      metadata.
+    </p>
+  </background>
+  <description>
+    <p>Exiv2 has a buffer overflow in the RiffVideo::infoTagsHandler function
+      in riffvideo.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      a specially crafted AVI file with IKEY INFO tag.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exiv2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/exiv2-0.24-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9449">CVE-2014-9449</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-22T20:51:42Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-07T06:47:36Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-04.xml b/metadata/glsa/glsa-201507-04.xml
new file mode 100644
index 000000000000..073e470b67da
--- /dev/null
+++ b/metadata/glsa/glsa-201507-04.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-04">
+  <title>International Components for Unicode: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in International
+    Components for Unicode, allowing attackers to execute arbitrary code or
+    cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2015-07-07</announced>
+  <revised count="1">2015-07-07</revised>
+  <bug>546156</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">55.1</unaffected>
+      <vulnerable range="lt">55.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>International Components for Unicode is a set of C/C++ and Java
+      libraries providing Unicode and Globalization support for software
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in International
+      Components for Unicode. Please review the CVE identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All International Components for Unicode users should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-55.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8146">CVE-2014-8146</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8147">CVE-2014-8147</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-30T20:31:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-07T06:54:03Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-05.xml b/metadata/glsa/glsa-201507-05.xml
new file mode 100644
index 000000000000..141b71bea8cf
--- /dev/null
+++ b/metadata/glsa/glsa-201507-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-05">
+  <title>SQLite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SQLite, allowing
+    context-dependent attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2015-07-07</announced>
+  <revised count="1">2015-07-07</revised>
+  <bug>546626</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.8.9</unaffected>
+      <vulnerable range="lt">3.8.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SQLite. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could possibly cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.8.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3414">CVE-2015-3414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3415">CVE-2015-3415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3416">CVE-2015-3416</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-28T22:11:40Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-07T06:59:20Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-06.xml b/metadata/glsa/glsa-201507-06.xml
new file mode 100644
index 000000000000..9663d45be2a3
--- /dev/null
+++ b/metadata/glsa/glsa-201507-06.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-06">
+  <title>UnRTF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in UnRTF, the worst of
+    which may result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">unrtf</product>
+  <announced>2015-07-07</announced>
+  <revised count="1">2015-07-07</revised>
+  <bug>531544</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/unrtf" auto="yes" arch="*">
+      <unaffected range="ge">0.21.9</unaffected>
+      <vulnerable range="lt">0.21.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>UnRTF is a command-line program which converts RTF documents to other
+      formats.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in UnRTF. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All UnRTF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/unrtf-0.21.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9274">CVE-2014-9274</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9275">CVE-2014-9275</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-22T20:55:17Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-07T07:06:22Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-07.xml b/metadata/glsa/glsa-201507-07.xml
new file mode 100644
index 000000000000..6f44b1eaec86
--- /dev/null
+++ b/metadata/glsa/glsa-201507-07.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-07">
+  <title>LibVNCServer: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in LibVNCServer, the worst
+    of which could result in execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libvncserver</product>
+  <announced>2015-07-07</announced>
+  <revised count="1">2015-07-07</revised>
+  <bug>523590</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libvncserver" auto="yes" arch="*">
+      <unaffected range="ge">0.9.10-r1</unaffected>
+      <vulnerable range="lt">0.9.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibVNCServer is a cross-platform C library that allows you to easily
+      implement VNC server functionality in your program.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibVNCServer. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibVNCServer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libvncserver-0.9.10-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6051">CVE-2014-6051</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6052">CVE-2014-6052</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6053">CVE-2014-6053</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6054">CVE-2014-6054</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6055">CVE-2014-6055</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-06T14:26:10Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-07T07:11:47Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-08.xml b/metadata/glsa/glsa-201507-08.xml
new file mode 100644
index 000000000000..9f3a3e7b3d20
--- /dev/null
+++ b/metadata/glsa/glsa-201507-08.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-08">
+  <title>libxml2: Denial of service</title>
+  <synopsis>A vulnerability in libxml2 allows a remote attacker to cause Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2015-07-07</announced>
+  <revised count="1">2015-07-07</revised>
+  <bug>546720</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.2-r1</unaffected>
+      <vulnerable range="lt">2.9.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML C parser and toolkit developed for the Gnome project.</p>
+  </background>
+  <description>
+    <p>libxml2 returns the empty string when the allocation limit is
+      encountered while constructing the attribute value string.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause Denial of Service via a specially
+      crafted XML file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819">CVE-2015-1819</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-30T22:35:37Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-07T07:19:17Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-09.xml b/metadata/glsa/glsa-201507-09.xml
new file mode 100644
index 000000000000..d03fc72ab93b
--- /dev/null
+++ b/metadata/glsa/glsa-201507-09.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-09">
+  <title>PyPAM: Arbitrary code execution</title>
+  <synopsis>A double free vulnerability in PyPAM could result in execution of
+    arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">pypam</product>
+  <announced>2015-07-09</announced>
+  <revised count="1">2015-07-09</revised>
+  <bug>407603</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pypam" auto="yes" arch="*">
+      <unaffected range="ge">0.5.0-r3</unaffected>
+      <vulnerable range="lt">0.5.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PyPAM is a PAM binding for Python.</p>
+  </background>
+  <description>
+    <p>PyPAM does not handle passwords correctly if there is NULL byte in the
+      string.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PyPAM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pypam-0.5.0-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1502">CVE-2012-1502</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-21T03:25:05Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-09T18:51:16Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-10.xml b/metadata/glsa/glsa-201507-10.xml
new file mode 100644
index 000000000000..8e3875663d3b
--- /dev/null
+++ b/metadata/glsa/glsa-201507-10.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-10">
+  <title>t1utils: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in t1utils could result in execution of arbitrary
+    code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">t1utils</product>
+  <announced>2015-07-10</announced>
+  <revised count="1">2015-07-10</revised>
+  <bug>548638</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/t1utils" auto="yes" arch="*">
+      <unaffected range="ge">1.39</unaffected>
+      <vulnerable range="lt">1.39</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>t1utils is a collection of simple Type 1 font manipulation programs.</p>
+  </background>
+  <description>
+    <p>t1utils has a buffer overflow in the set_cs_start function in
+      t1disasm.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a denial of service and possibly execute
+      arbitrary code via a crafted font file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All t1utils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/t1utils-1.39"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3905">CVE-2015-3905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-06T04:39:33Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-10T08:01:40Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-11.xml b/metadata/glsa/glsa-201507-11.xml
new file mode 100644
index 000000000000..805038e6bdc2
--- /dev/null
+++ b/metadata/glsa/glsa-201507-11.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-11">
+  <title>Perl: Denial of service</title>
+  <synopsis>A vulnerability in Perl allows a remote attacker to cause Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2015-07-10</announced>
+  <revised count="1">2015-07-10</revised>
+  <bug>216671</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.20.1-r4</unaffected>
+      <vulnerable range="lt">5.20.1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Perl is a highly capable, feature-rich programming language.</p>
+  </background>
+  <description>
+    <p>S_regmatch() function lacks proper checks before passing arguments to
+      atoi()
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted input, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.20.1-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7422">CVE-2013-7422</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-03-29T15:10:08Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-07-10T08:19:35Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-12.xml b/metadata/glsa/glsa-201507-12.xml
new file mode 100644
index 000000000000..fbf1efc92dc1
--- /dev/null
+++ b/metadata/glsa/glsa-201507-12.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-12">
+  <title>libCapsiNetwork: Denial of service</title>
+  <synopsis>A buffer overflow in libcapsinetwork might allow remote attackers
+    to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libcapsinetwork</product>
+  <announced>2015-07-10</announced>
+  <revised count="2">2015-07-11</revised>
+  <bug>544324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libcapsinetwork" auto="yes" arch="*">
+      <vulnerable range="le">0.3.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libCapsiNetwork is a C++ network library to allow fast development of
+      server daemon processes.
+    </p>
+  </background>
+  <description>
+    <p>An off-by-one buffer overflow in libcapsinetwork network handling code
+      is discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request to application,
+      that is linked with libcapsinetwork, possibly resulting in a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo discontinued support for libCapsiNetwork.
+      We recommend that users unmerge it:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-libs/libcapsinetwork"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0841">CVE-2015-0841</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-29T09:38:01Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-11T09:32:23Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-13.xml b/metadata/glsa/glsa-201507-13.xml
new file mode 100644
index 000000000000..0f83388b7230
--- /dev/null
+++ b/metadata/glsa/glsa-201507-13.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-13">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">ACE,DoS,flash</product>
+  <announced>2015-07-10</announced>
+  <revised count="1">2015-07-10</revised>
+  <bug>552946</bug>
+  <bug>554220</bug>
+  <bug>554250</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.481</unaffected>
+      <vulnerable range="lt">11.2.202.481</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.481"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578">CVE-2014-0578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113">CVE-2015-3113</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114">CVE-2015-3114</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115">CVE-2015-3115</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116">CVE-2015-3116</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117">CVE-2015-3117</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118">CVE-2015-3118</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119">CVE-2015-3119</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120">CVE-2015-3120</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121">CVE-2015-3121</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122">CVE-2015-3122</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123">CVE-2015-3123</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124">CVE-2015-3124</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125">CVE-2015-3125</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126">CVE-2015-3126</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127">CVE-2015-3127</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128">CVE-2015-3128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129">CVE-2015-3129</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130">CVE-2015-3130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131">CVE-2015-3131</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132">CVE-2015-3132</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133">CVE-2015-3133</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134">CVE-2015-3134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135">CVE-2015-3135</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136">CVE-2015-3136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137">CVE-2015-3137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428">CVE-2015-4428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429">CVE-2015-4429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430">CVE-2015-4430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431">CVE-2015-4431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432">CVE-2015-4432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433">CVE-2015-4433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116">CVE-2015-5116</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117">CVE-2015-5117</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118">CVE-2015-5118</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119">CVE-2015-5119</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-10T08:30:25Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-07-10T12:49:29Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-14.xml b/metadata/glsa/glsa-201507-14.xml
new file mode 100644
index 000000000000..edd856b06392
--- /dev/null
+++ b/metadata/glsa/glsa-201507-14.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-14">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle JRE/JDK,
+    allowing both local and remote attackers to compromise various Java
+    components.
+  </synopsis>
+  <product type="ebuild">oracle-jre oracle-jdk</product>
+  <announced>2015-07-10</announced>
+  <revised count="2">2015-07-11</revised>
+  <bug>537214</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.31</unaffected>
+      <unaffected range="ge">1.7.0.76</unaffected>
+      <vulnerable range="lt">1.8.0.31</vulnerable>
+      <vulnerable range="lt">1.7.0.76</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.31</unaffected>
+      <unaffected range="ge">1.7.0.76</unaffected>
+      <vulnerable range="lt">1.8.0.31</vulnerable>
+      <vulnerable range="lt">1.7.0.76</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Oracle Java Development Kit (JDK) and the Oracle Java Runtime
+      Environment (JRE) provide the Oracle Java platform.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An context-dependent attacker may be able to influence the
+      confidentiality, integrity, and availability of Java
+      applications/runtime.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JRE 8 users should upgrade to the latest stable version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/oracle-jre-bin-1.8.0.31
+    </code>
+    
+    <p>All Oracle JDK 8 users should upgrade to the latest stable version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/oracle-jdk-bin-1.8.0.31
+    </code>
+    
+    <p>All Oracle JRE 7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/oracle-jre-bin-1.7.0.76
+    </code>
+    
+    <p>All Oracle JDK 7 users should upgrade to the latest stable version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/oracle-jdk-bin-1.7.0.76
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566">CVE-2014-3566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6549">CVE-2014-6549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6585">CVE-2014-6585</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6587">CVE-2014-6587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6591">CVE-2014-6591</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6593">CVE-2014-6593</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6601">CVE-2014-6601</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0383">CVE-2015-0383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0395">CVE-2015-0395</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0400">CVE-2015-0400</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0403">CVE-2015-0403</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0406">CVE-2015-0406</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0407">CVE-2015-0407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0408">CVE-2015-0408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0410">CVE-2015-0410</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0412">CVE-2015-0412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0413">CVE-2015-0413</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0421">CVE-2015-0421</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-02T22:00:28Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-11T09:43:01Z">stanley</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-15.xml b/metadata/glsa/glsa-201507-15.xml
new file mode 100644
index 000000000000..b0af0582e7c6
--- /dev/null
+++ b/metadata/glsa/glsa-201507-15.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-15">
+  <title>OpenSSL: Alternate chains certificate forgery</title>
+  <synopsis>Certain checks on untrusted certificates can be bypassed.</synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2015-07-10</announced>
+  <revised count="3">2016-02-26</revised>
+  <bug>554172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1p</unaffected>
+      <unaffected range="rge">0.9.8z_p6</unaffected>
+      <unaffected range="rge">0.9.8z_p7</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.1p</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>During certificate verification, OpenSSL attempts to find an alternative
+      certificate chain if the first attempt to build such a chain fails.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause certain checks on untrusted
+      certificates to be bypassed, such as the CA flag, enabling them to use a
+      valid leaf certificate to act as a CA and “issue” an invalid
+      certificate.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.1p"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1793">CVE-2015-1793</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-08T09:20:30Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-02-26T14:46:50Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-16.xml b/metadata/glsa/glsa-201507-16.xml
new file mode 100644
index 000000000000..2bb1433767f7
--- /dev/null
+++ b/metadata/glsa/glsa-201507-16.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-16">
+  <title>Portage: Man-in-the-middle attack</title>
+  <synopsis>A vulnerability in Portage's urlopen function could allow a remote
+    attacker to conduct a man-in-the-middle attack. 
+  </synopsis>
+  <product type="ebuild">portage</product>
+  <announced>2015-07-10</announced>
+  <revised count="2">2015-07-10</revised>
+  <bug>469888</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/portage" auto="yes" arch="*">
+      <unaffected range="ge">2.1.12.2</unaffected>
+      <vulnerable range="lt">2.1.12.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Portage is the package management and distribution system for Gentoo.</p>
+  </background>
+  <description>
+    <p>Portage does not verify X.509 SSL certificates properly if HTTPS is
+      used.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can spoof servers and modify binary package lists via
+      specially crafted certificates.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Portage users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/portage-2.1.12.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2100">CVE-2013-2100</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-11T16:42:59Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-07-10T13:59:39Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-17.xml b/metadata/glsa/glsa-201507-17.xml
new file mode 100644
index 000000000000..40006ead8406
--- /dev/null
+++ b/metadata/glsa/glsa-201507-17.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-17">
+  <title>SNMP: Denial of service</title>
+  <synopsis>A vulnerability in SNMP could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">net-snmp</product>
+  <announced>2015-07-10</announced>
+  <revised count="2">2015-07-10</revised>
+  <bug>522062</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.7.3_pre5-r1</unaffected>
+      <vulnerable range="lt">5.7.3_pre5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SNMP is a widely used protocol for monitoring the health and welfare of
+      network equipment.
+    </p>
+  </background>
+  <description>
+    <p>A specially crafted trap message triggers a conversion to an erroneous
+      variable type when the -OQ option is used.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SNMP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/net-snmp-5.7.3_pre5-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3565">CVE-2014-3565</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-11T16:23:12Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-07-10T14:05:46Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-18.xml b/metadata/glsa/glsa-201507-18.xml
new file mode 100644
index 000000000000..c0ae52291a7e
--- /dev/null
+++ b/metadata/glsa/glsa-201507-18.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-18">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium allowing
+    remote attackers to bypass security restrictions.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2015-07-10</announced>
+  <revised count="1">2015-07-10</revised>
+  <bug>552904</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">43.0.2357.130</unaffected>
+      <vulnerable range="lt">43.0.2357.130</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source web browser project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could bypass security restrictions.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-43.0.2357.130"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1266">CVE-2015-1266</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1267">CVE-2015-1267</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1268">CVE-2015-1268</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1269">CVE-2015-1269</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-24T08:59:44Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-07-10T13:19:46Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-19.xml b/metadata/glsa/glsa-201507-19.xml
new file mode 100644
index 000000000000..583e00fa410d
--- /dev/null
+++ b/metadata/glsa/glsa-201507-19.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-19">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MySQL, allowing
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2015-07-10</announced>
+  <revised count="1">2015-07-10</revised>
+  <bug>546722</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="rge">5.5.43</unaffected>
+      <unaffected range="ge">5.6.24</unaffected>
+      <vulnerable range="lt">5.6.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a fast, multi-threaded, multi-user SQL database server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      application or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL 5.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.5.43"
+    </code>
+    
+    <p>All MySQL 5.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.24"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0405">CVE-2015-0405</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0423">CVE-2015-0423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0433">CVE-2015-0433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0438">CVE-2015-0438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0439">CVE-2015-0439</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0441">CVE-2015-0441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0498">CVE-2015-0498</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0499">CVE-2015-0499</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0500">CVE-2015-0500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0501">CVE-2015-0501</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0503">CVE-2015-0503</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0505">CVE-2015-0505</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0506">CVE-2015-0506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0507">CVE-2015-0507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0508">CVE-2015-0508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0511">CVE-2015-0511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2566">CVE-2015-2566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2567">CVE-2015-2567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2568">CVE-2015-2568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2571">CVE-2015-2571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2573">CVE-2015-2573</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-28T19:02:02Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-10T13:23:50Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-20.xml b/metadata/glsa/glsa-201507-20.xml
new file mode 100644
index 000000000000..7ea9b43572b4
--- /dev/null
+++ b/metadata/glsa/glsa-201507-20.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-20">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in execution of arbitrary code or privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2015-07-18</announced>
+  <revised count="3">2017-01-03</revised>
+  <bug>539018</bug>
+  <bug>550172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="rge">9.0.21</unaffected>
+      <unaffected range="rge">9.1.17</unaffected>
+      <unaffected range="rge">9.2.12</unaffected>
+      <unaffected range="rge">9.3.8</unaffected>
+      <unaffected range="ge">9.4.3</unaffected>
+      <unaffected range="rge">9.0.22</unaffected>
+      <unaffected range="rge">9.0.23</unaffected>
+      <unaffected range="rge">9.0.24</unaffected>
+      <unaffected range="rge">9.1.18</unaffected>
+      <unaffected range="rge">9.1.19</unaffected>
+      <unaffected range="rge">9.1.20</unaffected>
+      <unaffected range="rge">9.2.13</unaffected>
+      <unaffected range="rge">9.2.14</unaffected>
+      <unaffected range="rge">9.2.15</unaffected>
+      <unaffected range="rge">9.3.9</unaffected>
+      <unaffected range="rge">9.3.10</unaffected>
+      <unaffected range="rge">9.3.11</unaffected>
+      <unaffected range="rge">9.3.12</unaffected>
+      <unaffected range="rge">9.3.14</unaffected>
+      <unaffected range="rge">9.3.15</unaffected>
+      <vulnerable range="lt">9.4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition or
+      escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.0.21"
+    </code>
+    
+    <p>All PostgreSQL 9.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.1.17"
+    </code>
+    
+    <p>All PostgreSQL 9.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.2.12"
+    </code>
+    
+    <p>All PostgreSQL 9.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.3.8"
+    </code>
+    
+    <p>All PostgreSQL 9.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.4.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8161">CVE-2014-8161</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0241">CVE-2015-0241</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0242">CVE-2015-0242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0243">CVE-2015-0243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0244">CVE-2015-0244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3165">CVE-2015-3165</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3166">CVE-2015-3166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3167">CVE-2015-3167</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-22T20:30:11Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2017-01-03T04:30:36Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-21.xml b/metadata/glsa/glsa-201507-21.xml
new file mode 100644
index 000000000000..b89df0542438
--- /dev/null
+++ b/metadata/glsa/glsa-201507-21.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-21">
+  <title>libXfont: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libXfont, the worst of
+    which could result in execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">libXfont</product>
+  <announced>2015-07-22</announced>
+  <revised count="1">2015-07-22</revised>
+  <bug>543620</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="rge">1.4.9</unaffected>
+      <unaffected range="ge">1.5.1</unaffected>
+      <vulnerable range="lt">1.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libXfont is an X11 font rasterisation library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libXfont. Please review
+      the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libXfont 1.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.4.9"
+    </code>
+    
+    <p>All libXfont 1.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.5.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1802">CVE-2015-1802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1803">CVE-2015-1803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1804">CVE-2015-1804</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-04T15:23:52Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-07-22T15:44:59Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201507-22.xml b/metadata/glsa/glsa-201507-22.xml
new file mode 100644
index 000000000000..93eff8f2e42d
--- /dev/null
+++ b/metadata/glsa/glsa-201507-22.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201507-22">
+  <title>e2fsprogs: Arbitrary code execution</title>
+  <synopsis>A heap-based buffer overflow in e2fsprogs could result in execution
+    of arbitrary code.
+  </synopsis>
+  <product type="ebuild">e2fsprogs</product>
+  <announced>2015-07-23</announced>
+  <revised count="1">2015-07-23</revised>
+  <bug>540536</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/e2fsprogs" auto="yes" arch="*">
+      <unaffected range="ge">1.42.13</unaffected>
+      <vulnerable range="lt">1.42.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4
+      file systems.
+    </p>
+  </background>
+  <description>
+    <p>e2fsprogs has a heap-based buffer overflow in closefs.c in the libext2fs
+      library.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute arbitrary code via a specially crafted
+      block group descriptor.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All e2fsprogs users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/e2fsprogs-1.42.13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1572">CVE-2015-1572</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-17T11:07:25Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-07-23T15:35:12Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201508-01.xml b/metadata/glsa/glsa-201508-01.xml
new file mode 100644
index 000000000000..09bb8698abae
--- /dev/null
+++ b/metadata/glsa/glsa-201508-01.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201508-01">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">flash,ACE,DoS</product>
+  <announced>2015-08-15</announced>
+  <revised count="1">2015-08-15</revised>
+  <bug>554882</bug>
+  <bug>557342</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.508</unaffected>
+      <vulnerable range="lt">11.2.202.508</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.508"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107">CVE-2015-3107</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5122">CVE-2015-5122</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5123">CVE-2015-5123</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5124">CVE-2015-5124</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5125">CVE-2015-5125</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5127">CVE-2015-5127</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5129">CVE-2015-5129</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5130">CVE-2015-5130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5131">CVE-2015-5131</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5132">CVE-2015-5132</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5133">CVE-2015-5133</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5134">CVE-2015-5134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5539">CVE-2015-5539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5540">CVE-2015-5540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5541">CVE-2015-5541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5544">CVE-2015-5544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5545">CVE-2015-5545</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5546">CVE-2015-5546</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5547">CVE-2015-5547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5548">CVE-2015-5548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5549">CVE-2015-5549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5550">CVE-2015-5550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5551">CVE-2015-5551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5552">CVE-2015-5552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5553">CVE-2015-5553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5554">CVE-2015-5554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5555">CVE-2015-5555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5556">CVE-2015-5556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5557">CVE-2015-5557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5558">CVE-2015-5558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5559">CVE-2015-5559</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5560">CVE-2015-5560</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5561">CVE-2015-5561</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5562">CVE-2015-5562</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5563">CVE-2015-5563</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5564">CVE-2015-5564</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5965">CVE-2015-5965</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-21T02:44:26Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-08-15T04:47:52Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201508-02.xml b/metadata/glsa/glsa-201508-02.xml
new file mode 100644
index 000000000000..0fe6cc72d290
--- /dev/null
+++ b/metadata/glsa/glsa-201508-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201508-02">
+  <title>libgadu: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libgadu, the worst of
+    which may result in execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libgadu</product>
+  <announced>2015-08-15</announced>
+  <revised count="1">2015-08-15</revised>
+  <bug>490238</bug>
+  <bug>505558</bug>
+  <bug>510714</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libgadu" auto="yes" arch="*">
+      <unaffected range="ge">1.12.0</unaffected>
+      <vulnerable range="lt">1.12.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libgadu is a library that implements the client side of the Gadu-Gadu
+      protocol.
+    </p>
+  </background>
+  <description>
+    <p>libgadu contains multiple vulnerabilities:</p>
+    
+    <ul>
+      <li>X.509 certificates are not properly validated (CVE-2013-4488)</li>
+      <li>A integer overflow error could lead to a buffer overflow
+        (CVE-2013-6487)
+      </li>
+      <li>Malformed responses from a Gadu-Gadu file relay server are not
+        properly handled (CVE-2014-3775)
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or spoof
+      servers.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libgadu users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libgadu-1.12.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4488">CVE-2013-4488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6487">CVE-2013-6487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3775">CVE-2014-3775</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-09-22T04:01:34Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-08-15T12:51:37Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201508-03.xml b/metadata/glsa/glsa-201508-03.xml
new file mode 100644
index 000000000000..f6d9915d493b
--- /dev/null
+++ b/metadata/glsa/glsa-201508-03.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201508-03">
+  <title>Icecast: Denial of service</title>
+  <synopsis>A bug in the Icecast code handling source client URL authentication
+    causes a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">icecast</product>
+  <announced>2015-08-15</announced>
+  <revised count="1">2015-08-15</revised>
+  <bug>545968</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/icecast" auto="yes" arch="*">
+      <unaffected range="ge">2.4.2</unaffected>
+      <vulnerable range="lt">2.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Icecast is an open source alternative to shoutcast that supports mp3,
+      ogg (vorbis/theora) and aac streaming.
+    </p>
+  </background>
+  <description>
+    <p>When stream_auth handler is defined for URL authentication and a request
+      is sent without login credentials, a Denial of Service condition can
+      occur. 
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>Users of affected versions can change stream_auth mountpoints to use
+      password authentication instead.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All icecast users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/icecast-2.4.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3026">CVE-2015-3026</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-11T16:10:32Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-08-15T13:08:56Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201509-01.xml b/metadata/glsa/glsa-201509-01.xml
new file mode 100644
index 000000000000..50b89aa21227
--- /dev/null
+++ b/metadata/glsa/glsa-201509-01.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201509-01">
+  <title>NTP: Multiple vulnerablities</title>
+  <synopsis>Multiple vulnerabilities have been found in NTP, the worst of which
+    could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2015-09-24</announced>
+  <revised count="1">2015-09-24</revised>
+  <bug>545836</bug>
+  <bug>553682</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.8_p3</unaffected>
+      <vulnerable range="lt">4.2.8_p3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTP contains software for the Network Time Protocol.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NTP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.8_p3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1798">CVE-2015-1798</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1799">CVE-2015-1799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5146">CVE-2015-5146</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-08-05T06:31:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-09-24T16:30:37Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201509-02.xml b/metadata/glsa/glsa-201509-02.xml
new file mode 100644
index 000000000000..22ab0e333905
--- /dev/null
+++ b/metadata/glsa/glsa-201509-02.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201509-02">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which can allow remote attackers to cause Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2015-09-24</announced>
+  <revised count="1">2015-09-24</revised>
+  <bug>547376</bug>
+  <bug>552618</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.43.0</unaffected>
+      <vulnerable range="lt">7.43.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cURL is a tool and libcurl is a library for transferring data with URL
+      syntax.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly obtain sensitive information, or cause
+      a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.43.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143">CVE-2015-3143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144">CVE-2015-3144</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145">CVE-2015-3145</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148">CVE-2015-3148</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236">CVE-2015-3236</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237">CVE-2015-3237</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-22T12:07:04Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-09-24T16:47:50Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201509-03.xml b/metadata/glsa/glsa-201509-03.xml
new file mode 100644
index 000000000000..ccc6351646b9
--- /dev/null
+++ b/metadata/glsa/glsa-201509-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201509-03">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2015-09-24</announced>
+  <revised count="1">2015-09-24</revised>
+  <bug>506356</bug>
+  <bug>515108</bug>
+  <bug>554758</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">0.8.8d</unaffected>
+      <vulnerable range="lt">0.8.8d</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-0.8.8d"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2326">CVE-2014-2326</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2327">CVE-2014-2327</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2328">CVE-2014-2328</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2708">CVE-2014-2708</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2709">CVE-2014-2709</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4002">CVE-2014-4002</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5025">CVE-2014-5025</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5026">CVE-2014-5026</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2967">CVE-2015-2967</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-13T14:56:55Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-09-24T16:49:25Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201509-04.xml b/metadata/glsa/glsa-201509-04.xml
new file mode 100644
index 000000000000..ac0ce9ca160d
--- /dev/null
+++ b/metadata/glsa/glsa-201509-04.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201509-04">
+  <title>libtasn1: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libtasn1, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">libtasn1</product>
+  <announced>2015-09-24</announced>
+  <revised count="1">2015-09-24</revised>
+  <bug>544922</bug>
+  <bug>548252</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libtasn1" auto="yes" arch="*">
+      <unaffected range="ge">1.4.5</unaffected>
+      <vulnerable range="lt">1.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libtasn1 is an ASN.1 library</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libtasn1. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libtasn1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libtasn1-1.4.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2806">CVE-2015-2806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3622">CVE-2015-3622</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-28T20:52:49Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-09-24T16:57:37Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201509-05.xml b/metadata/glsa/glsa-201509-05.xml
new file mode 100644
index 000000000000..df4c34083751
--- /dev/null
+++ b/metadata/glsa/glsa-201509-05.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201509-05">
+  <title>NetworkManager: Denial of service</title>
+  <synopsis>Improper handling of Router Advertisements in NetworkManager could
+    cause a Denial of Service condition in IPv6 network stacks.
+  </synopsis>
+  <product type="ebuild">networkmanager</product>
+  <announced>2015-09-24</announced>
+  <revised count="1">2015-09-24</revised>
+  <bug>545980</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/networkmanager" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NetworkManager is an universal network configuration daemon for laptops,
+      desktops, servers and virtualization hosts.
+    </p>
+  </background>
+  <description>
+    <p>IPv6 Neighbour Discovery ICMP broadcast containing a non-route with a
+      low hop limit causes a Denial of Service by lowering the hop limit on
+      existing IPv6 routes in NetworkManager.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker on the same network segment could cause a Denial of
+      Service condition in NetworkManager
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NetworkManager users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/networkmanager-1.0.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2924">CVE-2015-2924</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-30T19:06:18Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-09-24T16:58:36Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201509-06.xml b/metadata/glsa/glsa-201509-06.xml
new file mode 100644
index 000000000000..3451eaa93a00
--- /dev/null
+++ b/metadata/glsa/glsa-201509-06.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201509-06">
+  <title>Git: Arbitrary command execution </title>
+  <synopsis>An attacker could execute arbitrary commands via Git repositories
+    in a case-insensitive or case-normalizing filesystem.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2015-09-24</announced>
+  <revised count="1">2015-09-24</revised>
+  <bug>532984</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="rge">1.8.5.6</unaffected>
+      <unaffected range="rge">1.9.5</unaffected>
+      <unaffected range="ge">2.0.5</unaffected>
+      <vulnerable range="lt">2.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in Git causing Git-compatible clients that access
+      case-insensitive or case-normalizing filesystems to overwrite the
+      .git/config when cloning or checking out a repository, leading to
+      execution of arbitrary commands.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can execute arbitrary commands on a client machine that
+      clones a crafted malicious Git tree.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git 1.8.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-1.8.5.6"
+    </code>
+    
+    <p>All Git 1.9.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-1.9.5"
+    </code>
+    
+    <p>All Git 2.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.0.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9390">CVE-2014-9390</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-29T01:59:41Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-09-24T17:01:53Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201509-07.xml b/metadata/glsa/glsa-201509-07.xml
new file mode 100644
index 000000000000..f71c291a7407
--- /dev/null
+++ b/metadata/glsa/glsa-201509-07.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201509-07">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ACE,DoS,flash</product>
+  <announced>2015-09-25</announced>
+  <revised count="1">2015-09-25</revised>
+  <bug>561076</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.521</unaffected>
+      <vulnerable range="lt">11.2.202.521</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.521"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5567">CVE-2015-5567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5568">CVE-2015-5568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5570">CVE-2015-5570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5571">CVE-2015-5571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5572">CVE-2015-5572</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5573">CVE-2015-5573</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5574">CVE-2015-5574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5575">CVE-2015-5575</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5576">CVE-2015-5576</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5577">CVE-2015-5577</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5578">CVE-2015-5578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5579">CVE-2015-5579</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5580">CVE-2015-5580</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5581">CVE-2015-5581</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5582">CVE-2015-5582</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5584">CVE-2015-5584</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5587">CVE-2015-5587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5588">CVE-2015-5588</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6676">CVE-2015-6676</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6677">CVE-2015-6677</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6678">CVE-2015-6678</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6679">CVE-2015-6679</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6680">CVE-2015-6680</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6681">CVE-2015-6681</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6682">CVE-2015-6682</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-09-23T23:34:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-09-25T07:25:37Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201510-01.xml b/metadata/glsa/glsa-201510-01.xml
new file mode 100644
index 000000000000..902f3e35796d
--- /dev/null
+++ b/metadata/glsa/glsa-201510-01.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201510-01">
+  <title>BIND: Denial of service</title>
+  <synopsis>A vulnerability in BIND could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2015-10-18</announced>
+  <revised count="1">2015-10-18</revised>
+  <bug>540640</bug>
+  <bug>553584</bug>
+  <bug>556150</bug>
+  <bug>559462</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.10.2_p4</unaffected>
+      <vulnerable range="lt">9.10.2_p4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in BIND’s named utility leading to
+      a Denial of Service condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause Denial of Service condition via
+      specially constructed zone data.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BIND users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.10.2_p4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1349">CVE-2015-1349</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620">CVE-2015-4620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5477">CVE-2015-5477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5722">CVE-2015-5722</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5986">CVE-2015-5986</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-23T15:16:23Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-10-18T19:47:34Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201510-02.xml b/metadata/glsa/glsa-201510-02.xml
new file mode 100644
index 000000000000..808573e707da
--- /dev/null
+++ b/metadata/glsa/glsa-201510-02.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201510-02">
+  <title>QEMU: Arbitrary code execution</title>
+  <synopsis>A heap-based buffer overflow in QEMU could result in execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2015-10-31</announced>
+  <revised count="1">2015-10-31</revised>
+  <bug>551752</bug>
+  <bug>555680</bug>
+  <bug>556050</bug>
+  <bug>556052</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.3.0-r4</unaffected>
+      <vulnerable range="lt">2.3.0-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Heap-based buffer overflow has been found in QEMU’s PCNET controller.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code via a specially crafted
+      packets.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.3.0-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209">CVE-2015-3209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3214">CVE-2015-3214</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154">CVE-2015-5154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5158">CVE-2015-5158</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-16T12:11:27Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-10-31T15:00:35Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201510-03.xml b/metadata/glsa/glsa-201510-03.xml
new file mode 100644
index 000000000000..2ac3862c1dd0
--- /dev/null
+++ b/metadata/glsa/glsa-201510-03.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201510-03">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, allowing
+    attackers to cause Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2015-10-31</announced>
+  <revised count="1">2015-10-31</revised>
+  <bug>536034</bug>
+  <bug>542206</bug>
+  <bug>548898</bug>
+  <bug>549432</bug>
+  <bug>552434</bug>
+  <bug>557522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">1.12.7</unaffected>
+      <vulnerable range="lt">1.12.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-1.12.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2187">CVE-2015-2187</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2188">CVE-2015-2188</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2189">CVE-2015-2189</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2190">CVE-2015-2190</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2191">CVE-2015-2191</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2192">CVE-2015-2192</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3182">CVE-2015-3182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3808">CVE-2015-3808</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3809">CVE-2015-3809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3810">CVE-2015-3810</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3811">CVE-2015-3811</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3812">CVE-2015-3812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3813">CVE-2015-3813</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3814">CVE-2015-3814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3815">CVE-2015-3815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3906">CVE-2015-3906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4651">CVE-2015-4651</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4652">CVE-2015-4652</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-11T20:47:36Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-10-31T15:09:09Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201510-04.xml b/metadata/glsa/glsa-201510-04.xml
new file mode 100644
index 000000000000..ffc6246d3228
--- /dev/null
+++ b/metadata/glsa/glsa-201510-04.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201510-04">
+  <title>tcpdump: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in tcpdump, the worst of
+    which can allow remote attackers to cause Denial of Service condition or
+    executive arbitrary code.
+  </synopsis>
+  <product type="ebuild">tcpdump</product>
+  <announced>2015-10-31</announced>
+  <revised count="1">2015-10-31</revised>
+  <bug>552632</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/tcpdump" auto="yes" arch="*">
+      <unaffected range="ge">4.7.4</unaffected>
+      <vulnerable range="lt">4.7.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tcpdump is a Tool for network monitoring and data acquisition.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in tcpdump. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tcpdump users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tcpdump-4.7.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0261">CVE-2015-0261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2153">CVE-2015-2153</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2154">CVE-2015-2154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2155">CVE-2015-2155</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-08-04T15:50:32Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-10-31T15:14:21Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201510-05.xml b/metadata/glsa/glsa-201510-05.xml
new file mode 100644
index 000000000000..c0ddd1bffabd
--- /dev/null
+++ b/metadata/glsa/glsa-201510-05.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201510-05">
+  <title>MediaWiki: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of
+    which may allow remote attackers to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">mediawiki</product>
+  <announced>2015-10-31</announced>
+  <revised count="1">2015-10-31</revised>
+  <bug>545944</bug>
+  <bug>557844</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.25.2</unaffected>
+      <unaffected range="rge">1.24.3</unaffected>
+      <unaffected range="rge">1.23.10</unaffected>
+      <vulnerable range="lt">1.25.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MediaWiki is a collaborative editing software used by large projects
+      such as Wikipedia.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MediaWiki. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to create a Denial of Service condition,
+      obtain sensitive information, bypass security restrictions, and inject
+      arbitrary web script or HTML.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MediaWiki 1.25 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.25.2"
+    </code>
+    
+    <p>All MediaWiki 1.24 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.24.3"
+    </code>
+    
+    <p>All MediaWiki 1.23 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.23.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2931">CVE-2015-2931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2932">CVE-2015-2932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2933">CVE-2015-2933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2934">CVE-2015-2934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2935">CVE-2015-2935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2936">CVE-2015-2936</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2937">CVE-2015-2937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2938">CVE-2015-2938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2939">CVE-2015-2939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2940">CVE-2015-2940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2941">CVE-2015-2941</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2942">CVE-2015-2942</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6728">CVE-2015-6728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6729">CVE-2015-6729</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6730">CVE-2015-6730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6731">CVE-2015-6731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6732">CVE-2015-6732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6733">CVE-2015-6733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6734">CVE-2015-6734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6735">CVE-2015-6735</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6736">CVE-2015-6736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6737">CVE-2015-6737</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-10-10T02:28:01Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-10-31T15:16:38Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201510-06.xml b/metadata/glsa/glsa-201510-06.xml
new file mode 100644
index 000000000000..7860dad6cc0c
--- /dev/null
+++ b/metadata/glsa/glsa-201510-06.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201510-06">
+  <title>Django: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Django, the worst of
+    which may allow a remote attacker to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">django</product>
+  <announced>2015-10-31</announced>
+  <revised count="1">2015-10-31</revised>
+  <bug>554864</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/django" auto="yes" arch="*">
+      <unaffected range="ge">1.8.3</unaffected>
+      <unaffected range="rge">1.7.9</unaffected>
+      <unaffected range="rge">1.4.21</unaffected>
+      <vulnerable range="lt">1.8.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Django is a Python-based web framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Django:</p>
+    
+    <ul>
+      <li>Session backends create a new record anytime request.session was
+        accessed (CVE-2015-5143)
+      </li>
+      <li>Built-in validators in Django do not properly sanitize input
+        (CVE-2015-5144)
+      </li>
+      <li>URL validation included a regular expression that was extremely slow
+        (CVE-2015-5145)
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able cause a Denial of Service condition,
+      inject arbitrary headers, and conduct HTTP response splitting attacks. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Django 1.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.8.3"
+    </code>
+    
+    <p>All Django 1.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.7.9"
+    </code>
+    
+    <p>All Django 1.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-1.4.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5143">CVE-2015-5143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5144">CVE-2015-5144</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5145">CVE-2015-5145</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-10-10T02:24:53Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-10-31T15:22:32Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201510-07.xml b/metadata/glsa/glsa-201510-07.xml
new file mode 100644
index 000000000000..f11af6b8b084
--- /dev/null
+++ b/metadata/glsa/glsa-201510-07.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201510-07">
+  <title>CUPS: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in CUPS, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2015-10-31</announced>
+  <revised count="1">2015-10-31</revised>
+  <bug>551846</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3</unaffected>
+      <vulnerable range="lt">2.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CUPS, the Common Unix Printing System, is a full-featured print server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cups. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CUPS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-2.0.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1158">CVE-2015-1158</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1159">CVE-2015-1159</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-08-10T23:00:11Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-10-31T15:26:37Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201510-08.xml b/metadata/glsa/glsa-201510-08.xml
new file mode 100644
index 000000000000..4b849e224167
--- /dev/null
+++ b/metadata/glsa/glsa-201510-08.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201510-08">
+  <title>cups-filters: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cups-filters, the worst
+    of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">cups-filters</product>
+  <announced>2015-10-31</announced>
+  <revised count="1">2015-10-31</revised>
+  <bug>553644</bug>
+  <bug>553836</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups-filters" auto="yes" arch="*">
+      <unaffected range="ge">1.0.71</unaffected>
+      <vulnerable range="lt">1.0.71</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cups-filters is an OpenPrinting CUPS Filters.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cups-filters. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted print
+      job using cups-filters, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cups-filters users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-filters-1.0.71"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3258">CVE-2015-3258</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3279">CVE-2015-3279</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-08-10T22:36:13Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-10-31T15:30:50Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201511-01.xml b/metadata/glsa/glsa-201511-01.xml
new file mode 100644
index 000000000000..c946c0eb2afd
--- /dev/null
+++ b/metadata/glsa/glsa-201511-01.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201511-01">
+  <title>MirBSD Korn Shell: Arbitrary code execution</title>
+  <synopsis>An attacker who already had access to the environment could so
+    append values to parameters passed through programs.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2015-11-02</announced>
+  <revised count="2">2015-11-02</revised>
+  <bug>524414</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-shells/mksh" auto="yes" arch="*">
+      <unaffected range="ge">50c</unaffected>
+      <vulnerable range="lt">50c</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MirBSD Korn Shell is an actively developed free implementation of the
+      Korn Shell programming language and a successor to the Public Domain Korn
+      Shell.
+    </p>
+  </background>
+  <description>
+    <p>Improper sanitation of environment import allows for appending of values
+      to passed parameters. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker who already had access to the environment could so append
+      values to parameters passed through programs (including sudo(8) or
+      setuid) to shell scripts, including indirectly, after those programs
+      intended to sanitise the environment, e.g. invalidating the last $PATH
+      component.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mksh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/mksh-50c"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://www.mirbsd.org/permalinks/wlog-10_e20141003-tg.htm#e20141003-tg_wlog-10">
+      mksh R50c released, security fix
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-12-12T08:13:43Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-11-02T15:33:07Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201511-02.xml b/metadata/glsa/glsa-201511-02.xml
new file mode 100644
index 000000000000..ea9d37ad7000
--- /dev/null
+++ b/metadata/glsa/glsa-201511-02.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201511-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2015-11-17</announced>
+  <revised count="1">2015-11-17</revised>
+  <bug>563014</bug>
+  <bug>563172</bug>
+  <bug>565318</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.548</unaffected>
+      <vulnerable range="lt">11.2.202.548</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites. 
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.548"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5569">CVE-2015-5569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7625">CVE-2015-7625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7626">CVE-2015-7626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7627">CVE-2015-7627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7628">CVE-2015-7628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7629">CVE-2015-7629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7630">CVE-2015-7630</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7631">CVE-2015-7631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7632">CVE-2015-7632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7633">CVE-2015-7633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7634">CVE-2015-7634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7643">CVE-2015-7643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7644">CVE-2015-7644</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7645">CVE-2015-7645</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7646">CVE-2015-7646</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7647">CVE-2015-7647</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7648">CVE-2015-7648</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7651">CVE-2015-7651</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7652">CVE-2015-7652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7653">CVE-2015-7653</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7654">CVE-2015-7654</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7655">CVE-2015-7655</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7656">CVE-2015-7656</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7657">CVE-2015-7657</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7658">CVE-2015-7658</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7659">CVE-2015-7659</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7660">CVE-2015-7660</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7661">CVE-2015-7661</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7662">CVE-2015-7662</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7663">CVE-2015-7663</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8042">CVE-2015-8042</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8043">CVE-2015-8043</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8044">CVE-2015-8044</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8046">CVE-2015-8046</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-10-31T14:56:04Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-11-17T11:42:29Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-01.xml b/metadata/glsa/glsa-201512-01.xml
new file mode 100644
index 000000000000..43c0c782d7b2
--- /dev/null
+++ b/metadata/glsa/glsa-201512-01.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-01">
+  <title>Dnsmasq: Denial of service</title>
+  <synopsis>A vulnerability in Dnsmasq can lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">dnsmasq</product>
+  <announced>2015-12-17</announced>
+  <revised count="1">2015-12-17</revised>
+  <bug>547966</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.72-r2</unaffected>
+      <vulnerable range="lt">2.72-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
+      server. 
+    </p>
+  </background>
+  <description>
+    <p>An out-of-bounds read vulnerability has been found in the tcp_request
+      function in Dnsmasq.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted DNS request, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dnsmasq users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.72-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3294">CVE-2015-3294</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-08-04T14:11:32Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-17T15:30:29Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-02.xml b/metadata/glsa/glsa-201512-02.xml
new file mode 100644
index 000000000000..a1c97640574e
--- /dev/null
+++ b/metadata/glsa/glsa-201512-02.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-02">
+  <title>IPython: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in IPython could result in execution of arbitrary
+    JavaScript.
+  </synopsis>
+  <product type="ebuild">ipython</product>
+  <announced>2015-12-17</announced>
+  <revised count="1">2015-12-17</revised>
+  <bug>560708</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/ipython" auto="yes" arch="*">
+      <unaffected range="ge">3.2.1-r1</unaffected>
+      <vulnerable range="lt">3.2.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>IPython is an advanced interactive shell for Python.</p>
+  </background>
+  <description>
+    <p>IPython does not properly check the MIME type of a file.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted text
+      file using IPython, possibly resulting in execution of arbitrary
+      JavaScript with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All IPython users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/ipython-3.2.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7337">CVE-2015-7337</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-09-24T01:14:10Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-17T16:41:41Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-03.xml b/metadata/glsa/glsa-201512-03.xml
new file mode 100644
index 000000000000..50be132a3fea
--- /dev/null
+++ b/metadata/glsa/glsa-201512-03.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-03">
+  <title>GRUB: Authentication bypass</title>
+  <synopsis>GRUB's authentication prompt can be bypassed by entering a sequence
+    of backspace characters.
+  </synopsis>
+  <product type="ebuild">grub</product>
+  <announced>2015-12-19</announced>
+  <revised count="1">2015-12-19</revised>
+  <bug>568326</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-boot/grub" auto="no" arch="*">
+      <unaffected range="ge">2.02_beta2-r8</unaffected>
+      <unaffected range="rge">0.97</unaffected>
+      <vulnerable range="lt">2.02_beta2-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU GRUB is a multiboot boot loader used by most Linux systems.</p>
+  </background>
+  <description>
+    <p>An integer underflow in GRUB’s username/password authentication code
+      has been discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker with access to the system console may bypass the username
+      prompt by entering a sequence of backspace characters, allowing them e.g.
+      to get full access to GRUB’s console or to load a customized kernel.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GRUB 2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-boot/grub-2.02_beta2-r8"
+    </code>
+    
+    <p>After upgrading, make sure to run the grub2-install command with options
+      appropriate for your system. See the GRUB2 Quick Start guide in the
+      references below for examples. Your system will be vulnerable until this
+      action is performed.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8370">CVE-2015-8370</uri>
+    <uri link="https://wiki.gentoo.org/wiki/GRUB2_Quick_Start">GRUB2 Quick
+      Start guide
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-19T13:09:44Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-19T14:20:07Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-04.xml b/metadata/glsa/glsa-201512-04.xml
new file mode 100644
index 000000000000..2d3165833996
--- /dev/null
+++ b/metadata/glsa/glsa-201512-04.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-04">
+  <title>OpenSSH: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of
+    which could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2015-12-20</announced>
+  <revised count="4">2015-12-21</revised>
+  <bug>553724</bug>
+  <bug>555518</bug>
+  <bug>557340</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">7.1_p1-r2</unaffected>
+      <vulnerable range="lt">7.1_p1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes an SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All openssh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-7.1_p1-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5352">CVE-2015-5352</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5600">CVE-2015-5600</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6563">CVE-2015-6563</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6564">CVE-2015-6564</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6565">CVE-2015-6565</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-22T17:49:28Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-12-21T15:58:43Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-05.xml b/metadata/glsa/glsa-201512-05.xml
new file mode 100644
index 000000000000..ee4fb12e373c
--- /dev/null
+++ b/metadata/glsa/glsa-201512-05.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-05">
+  <title>gdk-pixbuf: Multiple Vulnerabilities</title>
+  <synopsis>Multiple buffer overflow vulnerabilities in gdk-pixbuf may allow
+    remote attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">gdk-pixbuf</product>
+  <announced>2015-12-21</announced>
+  <revised count="1">2015-12-21</revised>
+  <bug>556314</bug>
+  <bug>562878</bug>
+  <bug>562880</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gdk-pixbuf" auto="yes" arch="*">
+      <unaffected range="ge">2.32.1</unaffected>
+      <vulnerable range="lt">2.32.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>gdk-pixbuf is an image loading library for GTK+.</p>
+  </background>
+  <description>
+    <p>Three heap-based buffer overflow vulnerabilities have been discovered in
+      gdk-pixbuf. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file with an application linked against gdk-pixbuf, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gdk-pixbuf users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/gdk-pixbuf-2.32.1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491">CVE-2015-4491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7673">CVE-2015-7673</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7674">CVE-2015-7674</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-10-13T00:53:43Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-21T14:06:18Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-06.xml b/metadata/glsa/glsa-201512-06.xml
new file mode 100644
index 000000000000..08f3ee58c3d9
--- /dev/null
+++ b/metadata/glsa/glsa-201512-06.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-06">
+  <title>MPFR: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow vulnerability in MPFR could allow remote
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">mpfr</product>
+  <announced>2015-12-30</announced>
+  <revised count="1">2015-12-30</revised>
+  <bug>532028</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/mpfr" auto="yes" arch="*">
+      <unaffected range="ge">3.1.3_p4</unaffected>
+      <vulnerable range="lt">3.1.3_p4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MPFR is a library for multiple-precision floating-point computations
+      with exact rounding.
+    </p>
+  </background>
+  <description>
+    <p>MPFR fails to adequately check user-supplied input, which could lead to
+      a buffer overflow. 
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MPFR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/mpfr-3.1.3_p4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9474">CVE-2014-9474</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-11-03T03:47:08Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-30T10:56:32Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-07.xml b/metadata/glsa/glsa-201512-07.xml
new file mode 100644
index 000000000000..a0071f243448
--- /dev/null
+++ b/metadata/glsa/glsa-201512-07.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-07">
+  <title>GStreamer: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in GStreamer could allow remote attackers to
+    execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">gstreamer</product>
+  <announced>2015-12-30</announced>
+  <revised count="3">2016-02-09</revised>
+  <bug>553742</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gstreamer" auto="yes" arch="*">
+      <unaffected range="ge">1.4.5</unaffected>
+      <unaffected range="rge">0.10.36-r2</unaffected>
+      <vulnerable range="lt">1.4.5</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-bad" auto="yes" arch="*">
+      <unaffected range="rge">0.10.23-r3</unaffected>
+      <vulnerable range="lt">0.10.23-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GStreamer is an open source multimedia framework.</p>
+  </background>
+  <description>
+    <p>A buffer overflow vulnerability has been found in the parsing of H.264
+      formatted video.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted H.264
+      formatted video using an application linked against GStreamer, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GStreamer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/gstreamer-1.4.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0797">CVE-2015-0797</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-11-22T14:47:48Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-02-09T20:37:29Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-08.xml b/metadata/glsa/glsa-201512-08.xml
new file mode 100644
index 000000000000..cd10269a28f3
--- /dev/null
+++ b/metadata/glsa/glsa-201512-08.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-08">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ClamAV, possibly
+    resulting in Denial of Service.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2015-12-30</announced>
+  <revised count="1">2015-12-30</revised>
+  <bug>538084</bug>
+  <bug>548066</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.98.7</unaffected>
+      <vulnerable range="lt">0.98.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ClamAV is a GPL virus scanner.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ClamAV. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause ClamAV to scan a specially crafted file,
+      possibly resulting in a Denial of Service condition or other unspecified
+      impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.98.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9328">CVE-2014-9328</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1461">CVE-2015-1461</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1462">CVE-2015-1462</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1463">CVE-2015-1463</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2170">CVE-2015-2170</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2221">CVE-2015-2221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2222">CVE-2015-2222</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2668">CVE-2015-2668</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-11-02T22:28:34Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-30T13:55:58Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-09.xml b/metadata/glsa/glsa-201512-09.xml
new file mode 100644
index 000000000000..b4e7aeefb800
--- /dev/null
+++ b/metadata/glsa/glsa-201512-09.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-09">
+  <title>encfs: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in encfs, the worst of
+    which can allow remote attackers to execute arbitrary code or cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">encfs</product>
+  <announced>2015-12-30</announced>
+  <revised count="1">2015-12-30</revised>
+  <bug>510290</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/encfs" auto="yes" arch="*">
+      <unaffected range="ge">1.7.5</unaffected>
+      <vulnerable range="lt">1.7.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Encfs is an implementation of encrypted filesystem in user-space using
+      FUSE.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in encfs. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker can utilize a  possible buffer overflow in the
+      encodeName method of StreamNameIO and BlockNameIO to execute arbitrary
+      code or cause a Denial of Service. Also multiple weak cryptographics
+      practices have been found in encfs. 
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All encfs users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/encfs-1.7.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3462">CVE-2014-3462</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-11T16:35:36Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2015-12-30T14:32:13Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-10.xml b/metadata/glsa/glsa-201512-10.xml
new file mode 100644
index 000000000000..0e2ddc3f0563
--- /dev/null
+++ b/metadata/glsa/glsa-201512-10.xml
@@ -0,0 +1,178 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-10">
+  <title>Mozilla Products: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Thunderbird, the worst of which may allow user-assisted execution of
+    arbitrary code. 
+  </synopsis>
+  <product type="ebuild">thunderbird firefox</product>
+  <announced>2015-12-30</announced>
+  <revised count="2">2015-12-31</revised>
+  <bug>545232</bug>
+  <bug>554036</bug>
+  <bug>556942</bug>
+  <bug>564818</bug>
+  <bug>567298</bug>
+  <bug>568376</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">38.5.0</unaffected>
+      <vulnerable range="lt">38.5.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">38.5.0</unaffected>
+      <vulnerable range="lt">38.5.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">38.5.0</unaffected>
+      <vulnerable range="lt">38.5.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">38.5.0</unaffected>
+      <vulnerable range="lt">38.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an
+      open-source email client, both from the Mozilla Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Mozilla Thunderbird. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page or email, possibly resulting in execution of arbitrary code or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All  Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-38.5.0"
+    </code>
+    
+    <p>All  Firefox-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-38.5.0"
+    </code>
+    
+    <p>All  Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-38.5.0"
+    </code>
+    
+    <p>All  Thunderbird-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-38.5.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798">CVE-2015-0798</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799">CVE-2015-0799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801">CVE-2015-0801</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802">CVE-2015-0802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803">CVE-2015-0803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804">CVE-2015-0804</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805">CVE-2015-0805</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806">CVE-2015-0806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807">CVE-2015-0807</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808">CVE-2015-0808</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810">CVE-2015-0810</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811">CVE-2015-0811</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812">CVE-2015-0812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813">CVE-2015-0813</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814">CVE-2015-0814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815">CVE-2015-0815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816">CVE-2015-0816</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706">CVE-2015-2706</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721">CVE-2015-2721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722">CVE-2015-2722</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724">CVE-2015-2724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725">CVE-2015-2725</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726">CVE-2015-2726</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727">CVE-2015-2727</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728">CVE-2015-2728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729">CVE-2015-2729</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730">CVE-2015-2730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731">CVE-2015-2731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733">CVE-2015-2733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734">CVE-2015-2734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735">CVE-2015-2735</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736">CVE-2015-2736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737">CVE-2015-2737</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738">CVE-2015-2738</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739">CVE-2015-2739</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740">CVE-2015-2740</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741">CVE-2015-2741</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742">CVE-2015-2742</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743">CVE-2015-2743</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808">CVE-2015-2808</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000">CVE-2015-4000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4153">CVE-2015-4153</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495">CVE-2015-4495</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513">CVE-2015-4513</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514">CVE-2015-4514</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515">CVE-2015-4515</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518">CVE-2015-4518</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181">CVE-2015-7181</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182">CVE-2015-7182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183">CVE-2015-7183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187">CVE-2015-7187</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188">CVE-2015-7188</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189">CVE-2015-7189</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191">CVE-2015-7191</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192">CVE-2015-7192</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193">CVE-2015-7193</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194">CVE-2015-7194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195">CVE-2015-7195</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196">CVE-2015-7196</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197">CVE-2015-7197</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198">CVE-2015-7198</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199">CVE-2015-7199</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200">CVE-2015-7200</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201">CVE-2015-7201</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202">CVE-2015-7202</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203">CVE-2015-7203</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204">CVE-2015-7204</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205">CVE-2015-7205</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207">CVE-2015-7207</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208">CVE-2015-7208</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210">CVE-2015-7210</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211">CVE-2015-7211</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212">CVE-2015-7212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213">CVE-2015-7213</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214">CVE-2015-7214</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215">CVE-2015-7215</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216">CVE-2015-7216</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217">CVE-2015-7217</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218">CVE-2015-7218</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219">CVE-2015-7219</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220">CVE-2015-7220</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221">CVE-2015-7221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222">CVE-2015-7222</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223">CVE-2015-7223</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-16T13:56:14Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-31T01:25:05Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-11.xml b/metadata/glsa/glsa-201512-11.xml
new file mode 100644
index 000000000000..dc74876517a1
--- /dev/null
+++ b/metadata/glsa/glsa-201512-11.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-11">
+  <title>Firebird: Buffer Overflow</title>
+  <synopsis>A buffer overflow in Firebird might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">firebird</product>
+  <announced>2015-12-30</announced>
+  <revised count="1">2015-12-30</revised>
+  <bug>460780</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/firebird" auto="yes" arch="*">
+      <unaffected range="ge">2.5.3.26780.0-r3</unaffected>
+      <vulnerable range="lt">2.5.3.26780.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Firebird is a multi-platform, open source relational database.</p>
+  </background>
+  <description>
+    <p>The vulnerability is caused due to an error when processing requests
+      from remote clients.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firebird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/firebird-2.5.3.26780.0-r3"
+    </code>
+    
+    <p>NOTE: Firebird package was moved to the testing branch (unstable) of
+      Gentoo. There is currently no stable version of Firebird, and  there will
+      be no further GLSAs for this package.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2492">CVE-2013-2492</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-15T13:57:42Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-30T16:24:28Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-12.xml b/metadata/glsa/glsa-201512-12.xml
new file mode 100644
index 000000000000..8a015dd4de5a
--- /dev/null
+++ b/metadata/glsa/glsa-201512-12.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-12">
+  <title>KDE Systemsettings: Privilege escalation</title>
+  <synopsis>Data validation in KDE Systemsettings could lead to local privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">systemsettings</product>
+  <announced>2015-12-30</announced>
+  <revised count="1">2015-12-30</revised>
+  <bug>528468</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-base/systemsettings" auto="yes" arch="*">
+      <unaffected range="ge">4.11.13-r1</unaffected>
+      <vulnerable range="lt">4.11.13-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KDE workspace configuration module for setting the date and time has a
+      helper program
+      which runs as root for performing actions.
+    </p>
+  </background>
+  <description>
+    <p>KDE Systemsettings fails to properly validate user input before passing
+      it as argument in context of higher privilege.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could gain privileges via a crafted ntpUtility (ntp
+      utility name) argument.
+    </p>
+  </impact>
+  <workaround>
+    <p>Add a polkit rule to disable the org.kde.kcontrol.kcmclock.save action.</p>
+  </workaround>
+  <resolution>
+    <p>All KDE Systemsettings users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=kde-base/systemsettings-4.11.13-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8651">CVE-2014-8651</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-03T07:50:15Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2015-12-30T20:52:40Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201512-13.xml b/metadata/glsa/glsa-201512-13.xml
new file mode 100644
index 000000000000..004bcc7060a4
--- /dev/null
+++ b/metadata/glsa/glsa-201512-13.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201512-13">
+  <title>InspIRCd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in InspIRCd, the worst
+    allowing remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">inspircd</product>
+  <announced>2015-12-30</announced>
+  <revised count="1">2015-12-30</revised>
+  <bug>545034</bug>
+  <bug>570244</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/inspircd" auto="yes" arch="*">
+      <unaffected range="ge">2.0.20</unaffected>
+      <vulnerable range="lt">2.0.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>InspIRCd is a modular Internet Relay Chat (IRC) server written in C++
+      which was created from scratch to be stable, modern and lightweight.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in InspIRCd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All InspIRCd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/inspircd-2.0.20"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6697">CVE-2012-6697</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6674">CVE-2015-6674</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8702">CVE-2015-8702</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-09-27T05:28:16Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2015-12-30T21:15:00Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201601-01.xml b/metadata/glsa/glsa-201601-01.xml
new file mode 100644
index 000000000000..1b51270b35ed
--- /dev/null
+++ b/metadata/glsa/glsa-201601-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201601-01">
+  <title>OpenSSH: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSH, allowing
+    attackers to leak client memory to a server, including private keys.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2016-01-16</announced>
+  <revised count="1">2016-01-16</revised>
+  <bug>571892</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">7.1_p2</unaffected>
+      <vulnerable range="lt">7.1_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>Qualys have reported two issues in the “roaming” code included in
+      the OpenSSH client, which provides undocumented, experimental support for
+      resuming SSH connections. An OpenSSH client could be tricked into leaking
+      parts of its memory to a malicious server. Furthermore, a buffer overflow
+      can be exploited by a malicious server, but its exploitation requires
+      non-default options and is mitigated due to another bug.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to connect to a specially crafted
+      OpenSSH server, possibly resulting in the disclosure of the user’s
+      private keys. Users with private keys that are not protected by a
+      passphrase are advised to generate new keys if they have connected to an
+      SSH server they don’t fully trust.
+    </p>
+    
+    <p>Note that no special configuration is required to be vulnerable as the
+      roaming feature is enabled by default on the client.
+    </p>
+  </impact>
+  <workaround>
+    <p>The issues can be worked around by disabling the roaming code. To do so,
+      add “UseRoaming no” to the SSH client configuration, or specify “-o
+      ‘UseRoaming no’” on the command line.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-7.1_p2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0777">CVE-2016-0777</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0778">CVE-2016-0778</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-01-14T09:15:59Z">a3li</metadata>
+  <metadata tag="submitter" timestamp="2016-01-16T18:56:11Z">a3li</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201601-02.xml b/metadata/glsa/glsa-201601-02.xml
new file mode 100644
index 000000000000..50f8046c7ffb
--- /dev/null
+++ b/metadata/glsa/glsa-201601-02.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201601-02">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, allowing
+    remote attackers to execute arbitrary code or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2016-01-26</announced>
+  <revised count="1">2016-01-26</revised>
+  <bug>536234</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.4.9</unaffected>
+      <vulnerable range="lt">2.4.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attack can use multiple vectors to execute arbitrary code or
+      cause a denial of service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ 3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.4.9:3"
+    </code>
+    
+    <p>All WebKitGTK+ 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-libs/webkit-gtk-2.4.9-r200:2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344">CVE-2014-1344</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384">CVE-2014-1384</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385">CVE-2014-1385</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386">CVE-2014-1386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387">CVE-2014-1387</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388">CVE-2014-1388</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389">CVE-2014-1389</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390">CVE-2014-1390</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-22T20:45:27Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-01-26T19:47:29Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201601-03.xml b/metadata/glsa/glsa-201601-03.xml
new file mode 100644
index 000000000000..a6c4472475d1
--- /dev/null
+++ b/metadata/glsa/glsa-201601-03.xml
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201601-03">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe flash</product>
+  <announced>2016-01-26</announced>
+  <revised count="1">2016-01-26</revised>
+  <bug>567838</bug>
+  <bug>570040</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.559</unaffected>
+      <vulnerable range="lt">11.2.202.559</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.559"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8045">CVE-2015-8045</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8047">CVE-2015-8047</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8048">CVE-2015-8048</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8049">CVE-2015-8049</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8050">CVE-2015-8050</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8055">CVE-2015-8055</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8056">CVE-2015-8056</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8057">CVE-2015-8057</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8058">CVE-2015-8058</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8059">CVE-2015-8059</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8060">CVE-2015-8060</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8061">CVE-2015-8061</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8062">CVE-2015-8062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8063">CVE-2015-8063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8064">CVE-2015-8064</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8065">CVE-2015-8065</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8066">CVE-2015-8066</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8067">CVE-2015-8067</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8068">CVE-2015-8068</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8069">CVE-2015-8069</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8070">CVE-2015-8070</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8071">CVE-2015-8071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8401">CVE-2015-8401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8402">CVE-2015-8402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8403">CVE-2015-8403</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8404">CVE-2015-8404</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8405">CVE-2015-8405</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8406">CVE-2015-8406</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8407">CVE-2015-8407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8408">CVE-2015-8408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8409">CVE-2015-8409</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8410">CVE-2015-8410</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8411">CVE-2015-8411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8412">CVE-2015-8412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8413">CVE-2015-8413</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8414">CVE-2015-8414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8415">CVE-2015-8415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8416">CVE-2015-8416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8417">CVE-2015-8417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8418">CVE-2015-8418</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8419">CVE-2015-8419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8420">CVE-2015-8420</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8421">CVE-2015-8421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8422">CVE-2015-8422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8423">CVE-2015-8423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8424">CVE-2015-8424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8425">CVE-2015-8425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8426">CVE-2015-8426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8427">CVE-2015-8427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8428">CVE-2015-8428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8429">CVE-2015-8429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8430">CVE-2015-8430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8431">CVE-2015-8431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8432">CVE-2015-8432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8433">CVE-2015-8433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8434">CVE-2015-8434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8435">CVE-2015-8435</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8436">CVE-2015-8436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8437">CVE-2015-8437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8438">CVE-2015-8438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8439">CVE-2015-8439</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8440">CVE-2015-8440</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8441">CVE-2015-8441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8442">CVE-2015-8442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8443">CVE-2015-8443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8443">CVE-2015-8443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8445">CVE-2015-8445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8446">CVE-2015-8446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8447">CVE-2015-8447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8448">CVE-2015-8448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8449">CVE-2015-8449</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8450">CVE-2015-8450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8451">CVE-2015-8451</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8452">CVE-2015-8452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8453">CVE-2015-8453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8454">CVE-2015-8454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8455">CVE-2015-8455</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8459">CVE-2015-8459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8460">CVE-2015-8460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8635">CVE-2015-8635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8636">CVE-2015-8636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8638">CVE-2015-8638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8639">CVE-2015-8639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8640">CVE-2015-8640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8641">CVE-2015-8641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8642">CVE-2015-8642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8643">CVE-2015-8643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8644">CVE-2015-8644</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8645">CVE-2015-8645</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8646">CVE-2015-8646</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8647">CVE-2015-8647</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8648">CVE-2015-8648</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8649">CVE-2015-8649</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8650">CVE-2015-8650</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8651">CVE-2015-8651</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T05:43:53Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-01-26T20:18:57Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201601-04.xml b/metadata/glsa/glsa-201601-04.xml
new file mode 100644
index 000000000000..50cdc94918ef
--- /dev/null
+++ b/metadata/glsa/glsa-201601-04.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201601-04">
+  <title>OpenSMTPD: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSMTPD, the worst
+    allowing remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">opensmtpd</product>
+  <announced>2016-01-27</announced>
+  <revised count="1">2016-01-27</revised>
+  <bug>562034</bug>
+  <bug>562290</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/opensmtpd" auto="yes" arch="*">
+      <unaffected range="ge">5.7.3_p1</unaffected>
+      <vulnerable range="lt">5.7.3_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSMTPD. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSMTPD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/opensmtpd-5.7.3_p1"
+    </code>
+    
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2015-10-02T13:05:33Z">mrueg</metadata>
+  <metadata tag="submitter" timestamp="2016-01-27T06:43:42Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201601-05.xml b/metadata/glsa/glsa-201601-05.xml
new file mode 100644
index 000000000000..46d883ffdd60
--- /dev/null
+++ b/metadata/glsa/glsa-201601-05.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201601-05">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, allowing
+    remote attackers to disclose sensitive information and complete weak
+    handshakes.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2016-01-29</announced>
+  <revised count="3">2016-02-26</revised>
+  <bug>572854</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2f</unaffected>
+      <unaffected range="rge">1.0.1r</unaffected>
+      <unaffected range="rge">1.0.1s</unaffected>
+      <unaffected range="rge">1.0.1t</unaffected>
+      <unaffected range="rge">0.9.8z_p8</unaffected>
+      <unaffected range="rge">0.9.8z_p9</unaffected>
+      <unaffected range="rge">0.9.8z_p10</unaffected>
+      <unaffected range="rge">0.9.8z_p11</unaffected>
+      <unaffected range="rge">0.9.8z_p12</unaffected>
+      <unaffected range="rge">0.9.8z_p13</unaffected>
+      <unaffected range="rge">0.9.8z_p14</unaffected>
+      <unaffected range="rge">0.9.8z_p15</unaffected>
+      <vulnerable range="lt">1.0.2f</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the upstream advisory and CVE identifiers referenced below for details.
+      Note that the list includes CVE identifiers for an older OpenSSL Security
+      Advisory (3 Dec 2015) for which we have not issued a GLSA before.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could disclose a server’s private DH exponent, or
+      complete SSLv2 handshakes using ciphers that have been disabled on the
+      server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2f"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1794">CVE-2015-1794</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3193">CVE-2015-3193</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3194">CVE-2015-3194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3195">CVE-2015-3195</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3196">CVE-2015-3196</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197">CVE-2015-3197</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701">CVE-2016-0701</uri>
+    <uri link="https://openssl.org/news/secadv/20160128.txt">OpenSSL Security
+      Advisory [28th Jan 2016]
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-01-29T23:06:05Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-02-26T15:29:47Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201602-01.xml b/metadata/glsa/glsa-201602-01.xml
new file mode 100644
index 000000000000..a69e0579736f
--- /dev/null
+++ b/metadata/glsa/glsa-201602-01.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201602-01">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which may allow a remote attacker to cause a Denial of Service or gain
+    elevated privileges from a guest VM. 
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2016-02-04</announced>
+  <revised count="1">2016-02-04</revised>
+  <bug>544328</bug>
+  <bug>549404</bug>
+  <bug>557206</bug>
+  <bug>558416</bug>
+  <bug>559656</bug>
+  <bug>560422</bug>
+  <bug>560550</bug>
+  <bug>560760</bug>
+  <bug>566792</bug>
+  <bug>567144</bug>
+  <bug>567828</bug>
+  <bug>567868</bug>
+  <bug>568214</bug>
+  <bug>568226</bug>
+  <bug>568246</bug>
+  <bug>569646</bug>
+  <bug>570110</bug>
+  <bug>570988</bug>
+  <bug>571562</bug>
+  <bug>571564</bug>
+  <bug>571566</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.5.0-r1</unaffected>
+      <vulnerable range="lt">2.5.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might cause a Denial of Service or gain escalated
+      privileges from a guest VM.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.5.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1779">CVE-2015-1779</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456">CVE-2015-3456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5225">CVE-2015-5225</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5278">CVE-2015-5278</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5279">CVE-2015-5279</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5745">CVE-2015-5745</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6815">CVE-2015-6815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6855">CVE-2015-6855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7295">CVE-2015-7295</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504">CVE-2015-7504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7512">CVE-2015-7512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7549">CVE-2015-7549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8345">CVE-2015-8345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8504">CVE-2015-8504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8556">CVE-2015-8556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8558">CVE-2015-8558</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8567">CVE-2015-8567</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8568">CVE-2015-8568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8666">CVE-2015-8666</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8701">CVE-2015-8701</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8743">CVE-2015-8743</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8744">CVE-2015-8744</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8745">CVE-2015-8745</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1568">CVE-2016-1568</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-11-16T21:30:41Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-02-04T09:23:14Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201602-02.xml b/metadata/glsa/glsa-201602-02.xml
new file mode 100644
index 000000000000..cd1be05d1eb8
--- /dev/null
+++ b/metadata/glsa/glsa-201602-02.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201602-02">
+  <title>GNU C Library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the GNU C library, the
+    worst allowing for remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2016-02-17</announced>
+  <revised count="1">2016-02-17</revised>
+  <bug>516884</bug>
+  <bug>517082</bug>
+  <bug>521932</bug>
+  <bug>529982</bug>
+  <bug>532874</bug>
+  <bug>538090</bug>
+  <bug>538814</bug>
+  <bug>540070</bug>
+  <bug>541246</bug>
+  <bug>541542</bug>
+  <bug>547296</bug>
+  <bug>552692</bug>
+  <bug>574880</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.21-r2</unaffected>
+      <vulnerable range="lt">2.21-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU C library is the standard C library used by Gentoo Linux
+      systems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the GNU C Library:</p>
+    
+    <ul>
+      <li>The Google Security Team and Red Hat discovered a stack-based buffer
+        overflow in the send_dg() and send_vc() functions due to a buffer
+        mismanagement when getaddrinfo() is called with AF_UNSPEC
+        (CVE-2015-7547).
+      </li>
+      <li>The strftime() function access invalid memory when passed
+        out-of-range data, resulting in a crash (CVE-2015-8776).
+      </li>
+      <li>An integer overflow was found in the __hcreate_r() function
+        (CVE-2015-8778).
+      </li>
+      <li>Multiple unbounded stack allocations were found in the catopen()
+        function (CVE-2015-8779).
+      </li>
+    </ul>
+    
+    <p>Please review the CVEs referenced below for additional vulnerabilities
+      that had already been fixed in previous versions of sys-libs/glibc, for
+      which we have not issued a GLSA before.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could exploit any application which performs host name
+      resolution using getaddrinfo() in order to execute arbitrary code or
+      crash the application. The other vulnerabilities can possibly be
+      exploited to cause a Denial of Service or leak information.
+    </p>
+  </impact>
+  <workaround>
+    <p>A number of mitigating factors for CVE-2015-7547 have been identified.
+      Please review the upstream advisory and references below.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All GNU C Library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.21-r2"
+    </code>
+    
+    <p>It is important to ensure that no running process uses the old glibc
+      anymore. The easiest way to achieve that is by rebooting the machine
+      after updating the sys-libs/glibc package.
+    </p>
+    
+    <p>Note: Should you run into compilation failures while updating, please
+      see bug 574948.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423">CVE-2013-7423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475">CVE-2014-0475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475">CVE-2014-0475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119">CVE-2014-5119</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040">CVE-2014-6040</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817">CVE-2014-7817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121">CVE-2014-8121</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402">CVE-2014-9402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472">CVE-2015-1472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781">CVE-2015-1781</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547">CVE-2015-7547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776">CVE-2015-8776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778">CVE-2015-8778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779">CVE-2015-8779</uri>
+    <uri link="https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html">
+      Google Online Security Blog: "CVE-2015-7547: glibc getaddrinfo
+      stack-based buffer overflow"
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-16T18:27:02Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-02-17T15:37:09Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201602-03.xml b/metadata/glsa/glsa-201602-03.xml
new file mode 100644
index 000000000000..aec5b377fede
--- /dev/null
+++ b/metadata/glsa/glsa-201602-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201602-03">
+  <title>libwmf: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libwmf allowing remote
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-02-27</announced>
+  <revised count="3">2016-02-27</revised>
+  <bug>551144</bug>
+  <bug>553818</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libwmf" auto="yes" arch="*">
+      <unaffected range="ge">0.2.8.4-r6</unaffected>
+      <vulnerable range="lt">0.2.8.4-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libwmf is a library for converting WMF files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libwmf.  Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libwmf users should upgrade to the latest version:</p>
+      <code>
+        # emerge --sync
+        # emerge --ask --oneshot --verbose "&gt;=media-libs/libwmf-0.2.8.4-r6"
+      </code>
+    </resolution>
+    <references>
+      <uri link="https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0848">
+        CVE-2015-0848
+      </uri>
+      <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4588">
+        CVE-2015-4588
+      </uri>
+      <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4695">
+        CVE-2015-4695
+      </uri>
+      <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4696">
+        CVE-2015-4696
+      </uri>
+    </references>
+    <metadata tag="requester" timestamp="2016-02-25T06:44:07Z">
+      BlueKnight
+    </metadata>
+    <metadata tag="submitter" timestamp="2016-02-27T02:04:39Z">b-man</metadata>
+  </glsa>
diff --git a/metadata/glsa/glsa-201603-01.xml b/metadata/glsa/glsa-201603-01.xml
new file mode 100644
index 000000000000..ec18e596fe5a
--- /dev/null
+++ b/metadata/glsa/glsa-201603-01.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-01">
+  <title>GIMP: Multiple vulnerabilities</title>
+  <synopsis>GIMP is vulnerable to multiple buffer overflows which could result
+    in the execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">gimp</product>
+  <announced>2016-03-06</announced>
+  <revised count="2">2016-05-04</revised>
+  <bug>434582</bug>
+  <bug>493372</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gimp" auto="yes" arch="*">
+      <unaffected range="ge">2.8.0</unaffected>
+      <vulnerable range="lt">2.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GIMP is a cross-platform image editor available for GNU/Linux, OS X,
+      Windows and more operating systems.
+    </p>
+  </background>
+  <description>
+    <p>GIMP’s network server, scriptfu, is vulnerable to the remote execution
+      of arbitrary code via the python-fu-eval command due to not requiring
+      authentication.  Additionally, the X Window Dump (XWD) plugin is
+      vulnerable to multiple buffer overflows possibly allowing the remote
+      execution of arbitrary code or Denial of Service.  The XWD plugin is
+      vulnerable due to not validating large color entries.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process due or perform a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GIMP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/gimp-2.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4245">CVE-2012-4245</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913">
+      CVE-2013-1913
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978">
+      CVE-2013-1978
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-02T11:01:16Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-05-04T00:41:21Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-02.xml b/metadata/glsa/glsa-201603-02.xml
new file mode 100644
index 000000000000..af1eeba34e44
--- /dev/null
+++ b/metadata/glsa/glsa-201603-02.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-02">
+  <title>OSC: Shell command injection</title>
+  <synopsis>OSC is vulnerable to the remote execution of arbitrary code.</synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-06</announced>
+  <revised count="1">2016-03-06</revised>
+  <bug>553606</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/osc" auto="yes" arch="*">
+      <unaffected range="ge">0.152.0</unaffected>
+      <vulnerable range="lt">0.152.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OSC is the command line tool and API for the Open Build Service.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered that may allow remote attackers to
+      execute arbitrary commands via shell metacharacters in a _service file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OSC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/osc-0.152.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0778">CVE-2015-0778</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T07:51:12Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-06T20:01:57Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-03.xml b/metadata/glsa/glsa-201603-03.xml
new file mode 100644
index 000000000000..1d823644f16e
--- /dev/null
+++ b/metadata/glsa/glsa-201603-03.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-03">
+  <title>Roundcube: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Roundcube allowing
+    remote authenticated users to execute arbitrary code, inject arbitrary web
+    scripts, and perform cross-site scripting (XSS).
+  </synopsis>
+  <product type="ebuild">roundcube</product>
+  <announced>2016-03-09</announced>
+  <revised count="1">2016-03-09</revised>
+  <bug>554866</bug>
+  <bug>564476</bug>
+  <bug>570336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/roundcube" auto="yes" arch="*">
+      <unaffected range="ge">1.1.4</unaffected>
+      <vulnerable range="lt">1.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Free and open source webmail software for the masses, written in PHP.</p>
+  </background>
+  <description>
+    <p>Remote authenticated users with certain permissions can read arbitrary
+      files or possibly execute arbitrary code via .. in the _skin parameter to
+      index.php.  Additionally, a cross-site scripting (XSS) vulnerability in
+      program/js/app.js allows remote authenticated users to inject arbitrary
+      web script or HTML via the file name in a drag-n-drop file upload.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote authenticated user could possibly execute arbitrary code with
+      the privileges of the process, inject arbitrary web scripts or HTML, read
+      arbitrary files, or perform XSS.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Roundcube users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/roundcube-1.1.4”
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8105">
+      CVE-2015-8105
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8770">
+      CVE-2015-8770
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-08T20:35:16Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-03-09T09:28:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-04.xml b/metadata/glsa/glsa-201603-04.xml
new file mode 100644
index 000000000000..21570aef0667
--- /dev/null
+++ b/metadata/glsa/glsa-201603-04.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-04">
+  <title>FUSE: incorrect filtering of environment variables leading to
+    privilege escalation
+  </title>
+  <synopsis>The fusermount binary in FUSE does not properly clear the
+    environment before invoking mount or umount as root that allows a local
+    user to overwrite arbitrary files.
+  </synopsis>
+  <product type="ebuild">fuse</product>
+  <announced>2016-03-09</announced>
+  <revised count="1">2016-03-09</revised>
+  <bug>550152</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/fuse" auto="yes" arch="*">
+      <unaffected range="ge">2.9.4</unaffected>
+      <vulnerable range="lt">2.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FUSE provides an interface for filesystems implemented in userspace.</p>
+  </background>
+  <description>
+    <p>The fusermount binary calls setuid(geteuid()) to reset the RUID when it
+      invokes /bin/mount so that it can use privileged mount options that are
+      normally restricted if RUID != EUID.  FUSE does not properly clear
+      environment variables before invoking mount or umount as root allowing
+      this to be passed to operations using elevated privileges such as
+      LIBMOUNT_MTAB that is used by the mount commands debugging feature.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The FUSE vulnerability allows a local, unprivileged user to overwrite
+      arbitrary files on the system.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FUSE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/fuse-2.9.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202">
+      CVE-2015-3202
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-09-09T05:09:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-09T17:59:40Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-05.xml b/metadata/glsa/glsa-201603-05.xml
new file mode 100644
index 000000000000..dec4901f7f94
--- /dev/null
+++ b/metadata/glsa/glsa-201603-05.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-05">
+  <title>LibreOffice, OpenOffice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in both LibreOffice and
+    OpenOffice allowing remote attackers to execute arbitrary code or cause
+    Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-09</announced>
+  <revised count="1">2016-03-09</revised>
+  <bug>521136</bug>
+  <bug>522060</bug>
+  <bug>528438</bug>
+  <bug>534684</bug>
+  <bug>547880</bug>
+  <bug>547900</bug>
+  <bug>565028</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/libreoffice" auto="yes" arch="*">
+      <unaffected range="ge">4.4.2</unaffected>
+      <vulnerable range="lt">4.4.2</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">4.4.2</unaffected>
+      <vulnerable range="lt">4.4.2</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin-debug" auto="yes" arch="*">
+      <unaffected range="ge">4.4.2</unaffected>
+      <vulnerable range="lt">4.4.2</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">4.1.2</unaffected>
+      <vulnerable range="lt">4.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache OpenOffice is the leading open-source office software suite for
+      word processing, spreadsheets, presentations, graphics, databases and
+      more.
+    </p>
+    
+    <p>LibreOffice is a powerful office suite; its clean interface and powerful
+      tools let you unleash your creativity and grow your productivity.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities were found in both LibreOffice and OpenOffice
+      that allow the remote execution of arbitrary code and potential Denial of
+      Service.  These vulnerabilities may be exploited through multiple vectors
+      including crafted documents, link handling, printer setup in ODF document
+      types, DOC file formats, and Calc spreadsheets.  Please review the
+      referenced CVE’s for specific information regarding each.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using the LibreOffice or OpenOffice suite of software.  Execution of
+      these attacks could possibly result in the execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibreOffice users should upgrade their respective packages to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-4.4.2"
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-4.4.2"# emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-debug-4.4.2"
+    </code>
+    
+    <p>All OpenOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-4.1.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3524">CVE-2014-3524</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3575">CVE-2014-3575</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3693">CVE-2014-3693</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9093">CVE-2014-9093</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1774">CVE-2015-1774</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4551">CVE-2015-4551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5212">CVE-2015-5212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5213">CVE-2015-5213</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5214">CVE-2015-5214</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-15T17:50:17Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-03-09T18:08:54Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-06.xml b/metadata/glsa/glsa-201603-06.xml
new file mode 100644
index 000000000000..4f8fa5282687
--- /dev/null
+++ b/metadata/glsa/glsa-201603-06.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-06">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which could lead to arbitrary code execution or Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">ffmpeg</product>
+  <announced>2016-03-12</announced>
+  <revised count="1">2016-03-12</revised>
+  <bug>485228</bug>
+  <bug>486692</bug>
+  <bug>488052</bug>
+  <bug>492742</bug>
+  <bug>493452</bug>
+  <bug>494038</bug>
+  <bug>515282</bug>
+  <bug>520132</bug>
+  <bug>536218</bug>
+  <bug>537558</bug>
+  <bug>548006</bug>
+  <bug>553734</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">2.6.3</unaffected>
+      <vulnerable range="lt">2.6.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg.  Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-2.6.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0860">CVE-2013-0860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0861">CVE-2013-0861</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0862">CVE-2013-0862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0863">CVE-2013-0863</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0864">CVE-2013-0864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0865">CVE-2013-0865</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0866">CVE-2013-0866</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0867">CVE-2013-0867</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0868">CVE-2013-0868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0872">CVE-2013-0872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0873">CVE-2013-0873</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0874">CVE-2013-0874</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0875">CVE-2013-0875</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0876">CVE-2013-0876</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0877">CVE-2013-0877</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0878">CVE-2013-0878</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4263">CVE-2013-4263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4264">CVE-2013-4264</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4265">CVE-2013-4265</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008">CVE-2013-7008</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009">CVE-2013-7009</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010">CVE-2013-7010</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011">CVE-2013-7011</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012">CVE-2013-7012</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013">CVE-2013-7013</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014">CVE-2013-7014</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015">CVE-2013-7015</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016">CVE-2013-7016</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017">CVE-2013-7017</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018">CVE-2013-7018</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019">CVE-2013-7019</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020">CVE-2013-7020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021">CVE-2013-7021</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022">CVE-2013-7022</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023">CVE-2013-7023</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024">CVE-2013-7024</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2097">CVE-2014-2097</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2098">CVE-2014-2098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2263">CVE-2014-2263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5271">CVE-2014-5271</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5272">CVE-2014-5272</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937">CVE-2014-7937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8541">CVE-2014-8541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8542">CVE-2014-8542</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8543">CVE-2014-8543</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8544">CVE-2014-8544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8545">CVE-2014-8545</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8546">CVE-2014-8546</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8547">CVE-2014-8547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8548">CVE-2014-8548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8549">CVE-2014-8549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9316">CVE-2014-9316</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9317">CVE-2014-9317</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9318">CVE-2014-9318</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9319">CVE-2014-9319</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9602">CVE-2014-9602</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9603">CVE-2014-9603</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9604">CVE-2014-9604</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395">CVE-2015-3395</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-08-14T14:38:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-12T11:17:31Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-07.xml b/metadata/glsa/glsa-201603-07.xml
new file mode 100644
index 000000000000..f0916fbce2e0
--- /dev/null
+++ b/metadata/glsa/glsa-201603-07.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-07">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-12</announced>
+  <revised count="1">2016-03-12</revised>
+  <bug>574284</bug>
+  <bug>576980</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.577</unaffected>
+      <vulnerable range="lt">11.2.202.577</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.577"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960">CVE-2016-0960</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961">CVE-2016-0961</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962">CVE-2016-0962</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963">CVE-2016-0963</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964">CVE-2016-0964</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965">CVE-2016-0965</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966">CVE-2016-0966</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967">CVE-2016-0967</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968">CVE-2016-0968</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969">CVE-2016-0969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970">CVE-2016-0970</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971">CVE-2016-0971</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972">CVE-2016-0972</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973">CVE-2016-0973</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974">CVE-2016-0974</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975">CVE-2016-0975</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976">CVE-2016-0976</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977">CVE-2016-0977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978">CVE-2016-0978</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979">CVE-2016-0979</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980">CVE-2016-0980</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981">CVE-2016-0981</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982">CVE-2016-0982</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983">CVE-2016-0983</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984">CVE-2016-0984</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985">CVE-2016-0985</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986">CVE-2016-0986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987">CVE-2016-0987</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988">CVE-2016-0988</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989">CVE-2016-0989</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990">CVE-2016-0990</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991">CVE-2016-0991</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992">CVE-2016-0992</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993">CVE-2016-0993</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994">CVE-2016-0994</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995">CVE-2016-0995</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996">CVE-2016-0996</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997">CVE-2016-0997</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998">CVE-2016-0998</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999">CVE-2016-0999</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000">CVE-2016-1000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001">CVE-2016-1001</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002">CVE-2016-1002</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005">CVE-2016-1005</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010">CVE-2016-1010</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-10T22:19:19Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-03-12T11:32:24Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-08.xml b/metadata/glsa/glsa-201603-08.xml
new file mode 100644
index 000000000000..fb4e67ba98ef
--- /dev/null
+++ b/metadata/glsa/glsa-201603-08.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-08">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VLC allowing remote
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-12</announced>
+  <revised count="1">2016-03-12</revised>
+  <bug>534532</bug>
+  <bug>537154</bug>
+  <bug>542222</bug>
+  <bug>558418</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">2.2.1-r1</unaffected>
+      <vulnerable range="lt">2.2.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VLC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could possibly execute arbitrary code or cause Denial
+      of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-2.2.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1684">CVE-2014-1684</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6440">
+      CVE-2014-6440
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9597">
+      CVE-2014-9597
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9598">
+      CVE-2014-9598
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9625">
+      CVE-2014-9625
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626">
+      CVE-2014-9626
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627">
+      CVE-2014-9627
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628">
+      CVE-2014-9628
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629">
+      CVE-2014-9629
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630">
+      CVE-2014-9630
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1202">
+      CVE-2015-1202
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1203">
+      CVE-2015-1203
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949">
+      CVE-2015-5949
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949">
+      CVE-2015-5949
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T04:52:22Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-12T12:00:44Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-09.xml b/metadata/glsa/glsa-201603-09.xml
new file mode 100644
index 000000000000..89cd03304bad
--- /dev/null
+++ b/metadata/glsa/glsa-201603-09.xml
@@ -0,0 +1,168 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-09">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-12</announced>
+  <revised count="1">2016-03-12</revised>
+  <bug>555640</bug>
+  <bug>559384</bug>
+  <bug>561448</bug>
+  <bug>563098</bug>
+  <bug>565510</bug>
+  <bug>567308</bug>
+  <bug>567870</bug>
+  <bug>568396</bug>
+  <bug>572542</bug>
+  <bug>574416</bug>
+  <bug>575434</bug>
+  <bug>576354</bug>
+  <bug>576858</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">49.0.2623.87</unaffected>
+      <vulnerable range="lt">49.0.2623.87</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-49.0.2623.87"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270">CVE-2015-1270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271">CVE-2015-1271</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272">CVE-2015-1272</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273">CVE-2015-1273</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274">CVE-2015-1274</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275">CVE-2015-1275</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276">CVE-2015-1276</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277">CVE-2015-1277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278">CVE-2015-1278</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279">CVE-2015-1279</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280">CVE-2015-1280</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281">CVE-2015-1281</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282">CVE-2015-1282</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283">CVE-2015-1283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284">CVE-2015-1284</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285">CVE-2015-1285</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286">CVE-2015-1286</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287">CVE-2015-1287</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288">CVE-2015-1288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289">CVE-2015-1289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291">CVE-2015-1291</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292">CVE-2015-1292</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293">CVE-2015-1293</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294">CVE-2015-1294</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295">CVE-2015-1295</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296">CVE-2015-1296</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297">CVE-2015-1297</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298">CVE-2015-1298</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299">CVE-2015-1299</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300">CVE-2015-1300</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302">CVE-2015-1302</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303">CVE-2015-1303</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304">CVE-2015-1304</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755">CVE-2015-6755</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756">CVE-2015-6756</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757">CVE-2015-6757</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758">CVE-2015-6758</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759">CVE-2015-6759</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760">CVE-2015-6760</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761">CVE-2015-6761</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762">CVE-2015-6762</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763">CVE-2015-6763</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764">CVE-2015-6764</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765">CVE-2015-6765</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766">CVE-2015-6766</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767">CVE-2015-6767</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768">CVE-2015-6768</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769">CVE-2015-6769</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770">CVE-2015-6770</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771">CVE-2015-6771</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772">CVE-2015-6772</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773">CVE-2015-6773</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774">CVE-2015-6774</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775">CVE-2015-6775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776">CVE-2015-6776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777">CVE-2015-6777</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778">CVE-2015-6778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779">CVE-2015-6779</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780">CVE-2015-6780</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781">CVE-2015-6781</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782">CVE-2015-6782</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783">CVE-2015-6783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784">CVE-2015-6784</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785">CVE-2015-6785</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786">CVE-2015-6786</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787">CVE-2015-6787</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788">CVE-2015-6788</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789">CVE-2015-6789</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790">CVE-2015-6790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791">CVE-2015-6791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792">CVE-2015-6792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126">CVE-2015-8126</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612">CVE-2016-1612</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613">CVE-2016-1613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614">CVE-2016-1614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615">CVE-2016-1615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616">CVE-2016-1616</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617">CVE-2016-1617</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618">CVE-2016-1618</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619">CVE-2016-1619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620">CVE-2016-1620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621">CVE-2016-1621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622">CVE-2016-1622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623">CVE-2016-1623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624">CVE-2016-1624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625">CVE-2016-1625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626">CVE-2016-1626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627">CVE-2016-1627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628">CVE-2016-1628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629">CVE-2016-1629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630">CVE-2016-1630</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631">CVE-2016-1631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632">CVE-2016-1632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633">CVE-2016-1633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634">CVE-2016-1634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635">CVE-2016-1635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636">CVE-2016-1636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637">CVE-2016-1637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638">CVE-2016-1638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639">CVE-2016-1639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640">CVE-2016-1640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641">CVE-2016-1641</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-11-03T01:34:44Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-12T12:10:56Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-10.xml b/metadata/glsa/glsa-201603-10.xml
new file mode 100644
index 000000000000..25d2e3672b6e
--- /dev/null
+++ b/metadata/glsa/glsa-201603-10.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-10">
+  <title>QtGui: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in QtGui allowing remote
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-12</announced>
+  <revised count="2">2016-03-12</revised>
+  <bug>546174</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-qt/qtgui" auto="yes" arch="*">
+      <unaffected range="ge">5.4.1-r1</unaffected>
+      <unaffected range="rge">4.8.6-r4</unaffected>
+      <unaffected range="rge">4.8.7</unaffected>
+      <vulnerable range="lt">5.4.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QtGui is the GUI module and platform plugins for the Qt framework</p>
+  </background>
+  <description>
+    <p>Multiple buffer overflow vulnerabilities have been discovered in QtGui. 
+      It is possible for remote attackers to construct specially crafted BMP,
+      ICO, or GIF images that lead to buffer overflows. After successfully
+      overflowing the buffer the remote attacker can then cause a Denial of
+      Service or execute arbitrary code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause Denial
+      of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QtGui 4.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtgui-4.8.6-r4"
+    </code>
+    
+    <p>All QtGui 5.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtgui-5.4.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1858">CVE-2015-1858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1859">CVE-2015-1859</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1860">CVE-2015-1860</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T05:00:23Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-12T12:25:16Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-11.xml b/metadata/glsa/glsa-201603-11.xml
new file mode 100644
index 000000000000..862278df855e
--- /dev/null
+++ b/metadata/glsa/glsa-201603-11.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-11">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's JRE and JDK
+    software suites allowing remote attackers to remotely execute arbitrary
+    code, obtain information, and cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-12</announced>
+  <revised count="1">2016-03-12</revised>
+  <bug>525472</bug>
+  <bug>540054</bug>
+  <bug>546678</bug>
+  <bug>554886</bug>
+  <bug>563684</bug>
+  <bug>572432</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.72 </unaffected>
+      <vulnerable range="lt">1.8.0.72 </vulnerable>
+    </package>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.72 </unaffected>
+      <vulnerable range="lt">1.8.0.72 </vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities exist in both Oracle’s JRE and JDK.  Please
+      review the referenced CVE’s for additional information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could gain access to information, remotely execute
+      arbitrary code, and cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JRE Users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.72"
+    </code>
+    
+    <p>All Oracle JDK Users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.72"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437">CVE-2015-0437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437">CVE-2015-0437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458">CVE-2015-0458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459">CVE-2015-0459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460">CVE-2015-0460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469">CVE-2015-0469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470">CVE-2015-0470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477">CVE-2015-0477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478">CVE-2015-0478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480">CVE-2015-0480</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484">CVE-2015-0484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486">CVE-2015-0486</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488">CVE-2015-0488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491">CVE-2015-0491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492">CVE-2015-0492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590">CVE-2015-2590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601">CVE-2015-2601</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613">CVE-2015-2613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619">CVE-2015-2619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621">CVE-2015-2621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625">CVE-2015-2625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627">CVE-2015-2627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628">CVE-2015-2628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632">CVE-2015-2632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637">CVE-2015-2637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638">CVE-2015-2638</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659">CVE-2015-2659</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664">CVE-2015-2664</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000">CVE-2015-4000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729">CVE-2015-4729</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731">CVE-2015-4731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732">CVE-2015-4732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733">CVE-2015-4733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734">CVE-2015-4734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734">CVE-2015-4734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736">CVE-2015-4736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748">CVE-2015-4748</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760">CVE-2015-4760</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803">CVE-2015-4803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803">CVE-2015-4803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805">CVE-2015-4805</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805">CVE-2015-4805</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806">CVE-2015-4806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806">CVE-2015-4806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810">CVE-2015-4810</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810">CVE-2015-4810</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835">CVE-2015-4835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835">CVE-2015-4835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840">CVE-2015-4840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840">CVE-2015-4840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842">CVE-2015-4842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842">CVE-2015-4842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843">CVE-2015-4843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843">CVE-2015-4843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844">CVE-2015-4844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844">CVE-2015-4844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860">CVE-2015-4860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860">CVE-2015-4860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868">CVE-2015-4868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868">CVE-2015-4868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871">CVE-2015-4871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871">CVE-2015-4871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872">CVE-2015-4872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872">CVE-2015-4872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881">CVE-2015-4881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881">CVE-2015-4881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882">CVE-2015-4882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882">CVE-2015-4882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883">CVE-2015-4883</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883">CVE-2015-4883</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893">CVE-2015-4893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893">CVE-2015-4893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901">CVE-2015-4901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901">CVE-2015-4901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902">CVE-2015-4902</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902">CVE-2015-4902</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903">CVE-2015-4903</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903">CVE-2015-4903</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906">CVE-2015-4906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906">CVE-2015-4906</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908">CVE-2015-4908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908">CVE-2015-4908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911">CVE-2015-4911</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911">CVE-2015-4911</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916">CVE-2015-4916</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916">CVE-2015-4916</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840">CVE-2015-7840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840">CVE-2015-7840</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-22T12:38:49Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-12T12:35:30Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-12.xml b/metadata/glsa/glsa-201603-12.xml
new file mode 100644
index 000000000000..4607a655d5b3
--- /dev/null
+++ b/metadata/glsa/glsa-201603-12.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-12">
+  <title>FlightGear, SimGear: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FlightGear and SimGear
+    allowing remote attackers to cause Denial of Service and possibly execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">flightgear, simgear</product>
+  <announced>2016-03-12</announced>
+  <revised count="1">2016-03-12</revised>
+  <bug>426502</bug>
+  <bug>468106</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-simulation/flightgear" auto="yes" arch="*">
+      <unaffected range="ge">3.4.0</unaffected>
+      <vulnerable range="lt">3.4.0</vulnerable>
+    </package>
+    <package name="games-simulation/simgear" auto="yes" arch="*">
+      <unaffected range="ge">3.4.0</unaffected>
+      <vulnerable range="lt">3.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FlightGear is an open-source flight simulator.  It supports a variety of
+      popular platforms (Windows, Mac, Linux, etc.) and is developed by skilled
+      volunteers from around the world.  Source code for the entire project is
+      available and licensed under the GNU General Public License.
+    </p>
+    
+    <p>SimGear is a set of open-source libraries designed to be used as
+      building blocks for quickly assembling 3d simulations, games, and
+      visualization applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple format string vulnerabilities in FlightGear and SimGear allow
+      user-assisted remote attackers to cause a denial of service and possibly
+      execute arbitrary code via format string specifiers in certain data chunk
+      values in an aircraft xml model.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could possibly execute arbitrary code or cause Denial
+      of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Flightgear users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=games-simulation/flightgear-3.4.0"
+    </code>
+    
+    <p>All Simgear users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-simulation/simgear-3.4.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2090">CVE-2012-2090</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2091">CVE-2012-2091</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-16T06:03:32Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-12T23:11:04Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-13.xml b/metadata/glsa/glsa-201603-13.xml
new file mode 100644
index 000000000000..0d90fbd7a96f
--- /dev/null
+++ b/metadata/glsa/glsa-201603-13.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-13">
+  <title>Libreswan: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libreSwan possibly
+    resulting in Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-12</announced>
+  <revised count="1">2016-03-12</revised>
+  <bug>550974</bug>
+  <bug>558692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/libreswan" auto="yes" arch="*">
+      <unaffected range="ge">3.15</unaffected>
+      <vulnerable range="lt">3.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libreswan is a free software implementation of the most widely supported
+      and standarized VPN protocol based on (“IPsec”) and the Internet Key
+      Exchange (“IKE”).
+    </p>
+  </background>
+  <description>
+    <p>The pluto IKE daemon in Libreswan, when built with NSS, allows remote
+      attackers to cause a Denial of Service (assertion failure and daemon
+      restart) via a zero DH g^x value in a KE payload in a IKE packet. 
+      Additionally, remote attackers could cause a Denial of Service (daemon
+      restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC
+      DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could possibly cause Denial of Service.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libreswan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/libreswan-3.15"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3204">CVE-2015-3204</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3240">CVE-2015-3240</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T05:09:11Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-12T23:20:43Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-14.xml b/metadata/glsa/glsa-201603-14.xml
new file mode 100644
index 000000000000..7cfc76badc8b
--- /dev/null
+++ b/metadata/glsa/glsa-201603-14.xml
@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-14">
+  <title>IcedTea: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in IcedTea allowing remote
+    attackers to affect confidentiality, integrity, and availability through
+    various vectors.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-03-12</announced>
+  <revised count="2">2016-04-19</revised>
+  <bug>537940</bug>
+  <bug>559532</bug>
+  <bug>565842</bug>
+  <bug>567850</bug>
+  <bug>572716</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/icedtea" auto="yes" arch="*">
+      <unaffected range="ge">7.2.6.4</unaffected>
+      <unaffected range="rge">6.1.13.9</unaffected>
+      <unaffected range="lt">6</unaffected>
+      <vulnerable range="lt">7.2.6.4</vulnerable>
+    </package>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="7">7.2.6.4</unaffected>
+      <unaffected range="rge">6.1.13.9</unaffected>
+      <unaffected range="lt">6</unaffected>
+      <vulnerable range="lt">7.2.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy
+      configuration, compilation and distribution with the primary goal of
+      allowing inclusion in GNU/Linux distributions.
+    </p>
+  </background>
+  <description>
+    <p>Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot,
+      Libraries, and JAXP, exist which allows remote attackers to affect the
+      confidentiality, integrity, and availability of vulnerable systems.  This
+      includes the possibility of remote execution of arbitrary code,
+      information disclosure, or Denial of Service.  Many of the
+      vulnerabilities can only be exploited through sandboxed Java Web Start
+      applications and java applets.  Please reference the CVEs listed for
+      specific details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers may remotely execute arbitrary code, compromise
+      information, or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>IcedTea 7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-7.2.6.4"
+    </code>
+    
+    <p>IcedTea bin 7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-7.2.6.4"
+    </code>
+    
+    <p>IcedTea 6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-6.1.13.9"
+    </code>
+    
+    <p>IcedTea bin 6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-6.1.13.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6585">CVE-2014-6585</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6587">CVE-2014-6587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6591">CVE-2014-6591</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6593">CVE-2014-6593</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6601">CVE-2014-6601</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0383">CVE-2015-0383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0395">CVE-2015-0395</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0400">CVE-2015-0400</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0407">CVE-2015-0407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0408">CVE-2015-0408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0412">CVE-2015-0412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590">CVE-2015-2590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601">CVE-2015-2601</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613">CVE-2015-2613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621">CVE-2015-2621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625">CVE-2015-2625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628">CVE-2015-2628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632">CVE-2015-2632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731">CVE-2015-4731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732">CVE-2015-4732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733">CVE-2015-4733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734">CVE-2015-4734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748">CVE-2015-4748</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4749">CVE-2015-4749</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760">CVE-2015-4760</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803">CVE-2015-4803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805">CVE-2015-4805</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806">CVE-2015-4806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835">CVE-2015-4835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840">CVE-2015-4840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842">CVE-2015-4842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843">CVE-2015-4843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844">CVE-2015-4844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860">CVE-2015-4860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871">CVE-2015-4871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872">CVE-2015-4872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881">CVE-2015-4881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882">CVE-2015-4882</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883">CVE-2015-4883</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893">CVE-2015-4893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903">CVE-2015-4903</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911">CVE-2015-4911</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0402">CVE-2016-0402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0448">CVE-2016-0448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0466">CVE-2016-0466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0483">CVE-2016-0483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0494">CVE-2016-0494</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-16T14:44:12Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-04-19T21:34:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201603-15.xml b/metadata/glsa/glsa-201603-15.xml
new file mode 100644
index 000000000000..5eb442fc4460
--- /dev/null
+++ b/metadata/glsa/glsa-201603-15.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201603-15">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst
+    allowing remote attackers to decrypt TLS sessions.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2016-03-20</announced>
+  <revised count="1">2016-03-20</revised>
+  <bug>575548</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2g-r2</unaffected>
+      <vulnerable range="lt">1.0.2g-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL, the worst
+      being a cross-protocol attack called DROWN that could lead to the
+      decryption of TLS sessions. Please review the CVE identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could decrypt TLS sessions by using a server
+      supporting SSLv2 and EXPORT cipher suites as a
+      Bleichenbacher RSA padding oracle, cause a Denial of Service condition,
+      obtain sensitive information from memory and (in rare circumstances)
+      recover RSA keys.
+    </p>
+  </impact>
+  <workaround>
+    <p>A workaround for DROWN is disabling the SSLv2 protocol on all SSL/TLS
+      servers.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2g-r2"
+    </code>
+    
+    <p>Please note that beginning with OpenSSL 1.0.2, in order to mitigate the
+      DROWN attack, the OpenSSL project disables SSLv2 by default at
+      build-time. As this change would cause severe issues with some Gentoo
+      packages that depend on OpenSSL, Gentoo still ships OpenSSL with SSLv2
+      enabled at build-time. Note that this does not mean that you are still
+      vulnerable to DROWN because the OpenSSL project has taken further
+      precautions and applications would need to explicitly request SSLv2. We
+      are working on a migration path to phase out SSLv2 that ensures that no
+      user-facing issues occur. Please reference bug 576128 for further details
+      on how this decision was made.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0702">CVE-2016-0702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0703">CVE-2016-0703</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0704">CVE-2016-0704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0705">CVE-2016-0705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0797">CVE-2016-0797</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0798">CVE-2016-0798</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0799">CVE-2016-0799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0800">CVE-2016-0800</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-01T14:45:13Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-03-20T13:46:37Z">
+    keytoaster
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201604-01.xml b/metadata/glsa/glsa-201604-01.xml
new file mode 100644
index 000000000000..d20cd5e933c8
--- /dev/null
+++ b/metadata/glsa/glsa-201604-01.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201604-01">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">QEMU</product>
+  <announced>2016-04-02</announced>
+  <revised count="1">2016-04-02</revised>
+  <bug>569118</bug>
+  <bug>569300</bug>
+  <bug>571560</bug>
+  <bug>572082</bug>
+  <bug>572412</bug>
+  <bug>572454</bug>
+  <bug>573280</bug>
+  <bug>573314</bug>
+  <bug>574902</bug>
+  <bug>575492</bug>
+  <bug>576420</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.5.0-r2</unaffected>
+      <vulnerable range="lt">2.5.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local users within a guest QEMU environment can execute arbitrary code
+      within the host or a cause a Denial of Service condition of the QEMU
+      guest process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.5.0-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8613">CVE-2015-8613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8619">CVE-2015-8619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1714">CVE-2016-1714</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1922">CVE-2016-1922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1981">CVE-2016-1981</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2197">CVE-2016-2197</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2198">CVE-2016-2198</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2392">CVE-2016-2392</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2538">CVE-2016-2538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2858">CVE-2016-2858</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-23T06:05:49Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-04-02T17:57:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201604-02.xml b/metadata/glsa/glsa-201604-02.xml
new file mode 100644
index 000000000000..f73637d7e3d9
--- /dev/null
+++ b/metadata/glsa/glsa-201604-02.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201604-02">
+  <title>Xalan-Java: Arbitrary code execution</title>
+  <synopsis>Insufficient constraints in Apache's Xalan-Java might allow remote
+    attackers to execute arbitrary code and load arbitrary classes.
+  </synopsis>
+  <product type="ebuild">xalan-java</product>
+  <announced>2016-04-02</announced>
+  <revised count="1">2016-04-02</revised>
+  <bug>505602</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/xalan" auto="yes" arch="*">
+      <unaffected range="ge">2.7.2</unaffected>
+      <vulnerable range="lt">2.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xalan-Java is an XSLT processor for transforming XML documents into
+      HTML, text, or other XML document types.
+    </p>
+  </background>
+  <description>
+    <p>The TransformerFactory in Apache Xalan-Java does not properly restrict
+      access to certain properties when FEATURE_SECURE_PROCESSING is enabled.
+      This can also be exploited via a Java property that is bound to the XSLT
+      1.0 system-property function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could inject specially crafted XSLT properties
+      resulting in the execution of arbitrary code with the privileges of the
+      process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xalan-Java users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/xalan-2.7.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0107">CVE-2014-0107</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-04T11:55:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-04-02T19:42:25Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201604-03.xml b/metadata/glsa/glsa-201604-03.xml
new file mode 100644
index 000000000000..8ec8de183bca
--- /dev/null
+++ b/metadata/glsa/glsa-201604-03.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201604-03">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2016-04-05</announced>
+  <revised count="1">2016-04-05</revised>
+  <bug>445254</bug>
+  <bug>513832</bug>
+  <bug>547202</bug>
+  <bug>549200</bug>
+  <bug>549950</bug>
+  <bug>550658</bug>
+  <bug>553664</bug>
+  <bug>553718</bug>
+  <bug>555532</bug>
+  <bug>556304</bug>
+  <bug>561110</bug>
+  <bug>564472</bug>
+  <bug>564932</bug>
+  <bug>566798</bug>
+  <bug>566838</bug>
+  <bug>566842</bug>
+  <bug>567962</bug>
+  <bug>571552</bug>
+  <bug>571556</bug>
+  <bug>574012</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.6.0-r9</unaffected>
+      <unaffected range="rge">4.5.2-r5</unaffected>
+      <vulnerable range="lt">4.6.0-r9</vulnerable>
+    </package>
+    <package name="app-emulation/xen-pvgrub" auto="yes" arch="*">
+      <vulnerable range="lt">4.6.0</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.6.0-r9</unaffected>
+      <unaffected range="rge">4.5.2-r5</unaffected>
+      <vulnerable range="lt">4.6.0-r9</vulnerable>
+    </package>
+    <package name="app-emulation/pvgrub" auto="yes" arch="*">
+      <unaffected range="ge">4.6.0</unaffected>
+      <unaffected range="rge">4.5.2</unaffected>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly cause a Denial of Service condition or
+      obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen 4.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.5.2-r5"
+    </code>
+    
+    <p>All Xen 4.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.6.0-r9"
+    </code>
+    
+    <p>All Xen tools 4.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-tools-4.5.2-r5"
+    </code>
+    
+    <p>All Xen tools 4.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-tools-4.6.0-r9"
+    </code>
+    
+    <p>All Xen pvgrub users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-pvgrub-4.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494">CVE-2012-3494</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495">CVE-2012-3495</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496">CVE-2012-3496</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497">CVE-2012-3497</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498">CVE-2012-3498</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515">CVE-2012-3515</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411">CVE-2012-4411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535">CVE-2012-4535</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536">CVE-2012-4536</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537">CVE-2012-4537</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538">CVE-2012-4538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539">CVE-2012-4539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030">CVE-2012-6030</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031">CVE-2012-6031</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032">CVE-2012-6032</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033">CVE-2012-6033</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034">CVE-2012-6034</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035">CVE-2012-6035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036">CVE-2012-6036</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151">CVE-2015-2151</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209">CVE-2015-3209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259">CVE-2015-3259</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340">CVE-2015-3340</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456">CVE-2015-3456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103">CVE-2015-4103</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104">CVE-2015-4104</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105">CVE-2015-4105</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106">CVE-2015-4106</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163">CVE-2015-4163</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164">CVE-2015-4164</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154">CVE-2015-5154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311">CVE-2015-7311</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504">CVE-2015-7504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812">CVE-2015-7812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813">CVE-2015-7813</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814">CVE-2015-7814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835">CVE-2015-7835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871">CVE-2015-7871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969">CVE-2015-7969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970">CVE-2015-7970</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971">CVE-2015-7971</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972">CVE-2015-7972</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339">CVE-2015-8339</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340">CVE-2015-8340</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341">CVE-2015-8341</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550">CVE-2015-8550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551">CVE-2015-8551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552">CVE-2015-8552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554">CVE-2015-8554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555">CVE-2015-8555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270">CVE-2016-2270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271">CVE-2016-2271</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-14T19:20:02Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-04-05T06:39:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201604-04.xml b/metadata/glsa/glsa-201604-04.xml
new file mode 100644
index 000000000000..679bc3ad828b
--- /dev/null
+++ b/metadata/glsa/glsa-201604-04.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201604-04">
+  <title>libksba: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libksba, allowing a
+    possible Denial of Service and unspecified other vectors through integer
+    overflows.
+  </synopsis>
+  <product type="ebuild">libksba</product>
+  <announced>2016-04-26</announced>
+  <revised count="1">2016-04-26</revised>
+  <bug>546464</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libksba" auto="yes" arch="*">
+      <unaffected range="ge">1.3.3</unaffected>
+      <vulnerable range="lt">1.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libksba is a X.509 and CMS (PKCS#7) library.</p>
+  </background>
+  <description>
+    <p>libksba is vulnerable to two integer overflows and a Denial of Service
+      vulnerability.  Please read the references for additional details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause Denial of Service or unspecified other
+      vectors through various integer overflows.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libksba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libksba-1.3.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a">
+      Denial of Service due to stack overflow in src/ber-decoder.c
+    </uri>
+    <uri link="http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887">
+      Integer overflow in the BER decoder src/ber-decoder.c
+    </uri>
+    <uri link="http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3">
+      Integer overflow in the DN decoder src/dn.c
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-06T04:35:16Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-04-26T21:22:11Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201604-05.xml b/metadata/glsa/glsa-201604-05.xml
new file mode 100644
index 000000000000..179b411d40e1
--- /dev/null
+++ b/metadata/glsa/glsa-201604-05.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201604-05">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, allowing
+    local attackers to escalate privileges and remote attackers to cause Denial
+    of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-04-26</announced>
+  <revised count="1">2016-04-26</revised>
+  <bug>570564</bug>
+  <bug>575780</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2</unaffected>
+      <vulnerable range="lt">2.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause Denial of Service and local attackers could
+      escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-2.0.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8711">CVE-2015-8711</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8712">CVE-2015-8712</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8713">CVE-2015-8713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8714">CVE-2015-8714</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8715">CVE-2015-8715</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8716">CVE-2015-8716</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8717">CVE-2015-8717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8718">CVE-2015-8718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8719">CVE-2015-8719</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8720">CVE-2015-8720</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8721">CVE-2015-8721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8722">CVE-2015-8722</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8723">CVE-2015-8723</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8724">CVE-2015-8724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8725">CVE-2015-8725</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8726">CVE-2015-8726</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8727">CVE-2015-8727</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8728">CVE-2015-8728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8729">CVE-2015-8729</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8730">CVE-2015-8730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8731">CVE-2015-8731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8732">CVE-2015-8732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8733">CVE-2015-8733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8734">CVE-2015-8734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8735">CVE-2015-8735</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8736">CVE-2015-8736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8737">CVE-2015-8737</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8738">CVE-2015-8738</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8739">CVE-2015-8739</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8740">CVE-2015-8740</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8741">CVE-2015-8741</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8742">CVE-2015-8742</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2521">CVE-2016-2521</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2522">CVE-2016-2522</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2523">CVE-2016-2523</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2524">CVE-2016-2524</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2525">CVE-2016-2525</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2526">CVE-2016-2526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2527">CVE-2016-2527</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2528">CVE-2016-2528</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2529">CVE-2016-2529</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2530">CVE-2016-2530</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2531">CVE-2016-2531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2532">CVE-2016-2532</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-15T10:26:18Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-04-26T21:26:43Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201605-01.xml b/metadata/glsa/glsa-201605-01.xml
new file mode 100644
index 000000000000..d9dedc7c11b1
--- /dev/null
+++ b/metadata/glsa/glsa-201605-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-01">
+  <title>Git: Multiple vulnerabilities</title>
+  <synopsis>Git contains multiple vulnerabilities that allow for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-05-02</announced>
+  <revised count="1">2016-05-02</revised>
+  <bug>562884</bug>
+  <bug>577482</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">2.7.3-r1</unaffected>
+      <vulnerable range="lt">2.7.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency.
+    </p>
+  </background>
+  <description>
+    <p>Git is vulnerable to the remote execution of arbitrary code by cloning
+      repositories with large filenames or a large number of nested trees. 
+      Additionally, some protocols within Git, such as git-remote-ext, can
+      execute arbitrary code found within URLs. These URLs that submodules use
+      may come from arbitrary sources (e.g., .gitmodules files in a remote
+      repository), and can effect those who enable recursive fetch. Restrict
+      the allowed protocols to well known and safe ones.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code on both client and server.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.7.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://seclists.org/oss-sec/2016/q1/645">Buffer overflow in all
+      git versions before 2.7.1
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7545">CVE-2015-7545</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315">
+      CVE-2016-2315
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324">
+      CVE-2016-2324
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-21T19:36:07Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-05-02T19:28:17Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201605-02.xml b/metadata/glsa/glsa-201605-02.xml
new file mode 100644
index 000000000000..446d35b92ffa
--- /dev/null
+++ b/metadata/glsa/glsa-201605-02.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-02">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-05-14</announced>
+  <revised count="1">2016-05-14</revised>
+  <bug>578200</bug>
+  <bug>579954</bug>
+  <bug>581524</bug>
+  <bug>582828</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">50.0.2661.102</unaffected>
+      <vulnerable range="lt">50.0.2661.102</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/chromium-50.0.2661.102"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1646">CVE-2016-1646</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1647">CVE-2016-1647</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1648">CVE-2016-1648</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1649">CVE-2016-1649</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1650">CVE-2016-1650</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1651">CVE-2016-1651</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1652">CVE-2016-1652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1653">CVE-2016-1653</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1654">CVE-2016-1654</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1655">CVE-2016-1655</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1656">CVE-2016-1656</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1657">CVE-2016-1657</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1658">CVE-2016-1658</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1659">CVE-2016-1659</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1660">CVE-2016-1660</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1661">CVE-2016-1661</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1662">CVE-2016-1662</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1663">CVE-2016-1663</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1664">CVE-2016-1664</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1665">CVE-2016-1665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1666">CVE-2016-1666</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1667 ">
+      CVE-2016-1667 
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1668">CVE-2016-1668</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1669">CVE-2016-1669</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1670">CVE-2016-1670</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1671">CVE-2016-1671</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-25T04:54:37Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-05-14T23:29:20Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201605-03.xml b/metadata/glsa/glsa-201605-03.xml
new file mode 100644
index 000000000000..74310dab6092
--- /dev/null
+++ b/metadata/glsa/glsa-201605-03.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-03">
+  <title>libfpx: Denial of service</title>
+  <synopsis>A double free vulnerability has been discovered in libfpx that
+    allows remote attackers to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libfpx</product>
+  <announced>2016-05-30</announced>
+  <revised count="1">2016-05-30</revised>
+  <bug>395367</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libfpx" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1_p6</unaffected>
+      <vulnerable range="lt">1.3.1_p6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library for manipulating FlashPIX images.</p>
+  </background>
+  <description>
+    <p>A double free vulnerability has been discovered in the Free_All_Memory
+      function in jpeg/dectile.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted FPX
+      image using an application linked against libfpx, possibly resulting in a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libfpx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libfpx-1.3.1_p6"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0025">CVE-2012-0025</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-04-06T23:28:31Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-05-30T17:56:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201605-04.xml b/metadata/glsa/glsa-201605-04.xml
new file mode 100644
index 000000000000..f99c5789b40e
--- /dev/null
+++ b/metadata/glsa/glsa-201605-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-04">
+  <title>rsync: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in rsync, the worst of
+    which could allow remote attackers to write arbitrary files.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-05-30</announced>
+  <revised count="1">2016-05-30</revised>
+  <bug>519108</bug>
+  <bug>540000</bug>
+  <bug>569140</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">3.1.2</unaffected>
+      <vulnerable range="lt">3.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>File transfer program to keep remote files into sync.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in rsync. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could write arbitrary files via symlink attacks.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rsync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-3.1.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8242">CVE-2014-8242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9512">CVE-2014-9512</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T07:39:41Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-05-30T19:55:19Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201605-05.xml b/metadata/glsa/glsa-201605-05.xml
new file mode 100644
index 000000000000..812149362984
--- /dev/null
+++ b/metadata/glsa/glsa-201605-05.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-05">
+  <title>Linux-PAM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Linux-PAM, allowing
+    remote attackers to bypass the auth process and cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">pam</product>
+  <announced>2016-05-31</announced>
+  <revised count="1">2016-05-31</revised>
+  <bug>493432</bug>
+  <bug>505604</bug>
+  <bug>553302</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/pam" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
+      the separation of the development of privilege granting software from the
+      development of secure and appropriate authentication schemes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Linux-PAM.  Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause Denial of Service, conduct brute force
+      attacks, and conduct username enumeration.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Linux-PAM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/pam-1.2.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7041">CVE-2013-7041</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2583">CVE-2014-2583</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238">CVE-2015-3238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238">CVE-2015-3238</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-08-10T14:28:31Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-05-31T04:26:13Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201605-06.xml b/metadata/glsa/glsa-201605-06.xml
new file mode 100644
index 000000000000..8b60cbc5af4d
--- /dev/null
+++ b/metadata/glsa/glsa-201605-06.xml
@@ -0,0 +1,312 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-06">
+  <title>Mozilla Products: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Firefox, Thunderbird,
+    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
+    the worst of which may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2016-05-31</announced>
+  <revised count="4">2017-01-20</revised>
+  <bug>549356</bug>
+  <bug>550288</bug>
+  <bug>557590</bug>
+  <bug>559186</bug>
+  <bug>561246</bug>
+  <bug>563230</bug>
+  <bug>564834</bug>
+  <bug>571086</bug>
+  <bug>573074</bug>
+  <bug>574596</bug>
+  <bug>576862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/nspr" auto="yes" arch="*">
+      <unaffected range="ge">4.12</unaffected>
+      <vulnerable range="lt">4.12</vulnerable>
+    </package>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.22.2</unaffected>
+      <vulnerable range="lt">3.22.2</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">38.7.0</unaffected>
+      <vulnerable range="lt">38.7.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">38.7.0</unaffected>
+      <vulnerable range="lt">38.7.0</vulnerable>
+    </package>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">38.7.0</unaffected>
+      <vulnerable range="lt">38.7.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">38.7.0</unaffected>
+      <vulnerable range="lt">38.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an
+      open-source email client, and the Network Security Service (NSS) is a
+      library implementing security features like SSL v.2/v.3, TLS, PKCS #5,
+      PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.  The
+      SeaMonkey project is a community effort to deliver production-quality
+      releases of code derived from the application formerly known as
+      ‘Mozilla Application Suite’.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and
+      Thunderbird. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page or email, possibly resulting in execution of arbitrary code or a
+      Denial of Service condition. Furthermore, a remote attacker may be able
+      to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
+      the address bar, conduct clickjacking attacks, bypass security
+      restrictions and protection mechanisms, or have other unspecified
+      impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NSS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.22.2"
+    </code>
+    
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-38.7.0"
+    </code>
+    
+    <p>All users of the Thunderbird binary package should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-38.7.0"
+    </code>
+    
+    <p>All Firefox 38.7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-38.7.0"
+    </code>
+    
+    <p>All users of the Firefox 38.7.x binary package should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-38.7.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708">CVE-2015-2708</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708">CVE-2015-2708</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709">CVE-2015-2709</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709">CVE-2015-2709</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710">CVE-2015-2710</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710">CVE-2015-2710</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711">CVE-2015-2711</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711">CVE-2015-2711</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712">CVE-2015-2712</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712">CVE-2015-2712</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713">CVE-2015-2713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713">CVE-2015-2713</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714">CVE-2015-2714</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714">CVE-2015-2714</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715">CVE-2015-2715</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715">CVE-2015-2715</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716">CVE-2015-2716</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716">CVE-2015-2716</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717">CVE-2015-2717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717">CVE-2015-2717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718">CVE-2015-2718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718">CVE-2015-2718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721">CVE-2015-2721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000">CVE-2015-4000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473">CVE-2015-4473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473">CVE-2015-4473</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474">CVE-2015-4474</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474">CVE-2015-4474</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475">CVE-2015-4475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475">CVE-2015-4475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477">CVE-2015-4477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477">CVE-2015-4477</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478">CVE-2015-4478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478">CVE-2015-4478</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479">CVE-2015-4479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479">CVE-2015-4479</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480">CVE-2015-4480</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480">CVE-2015-4480</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481">CVE-2015-4481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481">CVE-2015-4481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482">CVE-2015-4482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482">CVE-2015-4482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483">CVE-2015-4483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483">CVE-2015-4483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484">CVE-2015-4484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484">CVE-2015-4484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485">CVE-2015-4485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485">CVE-2015-4485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486">CVE-2015-4486</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486">CVE-2015-4486</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487">CVE-2015-4487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487">CVE-2015-4487</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488">CVE-2015-4488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488">CVE-2015-4488</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489">CVE-2015-4489</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489">CVE-2015-4489</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490">CVE-2015-4490</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490">CVE-2015-4490</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491">CVE-2015-4491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491">CVE-2015-4491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492">CVE-2015-4492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492">CVE-2015-4492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493">CVE-2015-4493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493">CVE-2015-4493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181">CVE-2015-7181</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182">CVE-2015-7182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183">CVE-2015-7183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575">CVE-2015-7575</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930">CVE-2016-1930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930">CVE-2016-1930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931">CVE-2016-1931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931">CVE-2016-1931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933">CVE-2016-1933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933">CVE-2016-1933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935">CVE-2016-1935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935">CVE-2016-1935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937">CVE-2016-1937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937">CVE-2016-1937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938">CVE-2016-1938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938">CVE-2016-1938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939">CVE-2016-1939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939">CVE-2016-1939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940">CVE-2016-1940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940">CVE-2016-1940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941">CVE-2016-1941</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941">CVE-2016-1941</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942">CVE-2016-1942</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942">CVE-2016-1942</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943">CVE-2016-1943</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943">CVE-2016-1943</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944">CVE-2016-1944</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944">CVE-2016-1944</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945">CVE-2016-1945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945">CVE-2016-1945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946">CVE-2016-1946</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946">CVE-2016-1946</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947">CVE-2016-1947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947">CVE-2016-1947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948">CVE-2016-1948</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948">CVE-2016-1948</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949">CVE-2016-1949</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949">CVE-2016-1949</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950">CVE-2016-1950</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950">CVE-2016-1950</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952">CVE-2016-1952</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952">CVE-2016-1952</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953">CVE-2016-1953</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953">CVE-2016-1953</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954">CVE-2016-1954</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954">CVE-2016-1954</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955">CVE-2016-1955</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955">CVE-2016-1955</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956">CVE-2016-1956</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956">CVE-2016-1956</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957">CVE-2016-1957</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957">CVE-2016-1957</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958">CVE-2016-1958</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958">CVE-2016-1958</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959">CVE-2016-1959</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959">CVE-2016-1959</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960">CVE-2016-1960</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960">CVE-2016-1960</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961">CVE-2016-1961</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961">CVE-2016-1961</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962">CVE-2016-1962</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962">CVE-2016-1962</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963">CVE-2016-1963</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963">CVE-2016-1963</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964">CVE-2016-1964</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964">CVE-2016-1964</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965">CVE-2016-1965</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965">CVE-2016-1965</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966">CVE-2016-1966</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966">CVE-2016-1966</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967">CVE-2016-1967</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967">CVE-2016-1967</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968">CVE-2016-1968</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968">CVE-2016-1968</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969">CVE-2016-1969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969">CVE-2016-1969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970">CVE-2016-1970</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970">CVE-2016-1970</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971">CVE-2016-1971</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971">CVE-2016-1971</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972">CVE-2016-1972</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972">CVE-2016-1972</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973">CVE-2016-1973</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973">CVE-2016-1973</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974">CVE-2016-1974</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974">CVE-2016-1974</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975">CVE-2016-1975</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975">CVE-2016-1975</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976">CVE-2016-1976</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976">CVE-2016-1976</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977">CVE-2016-1977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977">CVE-2016-1977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978">CVE-2016-1978</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978">CVE-2016-1978</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979">CVE-2016-1979</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979">CVE-2016-1979</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790">CVE-2016-2790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790">CVE-2016-2790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791">CVE-2016-2791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791">CVE-2016-2791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792">CVE-2016-2792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792">CVE-2016-2792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793">CVE-2016-2793</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793">CVE-2016-2793</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794">CVE-2016-2794</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794">CVE-2016-2794</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795">CVE-2016-2795</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795">CVE-2016-2795</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796">CVE-2016-2796</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796">CVE-2016-2796</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797">CVE-2016-2797</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797">CVE-2016-2797</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798">CVE-2016-2798</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798">CVE-2016-2798</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799">CVE-2016-2799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799">CVE-2016-2799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800">CVE-2016-2800</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800">CVE-2016-2800</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801">CVE-2016-2801</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801">CVE-2016-2801</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T02:35:40Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-01-20T18:11:38Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-01.xml b/metadata/glsa/glsa-201606-01.xml
new file mode 100644
index 000000000000..13878e8a0ed0
--- /dev/null
+++ b/metadata/glsa/glsa-201606-01.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-01">
+  <title>PuTTY: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PuTTY, the worst of
+    which could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-05</announced>
+  <revised count="2">2016-06-05</revised>
+  <bug>565080</bug>
+  <bug>576524</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/putty" auto="yes" arch="*">
+      <unaffected range="ge">0.67</unaffected>
+      <vulnerable range="lt">0.67</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PuTTY is a telnet and SSH client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PuTTY. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Stack-based buffer overflow in the SCP command-line utility allows
+      remote servers to execute arbitrary code or cause a denial of service
+      condition via a crafted SCP-SINK file-size response to an SCP download
+      request.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PuTTY users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/putty-0.67"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5309">CVE-2015-5309</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2563">CVE-2016-2563</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-04-05T03:16:59Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-06-05T16:25:06Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-02.xml b/metadata/glsa/glsa-201606-02.xml
new file mode 100644
index 000000000000..f7e192aa460c
--- /dev/null
+++ b/metadata/glsa/glsa-201606-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-02">
+  <title>Puppet Server and Agent: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Puppet Server and
+    Agent, the worst of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-05</announced>
+  <revised count="3">2016-06-05</revised>
+  <bug>577450</bug>
+  <bug>581372</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/puppet-agent" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2</vulnerable>
+    </package>
+    <package name="app-admin/puppetserver" auto="yes" arch="*">
+      <unaffected range="ge">2.3.2</unaffected>
+      <vulnerable range="lt">2.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Puppet Agent contains Puppet’s main code and all of the dependencies
+      needed to run it, including Facter, Hiera, and bundled versions of Ruby
+      and OpenSSL.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Puppet Server and
+      Agent.  Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, impersonating a trusted broker, could potentially
+      execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Puppet Agent users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/puppet-agent-1.4.2"
+    </code>
+    
+    <p>All Puppet Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/puppetserver-2.3.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2785">CVE-2016-2785</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2786">CVE-2016-2786</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-15T09:09:16Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-06-05T20:14:52Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-03.xml b/metadata/glsa/glsa-201606-03.xml
new file mode 100644
index 000000000000..5bd3b52c6f40
--- /dev/null
+++ b/metadata/glsa/glsa-201606-03.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-03">
+  <title>libjpeg-turbo: Multiple vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been discovered in libjpeg-turbo, the
+    worse of which could allow remote attackers access to  sensitive
+    information.
+  </synopsis>
+  <product type="ebuild">libjpeg-turbo</product>
+  <announced>2016-06-05</announced>
+  <revised count="2">2016-06-05</revised>
+  <bug>491150</bug>
+  <bug>531418</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library</p>
+  </background>
+  <description>
+    <p>libjpeg-turbo does not check for certain duplications of component data
+      during the reading of segments that follow Start Of Scan (SOS) JPEG
+      markers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could obtain sensitive information from uninitialized
+      memory locations via a crafted JPEG images.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libjpeg-turbo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libjpeg-turbo-1.4.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629">CVE-2013-6629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6630">CVE-2013-6630</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-06-19T02:00:52Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-06-05T19:54:52Z">mrueg</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-04.xml b/metadata/glsa/glsa-201606-04.xml
new file mode 100644
index 000000000000..9039fcdffad1
--- /dev/null
+++ b/metadata/glsa/glsa-201606-04.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-04">
+  <title>GnuPG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GnuPG and libgcrypt,
+    the worst of which may allow a local attacker to obtain confidential key
+    information.
+  </synopsis>
+  <product type="ebuild">gnupg</product>
+  <announced>2016-06-05</announced>
+  <revised count="2">2016-06-10</revised>
+  <bug>534110</bug>
+  <bug>541564</bug>
+  <bug>541568</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">2.0.26-r3</unaffected>
+      <unaffected range="rge">1.4.19</unaffected>
+      <unaffected range="rge">1.4.20</unaffected>
+      <unaffected range="rge">1.4.21</unaffected>
+      <unaffected range="rge">1.4.22</unaffected>
+      <vulnerable range="lt">2.0.26-r3</vulnerable>
+    </package>
+    <package name="dev-libs/libgcrypt" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r4</unaffected>
+      <vulnerable range="lt">1.6.3-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
+      cryptographic software.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GnuPG and libgcrypt,
+      please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly cause a Denial of Service condition.
+      Side-channel attacks could be leveraged to obtain key material.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuPG 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-2.0.26-r3"
+    </code>
+    
+    <p>All GnuPG 1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.19"
+    </code>
+    
+    <p>All libgcrypt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libgcrypt-1.6.3-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3591">CVE-2014-3591</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0837">CVE-2015-0837</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-02-16T14:53:59Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-06-10T18:09:58Z">stanley</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-05.xml b/metadata/glsa/glsa-201606-05.xml
new file mode 100644
index 000000000000..8435832a49e5
--- /dev/null
+++ b/metadata/glsa/glsa-201606-05.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-05">
+  <title>spice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in spice, the worst of
+    which may result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-16</announced>
+  <revised count="1">2016-06-16</revised>
+  <bug>560006</bug>
+  <bug>562890</bug>
+  <bug>584126</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/spice" auto="yes" arch="*">
+      <unaffected range="ge">0.12.7-r1</unaffected>
+      <vulnerable range="lt">0.12.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Provides a complete open source solution for remote access to virtual
+      machines in a seamless way so you can play videos, record audio, share
+      usb devices and share folders without complications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in spice, please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code. Additionally, a
+      local attacker could cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All spice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/spice-0.12.7-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5260">CVE-2015-5260</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5260">CVE-2015-5260</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5261">CVE-2015-5261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5261">CVE-2015-5261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0749">CVE-2016-0749</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2150">CVE-2016-2150</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-11-18T21:15:42Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-06-16T18:45:10Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-06.xml b/metadata/glsa/glsa-201606-06.xml
new file mode 100644
index 000000000000..79cadac4dc3d
--- /dev/null
+++ b/metadata/glsa/glsa-201606-06.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-06">
+  <title>nginx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in nginx, the worst of
+    which may allow a remote attacker to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-17</announced>
+  <revised count="1">2016-06-17</revised>
+  <bug>560854</bug>
+  <bug>573046</bug>
+  <bug>584744</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge">1.10.1</unaffected>
+      <vulnerable range="lt">1.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in nginx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      a crafted packet.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nginx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.10.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587">
+      CVE-2013-3587
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742">CVE-2016-0742</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746">CVE-2016-0746</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747">CVE-2016-0747</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450">CVE-2016-4450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450">CVE-2016-4450</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-14T08:44:21Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-06-17T18:26:31Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-07.xml b/metadata/glsa/glsa-201606-07.xml
new file mode 100644
index 000000000000..03c69217ebb2
--- /dev/null
+++ b/metadata/glsa/glsa-201606-07.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-07">
+  <title>dhcpcd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in dhcpcd allowing remote
+    attackers to possibly execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-18</announced>
+  <revised count="2">2016-06-18</revised>
+  <bug>571152</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcpcd" auto="yes" arch="*">
+      <unaffected range="ge">6.10.0</unaffected>
+      <vulnerable range="lt">6.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A fully featured, yet light weight RFC2131 compliant DHCP client</p>
+  </background>
+  <description>
+    <p>A heap overflow can be triggered via malformed DHCP responses in the
+      print_option (via dhcp_envoption1) due to incorrect option length values.
+       These vulnerabilities could also allow remote attackers to trigger an
+      invalid read/crash via malformed DHCP responses.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could possibly execute arbitrary code with the
+      privileges of the process or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All dhcpcd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcpcd-6.10.0”
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1503">CVE-2016-1503</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1504">CVE-2016-1504</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-08T20:32:46Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-06-18T19:11:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-08.xml b/metadata/glsa/glsa-201606-08.xml
new file mode 100644
index 000000000000..179ca39a917e
--- /dev/null
+++ b/metadata/glsa/glsa-201606-08.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-08">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-18</announced>
+  <revised count="1">2016-06-18</revised>
+  <bug>579166</bug>
+  <bug>582670</bug>
+  <bug>586044</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.626</unaffected>
+      <vulnerable range="lt">11.2.202.626</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.626"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117">CVE-2016-4117</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117">CVE-2016-4117</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121">CVE-2016-4121</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160">CVE-2016-4160</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161">CVE-2016-4161</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162">CVE-2016-4162</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163">CVE-2016-4163</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-17T23:30:46Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-06-18T23:47:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-09.xml b/metadata/glsa/glsa-201606-09.xml
new file mode 100644
index 000000000000..a52ed8705fcb
--- /dev/null
+++ b/metadata/glsa/glsa-201606-09.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-09">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which could lead to arbitrary code execution or Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-18</announced>
+  <revised count="1">2016-06-18</revised>
+  <bug>528554</bug>
+  <bug>553732</bug>
+  <bug>571868</bug>
+  <bug>577458</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">2.8.6</unaffected>
+      <vulnerable range="lt">2.8.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-2.8.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9676">CVE-2014-9676</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1897">CVE-2016-1897</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1898">CVE-2016-1898</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2213">CVE-2016-2213</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2326">CVE-2016-2326</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2327">CVE-2016-2327</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2328">CVE-2016-2328</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2329">CVE-2016-2329</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2330">CVE-2016-2330</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-20T12:22:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-06-18T23:58:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-10.xml b/metadata/glsa/glsa-201606-10.xml
new file mode 100644
index 000000000000..2092c6a77491
--- /dev/null
+++ b/metadata/glsa/glsa-201606-10.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-10">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2016-06-19</announced>
+  <revised count="2">2016-06-19</revised>
+  <bug>537586</bug>
+  <bug>541098</bug>
+  <bug>544186</bug>
+  <bug>544330</bug>
+  <bug>546872</bug>
+  <bug>549538</bug>
+  <bug>552408</bug>
+  <bug>555576</bug>
+  <bug>555830</bug>
+  <bug>556952</bug>
+  <bug>559612</bug>
+  <bug>562882</bug>
+  <bug>571254</bug>
+  <bug>573892</bug>
+  <bug>577376</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.6.19</unaffected>
+      <unaffected range="rge">5.5.33</unaffected>
+      <unaffected range="rge">5.5.34</unaffected>
+      <unaffected range="rge">5.5.35</unaffected>
+      <unaffected range="rge">5.5.36</unaffected>
+      <unaffected range="rge">5.5.37</unaffected>
+      <unaffected range="rge">5.5.38</unaffected>
+      <vulnerable range="lt">5.6.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can possibly execute arbitrary code or create a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP
+      5.4 is now masked in Portage:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.5.33"
+    </code>
+    
+    <p>All PHP 5.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.5.33"
+    </code>
+    
+    <p>All PHP 5.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.6.19"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501">CVE-2013-6501</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705">CVE-2014-9705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709">CVE-2014-9709</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231">CVE-2015-0231</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273">CVE-2015-0273</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351">CVE-2015-1351</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352">CVE-2015-1352</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301">CVE-2015-2301</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348">CVE-2015-2348</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783">CVE-2015-2783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787">CVE-2015-2787</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329">CVE-2015-3329</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330">CVE-2015-3330</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021">CVE-2015-4021</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022">CVE-2015-4022</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025">CVE-2015-4025</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026">CVE-2015-4026</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147">CVE-2015-4147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148">CVE-2015-4148</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642">CVE-2015-4642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643">CVE-2015-4643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644">CVE-2015-4644</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831">CVE-2015-6831</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832">CVE-2015-6832</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833">CVE-2015-6833</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834">CVE-2015-6834</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835">CVE-2015-6835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836">CVE-2015-6836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837">CVE-2015-6837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838">CVE-2015-6838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803">CVE-2015-7803</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804">CVE-2015-7804</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-18T22:36:42Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-06-19T21:29:10Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-11.xml b/metadata/glsa/glsa-201606-11.xml
new file mode 100644
index 000000000000..ea5764b6231a
--- /dev/null
+++ b/metadata/glsa/glsa-201606-11.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-11">
+  <title>claws-mail: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in claws-mail,
+    particularly in the default SSL implementation.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-26</announced>
+  <revised count="1">2016-06-26</revised>
+  <bug>525588</bug>
+  <bug>569010</bug>
+  <bug>570692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/claws-mail" auto="yes" arch="*">
+      <unaffected range="ge">3.13.2</unaffected>
+      <vulnerable range="lt">3.13.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Claws Mail is a GTK based e-mail client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in claws-mail. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly intercept communications due to the default
+      implementation of SSL 3.0.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All claws-mail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/claws-mail-3.13.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566">CVE-2014-3566</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8614">CVE-2015-8614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8614">CVE-2015-8614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8708">CVE-2015-8708</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8708">CVE-2015-8708</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-04-26T06:27:10Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-06-26T12:30:09Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-12.xml b/metadata/glsa/glsa-201606-12.xml
new file mode 100644
index 000000000000..6221493b6759
--- /dev/null
+++ b/metadata/glsa/glsa-201606-12.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-12">
+  <title>libssh and libssh2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libssh and libssh2, the
+    worst of which allows remote attackers to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-26</announced>
+  <revised count="1">2016-06-26</revised>
+  <bug>533366</bug>
+  <bug>575474</bug>
+  <bug>575484</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libssh" auto="yes" arch="*">
+      <unaffected range="ge">0.7.3</unaffected>
+      <vulnerable range="lt">0.7.3</vulnerable>
+    </package>
+    <package name="net-libs/libssh2" auto="yes" arch="*">
+      <unaffected range="ge">1.7.0</unaffected>
+      <vulnerable range="lt">1.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libssh is a mulitplatform C library implementing the SSHv2 and SSHv1
+      protocol on client and server side.
+    </p>
+  </background>
+  <description>
+    <p>libssh and libssh2 both have a bits/bytes confusion bug and generate an
+      abnormaly short ephemeral secret for the diffie-hellman-group1 and
+      diffie-hellman-group14 key exchange methods. The resulting secret is 128
+      bits long, instead of the recommended sizes of 1024 and 2048 bits
+      respectively.
+    </p>
+    
+    <p>Additionally, a double free on dangling pointers in initial key exchange
+      packets within libssh could leave dangling pointers in the session crypto
+      structures. It is possible to send a malicious kexinit package to
+      eventually cause a server to do a double-free before this fix. This could
+      be used for a Denial of Service attack.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers may gain access to confidential information due to the
+      short keysize generated by libssh and libssh2, or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libssh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.7.3"
+    </code>
+    
+    <p>All libssh2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh2-1.7.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8132">CVE-2014-8132</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0739">CVE-2016-0739</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0787">CVE-2016-0787</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-30T22:23:55Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-06-26T12:56:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-13.xml b/metadata/glsa/glsa-201606-13.xml
new file mode 100644
index 000000000000..1900e10de9fd
--- /dev/null
+++ b/metadata/glsa/glsa-201606-13.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-13">
+  <title>sudo: Unauthorized privilege escalation in sudoedit</title>
+  <synopsis>sudo is vulnerable to an escalation of privileges via a symlink
+    attack.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-26</announced>
+  <revised count="2">2017-04-17</revised>
+  <bug>564774</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.15-r1</unaffected>
+      <vulnerable range="lt">1.8.15-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo (su “do”) allows a system administrator to delegate authority
+      to give certain users (or groups of users) the ability to run some (or
+      all) commands as root or another user while providing an audit trail of
+      the commands and their arguments.
+    </p>
+  </background>
+  <description>
+    <p>sudoedit in sudo is vulnerable to the escalation of privileges by local
+      users via a symlink attack.  This can be exploited by a file whose full
+      path is defined using multiple wildcards in “/etc/sudoers”, as
+      demonstrated by “/home/*/*/file.txt”.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local users are able to gain unauthorized privileges on the system.</p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.15-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5602">
+      CVE-2015-5602
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-23T23:28:50Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-04-17T18:04:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-14.xml b/metadata/glsa/glsa-201606-14.xml
new file mode 100644
index 000000000000..3f2bccf41be7
--- /dev/null
+++ b/metadata/glsa/glsa-201606-14.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-14">
+  <title>ImageMagick: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ImageMagick including
+    overflows and possible Denials of Service.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2016-06-26</announced>
+  <revised count="1">2016-06-26</revised>
+  <bug>534106</bug>
+  <bug>562892</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.9.0.3</unaffected>
+      <vulnerable range="lt">6.9.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Imagemagick is a collection of tools and libraries for many image
+      formats.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ImageMagick including,
+      but not limited to, various overflows and potential Denials of Service. 
+      Please visit the references and related bug reports for additional
+      information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could potentially perform buffer overflows or conduct
+      Denials of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.9.0.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803">
+      Double free in coders/pict.c:2000
+    </uri>
+    <uri link="https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362">
+      Double free in coders/tga.c:221
+    </uri>
+    <uri link="http://www.openwall.com/lists/oss-security/2014/12/24/1">
+      Imagemagick fuzzing bug
+    </uri>
+    <uri link="https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747">
+      Integer and Buffer overflow in coders/icon.c
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-17T17:37:18Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-06-26T13:53:19Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-15.xml b/metadata/glsa/glsa-201606-15.xml
new file mode 100644
index 000000000000..7a2780f45486
--- /dev/null
+++ b/metadata/glsa/glsa-201606-15.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-15">
+  <title>FreeXL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeXL, allowing remote
+    attackers to executive arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-26</announced>
+  <revised count="1">2016-06-26</revised>
+  <bug>544426</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/freexl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeXL is an open source library to extract valid data from within an
+      Excel (.xls) spreadsheet.
+    </p>
+  </background>
+  <description>
+    <p>FreeXL’s shared strings and workbook functions are vulnerable to the
+      remote execution of arbitrary code and Denial of Service.  This can be
+      achieved through specially crafted workbooks from attackers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could potentially execute arbitrary code or cause
+      Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeXL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "dev-libs/freexl-1.0.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2753">CVE-2015-2753</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2754">CVE-2015-2754</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2776">CVE-2015-2776</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-16T12:15:29Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-06-26T23:53:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-16.xml b/metadata/glsa/glsa-201606-16.xml
new file mode 100644
index 000000000000..5511d80238e0
--- /dev/null
+++ b/metadata/glsa/glsa-201606-16.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-16">
+  <title>PLIB: Buffer overflow vulnerability</title>
+  <synopsis>A buffer overflow in PLIB might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-26</announced>
+  <revised count="1">2016-06-26</revised>
+  <bug>395553</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/plib" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5-r1</unaffected>
+      <vulnerable range="lt">1.8.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PLIB includes sound effects, music, a complete 3D engine, font
+      rendering, a simple Windowing library, a game scripting language, a GUI,
+      networking, 3D math library and a collection of handy utility functions.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow in PLIB allows user-assisted remote attackers to
+      execute arbitrary code via vectors involving a long error message, as
+      demonstrated by a crafted acc file for TORCS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code with the privileges of the
+      process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PLIB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --verbose --oneshot "&gt;=media-libs/plib-1.8.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4620">CVE-2011-4620</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-19T12:41:25Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-06-26T23:59:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-17.xml b/metadata/glsa/glsa-201606-17.xml
new file mode 100644
index 000000000000..dca8758d6523
--- /dev/null
+++ b/metadata/glsa/glsa-201606-17.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-17">
+  <title>hostapd and wpa_supplicant: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in hostapd and
+    wpa_supplicant, allowing remote attackers to execute arbitrary code or
+    cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">wpa_supplicant</product>
+  <announced>2016-06-27</announced>
+  <revised count="1">2016-06-27</revised>
+  <bug>524928</bug>
+  <bug>547492</bug>
+  <bug>548742</bug>
+  <bug>548744</bug>
+  <bug>554860</bug>
+  <bug>554862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/hostapd" auto="yes" arch="*">
+      <unaffected range="ge">2.5</unaffected>
+      <vulnerable range="lt">2.5</vulnerable>
+    </package>
+    <package name="net-wireless/wpa_supplicant" auto="yes" arch="*">
+      <unaffected range="ge">2.5-r1</unaffected>
+      <vulnerable range="lt">2.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
+      802.11i / RSN). hostapd is a user space daemon for access point and
+      authentication servers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities exist in both hostapd and wpa_supplicant. 
+      Please review the CVE identifiers for more information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code with the privileges of the
+      process or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All hostapd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/hostapd-2.5"
+    </code>
+    
+    <p>All wpa_supplicant users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-wireless/wpa_supplicant-2.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3686">CVE-2014-3686</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3686">CVE-2014-3686</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1863">CVE-2015-1863</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4141">CVE-2015-4141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4142">CVE-2015-4142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4143">CVE-2015-4143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4144">CVE-2015-4144</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4145">CVE-2015-4145</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4146">CVE-2015-4146</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-30T18:59:29Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-06-27T10:31:51Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-18.xml b/metadata/glsa/glsa-201606-18.xml
new file mode 100644
index 000000000000..9fafb224eade
--- /dev/null
+++ b/metadata/glsa/glsa-201606-18.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-18">
+  <title>IcedTea: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in IcedTea allowing remote
+    attackers to affect confidentiality, integrity, and availability through
+    various vectors.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-06-27</announced>
+  <revised count="1">2016-06-27</revised>
+  <bug>578300</bug>
+  <bug>578788</bug>
+  <bug>581028</bug>
+  <bug>581238</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="7">7.2.6.6-r1</unaffected>
+      <unaffected range="ge" slot="8">3.0.1</unaffected>
+      <vulnerable range="lt">7.2.6.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy
+      configuration, compilation and distribution with the primary goal of
+      allowing inclusion in GNU/Linux distributions.
+    </p>
+  </background>
+  <description>
+    <p>Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot,
+      Libraries, and JAXP, exist which allows remote attackers to affect the
+      confidentiality, integrity, and availability of vulnerable systems.  Many
+      of the vulnerabilities can only be exploited through sandboxed Java Web
+      Start applications and java applets. Please review the CVE identifiers
+      referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers may execute arbitrary code, compromise information, or
+      cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo Security is no longer supporting dev-java/icedtea, as it has been
+      officially dropped from the stable tree.
+    </p>
+    
+    <p>Users of the IcedTea 3.x binary package should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-3.0.1"
+    </code>
+    
+    <p>Users of the IcedTea 7.x binary package should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-7.2.6.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0636">CVE-2016-0636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0636">CVE-2016-0636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0686">CVE-2016-0686</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0687">CVE-2016-0687</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0695">CVE-2016-0695</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3422">CVE-2016-3422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3425">CVE-2016-3425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3427">CVE-2016-3427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3443">CVE-2016-3443</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3449">CVE-2016-3449</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-25T12:17:07Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-06-27T22:40:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201606-19.xml b/metadata/glsa/glsa-201606-19.xml
new file mode 100644
index 000000000000..0462fb9835ab
--- /dev/null
+++ b/metadata/glsa/glsa-201606-19.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-19">
+  <title>kwalletd: Information disclosure</title>
+  <synopsis>Kwalletd password stores are vulnerable to codebook attacks.</synopsis>
+  <product type="ebuild">kwalletd</product>
+  <announced>2016-06-27</announced>
+  <revised count="1">2016-06-27</revised>
+  <bug>496768</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-apps/kwalletd" auto="yes" arch="*">
+      <unaffected range="ge">4.14.3-r2</unaffected>
+      <vulnerable range="lt">4.14.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Kwalletd is is a credentials management application for KDE.</p>
+  </background>
+  <description>
+    <p>Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when
+      encrypting the password store.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local attackers, with access to the password store, could conduct a
+      codebook attack in order to obtain confidential passwords.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All kwalletd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/kwalletd-4.14.3-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7252">CVE-2013-7252</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-11T16:07:07Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-06-27T22:45:32Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-01.xml b/metadata/glsa/glsa-201607-01.xml
new file mode 100644
index 000000000000..3cc64b8e4baa
--- /dev/null
+++ b/metadata/glsa/glsa-201607-01.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-01">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Squid, the worst of
+    which could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-09</announced>
+  <revised count="1">2016-07-09</revised>
+  <bug>536276</bug>
+  <bug>575542</bug>
+  <bug>578970</bug>
+  <bug>580656</bug>
+  <bug>582814</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">3.5.19</unaffected>
+      <vulnerable range="lt">3.5.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squid is a full-featured Web proxy cache designed to run on Unix
+      systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+      as well as SSL support, cache hierarchies, transparent caching, access
+      control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Squid. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can possibly execute arbitrary code or create a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Squid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-3.5.19"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6270">CVE-2014-6270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6270">CVE-2014-6270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2569">CVE-2016-2569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2569">CVE-2016-2569</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2570">CVE-2016-2570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2570">CVE-2016-2570</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2571">CVE-2016-2571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2571">CVE-2016-2571</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2572">CVE-2016-2572</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2572">CVE-2016-2572</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3947">CVE-2016-3947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3948">CVE-2016-3948</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4051">CVE-2016-4051</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4052">CVE-2016-4052</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4053">CVE-2016-4053</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4054">CVE-2016-4054</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4553">CVE-2016-4553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4554">CVE-2016-4554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4555">CVE-2016-4555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4556">CVE-2016-4556</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-04-05T04:00:07Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-07-09T01:46:31Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-02.xml b/metadata/glsa/glsa-201607-02.xml
new file mode 100644
index 000000000000..7af7dc9010f5
--- /dev/null
+++ b/metadata/glsa/glsa-201607-02.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-02">
+  <title>libpcre: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libpcre, the worst of
+    which could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-09</announced>
+  <revised count="1">2016-07-09</revised>
+  <bug>529952</bug>
+  <bug>551240</bug>
+  <bug>553300</bug>
+  <bug>570694</bug>
+  <bug>575546</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre" auto="yes" arch="*">
+      <unaffected range="ge">8.38-r1</unaffected>
+      <vulnerable range="lt">8.38-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpcre is a library providing functions for Perl-compatible regular
+      expressions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libpcre. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can possibly execute arbitrary code or create a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpcre users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-8.38-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8964">CVE-2014-8964</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8964">CVE-2014-8964</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5073">CVE-2015-5073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5073">CVE-2015-5073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5073">CVE-2015-5073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8380">CVE-2015-8380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8381">CVE-2015-8381</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8383">CVE-2015-8383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8384">CVE-2015-8384</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8385">CVE-2015-8385</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8386">CVE-2015-8386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8387">CVE-2015-8387</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8388">CVE-2015-8388</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8389">CVE-2015-8389</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8390">CVE-2015-8390</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8391">CVE-2015-8391</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8392">CVE-2015-8392</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8393">CVE-2015-8393</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8394">CVE-2015-8394</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8395">CVE-2015-8395</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1283">CVE-2016-1283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1283">CVE-2016-1283</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T06:59:58Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-07-09T02:07:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-03.xml b/metadata/glsa/glsa-201607-03.xml
new file mode 100644
index 000000000000..31fa21a3d14d
--- /dev/null
+++ b/metadata/glsa/glsa-201607-03.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-03">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-13</announced>
+  <revised count="2">2016-07-13</revised>
+  <bug>588738</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.632</unaffected>
+      <vulnerable range="lt">11.2.202.632</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.632"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217">CVE-2016-4217</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218">CVE-2016-4218</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219">CVE-2016-4219</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220">CVE-2016-4220</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221">CVE-2016-4221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222">CVE-2016-4222</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223">CVE-2016-4223</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224">CVE-2016-4224</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225">CVE-2016-4225</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226">CVE-2016-4226</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227">CVE-2016-4227</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228">CVE-2016-4228</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229">CVE-2016-4229</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230">CVE-2016-4230</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231">CVE-2016-4231</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232">CVE-2016-4232</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233">CVE-2016-4233</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234">CVE-2016-4234</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235">CVE-2016-4235</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236">CVE-2016-4236</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237">CVE-2016-4237</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238">CVE-2016-4238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239">CVE-2016-4239</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240">CVE-2016-4240</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241">CVE-2016-4241</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242">CVE-2016-4242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243">CVE-2016-4243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244">CVE-2016-4244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245">CVE-2016-4245</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246">CVE-2016-4246</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247">CVE-2016-4247</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248">CVE-2016-4248</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249">CVE-2016-4249</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-13T18:15:38Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-13T18:55:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-04.xml b/metadata/glsa/glsa-201607-04.xml
new file mode 100644
index 000000000000..7c68ab7fe62f
--- /dev/null
+++ b/metadata/glsa/glsa-201607-04.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-04">
+  <title>GD: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GD, the worst of which
+    allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-16</announced>
+  <revised count="1">2016-07-16</revised>
+  <bug>504872</bug>
+  <bug>538686</bug>
+  <bug>581942</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gd" auto="yes" arch="*">
+      <unaffected range="ge">2.2.2</unaffected>
+      <vulnerable range="lt">2.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GD is a graphic library for fast image creation.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GD. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/gd-2.2.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2497">
+      CVE-2014-2497
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709">
+      CVE-2014-9709
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074">CVE-2016-3074</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T07:19:37Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-07-16T13:08:00Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-05.xml b/metadata/glsa/glsa-201607-05.xml
new file mode 100644
index 000000000000..6eb2d5ad7402
--- /dev/null
+++ b/metadata/glsa/glsa-201607-05.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-05">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-16</announced>
+  <revised count="1">2016-07-16</revised>
+  <bug>519900</bug>
+  <bug>568400</bug>
+  <bug>570984</bug>
+  <bug>574412</bug>
+  <bug>582996</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">0.8.8h</unaffected>
+      <vulnerable range="lt">0.8.8h</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or remote authenticated users could bypass
+      intended access restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-0.8.8h"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5261">CVE-2014-5261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5262">CVE-2014-5262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8369">CVE-2015-8369</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8377">CVE-2015-8377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8604">CVE-2015-8604</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2313">CVE-2016-2313</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3172">CVE-2016-3172</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3659">CVE-2016-3659</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-04-26T06:10:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-07-16T13:14:38Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-06.xml b/metadata/glsa/glsa-201607-06.xml
new file mode 100644
index 000000000000..6f9cb0d18d3e
--- /dev/null
+++ b/metadata/glsa/glsa-201607-06.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-06">
+  <title>CUPS: Buffer overflow</title>
+  <synopsis>A buffer overflow in CUPS might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-16</announced>
+  <revised count="1">2016-07-16</revised>
+  <bug>539582</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r1</unaffected>
+      <vulnerable range="lt">2.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CUPS, the Common Unix Printing System, is a full-featured print server.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in CUPS concerning the handling of
+      compressed raster files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CUPS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-2.0.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9679">CVE-2014-9679</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-01T05:48:13Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-16T13:19:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-07.xml b/metadata/glsa/glsa-201607-07.xml
new file mode 100644
index 000000000000..0146843d3963
--- /dev/null
+++ b/metadata/glsa/glsa-201607-07.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-07">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-16</announced>
+  <revised count="1">2016-07-16</revised>
+  <bug>584310</bug>
+  <bug>586704</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">51.0.2704.103</unaffected>
+      <vulnerable range="lt">51.0.2704.103</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-51.0.2704.103"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1672">CVE-2016-1672</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1673">CVE-2016-1673</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1674">CVE-2016-1674</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1675">CVE-2016-1675</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1676">CVE-2016-1676</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1677">CVE-2016-1677</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1678">CVE-2016-1678</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1679">CVE-2016-1679</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1680">CVE-2016-1680</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1681">CVE-2016-1681</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1682">CVE-2016-1682</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1683">CVE-2016-1683</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1684">CVE-2016-1684</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1685">CVE-2016-1685</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1686">CVE-2016-1686</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1687">CVE-2016-1687</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1688">CVE-2016-1688</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1689">CVE-2016-1689</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1690">CVE-2016-1690</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1691">CVE-2016-1691</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1692">CVE-2016-1692</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1693">CVE-2016-1693</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1694">CVE-2016-1694</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1695">CVE-2016-1695</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-22T11:53:59Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-16T13:23:11Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-08.xml b/metadata/glsa/glsa-201607-08.xml
new file mode 100644
index 000000000000..320dbbfe6918
--- /dev/null
+++ b/metadata/glsa/glsa-201607-08.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-08">
+  <title>Dropbear: Privilege escalation</title>
+  <synopsis>A vulnerability has been found in Dropbear, which allows remote
+    authenticated users to bypass intended shell-command restrictions.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-20</announced>
+  <revised count="1">2016-07-20</revised>
+  <bug>577050</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dropbear" auto="yes" arch="*">
+      <unaffected range="ge">2016.73</unaffected>
+      <vulnerable range="lt">2016.73</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dropbear is a relatively small SSH server and client.</p>
+  </background>
+  <description>
+    <p>A CRLF injection vulnerability in Dropbear SSH allows remote
+      authenticated users to bypass intended shell-command restrictions via
+      crafted X11 forwarding data.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated user could execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dropbear users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dropbear-2016.73"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3116">CVE-2016-3116</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-21T05:13:38Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T08:45:10Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-09.xml b/metadata/glsa/glsa-201607-09.xml
new file mode 100644
index 000000000000..87a321bad0de
--- /dev/null
+++ b/metadata/glsa/glsa-201607-09.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-09">
+  <title>Commons-BeanUtils: Arbitrary code execution</title>
+  <synopsis>Apache Commons BeanUtils does not properly suppress the class
+    property, which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">commons-beanutils</product>
+  <announced>2016-07-20</announced>
+  <revised count="1">2016-07-20</revised>
+  <bug>534498</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/commons-beanutils" auto="yes" arch="*">
+      <unaffected range="ge">1.9.2</unaffected>
+      <vulnerable range="lt">1.9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Commons-beanutils provides easy-to-use wrappers around Reflection and
+      Introspection APIs
+    </p>
+  </background>
+  <description>
+    <p>Apache Commons BeanUtils does not suppress the class property, which
+      allows for the manipulation of the ClassLoader.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could potentially execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Commons BeanUtils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/commons-beanutils-1.9.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114">CVE-2014-0114</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-09-05T19:30:11Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T08:50:29Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-10.xml b/metadata/glsa/glsa-201607-10.xml
new file mode 100644
index 000000000000..a0f78464169a
--- /dev/null
+++ b/metadata/glsa/glsa-201607-10.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-10">
+  <title>Varnish: Multiple vulnerabilities</title>
+  <synopsis>Improper input validation in Varnish allows remote attackers to
+    conduct HTTP smuggling attacks, and possibly trigger a buffer overflow.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-20</announced>
+  <revised count="1">2016-07-20</revised>
+  <bug>542886</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/varnish" auto="yes" arch="*">
+      <unaffected range="ge">3.0.7</unaffected>
+      <vulnerable range="lt">3.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Varnish is a web application accelerator.</p>
+  </background>
+  <description>
+    <p>Varnish fails to properly validate input from HTTP headers, and does not
+      deny requests with multiple Content-Length headers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could conduct an HTTP response splitting attack, which
+      may further enable them to conduct Cross-Site Scripting (XSS), Cache
+      Poisoning, Defacement, and Page Hijacking.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Varnish users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/varnish-3.0.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8852">CVE-2015-8852</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-02T01:59:09Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T09:01:06Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-11.xml b/metadata/glsa/glsa-201607-11.xml
new file mode 100644
index 000000000000..4ea09c8d695f
--- /dev/null
+++ b/metadata/glsa/glsa-201607-11.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-11">
+  <title>Bugzilla: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Bugzilla, the worst of
+    which could lead to the escalation of privileges.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-20</announced>
+  <revised count="1">2016-07-20</revised>
+  <bug>524316</bug>
+  <bug>537448</bug>
+  <bug>560406</bug>
+  <bug>583236</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/bugzilla" auto="yes" arch="*">
+      <unaffected range="ge">5.0.3</unaffected>
+      <unaffected range="rgt">4.4.12</unaffected>
+      <vulnerable range="lt">5.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bugzilla is the bug-tracking system from the Mozilla project.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Bugzilla. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Privileged account holders could execute system level commands, and the
+      new user process could be exploited to allow for the escalation of
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bugzilla 4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/bugzilla-4.4.12"
+    </code>
+    
+    <p>All Bugzilla 5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/bugzilla-5.0.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1572">
+      CVE-2014-1572
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1573">
+      CVE-2014-1573
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8630">CVE-2014-8630</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T05:32:55Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T11:12:25Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-12.xml b/metadata/glsa/glsa-201607-12.xml
new file mode 100644
index 000000000000..20b32bef53df
--- /dev/null
+++ b/metadata/glsa/glsa-201607-12.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-12">
+  <title>Exim: Arbitrary code execution</title>
+  <synopsis>A local attacker could execute arbitrary code by providing
+    unsanitized data to a data source or escalate privileges.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2016-07-20</announced>
+  <revised count="1">2016-07-20</revised>
+  <bug>517934</bug>
+  <bug>576582</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.87</unaffected>
+      <vulnerable range="lt">4.87</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>Vulnerabilities have been discovered in Exim’s implementation of
+      set-uid root and when using ‘perl_startup’. These vulnerabilities
+      require a user account on the Exim server and a configuration that does
+      lookups against files to which the user has edit access.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process, or escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.87"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2972">CVE-2014-2972</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-03-28T20:38:10Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T11:18:46Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-13.xml b/metadata/glsa/glsa-201607-13.xml
new file mode 100644
index 000000000000..ba9128df72c2
--- /dev/null
+++ b/metadata/glsa/glsa-201607-13.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-13">
+  <title>libbsd: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in libbsd might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-20</announced>
+  <revised count="1">2016-07-20</revised>
+  <bug>573160</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libbsd" auto="yes" arch="*">
+      <unaffected range="ge">0.8.2</unaffected>
+      <vulnerable range="lt">0.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>This library provides useful functions commonly found on BSD systems,
+      and lacking on others like GNU systems, thus making it easier to port
+      projects with strong BSD origins, without needing to embed the same code
+      over and over again on each project.
+    </p>
+  </background>
+  <description>
+    <p>libbsd contains a buffer overflow in the fgetwln() function. An if
+      statement, which is responsible for checking the necessity to reallocate
+      memory in the target buffer, is off by one therefore an out of bounds
+      write occurs.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could potentially execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libbsd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --verbose --oneshot "&gt;=dev-libs/libbsd-0.8.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2090">CVE-2016-2090</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-19T13:08:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T11:20:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-14.xml b/metadata/glsa/glsa-201607-14.xml
new file mode 100644
index 000000000000..e2cf29ca4feb
--- /dev/null
+++ b/metadata/glsa/glsa-201607-14.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-14">
+  <title>Ansible: Privilege escalation</title>
+  <synopsis>A vulnerability in Ansible may allow local attackers to gain
+    escalated privileges or write arbitrary files.
+  </synopsis>
+  <product type="ebuild">ansible</product>
+  <announced>2016-07-20</announced>
+  <revised count="2">2016-07-20</revised>
+  <bug>578814</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/ansible" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2.0-r1</unaffected>
+      <unaffected range="rge">1.9.6</unaffected>
+      <vulnerable range="lt">2.0.2.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ansible is a radically simple IT automation platform.</p>
+  </background>
+  <description>
+    <p>The create_script function in the lxc_container module of Ansible uses
+      predictable temporary file names, making it vulnerable to a symlink
+      attack.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local attackers could write arbitrary files or gain escalated privileges
+      within the container.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ansible 1.9.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/ansible-1.9.6"
+    </code>
+    
+    <p>All Ansible 2.0.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/ansible-2.0.2.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3096">CVE-2016-3096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-25T23:46:35Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T11:34:27Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-15.xml b/metadata/glsa/glsa-201607-15.xml
new file mode 100644
index 000000000000..abcb1b1204db
--- /dev/null
+++ b/metadata/glsa/glsa-201607-15.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-15">
+  <title>NTP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NTP, the worst of which
+    could lead to Denial of Service.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2016-07-20</announced>
+  <revised count="1">2016-07-20</revised>
+  <bug>563774</bug>
+  <bug>572452</bug>
+  <bug>581528</bug>
+  <bug>584954</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.8_p8</unaffected>
+      <vulnerable range="lt">4.2.8_p8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTP contains software for the Network Time Protocol.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NTP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.8_p8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691">CVE-2015-7691</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692">CVE-2015-7692</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701">CVE-2015-7701</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702">CVE-2015-7702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703">CVE-2015-7703</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704">CVE-2015-7704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705">CVE-2015-7705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848">CVE-2015-7848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849">CVE-2015-7849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850">CVE-2015-7850</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851">CVE-2015-7851</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852">CVE-2015-7852</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853">CVE-2015-7853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854">CVE-2015-7854</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855">CVE-2015-7855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871">CVE-2015-7871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973">CVE-2015-7973</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974">CVE-2015-7974</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975">CVE-2015-7975</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976">CVE-2015-7976</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977">CVE-2015-7977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978">CVE-2015-7978</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979">CVE-2015-7979</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138">CVE-2015-8138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139">CVE-2015-8139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140">CVE-2015-8140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158">CVE-2015-8158</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547">CVE-2016-1547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548">CVE-2016-1548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549">CVE-2016-1549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550">CVE-2016-1550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551">CVE-2016-1551</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516">CVE-2016-2516</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517">CVE-2016-2517</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518">CVE-2016-2518</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519">CVE-2016-2519</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953">CVE-2016-4953</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954">CVE-2016-4954</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955">CVE-2016-4955</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956">CVE-2016-4956</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957">CVE-2016-4957</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-08T20:28:03Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T11:50:31Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-16.xml b/metadata/glsa/glsa-201607-16.xml
new file mode 100644
index 000000000000..8a434f593292
--- /dev/null
+++ b/metadata/glsa/glsa-201607-16.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-16">
+  <title>arpwatch: Privilege escalation</title>
+  <synopsis>arpwatch is vulnerable to the escalation of privileges.</synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-20</announced>
+  <revised count="1">2016-07-20</revised>
+  <bug>419375</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/arpwatch" auto="yes" arch="*">
+      <unaffected range="ge">2.1.15-r8</unaffected>
+      <vulnerable range="lt">2.1.15-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The ethernet monitor program; for keeping track of ethernet/ip address
+      pairings.
+    </p>
+  </background>
+  <description>
+    <p>Arpwatch does not properly drop supplementary groups.</p>
+  </description>
+  <impact type="high">
+    <p>Attackers, if able to exploit arpwatch, could escalate privileges
+      outside of the running process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All arpwatch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --verbose --oneshot "&gt;=net-analyzer/arpwatch-2.1.15-r8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2653">
+      CVE-2012-2653
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-19T12:49:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-20T12:02:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201607-17.xml b/metadata/glsa/glsa-201607-17.xml
new file mode 100644
index 000000000000..88640e8276ac
--- /dev/null
+++ b/metadata/glsa/glsa-201607-17.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201607-17">
+  <title>BeanShell: Arbitrary code execution</title>
+  <synopsis>BeanShell is vulnerable to the remote execution of arbitrary code
+    via Java serialization or XStream from an untrusted source.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-07-30</announced>
+  <revised count="1">2016-07-30</revised>
+  <bug>575482</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/bsh" auto="yes" arch="*">
+      <unaffected range="ge">2.0_beta6</unaffected>
+      <vulnerable range="lt">2.0_beta6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BeanShell is a small, free, embeddable Java source interpreter with
+      object scripting language features, written in Java.
+    </p>
+  </background>
+  <description>
+    <p>An application that includes BeanShell on the classpath may be
+      vulnerable if another part of the application uses Java serialization or
+      XStream to deserialize data from an untrusted source.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code including shell commands.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BeanShell users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --verbose --oneshot "&gt;=dev-java/bsh-2.0_beta6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://github.com/beanshell/beanshell/releases/tag/2.0b6">
+      BeanShell 2.0b6 Release Information
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2510">
+      CVE-2016-2510
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-15T10:56:37Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-07-30T00:53:17Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201608-01.xml b/metadata/glsa/glsa-201608-01.xml
new file mode 100644
index 000000000000..dd779da71320
--- /dev/null
+++ b/metadata/glsa/glsa-201608-01.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201608-01">
+  <title>OptiPNG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OptiPNG, the worst of
+    which could lead to the remote execution of arbitrary code, or cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-08-11</announced>
+  <revised count="1">2016-08-11</revised>
+  <bug>561882</bug>
+  <bug>579030</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/optipng" auto="yes" arch="*">
+      <unaffected range="ge">0.7.6</unaffected>
+      <vulnerable range="lt">0.7.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OptiPNG is a PNG optimizer that recompresses image files to a smaller
+      size, without losing any information.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OptiPNG. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file resulting in the execution of arbitrary code with the privileges of
+      the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OptiPNG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/optipng-0.7.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2191">CVE-2016-2191</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3981">CVE-2016-3981</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3982">CVE-2016-3982</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-26T12:03:00Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-08-11T06:06:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201609-01.xml b/metadata/glsa/glsa-201609-01.xml
new file mode 100644
index 000000000000..8fb8c720319b
--- /dev/null
+++ b/metadata/glsa/glsa-201609-01.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201609-01">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2016-09-25</announced>
+  <revised count="2">2016-09-26</revised>
+  <bug>573816</bug>
+  <bug>579734</bug>
+  <bug>580040</bug>
+  <bug>583496</bug>
+  <bug>583952</bug>
+  <bug>584094</bug>
+  <bug>584102</bug>
+  <bug>584146</bug>
+  <bug>584514</bug>
+  <bug>584630</bug>
+  <bug>584918</bug>
+  <bug>589924</bug>
+  <bug>589928</bug>
+  <bug>591242</bug>
+  <bug>591244</bug>
+  <bug>591374</bug>
+  <bug>591380</bug>
+  <bug>591678</bug>
+  <bug>592430</bug>
+  <bug>593034</bug>
+  <bug>593036</bug>
+  <bug>593038</bug>
+  <bug>593284</bug>
+  <bug>593950</bug>
+  <bug>593956</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.7.0-r3</unaffected>
+      <vulnerable range="lt">2.7.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local users within a guest QEMU environment can execute arbitrary code
+      within the host or a cause a Denial of Service condition of the QEMU
+      guest process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.7.0-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2841">CVE-2016-2841</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4001">CVE-2016-4001</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4002">CVE-2016-4002</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4020">CVE-2016-4020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4439">CVE-2016-4439</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4441">CVE-2016-4441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4453">CVE-2016-4453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4454">CVE-2016-4454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4964">CVE-2016-4964</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5106">CVE-2016-5106</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5107">CVE-2016-5107</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5126">CVE-2016-5126</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5238">CVE-2016-5238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5337">CVE-2016-5337</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5338">CVE-2016-5338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6490">CVE-2016-6490</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6833">CVE-2016-6833</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6834">CVE-2016-6834</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6836">CVE-2016-6836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6888">CVE-2016-6888</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7116">CVE-2016-7116</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7156">CVE-2016-7156</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7157">CVE-2016-7157</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7421">CVE-2016-7421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7422">CVE-2016-7422</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-01T00:30:33Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-09-26T00:34:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201609-02.xml b/metadata/glsa/glsa-201609-02.xml
new file mode 100644
index 000000000000..7a6baca4dc9b
--- /dev/null
+++ b/metadata/glsa/glsa-201609-02.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201609-02">
+  <title>Bundler: Insecure installation</title>
+  <synopsis>A vulnerability has been found in Bundler, allowing injection of
+    arbitrary code via the gem installation process.
+  </synopsis>
+  <product type="ebuild">bundler</product>
+  <announced>2016-09-26</announced>
+  <revised count="1">2016-09-26</revised>
+  <bug>523798</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/bundler" auto="yes" arch="*">
+      <unaffected range="ge">1.7.3</unaffected>
+      <vulnerable range="lt">1.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bundler provides a consistent environment for Ruby projects by tracking
+      and installing the exact gems and versions that are needed.
+    </p>
+  </background>
+  <description>
+    <p>Bundler, allows the installation of gems from different sources with the
+      same names, when multiple top-level gem sources are used.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could inject arbitrary code via the gem install
+      process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bundler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/bundler-1.7.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0334">CVE-2013-0334</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-31T22:12:51Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-09-26T04:04:29Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-01.xml b/metadata/glsa/glsa-201610-01.xml
new file mode 100644
index 000000000000..fe7481822e7c
--- /dev/null
+++ b/metadata/glsa/glsa-201610-01.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-01">
+  <title>Groovy: Arbitrary code execution</title>
+  <synopsis>Groovy is vulnerable to a remote execution of arbitrary code when
+    java serialization is used.
+  </synopsis>
+  <product type="ebuild">groovy</product>
+  <announced>2016-10-06</announced>
+  <revised count="1">2016-10-06</revised>
+  <bug>555470</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/groovy" auto="yes" arch="*">
+      <unaffected range="ge">2.4.5</unaffected>
+      <vulnerable range="lt">2.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A multi-faceted language for the Java platform</p>
+  </background>
+  <description>
+    <p>Groovy’s MethodClosure class, in runtime/MethodClosure.java, is
+      vulnerable to a crafted serialized object.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could potentially execute arbitrary code, or cause
+      Denial of Service condition
+    </p>
+  </impact>
+  <workaround>
+    <p>A workaround exists by using a custom security policy file utilizing the
+      standard Java security manager, or do not rely on serialization to
+      communicate remotely.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Groovy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/groovy-2.4.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3253">CVE-2015-3253</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-15T09:21:07Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-10-06T14:32:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-02.xml b/metadata/glsa/glsa-201610-02.xml
new file mode 100644
index 000000000000..8e99858a1e59
--- /dev/null
+++ b/metadata/glsa/glsa-201610-02.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-02">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache, the worst of
+    which could allow HTTP request smuggling attacks or a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-10-06</announced>
+  <revised count="2">2016-10-13</revised>
+  <bug>524680</bug>
+  <bug>536684</bug>
+  <bug>554948</bug>
+  <bug>557198</bug>
+  <bug>583276</bug>
+  <bug>588138</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="rge">2.2.31</unaffected>
+      <unaffected range="ge">2.4.23</unaffected>
+      <vulnerable range="lt">2.4.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache HTTP Server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache HTTP Server.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could bypass intended access restrictions, conduct HTTP
+      request smuggling attacks, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.23"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3581">CVE-2014-3581</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3183">CVE-2015-3183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1546">CVE-2016-1546</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4979">CVE-2016-4979</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-09-13T13:17:03Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-10-13T07:21:58Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-03.xml b/metadata/glsa/glsa-201610-03.xml
new file mode 100644
index 000000000000..1f7a8450574f
--- /dev/null
+++ b/metadata/glsa/glsa-201610-03.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-03">
+  <title>Quagga: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in Quagga might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">quagga</product>
+  <announced>2016-10-10</announced>
+  <revised count="1">2016-10-10</revised>
+  <bug>577156</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/quagga" auto="yes" arch="*">
+      <unaffected range="ge">1.0.20160315</unaffected>
+      <vulnerable range="lt">1.0.20160315</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and
+      BGP.
+    </p>
+  </background>
+  <description>
+    <p>A memcpy function in the VPNv4 NLRI parser of bgp_mplsvpn.c does not
+      properly check the upper-bound length of received Labeled-VPN SAFI routes
+      data, which may allow for arbitrary code execution on the stack.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted packet, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quagga users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-1.0.20160315"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2342">CVE-2016-2342</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-10-06T14:23:47Z">
+    pinkbyte
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-10-10T08:11:56Z">
+    pinkbyte
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-04.xml b/metadata/glsa/glsa-201610-04.xml
new file mode 100644
index 000000000000..f0a558c660b9
--- /dev/null
+++ b/metadata/glsa/glsa-201610-04.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-04">
+  <title>libgcrypt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been fixed in libgcrypt,the worst of
+    which results in predictable output from the random number generator.
+  </synopsis>
+  <product type="ebuild">libgcrypt</product>
+  <announced>2016-10-10</announced>
+  <revised count="1">2016-10-10</revised>
+  <bug>541564</bug>
+  <bug>559942</bug>
+  <bug>574268</bug>
+  <bug>591534</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libgcrypt" auto="yes" arch="*">
+      <unaffected range="ge">1.7.3</unaffected>
+      <vulnerable range="lt">1.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libgcrypt is a general purpose cryptographic library derived out of
+      GnuPG.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libgcrypt. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Side-channel attacks can leak private key information. A separate
+      critical bug allows an attacker who obtains 4640 bits from the RNG to
+      trivially predict the next 160 bits of output.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libgcrypt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libgcrypt-1.7.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3591">CVE-2014-3591</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0837">CVE-2015-0837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7511">CVE-2015-7511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6313">CVE-2016-6313</uri>
+    <uri link="https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/">
+      Factoring RSA Keys With TLS Perfect Forward Secrecy
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-02T21:25:17Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-10-10T11:04:11Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-05.xml b/metadata/glsa/glsa-201610-05.xml
new file mode 100644
index 000000000000..eced1ef92a9c
--- /dev/null
+++ b/metadata/glsa/glsa-201610-05.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-05">
+  <title>Subversion, Serf: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Subversion and Serf,
+    the worst of which could lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">subversion serf</product>
+  <announced>2016-10-11</announced>
+  <revised count="2">2016-10-11</revised>
+  <bug>500482</bug>
+  <bug>518716</bug>
+  <bug>519202</bug>
+  <bug>545348</bug>
+  <bug>556076</bug>
+  <bug>567810</bug>
+  <bug>581448</bug>
+  <bug>586046</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.9.4</unaffected>
+      <unaffected range="rgt">1.8.16</unaffected>
+      <vulnerable range="lt">1.9.4</vulnerable>
+    </package>
+    <package name="net-libs/serf" auto="yes" arch="*">
+      <unaffected range="ge">1.3.7</unaffected>
+      <vulnerable range="lt">1.3.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Subversion is a version control system intended to eventually replace
+      CVS. Like CVS, it has an optional client-server architecture (where the
+      server can be an Apache server running mod_svn, or an ssh program as in
+      CVS’s :ext: method). In addition to supporting the features found in
+      CVS, Subversion also provides support for moving and copying files and
+      directories.
+    </p>
+    
+    <p>The serf library is a high performance C-based HTTP client library built
+      upon the Apache Portable Runtime (APR) library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Subversion and Serf.
+      Please review the CVE identifiers referenced below for details
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, conduct a man-in-the-middle attack, obtain
+      sensitive information, or cause a Denial of Service Condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Subversion users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/subversion-1.9.4"
+    </code>
+    
+    <p>All Serf users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/serf-1.3.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032">CVE-2014-0032</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504">CVE-2014-3504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522">CVE-2014-3522</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528">CVE-2014-3528</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202">CVE-2015-0202</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248">CVE-2015-0248</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251">CVE-2015-0251</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184">CVE-2015-3184</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187">CVE-2015-3187</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259">CVE-2015-5259</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167">CVE-2016-2167</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168">CVE-2016-2168</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-11T16:09:05Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-10-11T12:44:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-06.xml b/metadata/glsa/glsa-201610-06.xml
new file mode 100644
index 000000000000..c37b610227fc
--- /dev/null
+++ b/metadata/glsa/glsa-201610-06.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-06">
+  <title>MySQL and MariaDB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MySQL and MariaDB, the
+    worst of which could allow remote attackers to cause a Denial of Service
+    condition or obtain sensitive information.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-10-11</announced>
+  <revised count="1">2016-10-11</revised>
+  <bug>546724</bug>
+  <bug>555478</bug>
+  <bug>555480</bug>
+  <bug>564170</bug>
+  <bug>564442</bug>
+  <bug>572870</bug>
+  <bug>580832</bug>
+  <bug>580834</bug>
+  <bug>589238</bug>
+  <bug>589346</bug>
+  <bug>593608</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.31</unaffected>
+      <vulnerable range="lt">5.6.31</vulnerable>
+    </package>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="rgt">5.5.51</unaffected>
+      <vulnerable range="lt">10.0.27</vulnerable>
+    </package>
+    <package name="dev-db/mariab" auto="yes" arch="*">
+      <unaffected range="ge">10.0.27</unaffected>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
+      enhanced, drop-in replacement for MySQL.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL and MariaDB.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit vulnerabilities, through multiple
+      vectors, that affect the confidentiality, integrity, and availability of
+      MySQL and MariaDB.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.31"
+    </code>
+    
+    <p>All MariaDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.0.27"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582">CVE-2015-2582</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611">CVE-2015-2611</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617">CVE-2015-2617</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620">CVE-2015-2620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639">CVE-2015-2639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641">CVE-2015-2641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643">CVE-2015-2643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648">CVE-2015-2648</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661">CVE-2015-2661</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737">CVE-2015-4737</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752">CVE-2015-4752</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756">CVE-2015-4756</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757">CVE-2015-4757</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767">CVE-2015-4767</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769">CVE-2015-4769</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771">CVE-2015-4771</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772">CVE-2015-4772</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T05:19:51Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-10-11T13:42:31Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-07.xml b/metadata/glsa/glsa-201610-07.xml
new file mode 100644
index 000000000000..bf24d19fc67d
--- /dev/null
+++ b/metadata/glsa/glsa-201610-07.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-07">
+  <title>BIND: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, the worst of
+    which could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-10-11</announced>
+  <revised count="1">2016-10-11</revised>
+  <bug>572414</bug>
+  <bug>576902</bug>
+  <bug>588652</bug>
+  <bug>589132</bug>
+  <bug>595340</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.10.4_p3</unaffected>
+      <vulnerable range="lt">9.10.4_p3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition through
+      multiple attack vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BIND users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.10.4_p3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8704">CVE-2015-8704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8705">CVE-2015-8705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1285">CVE-2016-1285</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1286">CVE-2016-1286</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2088">CVE-2016-2088</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2775">CVE-2016-2775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2776">CVE-2016-2776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6170">CVE-2016-6170</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-11T10:56:46Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-10-11T18:53:41Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-08.xml b/metadata/glsa/glsa-201610-08.xml
new file mode 100644
index 000000000000..afa2d6608e57
--- /dev/null
+++ b/metadata/glsa/glsa-201610-08.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-08">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's JRE and JDK
+    software suites allowing remote attackers to remotely execute arbitrary
+    code, obtain information, and cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">java</product>
+  <announced>2016-10-15</announced>
+  <revised count="1">2016-10-15</revised>
+  <bug>578160</bug>
+  <bug>580608</bug>
+  <bug>589208</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <vulnerable range="lt">1.8.0.101</vulnerable>
+      <unaffected range="ge">1.8.0.101</unaffected>
+    </package>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <vulnerable range="lt">1.8.0.101</vulnerable>
+      <unaffected range="ge">1.8.0.101</unaffected>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please
+      review the referenced CVE’s for additional information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could gain access to information, remotely execute
+      arbitrary code, or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JRE Users users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/oracle-jre-bin-1.8.0.101"
+    </code>
+    
+    <p>All Oracle JDK Users users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/oracle-jdk-bin-1.8.0.101"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0402">CVE-2016-0402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0448">CVE-2016-0448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0466">CVE-2016-0466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0475">CVE-2016-0475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0483">CVE-2016-0483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0494">CVE-2016-0494</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0603">CVE-2016-0603</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0636">CVE-2016-0636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3426">CVE-2016-3426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3458">CVE-2016-3458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3485">CVE-2016-3485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3498">CVE-2016-3498</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3500">CVE-2016-3500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3503">CVE-2016-3503</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3508">CVE-2016-3508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3511">CVE-2016-3511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3550">CVE-2016-3550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3552">CVE-2016-3552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3587">CVE-2016-3587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3598">CVE-2016-3598</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3606">CVE-2016-3606</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3610">CVE-2016-3610</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-16T10:37:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-10-15T12:16:10Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-09.xml b/metadata/glsa/glsa-201610-09.xml
new file mode 100644
index 000000000000..3496d6992d99
--- /dev/null
+++ b/metadata/glsa/glsa-201610-09.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-09">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-10-29</announced>
+  <revised count="1">2016-10-29</revised>
+  <bug>589278</bug>
+  <bug>590420</bug>
+  <bug>592630</bug>
+  <bug>593708</bug>
+  <bug>595614</bug>
+  <bug>597016</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">54.0.2840.59</unaffected>
+      <vulnerable range="lt">54.0.2840.59</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-54.0.2840.59"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5127">CVE-2016-5127</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5128">CVE-2016-5128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5129">CVE-2016-5129</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5130">CVE-2016-5130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131">CVE-2016-5131</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5132">CVE-2016-5132</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5133">CVE-2016-5133</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5134">CVE-2016-5134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5135">CVE-2016-5135</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5136">CVE-2016-5136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5137">CVE-2016-5137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5138">CVE-2016-5138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5139">CVE-2016-5139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5140">CVE-2016-5140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5141">CVE-2016-5141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5142">CVE-2016-5142</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5143">CVE-2016-5143</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5144">CVE-2016-5144</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5145">CVE-2016-5145</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5146">CVE-2016-5146</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5147">CVE-2016-5147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5148">CVE-2016-5148</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5149">CVE-2016-5149</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5150">CVE-2016-5150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5151">CVE-2016-5151</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5152">CVE-2016-5152</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5153">CVE-2016-5153</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5154">CVE-2016-5154</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5155">CVE-2016-5155</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5156">CVE-2016-5156</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5157">CVE-2016-5157</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5158">CVE-2016-5158</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5159">CVE-2016-5159</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5160">CVE-2016-5160</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5161">CVE-2016-5161</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5162">CVE-2016-5162</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5163">CVE-2016-5163</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5164">CVE-2016-5164</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5165">CVE-2016-5165</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5166">CVE-2016-5166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5167">CVE-2016-5167</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5170">CVE-2016-5170</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5171">CVE-2016-5171</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5172">CVE-2016-5172</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5173">CVE-2016-5173</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5174">CVE-2016-5174</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5175">CVE-2016-5175</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5177">CVE-2016-5177</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5178">CVE-2016-5178</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5181">CVE-2016-5181</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5182">CVE-2016-5182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5183">CVE-2016-5183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5184">CVE-2016-5184</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5185">CVE-2016-5185</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5186">CVE-2016-5186</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5187">CVE-2016-5187</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5188">CVE-2016-5188</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5189">CVE-2016-5189</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5190">CVE-2016-5190</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5191">CVE-2016-5191</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5192">CVE-2016-5192</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5193">CVE-2016-5193</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5194">CVE-2016-5194</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-08T13:43:22Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-10-29T13:09:39Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-10.xml b/metadata/glsa/glsa-201610-10.xml
new file mode 100644
index 000000000000..54baa728f6dd
--- /dev/null
+++ b/metadata/glsa/glsa-201610-10.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-10">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-10-29</announced>
+  <revised count="2">2016-11-01</revised>
+  <bug>593684</bug>
+  <bug>596896</bug>
+  <bug>598152</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">23.0.0.205</unaffected>
+      <unaffected range="rge">11.2.202.635</unaffected>
+      <unaffected range="rge">11.2.202.643</unaffected>
+      <unaffected range="rge">11.2.202.644</unaffected>
+      <vulnerable range="lt">23.0.0.205</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player 23.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-23.0.0.205"
+    </code>
+    
+    <p>All Adobe Flash Player 11.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.635"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182">CVE-2016-4182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271">CVE-2016-4271</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272">CVE-2016-4272</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273">CVE-2016-4273</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274">CVE-2016-4274</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275">CVE-2016-4275</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276">CVE-2016-4276</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277">CVE-2016-4277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278">CVE-2016-4278</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279">CVE-2016-4279</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280">CVE-2016-4280</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281">CVE-2016-4281</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282">CVE-2016-4282</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283">CVE-2016-4283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284">CVE-2016-4284</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285">CVE-2016-4285</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286">CVE-2016-4286</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287">CVE-2016-4287</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921">CVE-2016-6921</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922">CVE-2016-6922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923">CVE-2016-6923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924">CVE-2016-6924</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925">CVE-2016-6925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926">CVE-2016-6926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927">CVE-2016-6927</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929">CVE-2016-6929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930">CVE-2016-6930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931">CVE-2016-6931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932">CVE-2016-6932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981">CVE-2016-6981</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982">CVE-2016-6982</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983">CVE-2016-6983</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984">CVE-2016-6984</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985">CVE-2016-6985</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986">CVE-2016-6986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987">CVE-2016-6987</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989">CVE-2016-6989</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990">CVE-2016-6990</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992">CVE-2016-6992</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855">CVE-2016-7855</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-15T22:34:48Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-01T18:13:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201610-11.xml b/metadata/glsa/glsa-201610-11.xml
new file mode 100644
index 000000000000..1eeddf147972
--- /dev/null
+++ b/metadata/glsa/glsa-201610-11.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201610-11">
+  <title>GNU Wget: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wget, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-10-29</announced>
+  <revised count="1">2016-10-29</revised>
+  <bug>560418</bug>
+  <bug>585926</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.18</unaffected>
+      <vulnerable range="lt">1.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wget. Please review the
+      CVE identifier and bug reports referenced for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.18"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4971">CVE-2016-4971</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-02T11:56:24Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-10-29T13:29:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-01.xml b/metadata/glsa/glsa-201611-01.xml
new file mode 100644
index 000000000000..82a5eb406aab
--- /dev/null
+++ b/metadata/glsa/glsa-201611-01.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-01">
+  <title>UnZip: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in UnZip allowing remote
+    attackers to execute arbitrary code and cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-11-01</announced>
+  <revised count="1">2016-11-01</revised>
+  <bug>528082</bug>
+  <bug>533748</bug>
+  <bug>537424</bug>
+  <bug>560416</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/unzip" auto="yes" arch="*">
+      <unaffected range="ge">6.0_p20</unaffected>
+      <vulnerable range="lt">6.0_p20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP
+      compressed files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities were found in UnZip. Please review the
+      referenced CVE’s for additional information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code or cause Denial of
+      Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All UnZip users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/unzip-6.0_p20"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8139">CVE-2014-8139</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8140">CVE-2014-8140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8141">CVE-2014-8141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9636">CVE-2014-9636</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-09T02:22:34Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-01T13:18:35Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-02.xml b/metadata/glsa/glsa-201611-02.xml
new file mode 100644
index 000000000000..60c59989e5c7
--- /dev/null
+++ b/metadata/glsa/glsa-201611-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-02">
+  <title>OpenVPN: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenVPN, the worst of
+    which allows remote attackers to read encrypted traffic.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-11-01</announced>
+  <revised count="1">2016-11-01</revised>
+  <bug>582902</bug>
+  <bug>592070</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openvpn" auto="yes" arch="*">
+      <unaffected range="ge">2.3.12</unaffected>
+      <vulnerable range="lt">2.3.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenVPN is a multi-platform, full-featured SSL VPN solution.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenVPN. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to recover plaintext from encrypted
+      communications.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenVPN users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openvpn-2.3.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6329">CVE-2016-6329</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-10T00:38:08Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-01T13:24:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-03.xml b/metadata/glsa/glsa-201611-03.xml
new file mode 100644
index 000000000000..d546a3cc885c
--- /dev/null
+++ b/metadata/glsa/glsa-201611-03.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-03">
+  <title>LibreOffice, OpenOffice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in both LibreOffice and
+    OpenOffice, the worst of which allows for the remote execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-11-04</announced>
+  <revised count="2">2017-04-17</revised>
+  <bug>565026</bug>
+  <bug>587566</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/libreoffice" auto="yes" arch="*">
+      <unaffected range="ge">5.1.4.2</unaffected>
+      <vulnerable range="lt">5.1.4.2</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">5.1.4.2</unaffected>
+      <vulnerable range="lt">5.1.4.2</vulnerable>
+    </package>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">4.1.2</unaffected>
+      <vulnerable range="lt">4.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibreOffice is a powerful office suite; its clean interface and powerful
+      tools let you unleash your creativity and grow your productivity.
+    </p>
+    
+    <p>Apache OpenOffice is the leading open-source office software suite for
+      word processing, spreadsheets, presentations, graphics, databases and
+      more.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in both LibreOffice and
+      OpenOffice.  Please review the referenced CVE’s for specific
+      information regarding each.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could obtain sensitive information, cause a Denial of
+      Service condition, or execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known work around at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibreOffice users should upgrade their respective packages to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-5.1.4.2"
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-debug-5.1.4.2"
+    </code>
+    
+    <p>All OpenOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-4.1.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4551">
+      CVE-2015-4551
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5212">
+      CVE-2015-5212
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5213">
+      CVE-2015-5213
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5214">
+      CVE-2015-5214
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4324">CVE-2016-4324</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-10T07:32:58Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-04-17T17:52:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-04.xml b/metadata/glsa/glsa-201611-04.xml
new file mode 100644
index 000000000000..aa3276418720
--- /dev/null
+++ b/metadata/glsa/glsa-201611-04.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-04">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's JRE and JDK
+    software suites allowing remote attackers to remotely execute arbitrary
+    code, obtain information, and cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-11-04</announced>
+  <revised count="1">2016-11-04</revised>
+  <bug>597516</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.111</unaffected>
+      <vulnerable range="lt">1.8.0.111</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.111</unaffected>
+      <vulnerable range="lt">1.8.0.111</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please
+      review the referenced CVE’s for additional information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could gain access to information, remotely execute
+      arbitrary code, or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JRE Users users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.111"
+    </code>
+    
+    <p>All Oracle JDK Users users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.111"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5542">CVE-2016-5542</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5554">CVE-2016-5554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5556">CVE-2016-5556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5568">CVE-2016-5568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5573">CVE-2016-5573</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5582">CVE-2016-5582</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5597">CVE-2016-5597</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-10-19T12:41:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-04T08:28:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-05.xml b/metadata/glsa/glsa-201611-05.xml
new file mode 100644
index 000000000000..e2136ea4489a
--- /dev/null
+++ b/metadata/glsa/glsa-201611-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-05">
+  <title>tnftp: Arbitrary code execution </title>
+  <synopsis>tnftp is vulnerable to remote code execution if output file is not
+    specified. 
+  </synopsis>
+  <product type="ebuild">tnftp</product>
+  <announced>2016-11-15</announced>
+  <revised count="1">2016-11-15</revised>
+  <bug>527302</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/tnftp" auto="yes" arch="*">
+      <unaffected range="ge">20141104</unaffected>
+      <vulnerable range="lt">20141104</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tnftp is a NetBSD FTP client with several advanced features.</p>
+  </background>
+  <description>
+          <p>The fetch_url function in usr.bin/ftp/fetch.c allows remote
+            attackers to execute arbitrary commands via a
+          </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tnftp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --verbose --oneshot "&gt;=net-ftp/tnftp-20141104"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8517">CVE-2014-8517</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-21T19:31:36Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-15T06:40:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-06.xml b/metadata/glsa/glsa-201611-06.xml
new file mode 100644
index 000000000000..6411a5207ab0
--- /dev/null
+++ b/metadata/glsa/glsa-201611-06.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-06">
+  <title>xinetd: Privilege escalation </title>
+  <synopsis>A vulnerability in xinetd could lead to privilege escalation.</synopsis>
+  <product type="ebuild">xinetd</product>
+  <announced>2016-11-15</announced>
+  <revised count="1">2016-11-15</revised>
+  <bug>488158</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/xinetd" auto="yes" arch="*">
+      <unaffected range="ge">2.3.15-r2</unaffected>
+      <vulnerable range="lt">2.3.15-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>xinetd is a secure replacement for inetd.</p>
+  </background>
+  <description>
+    <p>Xinetd does not enforce the user and group configuration directives for
+      TCPMUX services, which causes these services to be run as root.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Attackers could escalate privileges outside of the running process.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All xinetd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --verbose --oneshot "&gt;=sys-apps/xinetd-2.3.15-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4342">CVE-2013-4342</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-23T23:25:51Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-15T07:16:41Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-07.xml b/metadata/glsa/glsa-201611-07.xml
new file mode 100644
index 000000000000..eb490a5ede9a
--- /dev/null
+++ b/metadata/glsa/glsa-201611-07.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-07">
+  <title>polkit: Heap-corruption on duplicate IDs </title>
+  <synopsis>polkit is vulnerable to local privilege escalation.</synopsis>
+  <product type="ebuild">polkit</product>
+  <announced>2016-11-15</announced>
+  <revised count="1">2016-11-15</revised>
+  <bug>555666</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-auth/polkit" auto="yes" arch="*">
+      <unaffected range="ge">0.113</unaffected>
+      <vulnerable range="lt">0.113</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>polkit is a toolkit for managing policies relating to unprivileged
+      processes communicating with privileged processes.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in polkit’s
+      polkit_backend_action_pool_init function due to duplicate action IDs in
+      action descriptions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local attackers are able to gain unauthorized privileges on the system.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All polkit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/polkit-0.113"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3255">CVE-2015-3255</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-25T00:47:50Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-15T07:23:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-08.xml b/metadata/glsa/glsa-201611-08.xml
new file mode 100644
index 000000000000..bcc9620bd993
--- /dev/null
+++ b/metadata/glsa/glsa-201611-08.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-08">
+  <title>libpng: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libpng, the worst of
+    which may allow remote attackers to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2016-11-15</announced>
+  <revised count="1">2016-11-15</revised>
+  <bug>564244</bug>
+  <bug>565678</bug>
+  <bug>568216</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.2">1.2.56</unaffected>
+      <unaffected range="ge" slot="1.5">1.5.26</unaffected>
+      <unaffected range="ge">1.6.21</unaffected>
+      <vulnerable range="lt">1.6.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpng is a standard library used to process PNG (Portable Network
+      Graphics) images. It is used by several other programs, including web
+      browsers and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities were found in libpng. Please review the
+      referenced CVE’s for additional information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition or have other
+      unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpng 1.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.56"
+    </code>
+    
+    <p>All libpng 1.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.5.26"
+    </code>
+    
+    <p>All libpng 1.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.6.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7981">CVE-2015-7981</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126">CVE-2015-8126</uri>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8540">
+      CVE-2015-8540
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-23T23:42:59Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-15T07:39:40Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-09.xml b/metadata/glsa/glsa-201611-09.xml
new file mode 100644
index 000000000000..7f1ee85db399
--- /dev/null
+++ b/metadata/glsa/glsa-201611-09.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-09">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    allows gaining of privileges on the host system.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2016-11-15</announced>
+  <revised count="1">2016-11-15</revised>
+  <bug>588780</bug>
+  <bug>593198</bug>
+  <bug>594850</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.6.3-r3</unaffected>
+      <vulnerable range="lt">4.6.3-r3</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.6.3-r2</unaffected>
+      <vulnerable range="lt">4.6.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A malicious guest administrator could escalate their privileges on the
+      host system or cause a Denial of Service.  Additionally, a malicious
+      unprivileged guest user may be able to obtain or corrupt sensitive
+      information (including cryptographic material) in other programs in the
+      same guest.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.6.3-r3"
+    </code>
+    
+    <p>All Xen tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-tools-4.6.3-r2
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6258">CVE-2016-6258</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7092">CVE-2016-7092</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7093">CVE-2016-7093</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7094">CVE-2016-7094</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7777">CVE-2016-7777</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-10T06:59:48Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-15T07:42:10Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-10.xml b/metadata/glsa/glsa-201611-10.xml
new file mode 100644
index 000000000000..cd15f3ad4623
--- /dev/null
+++ b/metadata/glsa/glsa-201611-10.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-10">
+  <title>libuv: Privilege escalation</title>
+  <synopsis>A vulnerability in libuv could lead to privilege escalation.</synopsis>
+  <product type="ebuild"/>
+  <announced>2016-11-17</announced>
+  <revised count="1">2016-11-17</revised>
+  <bug>540826</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libuv" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libuv is a multi-platform support library with a focus on asynchronous
+      I/O.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that libuv does not call setgroups before calling
+      setuid/setgid.  If this is not called, then even though the uid has been
+      dropped, there may still be groups associated that permit superuser
+      privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Context-dependent attackers could escalate privileges via unspecified
+      vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libuv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --verbose --oneshot "&gt;=dev-libs/libuv-1.4.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0278">CVE-2015-0278</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-17T08:33:56Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-17T10:08:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-11.xml b/metadata/glsa/glsa-201611-11.xml
new file mode 100644
index 000000000000..0b482d1cbfc1
--- /dev/null
+++ b/metadata/glsa/glsa-201611-11.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-11">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-11-18</announced>
+  <revised count="2">2017-01-02</revised>
+  <bug>594368</bug>
+  <bug>594520</bug>
+  <bug>595192</bug>
+  <bug>596048</bug>
+  <bug>596738</bug>
+  <bug>596752</bug>
+  <bug>596774</bug>
+  <bug>596776</bug>
+  <bug>597108</bug>
+  <bug>597110</bug>
+  <bug>598044</bug>
+  <bug>598046</bug>
+  <bug>598328</bug>
+  <bug>603442</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.7.0-r6</unaffected>
+      <vulnerable range="lt">2.7.0-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A privileged user /process within a guest QEMU environment can cause a
+      Denial of Service condition against the QEMU guest process or the host.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.7.0-r6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10029">
+      CVE-2016-10029
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7161">CVE-2016-7161</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7423">CVE-2016-7423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7466">CVE-2016-7466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7907">CVE-2016-7907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7908">CVE-2016-7908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7909">CVE-2016-7909</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7994">CVE-2016-7994</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8576">CVE-2016-8576</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8577">CVE-2016-8577</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8578">CVE-2016-8578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8668">CVE-2016-8668</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8669">CVE-2016-8669</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8909">CVE-2016-8909</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8910">CVE-2016-8910</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9102">CVE-2016-9102</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9103">CVE-2016-9103</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9104">CVE-2016-9104</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9105">CVE-2016-9105</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-17T07:04:59Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-02T10:33:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-12.xml b/metadata/glsa/glsa-201611-12.xml
new file mode 100644
index 000000000000..caf358e444b8
--- /dev/null
+++ b/metadata/glsa/glsa-201611-12.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-12">
+  <title>imlib2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in imlib2, the worst of
+    which allows for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">imlib2</product>
+  <announced>2016-11-20</announced>
+  <revised count="1">2016-11-20</revised>
+  <bug>572884</bug>
+  <bug>578810</bug>
+  <bug>580038</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/imlib2" auto="yes" arch="*">
+      <unaffected range="ge">1.4.9</unaffected>
+      <vulnerable range="lt">1.4.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>imlib2 is an advanced replacement for image manipulation libraries such
+      as libXpm. It is utilized by numerous programs, including gkrellm and
+      several window managers, to display images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in imlib2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using an application linked against imlib2, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All imlib2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/imlib2-1.4.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9762">CVE-2014-9762</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9763">CVE-2014-9763</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9764">CVE-2014-9764</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4024">CVE-2016-4024</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-20T06:16:27Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-20T22:06:30Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-13.xml b/metadata/glsa/glsa-201611-13.xml
new file mode 100644
index 000000000000..340f93f10c7d
--- /dev/null
+++ b/metadata/glsa/glsa-201611-13.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-13">
+  <title>MongoDB: Denial of service</title>
+  <synopsis>A vulnerability in MongoDB can lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">mongodb</product>
+  <announced>2016-11-20</announced>
+  <revised count="1">2016-11-20</revised>
+  <bug>542880</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mongodb" auto="yes" arch="*">
+      <unaffected range="ge">2.4.13</unaffected>
+      <vulnerable range="lt">2.4.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MongoDB (from “humongous”) is a scalable, high-performance, open
+      source, schema-free, document-oriented database.
+    </p>
+  </background>
+  <description>
+    <p>MongoDB’s ‘mongod’ server fails to validate some cases of
+      malformed BSON.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted BSON request possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MongoDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mongodb-2.4.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1609">CVE-2015-1609</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-05-11T20:38:27Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-11-20T22:09:15Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-14.xml b/metadata/glsa/glsa-201611-14.xml
new file mode 100644
index 000000000000..ca87a0e1e4fe
--- /dev/null
+++ b/metadata/glsa/glsa-201611-14.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-14">
+  <title>MIT Kerberos 5: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in MIT Kerberos 5,
+    the worst of which may allow remote attackers to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2016-11-20</announced>
+  <revised count="1">2016-11-20</revised>
+  <bug>564304</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.13.2-r2</unaffected>
+      <vulnerable range="lt">1.13.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MIT Kerberos 5 is a suite of applications that implement the Kerberos
+      network protocol.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MIT Kerberos 5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.13.2-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2695">CVE-2015-2695</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2696">CVE-2015-2696</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2697">CVE-2015-2697</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-23T22:59:55Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-20T22:10:32Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-15.xml b/metadata/glsa/glsa-201611-15.xml
new file mode 100644
index 000000000000..e8ee0578a24b
--- /dev/null
+++ b/metadata/glsa/glsa-201611-15.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-15">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2016-11-22</announced>
+  <revised count="3">2016-11-22</revised>
+  <bug>542220</bug>
+  <bug>579752</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.42.0</unaffected>
+      <vulnerable range="lt">0.42.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      using Poppler, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.42.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8868">
+      CVE-2015-8868
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-06-06T14:35:30Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-22T11:58:21Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-16.xml b/metadata/glsa/glsa-201611-16.xml
new file mode 100644
index 000000000000..f7e595e7b818
--- /dev/null
+++ b/metadata/glsa/glsa-201611-16.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-16">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2016-11-22</announced>
+  <revised count="3">2016-11-22</revised>
+  <bug>599416</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">54.0.2840.100</unaffected>
+      <vulnerable range="lt">54.0.2840.100</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-54.0.2840.100"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5199">CVE-2016-5199</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5200">CVE-2016-5200</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5201">CVE-2016-5201</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5202">CVE-2016-5202</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-17T09:25:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-22T11:58:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-17.xml b/metadata/glsa/glsa-201611-17.xml
new file mode 100644
index 000000000000..06918e18c19c
--- /dev/null
+++ b/metadata/glsa/glsa-201611-17.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-17">
+  <title>RPCBind: Denial of service</title>
+  <synopsis>A buffer overflow in RPCBind might allow remote attackers to cause
+    a Denial of Service.
+  </synopsis>
+  <product type="ebuild">rpcbind</product>
+  <announced>2016-11-22</announced>
+  <revised count="2">2016-11-22</revised>
+  <bug>560990</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nds/rpcbind" auto="yes" arch="*">
+      <unaffected range="ge">0.2.3-r1</unaffected>
+      <vulnerable range="lt">0.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The RPCBind utility is a server that converts RPC program numbers into
+      universal addresses.
+    </p>
+  </background>
+  <description>
+    <p>A use-after-free vulnerability was discovered in RPCBind’s
+      svc_dodestroy function when trying to free a corrupted xprt-&gt;xp_netid
+      pointer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RPCBind users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-nds/rpcbind-0.2.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7236">CVE-2015-7236</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-23T23:23:05Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-11-22T11:58:44Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-18.xml b/metadata/glsa/glsa-201611-18.xml
new file mode 100644
index 000000000000..06f0fb7487a8
--- /dev/null
+++ b/metadata/glsa/glsa-201611-18.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-18">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2016-11-22</announced>
+  <revised count="2">2016-11-22</revised>
+  <bug>599204</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">23.0.0.207</unaffected>
+      <unaffected range="rge">11.2.202.644</unaffected>
+      <vulnerable range="lt">23.0.0.207</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player 23.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-23.0.0.207"
+    </code>
+    
+    <p>All Adobe Flash Player 11.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-11.2.202.644"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7857">CVE-2016-7857</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7858">CVE-2016-7858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7859">CVE-2016-7859</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7860">CVE-2016-7860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7861">CVE-2016-7861</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7862">CVE-2016-7862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7863">CVE-2016-7863</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7864">CVE-2016-7864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7865">CVE-2016-7865</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-11T06:18:07Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-22T11:59:00Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-19.xml b/metadata/glsa/glsa-201611-19.xml
new file mode 100644
index 000000000000..346d55be7314
--- /dev/null
+++ b/metadata/glsa/glsa-201611-19.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-19">
+  <title>Tar: Extract pathname bypass</title>
+  <synopsis>A path traversal attack in Tar may lead to the remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">tar</product>
+  <announced>2016-11-22</announced>
+  <revised count="2">2016-11-22</revised>
+  <bug>598334</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/tar" auto="yes" arch="*">
+      <unaffected range="ge">1.29-r1</unaffected>
+      <vulnerable range="lt">1.29-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Tar program provides the ability to create and manipulate tar
+      archives.
+    </p>
+  </background>
+  <description>
+    <p>Tar attempts to avoid path traversal attacks by removing offending parts
+      of the element name at extract. This sanitizing leads to a vulnerability
+      where the attacker can bypass the path name(s) specified on the command
+      line.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The attacker can create a crafted tar archive that, if extracted by the
+      victim, replaces files and directories the victim has access to in the
+      target directory, regardless of the path name(s) specified on the command
+      line.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/tar-1.29-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6321">CVE-2016-6321</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-11T06:05:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-22T11:59:11Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-20.xml b/metadata/glsa/glsa-201611-20.xml
new file mode 100644
index 000000000000..fe680dbfc206
--- /dev/null
+++ b/metadata/glsa/glsa-201611-20.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-20">
+  <title>TestDisk: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in TestDisk might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">testdisk</product>
+  <announced>2016-11-22</announced>
+  <revised count="2">2016-11-22</revised>
+  <bug>548258</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-admin/testdisk" auto="yes" arch="*">
+      <unaffected range="ge">7.0-r2</unaffected>
+      <vulnerable range="lt">7.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TestDisk is powerful free data recovery software! It was primarily
+      designed to help recover lost partitions and/or make non-booting disks
+      bootable again when these symptoms are caused by faulty software: certain
+      types of viruses or human error (such as accidentally deleting a
+      Partition Table). Partition table recovery using TestDisk is really easy.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow can be triggered within TestDisk when a malicious disk
+      image is attempting to be recovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could coerce the victim to run TestDisk against their
+      malicious image.  This may be leveraged by an attacker to crash TestDisk
+      and gain control of program execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TestDisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/testdisk-7.0-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://www.security-assessment.com/files/documents/advisory/Testdisk%20Check_OS2MB%20Stack%20Buffer%20Overflow%20-%20Release.pdf">
+      TestDisk check_OS2MB Stack Buffer overflow
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-04-30T18:55:08Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2016-11-22T11:59:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-21.xml b/metadata/glsa/glsa-201611-21.xml
new file mode 100644
index 000000000000..f7acae70457f
--- /dev/null
+++ b/metadata/glsa/glsa-201611-21.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-21">
+  <title>ImageMagick: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ImageMagick, the worst
+    of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2016-11-30</announced>
+  <revised count="1">2016-11-30</revised>
+  <bug>581990</bug>
+  <bug>593526</bug>
+  <bug>593530</bug>
+  <bug>593532</bug>
+  <bug>595200</bug>
+  <bug>596002</bug>
+  <bug>596004</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.9.6.2</unaffected>
+      <vulnerable range="lt">6.9.6.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ImageMagick is a collection of tools and libraries for many image
+      formats.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ImageMagick.  Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.9.6.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3714">CVE-2016-3714</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3715">CVE-2016-3715</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3716">CVE-2016-3716</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3717">CVE-2016-3717</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3718">CVE-2016-3718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5010">CVE-2016-5010</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5842">CVE-2016-5842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6491">CVE-2016-6491</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7799">CVE-2016-7799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7906">CVE-2016-7906</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-10-11T12:32:33Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-30T21:42:34Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201611-22.xml b/metadata/glsa/glsa-201611-22.xml
new file mode 100644
index 000000000000..170d217efc97
--- /dev/null
+++ b/metadata/glsa/glsa-201611-22.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201611-22">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could lead to arbitrary code execution or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2016-11-30</announced>
+  <revised count="1">2016-11-30</revised>
+  <bug>578734</bug>
+  <bug>581834</bug>
+  <bug>584204</bug>
+  <bug>587246</bug>
+  <bug>591710</bug>
+  <bug>594498</bug>
+  <bug>597586</bug>
+  <bug>599326</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.6.28</unaffected>
+      <vulnerable range="lt">5.6.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can possibly execute arbitrary code or create a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.6.28"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865">CVE-2015-8865</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074">CVE-2016-3074</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071">CVE-2016-4071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072">CVE-2016-4072</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073">CVE-2016-4073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537">CVE-2016-4537</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538">CVE-2016-4538</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539">CVE-2016-4539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540">CVE-2016-4540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541">CVE-2016-4541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542">CVE-2016-4542</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543">CVE-2016-4543</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544">CVE-2016-4544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385">CVE-2016-5385</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289">CVE-2016-6289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290">CVE-2016-6290</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291">CVE-2016-6291</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292">CVE-2016-6292</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294">CVE-2016-6294</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295">CVE-2016-6295</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296">CVE-2016-6296</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297">CVE-2016-6297</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124">CVE-2016-7124</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125">CVE-2016-7125</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126">CVE-2016-7126</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127">CVE-2016-7127</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128">CVE-2016-7128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129">CVE-2016-7129</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130">CVE-2016-7130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131">CVE-2016-7131</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132">CVE-2016-7132</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133">CVE-2016-7133</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134">CVE-2016-7134</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411">CVE-2016-7411</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412">CVE-2016-7412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413">CVE-2016-7413</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414">CVE-2016-7414</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416">CVE-2016-7416</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417">CVE-2016-7417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418">CVE-2016-7418</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-19T11:17:24Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-11-30T21:46:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-01.xml b/metadata/glsa/glsa-201612-01.xml
new file mode 100644
index 000000000000..e13dc9a9d6c8
--- /dev/null
+++ b/metadata/glsa/glsa-201612-01.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-01">
+  <title>GnuPG: RNG output is predictable</title>
+  <synopsis>Due to a design flaw, the output of GnuPG's Random Number Generator
+    (RNG) is predictable.
+  </synopsis>
+  <product type="ebuild">gnupg</product>
+  <announced>2016-12-02</announced>
+  <revised count="1">2016-12-02</revised>
+  <bug>591536</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">1.4.21</unaffected>
+      <vulnerable range="lt">1.4.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
+      cryptographic software.
+    </p>
+  </background>
+  <description>
+    <p>A long standing bug (since 1998) in Libgcrypt (see “GLSA 201610-04”
+      below) and GnuPG allows an attacker to predict the output from the
+      standard RNG. Please review the “Entropy Loss and Output Predictability
+      in the Libgcrypt PRNG” paper below for a deep technical analysis.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker who obtains 580 bytes of the random number from the standard
+      RNG can trivially predict the next 20 bytes of output.
+    </p>
+    
+    <p>This flaw does not affect the default generation of keys, because
+      running gpg for key creation creates at most 2 keys from the pool. For a
+      single 4096 bit RSA key, 512 bytes of random are required and thus for
+      the second key (encryption subkey), 20 bytes could be predicted from the
+      the first key.
+    </p>
+    
+    <p>However, the security of an OpenPGP key depends on the primary key
+      (which was generated first) and thus the 20 predictable bytes should not
+      be a problem.  For the default key length of 2048 bit nothing will be
+      predictable.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuPG 1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.21"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6313">CVE-2016-6313</uri>
+    <uri link="http://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf">
+      Entropy Loss and Output Predictability in the Libgcrypt PRNG
+    </uri>
+    <uri link="https://security.gentoo.org/glsa/201610-04">GLSA 201610-04</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-30T18:28:25Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-02T09:38:37Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-02.xml b/metadata/glsa/glsa-201612-02.xml
new file mode 100644
index 000000000000..978da950b49a
--- /dev/null
+++ b/metadata/glsa/glsa-201612-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-02">
+  <title>DavFS2: Local privilege escalation</title>
+  <synopsis>A vulnerability in DavFS2 allows local users to gain root
+    privileges.
+  </synopsis>
+  <product type="ebuild">davfs2</product>
+  <announced>2016-12-02</announced>
+  <revised count="1">2016-12-02</revised>
+  <bug>485232</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-fs/davfs2" auto="yes" arch="*">
+      <unaffected range="ge">1.5.2</unaffected>
+      <vulnerable range="lt">1.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>DavFS2 is a file system driver that allows you to mount a WebDAV server
+      as a local disk drive.
+    </p>
+  </background>
+  <description>
+    <p>DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility
+      uses “system()” to call “/sbin/modprobe”.
+    </p>
+    
+    <p>While the call to “modprobe” itself cannot be manipulated, a local
+      authenticated user can set the “MODPROBE_OPTIONS” environment
+      variable to pass a user controlled path, allowing the loading of an
+      arbitrary kernel module.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local user could gain root privileges.</p>
+  </impact>
+  <workaround>
+    <p>The system administrator should ensure that all modules the
+      “mount.davfs” utility tries to load are loaded upon system boot
+      before any local user can call the utility.
+    </p>
+    
+    <p>An additional defense measure can be implemented by enabling the Linux
+      kernel module signing feature. This assists in the prevention of
+      arbitrary modules being loaded.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All DavFS2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/davfs2-1.5.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4362">CVE-2013-4362</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-07T21:54:18Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-02T13:32:55Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-03.xml b/metadata/glsa/glsa-201612-03.xml
new file mode 100644
index 000000000000..f3e5b7aa4b72
--- /dev/null
+++ b/metadata/glsa/glsa-201612-03.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-03">
+  <title>libsndfile: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libsndfile, the worst
+    of which might allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libsndfile</product>
+  <announced>2016-12-03</announced>
+  <revised count="1">2016-12-03</revised>
+  <bug>533750</bug>
+  <bug>566682</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libsndfile" auto="yes" arch="*">
+      <unaffected range="ge">1.0.26</unaffected>
+      <vulnerable range="lt">1.0.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libsndfile is a C library for reading and writing files containing
+      sampled sound.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libsndfile. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in the execution of arbitrary code with the privileges
+      of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libsndfile users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libsndfile-1.0.26"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9496">CVE-2014-9496</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7805">CVE-2015-7805</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T07:52:16Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-03T10:28:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-04.xml b/metadata/glsa/glsa-201612-04.xml
new file mode 100644
index 000000000000..a6065ef8dedb
--- /dev/null
+++ b/metadata/glsa/glsa-201612-04.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-04">
+  <title>BusyBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BusyBox, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">busybox</product>
+  <announced>2016-12-04</announced>
+  <revised count="1">2016-12-04</revised>
+  <bug>564246</bug>
+  <bug>577610</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/busybox" auto="yes" arch="*">
+      <unaffected range="ge">1.24.2</unaffected>
+      <vulnerable range="lt">1.24.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BusyBox is a set of tools for embedded systems and is a replacement for
+      GNU Coreutils.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BusyBox. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time. However, on Gentoo, the
+      remote code execution vulnerability can be avoided if you don’t use
+      BusyBox’s udhcpc or build the package without the “ipv6” USE flag
+      enabled.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All BusyBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/busybox-1.24.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2147">CVE-2016-2147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2148">CVE-2016-2148</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T06:28:35Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-04T06:39:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-05.xml b/metadata/glsa/glsa-201612-05.xml
new file mode 100644
index 000000000000..1fd80b8ec0af
--- /dev/null
+++ b/metadata/glsa/glsa-201612-05.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-05">
+  <title>Pygments: Arbitrary code execution</title>
+  <synopsis>Pygments is vulnerable to remote code execution if an attacker is
+    allowed to specify the font name. 
+  </synopsis>
+  <product type="ebuild">pygments</product>
+  <announced>2016-12-04</announced>
+  <revised count="1">2016-12-04</revised>
+  <bug>564478</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pygments" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2-r1</unaffected>
+      <vulnerable range="lt">2.0.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pygments is a generic syntax highlighter suitable for use in code
+      hosting, forums, wikis or other applications that need to prettify source
+      code.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in FontManager’s _get_nix_font_path function allows
+      shell metacharacters to be passed in a font name.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pygments users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pygments-2.0.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8557">
+      CVE-2015-8557
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-08T00:25:56Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-04T06:50:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-06.xml b/metadata/glsa/glsa-201612-06.xml
new file mode 100644
index 000000000000..97ea1606401a
--- /dev/null
+++ b/metadata/glsa/glsa-201612-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-06">
+  <title>nghttp2: Heap-use-after-free</title>
+  <synopsis>Nghttp2 is vulnerable to a heap-use-after-free flaw in idle stream
+    handling code.
+  </synopsis>
+  <product type="ebuild">nghttp2</product>
+  <announced>2016-12-04</announced>
+  <revised count="1">2016-12-04</revised>
+  <bug>569518</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/nghttp2" auto="yes" arch="*">
+      <unaffected range="ge">1.6.0</unaffected>
+      <vulnerable range="lt">1.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nghttp2 is an implementation of HTTP/2 and its header compression
+      algorithm HPACK in C.
+    </p>
+  </background>
+  <description>
+    <p>A heap-use-after-free vulnerability has been discovered in nghttp2.
+      Please review the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The impact of the vulnerability is still unknown.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nghttp2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/nghttp2-1.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8659">CVE-2015-8659</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T07:09:46Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-04T10:59:07Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-07.xml b/metadata/glsa/glsa-201612-07.xml
new file mode 100644
index 000000000000..d03075017706
--- /dev/null
+++ b/metadata/glsa/glsa-201612-07.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-07">
+  <title>dpkg: Arbitrary code execution</title>
+  <synopsis>A vulnerability was discovered in dpkg which could potentially lead
+    to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">dpkg</product>
+  <announced>2016-12-04</announced>
+  <revised count="1">2016-12-04</revised>
+  <bug>567258</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/dpkg" auto="yes" arch="*">
+      <unaffected range="ge">1.17.26</unaffected>
+      <vulnerable range="lt">1.17.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Debian package management system.</p>
+  </background>
+  <description>
+    <p>Gentoo Linux developer, Hanno Böck, discovered an off-by-one error in
+      the dpkg-deb component of dpkg, the Debian package management system,
+      which triggers a stack-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could potentially execute arbitrary code if an user or an
+      automated system were tricked into processing a specially crafted Debian
+      binary package (.deb).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All dpkg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/dpkg-1.17.26"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0860">CVE-2015-0860</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T07:05:41Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-04T11:01:29Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-08.xml b/metadata/glsa/glsa-201612-08.xml
new file mode 100644
index 000000000000..b2227150a52c
--- /dev/null
+++ b/metadata/glsa/glsa-201612-08.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-08">
+  <title>LinuxCIFS utils: Buffer overflow</title>
+  <synopsis>A vulnerability in LinuxCIFS utils' "cifscreds" PAM module might
+    allow remote attackers to have an unspecified impact via unknown vectors.
+  </synopsis>
+  <product type="ebuild">cifs-utils</product>
+  <announced>2016-12-04</announced>
+  <revised count="1">2016-12-04</revised>
+  <bug>552634</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/cifs-utils" auto="yes" arch="*">
+      <unaffected range="ge">6.4</unaffected>
+      <vulnerable range="lt">6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The LinuxCIFS utils are a collection of tools for managing Linux CIFS
+      Client Filesystems.
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow was discovered in cifskey.c or cifscreds.c
+      in LinuxCIFS, as used in “pam_cifscreds.”
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit this vulnerability to cause an
+      unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>Don’t use LinuxCIFS utils’ “cifscreds” PAM module. In Gentoo,
+      LinuxCIFS utils’ PAM support is disabled by default unless the
+      “pam” USE flag is enabled.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All LinuxCIFS utils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/cifs-utils-6.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2830">CVE-2014-2830</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T07:13:41Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-04T11:02:29Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-09.xml b/metadata/glsa/glsa-201612-09.xml
new file mode 100644
index 000000000000..7b8515194124
--- /dev/null
+++ b/metadata/glsa/glsa-201612-09.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-09">
+  <title>GD: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GD, the worst of which
+    allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gd</product>
+  <announced>2016-12-04</announced>
+  <revised count="1">2016-12-04</revised>
+  <bug>587662</bug>
+  <bug>587968</bug>
+  <bug>592720</bug>
+  <bug>592722</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/gd" auto="yes" arch="*">
+      <unaffected range="ge">2.2.3</unaffected>
+      <vulnerable range="lt">2.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GD is a graphic library for fast image creation.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GD. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/gd-2.2.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5766">CVE-2016-5766</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6128">CVE-2016-6128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6132">CVE-2016-6132</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6207">CVE-2016-6207</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7568">CVE-2016-7568</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-11T06:53:45Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-04T11:07:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-10.xml b/metadata/glsa/glsa-201612-10.xml
new file mode 100644
index 000000000000..e473d8ea152a
--- /dev/null
+++ b/metadata/glsa/glsa-201612-10.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-10">
+  <title>libvirt: Directory traversal</title>
+  <synopsis>Libvirt is vulnerable to directory traversal when using Access
+    Control Lists (ACL).
+  </synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2016-12-04</announced>
+  <revised count="1">2016-12-04</revised>
+  <bug>568870</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">1.2.21-r1</unaffected>
+      <vulnerable range="lt">1.2.21-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>Normally, only privileged users can coerce libvirt into creating or
+      opening existing files using the virStorageVol APIs; and such users
+      already have full privilege to create any domain XML.
+    </p>
+    
+    <p>But in the case of fine-grained ACLs, it is feasible that a user can be
+      granted storage_vol:create but not domain:write, and it violates
+      assumptions if such a user can abuse libvirt to access files outside of
+      the storage pool.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>When fine-grained Access Control Lists (ACL) are in effect, an
+      authenticated local user with storage_vol:create permission but without
+      domain:write permission maybe able to create or access arbitrary files
+      outside of the storage pool.
+    </p>
+  </impact>
+  <workaround>
+    <p>Don’t make use of fine-grained Access Control Lists (ACL) in libvirt;
+      In Gentoo, libvirt’s ACL support is disable by default unless you
+      enable the “policykit” USE flag.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-1.2.21-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5313">CVE-2015-5313</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-24T05:15:17Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-04T11:17:48Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-11.xml b/metadata/glsa/glsa-201612-11.xml
new file mode 100644
index 000000000000..e1a96713bf35
--- /dev/null
+++ b/metadata/glsa/glsa-201612-11.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-11">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2016-12-05</announced>
+  <revised count="1">2016-12-05</revised>
+  <bug>601486</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">55.0.2883.75</unaffected>
+      <vulnerable range="lt">55.0.2883.75</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-55.0.2883.75"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5203">CVE-2016-5203</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5204">CVE-2016-5204</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5205">CVE-2016-5205</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5206">CVE-2016-5206</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5207">CVE-2016-5207</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5208">CVE-2016-5208</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5209">CVE-2016-5209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5210">CVE-2016-5210</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5211">CVE-2016-5211</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5212">CVE-2016-5212</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5213">CVE-2016-5213</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5214">CVE-2016-5214</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5215">CVE-2016-5215</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5217">CVE-2016-5217</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5218">CVE-2016-5218</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5219">CVE-2016-5219</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5220">CVE-2016-5220</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5221">CVE-2016-5221</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5222">CVE-2016-5222</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5223">CVE-2016-5223</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5224">CVE-2016-5224</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5225">CVE-2016-5225</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5226">CVE-2016-5226</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9650">CVE-2016-9650</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9651">CVE-2016-9651</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9652">CVE-2016-9652</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-08-10T14:25:29Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-05T00:47:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-12.xml b/metadata/glsa/glsa-201612-12.xml
new file mode 100644
index 000000000000..bed37652846e
--- /dev/null
+++ b/metadata/glsa/glsa-201612-12.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-12">
+  <title>Patch: Denial of service</title>
+  <synopsis>Patch is vulnerable to a locally generated Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">patch</product>
+  <announced>2016-12-05</announced>
+  <revised count="1">2016-12-05</revised>
+  <bug>538658</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/patch" auto="yes" arch="*">
+      <unaffected range="ge">2.7.4</unaffected>
+      <vulnerable range="lt">2.7.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Patch takes a patch file containing a difference listing produced by the
+      diff program and applies those differences to one or more original files,
+      producing patched versions.
+    </p>
+  </background>
+  <description>
+    <p>Due to a flaw in Patch, the application can enter an infinite loop when
+      processing a specially crafted diff file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could pass a specially crafted diff file to Patch,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All patch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/patch-2.7.4"
+    </code>
+    
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T07:47:45Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-05T01:16:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-13.xml b/metadata/glsa/glsa-201612-13.xml
new file mode 100644
index 000000000000..bbd016eb7ed8
--- /dev/null
+++ b/metadata/glsa/glsa-201612-13.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-13">
+  <title>nghttp2: Denial of service</title>
+  <synopsis>Nghttp2 is vulnerable to a Denial of Service attack.</synopsis>
+  <product type="ebuild">nghttp2</product>
+  <announced>2016-12-05</announced>
+  <revised count="1">2016-12-05</revised>
+  <bug>574780</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/nghttp2" auto="yes" arch="*">
+      <unaffected range="ge">1.7.1</unaffected>
+      <vulnerable range="lt">1.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nghttp2 is an implementation of HTTP/2 and its header compression
+      algorithm HPACK in C.
+    </p>
+  </background>
+  <description>
+    <p>Nghttpd, nghttp, and libnghttp2_asio applications do not limit the
+      memory usage for the incoming HTTP header field. If a peer sends a
+      specially crafted HTTP/2 HEADERS frame and CONTINUATION frame, they will
+      crash with an out of memory error.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nghttp2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/nghttp2-1.7.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1544">CVE-2016-1544</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-22T13:39:02Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-05T01:23:37Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-14.xml b/metadata/glsa/glsa-201612-14.xml
new file mode 100644
index 000000000000..f98068a2d576
--- /dev/null
+++ b/metadata/glsa/glsa-201612-14.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-14">
+  <title>util-linux: Arbitrary code execution</title>
+  <synopsis>A vulnerability was discovered in util-linux, which could
+    potentially lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">util-linux</product>
+  <announced>2016-12-06</announced>
+  <revised count="1">2016-12-06</revised>
+  <bug>530844</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/util-linux" auto="yes" arch="*">
+      <unaffected range="ge">2.26</unaffected>
+      <vulnerable range="lt">2.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>util-linux is a suite of Linux programs including mount and umount,
+      programs used to mount and unmount filesystems.
+    </p>
+  </background>
+  <description>
+    <p>A command injection flaw was discovered in util-linux’s “blkid”
+      utility. It uses caching files (/dev/.blkid.tab or /run/blkid/blkid.tab)
+      to store info about the UUID, LABEL etc. it finds on certain devices.
+      However, it does not strip ‘”’ character, so it can be confused to
+      build variable names containing shell metacharacters, which it would
+      usually encode inside the value.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could create a specially crafted partition label
+      containing arbitrary code which would get executed when the “blkid”
+      utility processes that value.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All util-linux users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/util-linux-2.26"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9114">CVE-2014-9114</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-22T22:56:21Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-06T03:44:24Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-15.xml b/metadata/glsa/glsa-201612-15.xml
new file mode 100644
index 000000000000..d7c8790af605
--- /dev/null
+++ b/metadata/glsa/glsa-201612-15.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-15">
+  <title>ARJ: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ARJ, the worst of which
+    may allow attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">arj</product>
+  <announced>2016-12-06</announced>
+  <revised count="1">2016-12-06</revised>
+  <bug>535708</bug>
+  <bug>541500</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/arj" auto="yes" arch="*">
+      <unaffected range="ge">3.10.22-r5</unaffected>
+      <vulnerable range="lt">3.10.22-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Open-source implementation of the ARJ archiver.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ARJ. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, using a specially crafted ARJ archive, could possibly
+      execute arbitrary code with the privileges of the process, or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ARJ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/arj-3.10.22-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0556">CVE-2015-0556</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0557">CVE-2015-0557</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2782">CVE-2015-2782</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-28T01:08:04Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-06T03:45:36Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-16.xml b/metadata/glsa/glsa-201612-16.xml
new file mode 100644
index 000000000000..b8c00f5ccf2e
--- /dev/null
+++ b/metadata/glsa/glsa-201612-16.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-16">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which allows attackers to conduct a time based side-channel attack.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2016-12-07</announced>
+  <revised count="1">2016-12-07</revised>
+  <bug>581234</bug>
+  <bug>585142</bug>
+  <bug>585276</bug>
+  <bug>591454</bug>
+  <bug>592068</bug>
+  <bug>592074</bug>
+  <bug>592082</bug>
+  <bug>594500</bug>
+  <bug>595186</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2j</unaffected>
+      <vulnerable range="lt">1.0.2j</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers and the International Association for Cryptologic
+      Research’s (IACR) paper, “Make Sure DSA Signing Exponentiations
+      Really are Constant-Time” for further details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition or have other
+      unspecified impacts. Additionally, a time based side-channel attack may
+      allow a local attacker to recover a private DSA key.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2j"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105">CVE-2016-2105</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106">CVE-2016-2106</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107">CVE-2016-2107</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108">CVE-2016-2108</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109">CVE-2016-2109</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176">CVE-2016-2176</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177">CVE-2016-2177</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178">CVE-2016-2178</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180">CVE-2016-2180</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183">CVE-2016-2183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304">CVE-2016-6304</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305">CVE-2016-6305</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306">CVE-2016-6306</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052">CVE-2016-7052</uri>
+    <uri link="https://eprint.iacr.org/2016/594.pdf">Make Sure DSA Signing
+      Exponentiations Really are Constant-Time
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-06T21:30:06Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-07T10:26:27Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-17.xml b/metadata/glsa/glsa-201612-17.xml
new file mode 100644
index 000000000000..f2f6bda83412
--- /dev/null
+++ b/metadata/glsa/glsa-201612-17.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-17">
+  <title>PECL HTTP: Remote execution of arbitrary code</title>
+  <synopsis>A buffer overflow in PECL HTTP might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">pecl_http</product>
+  <announced>2016-12-07</announced>
+  <revised count="1">2016-12-07</revised>
+  <bug>587466</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/pecl-http" auto="yes" arch="*">
+      <unaffected range="rge">2.5.6</unaffected>
+      <vulnerable range="lt">2.5.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>This HTTP extension aims to provide a convenient and powerful
+      set of functionality for one of PHPs major applications.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow can be triggered in the URL parsing functions of the
+      PECL HTTP extension. This allows overflowing
+      a buffer with data originating from an arbitrary HTTP request.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, through a specially crafted URI, could possibly
+      execute arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PECL HTTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/pecl-http-2.5.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5873">CVE-2016-5873</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-25T03:43:01Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-07T10:29:47Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-18.xml b/metadata/glsa/glsa-201612-18.xml
new file mode 100644
index 000000000000..8dd9ba6ed4e7
--- /dev/null
+++ b/metadata/glsa/glsa-201612-18.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-18">
+  <title>OpenSSH: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of
+    which allows remote attackers to cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-12-07</announced>
+  <revised count="1">2016-12-07</revised>
+  <bug>576954</bug>
+  <bug>580410</bug>
+  <bug>589088</bug>
+  <bug>590202</bug>
+  <bug>595342</bug>
+  <bug>597360</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">7.3_p1-r7</unaffected>
+      <vulnerable range="lt">7.3_p1-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause Denial of Service and conduct user
+      enumeration.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-7.3_p1-r7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8325">CVE-2015-8325</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1908">CVE-2016-1908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3115">CVE-2016-3115</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6210">CVE-2016-6210</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8858">CVE-2016-8858</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-17T05:14:39Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-07T10:31:11Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-19.xml b/metadata/glsa/glsa-201612-19.xml
new file mode 100644
index 000000000000..f703cd2d53e0
--- /dev/null
+++ b/metadata/glsa/glsa-201612-19.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-19">
+  <title>Mercurial: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mercurial, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mercurial</product>
+  <announced>2016-12-07</announced>
+  <revised count="1">2016-12-07</revised>
+  <bug>533008</bug>
+  <bug>544332</bug>
+  <bug>578546</bug>
+  <bug>582238</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/mercurial" auto="yes" arch="*">
+      <unaffected range="ge">3.8.4</unaffected>
+      <vulnerable range="lt">3.8.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mercurial is a distributed source control management system.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mercurial. Please
+      review the CVE identifier and bug reports referenced for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mercurial users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/mercurial-3.8.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9390">CVE-2014-9390</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9462">CVE-2014-9462</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3068">CVE-2016-3068</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3069">CVE-2016-3069</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3105">CVE-2016-3105</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3630">CVE-2016-3630</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-01-15T22:49:35Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-07T10:35:02Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-20.xml b/metadata/glsa/glsa-201612-20.xml
new file mode 100644
index 000000000000..52f2897a4fbd
--- /dev/null
+++ b/metadata/glsa/glsa-201612-20.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-20">
+  <title>jq: Buffer overflow</title>
+  <synopsis>A buffer overflow in jq might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">jq</product>
+  <announced>2016-12-08</announced>
+  <revised count="1">2016-12-08</revised>
+  <bug>580606</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/jq" auto="yes" arch="*">
+      <unaffected range="ge">1.5-r2</unaffected>
+      <vulnerable range="lt">1.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>jq is a lightweight and flexible command-line JSON processor.</p>
+  </background>
+  <description>
+    <p>An off-by-one error was discovered in the tokenadd function in
+      jv_parse.c which triggers a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could trick a victim into processing a specially
+      crafted JSON file, possibly resulting in the execution of arbitrary code
+      with the privileges of the process.  Additionally, a remote attacker
+      could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All jq users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/jq-1.5-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8863">
+      CVE-2015-8863
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-29T20:07:39Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-08T13:09:23Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-21.xml b/metadata/glsa/glsa-201612-21.xml
new file mode 100644
index 000000000000..94e81b4c40ff
--- /dev/null
+++ b/metadata/glsa/glsa-201612-21.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-21">
+  <title>SQLite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in SQLite, the worst of which
+    may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2016-12-08</announced>
+  <revised count="1">2016-12-08</revised>
+  <bug>549258</bug>
+  <bug>574420</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.11.1</unaffected>
+      <vulnerable range="lt">3.11.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SQLite. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sqlite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.11.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7036">
+      CVE-2015-7036
+    </uri>
+    <uri link="https://blog.fuzzing-project.org/10-Two-invalid-read-errors-heap-overflows-in-SQLite-TFPA-0062015.html">
+      Two invalid read errors / heap overflows in SQLite (TFPA 006/2015)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-29T20:57:30Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-08T13:10:39Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-22.xml b/metadata/glsa/glsa-201612-22.xml
new file mode 100644
index 000000000000..68fd11fda33d
--- /dev/null
+++ b/metadata/glsa/glsa-201612-22.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-22">
+  <title>Coreutils: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Coreutils could lead to the execution of
+    arbitrary code or a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">coreutils</product>
+  <announced>2016-12-08</announced>
+  <revised count="1">2016-12-08</revised>
+  <bug>530514</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/coreutils" auto="yes" arch="*">
+      <unaffected range="ge">8.23</unaffected>
+      <vulnerable range="lt">8.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Core Utilities are the basic file, shell and text manipulation
+      utilities of the GNU operating system.
+    </p>
+  </background>
+  <description>
+    <p>A memory corruption flaw in GNU Coreutils’ parse_datetime function was
+      reported. Applications using parse_datetime(), such as touch or date, may
+      accepted untrusted input.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Coreutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/coreutils-8.23"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9471">CVE-2014-9471</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-27T06:48:53Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-08T13:11:59Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-23.xml b/metadata/glsa/glsa-201612-23.xml
new file mode 100644
index 000000000000..323f43af94ce
--- /dev/null
+++ b/metadata/glsa/glsa-201612-23.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-23">
+  <title>socat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in socat, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">socat</product>
+  <announced>2016-12-08</announced>
+  <revised count="1">2016-12-08</revised>
+  <bug>573602</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/socat" auto="yes" arch="*">
+      <unaffected range="ge">1.7.3.1</unaffected>
+      <vulnerable range="lt">1.7.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>socat is a multipurpose bidirectional relay, similar to netcat.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in socat. Please review
+      the references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or obtain confidential information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All socat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/socat-1.7.3.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2217">
+      CVE-2016-2217
+    </uri>
+    <uri link="http://www.dest-unreach.org/socat/contrib/socat-secadv7.html">
+      Socat security advisory 7
+    </uri>
+    <uri link="http://www.dest-unreach.org/socat/contrib/socat-secadv8.html">
+      Socat security advisory 8
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-29T20:50:25Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-08T13:12:54Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-24.xml b/metadata/glsa/glsa-201612-24.xml
new file mode 100644
index 000000000000..5ccca049c757
--- /dev/null
+++ b/metadata/glsa/glsa-201612-24.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-24">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Binutils, the worst of which
+    may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2016-12-08</announced>
+  <revised count="1">2016-12-08</revised>
+  <bug>526626</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.25</unaffected>
+      <vulnerable range="lt">2.25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, or overwrite arbitrary
+      files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.25"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8484">CVE-2014-8484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8485">CVE-2014-8485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8501">CVE-2014-8501</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8502">CVE-2014-8502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8503">CVE-2014-8503</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8504">CVE-2014-8504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8737">CVE-2014-8737</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8738">CVE-2014-8738</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-25T00:21:44Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-08T13:14:11Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-25.xml b/metadata/glsa/glsa-201612-25.xml
new file mode 100644
index 000000000000..141d6379cf35
--- /dev/null
+++ b/metadata/glsa/glsa-201612-25.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-25">
+  <title>CrackLib: Buffer overflow</title>
+  <synopsis>A vulnerability in CrackLib could lead to the execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">cracklib</product>
+  <announced>2016-12-08</announced>
+  <revised count="1">2016-12-08</revised>
+  <bug>591456</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/cracklib" auto="yes" arch="*">
+      <unaffected range="ge">2.9.6-r1</unaffected>
+      <vulnerable range="lt">2.9.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CrackLib is a library used to enforce strong passwords by comparing user
+      selected passwords to words in chosen word lists.
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow was discovered in the FascistGecosUser
+      function of lib/fascist.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could set a specially crafted GECOS field value in
+      “/etc/passwd”; possibly resulting in the execution of arbitrary code
+      with the privileges of the process, a Denial of Service condition, or the
+      escalation of privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CrackLib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/cracklib-2.9.6-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6318">CVE-2016-6318</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T02:46:03Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-08T13:55:10Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-26.xml b/metadata/glsa/glsa-201612-26.xml
new file mode 100644
index 000000000000..62f40195121b
--- /dev/null
+++ b/metadata/glsa/glsa-201612-26.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-26">
+  <title>OpenJPEG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJPEG, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">openjpeg</product>
+  <announced>2016-12-08</announced>
+  <revised count="1">2016-12-08</revised>
+  <bug>560632</bug>
+  <bug>572430</bug>
+  <bug>577608</bug>
+  <bug>594740</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openjpeg" auto="yes" arch="*">
+      <unaffected range="ge">2.1.1_p20160922</unaffected>
+      <unaffected range="rge">1.5.2</unaffected>
+      <vulnerable range="lt">2.1.1_p20160922</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJPEG is an open-source JPEG 2000 library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted JPEG
+      file, possibly resulting in execution of arbitrary code or a Denial of
+      Service condition. Furthermore, a remote attacker may be able to obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJPEG 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/openjpeg-2.1.1_p20160922:2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8871">CVE-2015-8871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1923">CVE-2016-1923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1924">CVE-2016-1924</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3181">CVE-2016-3181</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3182">CVE-2016-3182</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3183">CVE-2016-3183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7445">CVE-2016-7445</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-12-07T23:52:17Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-08T13:55:57Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-27.xml b/metadata/glsa/glsa-201612-27.xml
new file mode 100644
index 000000000000..3c3f12b80e2f
--- /dev/null
+++ b/metadata/glsa/glsa-201612-27.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-27">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
+    of which allows local users to escalate privileges.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2016-12-11</announced>
+  <revised count="2">2016-12-11</revised>
+  <bug>505274</bug>
+  <bug>537218</bug>
+  <bug>550964</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">4.3.28</unaffected>
+      <vulnerable range="lt">4.3.28</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
+      <unaffected range="ge">4.3.28</unaffected>
+      <vulnerable range="lt">4.3.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VirtualBox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local attackers could cause a Denial of Service condition, execute
+      arbitrary code, or escalate their privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VirtualBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-4.3.28"
+    </code>
+    
+    <p>All VirtualBox-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-4.3.28"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0981">CVE-2014-0981</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0983">CVE-2014-0983</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6588">CVE-2014-6588</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6589">CVE-2014-6589</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6590">CVE-2014-6590</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6595">CVE-2014-6595</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0377">CVE-2015-0377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0418">CVE-2015-0418</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0427">CVE-2015-0427</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456">CVE-2015-3456</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5608">CVE-2016-5608</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5610">CVE-2016-5610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5611">CVE-2016-5611</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5613">CVE-2016-5613</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-23T00:13:06Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-11T23:42:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-28.xml b/metadata/glsa/glsa-201612-28.xml
new file mode 100644
index 000000000000..bf5549836791
--- /dev/null
+++ b/metadata/glsa/glsa-201612-28.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-28">
+  <title>Docker: Privilege escalation</title>
+  <synopsis>A vulnerability in Docker could lead to the escalation of
+    privileges.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-12-11</announced>
+  <revised count="1">2016-12-11</revised>
+  <bug>581236</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/docker" auto="yes" arch="*">
+      <unaffected range="ge">1.11.0</unaffected>
+      <vulnerable range="lt">1.11.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Docker is the world’s leading software containerization platform.</p>
+  </background>
+  <description>
+    <p>Docker does not properly distinguish between numeric UIDs and string
+      usernames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local attackers could possibly escalate their privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Docker users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/docker-1.11.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3697">CVE-2016-3697</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-26T00:31:47Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-11T23:40:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-29.xml b/metadata/glsa/glsa-201612-29.xml
new file mode 100644
index 000000000000..9350c89cd6c9
--- /dev/null
+++ b/metadata/glsa/glsa-201612-29.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-29">
+  <title>libmms: Remote execution of arbitrary code</title>
+  <synopsis>A heap-based buffer overflow vulnerability in libmms might allow
+    remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libmms</product>
+  <announced>2016-12-11</announced>
+  <revised count="1">2016-12-11</revised>
+  <bug>507822</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libmms" auto="yes" arch="*">
+      <unaffected range="ge">0.6.4</unaffected>
+      <vulnerable range="lt">0.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libmms is a library for downloading (streaming) media files using the
+      mmst and mmsh protocols.
+    </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow was discovered in the get_answer function
+      within mmsh.c of libmms.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might send a specially crafted MMS over HTTP (MMSH)
+      response, possibly resulting in the remote execution of arbitrary code
+      with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libmms users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libmms-0.6.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2892">CVE-2014-2892</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-27T10:19:34Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-11T23:47:07Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-30.xml b/metadata/glsa/glsa-201612-30.xml
new file mode 100644
index 000000000000..73a16b2f3d01
--- /dev/null
+++ b/metadata/glsa/glsa-201612-30.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-30">
+  <title>SoX: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple heap overflows in SoX may allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">sox</product>
+  <announced>2016-12-11</announced>
+  <revised count="1">2016-12-11</revised>
+  <bug>533296</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/sox" auto="yes" arch="*">
+      <unaffected range="ge">14.4.2</unaffected>
+      <vulnerable range="lt">14.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SoX is a command line utility that can convert various formats of
+      computer audio files in to other formats.
+    </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow can be triggered when processing a
+      malicious NIST Sphere or WAV audio file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could coerce the victim to run SoX against their
+      malicious file. This may be leveraged by an attacker to gain control of
+      program execution with the privileges of the user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SoX users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/sox-14.4.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8145">
+      CVE-2014-8145
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-23T00:47:17Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-11T23:50:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-31.xml b/metadata/glsa/glsa-201612-31.xml
new file mode 100644
index 000000000000..86bd953b1a9d
--- /dev/null
+++ b/metadata/glsa/glsa-201612-31.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-31">
+  <title>exFAT: Multiple vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been found in exFAT allowing remote
+    attackers to execute arbitrary code or cause Denial of Service.
+  </synopsis>
+  <product type="ebuild"/>
+  <announced>2016-12-12</announced>
+  <revised count="1">2016-12-12</revised>
+  <bug>563936</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-fs/exfat-utils" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A full-featured exFAT file system implementation for Unix-like systems.</p>
+  </background>
+  <description>
+    <p>Two vulnerabilities were found in exFAT. A malformed input can cause a
+      write heap overflow or cause an endless loop.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code or cause Denial of
+      Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All exFAT users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/exfat-utils-1.2.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8026">CVE-2015-8026</uri>
+    <uri link="https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html">
+      Heap overflow and endless loop in exfatfsck / exfat-utils
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T02:26:18Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-12T00:14:52Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-32.xml b/metadata/glsa/glsa-201612-32.xml
new file mode 100644
index 000000000000..c02270863416
--- /dev/null
+++ b/metadata/glsa/glsa-201612-32.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-32">
+  <title>elfutils: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow vulnerability in elfutils might allow
+    remote attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">elfutils</product>
+  <announced>2016-12-13</announced>
+  <revised count="2">2016-12-13</revised>
+  <bug>507246</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/elfutils" auto="yes" arch="*">
+      <unaffected range="ge">0.159</unaffected>
+      <vulnerable range="lt">0.159</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Elfutils provides a library and utilities to access, modify and analyse
+      ELF objects.
+    </p>
+  </background>
+  <description>
+    <p>An integer overflow, in the check_section function of dwarf_begin_elf.c,
+      in the libdw library can lead to a heap-based buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in the execution of arbitrary code with the privileges
+      of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All elfutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/elfutils-0.159"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0172">CVE-2014-0172</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-22T14:55:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T06:58:39Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-33.xml b/metadata/glsa/glsa-201612-33.xml
new file mode 100644
index 000000000000..4b5e994731ec
--- /dev/null
+++ b/metadata/glsa/glsa-201612-33.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-33">
+  <title>GPL Ghostscript: User-assisted execution of arbitrary code</title>
+  <synopsis>An integer overflow in GPL Ghostscript may allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ghostscript-gpl</product>
+  <announced>2016-12-13</announced>
+  <revised count="2">2016-12-13</revised>
+  <bug>556316</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">9.09</unaffected>
+      <vulnerable range="lt">9.09</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+  </background>
+  <description>
+    <p>An integer overflow flaw was discovered that leads to an out-of-bounds
+      read and write in gs_ttf.ps.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in the execution of arbitrary code with the privileges
+      of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-9.09"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3228">CVE-2015-3228</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-22T15:13:30Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T06:58:50Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-34.xml b/metadata/glsa/glsa-201612-34.xml
new file mode 100644
index 000000000000..44b45188a6cf
--- /dev/null
+++ b/metadata/glsa/glsa-201612-34.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-34">
+  <title>systemd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in systemd, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">systemd</product>
+  <announced>2016-12-13</announced>
+  <revised count="2">2016-12-13</revised>
+  <bug>486904</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/systemd" auto="yes" arch="*">
+      <unaffected range="ge">208</unaffected>
+      <vulnerable range="lt">208</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A system and service manager.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in systemd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, or gain escalated
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All systemd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/systemd-208"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4391">CVE-2013-4391</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4393">CVE-2013-4393</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4394">CVE-2013-4394</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-23T20:50:18Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T06:59:01Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-35.xml b/metadata/glsa/glsa-201612-35.xml
new file mode 100644
index 000000000000..60f7a0108c01
--- /dev/null
+++ b/metadata/glsa/glsa-201612-35.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-35">
+  <title>XStream: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability in XStream may allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">xstream</product>
+  <announced>2016-12-13</announced>
+  <revised count="2">2016-12-13</revised>
+  <bug>497652</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/xstream" auto="yes" arch="*">
+      <unaffected range="ge">1.4.8-r1</unaffected>
+      <vulnerable range="lt">1.4.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>XStream is a simple library to serialize objects to XML and back again.</p>
+  </background>
+  <description>
+    <p>It was found that XStream would deserialize arbitrary user-supplied XML
+      content, thus representing objects of any type.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could pass a specially crafted XML document to
+      XStream, possibly resulting in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All XStream users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/xstream-1.4.8-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7285">CVE-2013-7285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-29T21:29:45Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T06:59:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-36.xml b/metadata/glsa/glsa-201612-36.xml
new file mode 100644
index 000000000000..47e4377b16fe
--- /dev/null
+++ b/metadata/glsa/glsa-201612-36.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-36">
+  <title>TigerVNC: Integer overflow</title>
+  <synopsis>An integer overflow in TigerVNC might allow remote attackers to
+    execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">tigervnc</product>
+  <announced>2016-12-13</announced>
+  <revised count="2">2016-12-13</revised>
+  <bug>534714</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tigervnc" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TigerVNC is a high-performance VNC server/client.</p>
+  </background>
+  <description>
+    <p>TigerVNC is impacted by the same vulnerability as found in
+      CVE-2014-6051. An integer overflow, leading to a heap-based buffer
+      overflow, was found in the way screen sizes were handled.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, utilizing a malicious VNC server, could execute
+      arbitrary code with the privileges of the user running the client, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TigerVNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tigervnc-1.4.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6051">CVE-2014-6051</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8240">CVE-2014-8240</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-29T21:39:43Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T06:59:26Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-37.xml b/metadata/glsa/glsa-201612-37.xml
new file mode 100644
index 000000000000..fa0c99ee3b16
--- /dev/null
+++ b/metadata/glsa/glsa-201612-37.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-37">
+  <title>Pixman: Buffer overflow</title>
+  <synopsis>A buffer overflow in Pixman might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pixman</product>
+  <announced>2016-12-13</announced>
+  <revised count="2">2016-12-13</revised>
+  <bug>561526</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/pixman" auto="yes" arch="*">
+      <unaffected range="ge">0.32.8</unaffected>
+      <vulnerable range="lt">0.32.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pixman is a pixel manipulation library.</p>
+  </background>
+  <description>
+    <p>In pixman-general, careless computations done with the ‘dest_buffer’
+      pointer may overflow, failing the buffer upper limit check.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition, or
+      execute arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pixman users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pixman-0.32.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://lists.x.org/archives/xorg-announce/2015-September/002637.html">
+      Pixman 0.32.8 Release Notes
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-02-25T08:11:30Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T06:59:37Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-38.xml b/metadata/glsa/glsa-201612-38.xml
new file mode 100644
index 000000000000..536c19d3f08f
--- /dev/null
+++ b/metadata/glsa/glsa-201612-38.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-38">
+  <title>Botan: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Botan, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">botan</product>
+  <announced>2016-12-13</announced>
+  <revised count="2">2016-12-13</revised>
+  <bug>574034</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/botan" auto="yes" arch="*">
+      <unaffected range="ge">1.10.12</unaffected>
+      <vulnerable range="lt">1.10.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Botan (Japanese for peony) is a cryptography library written in C++11.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Botan. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Botan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/botan-1.10.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2194">CVE-2016-2194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2195">CVE-2016-2195</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-29T22:26:17Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T06:59:50Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-39.xml b/metadata/glsa/glsa-201612-39.xml
new file mode 100644
index 000000000000..0de7128fb700
--- /dev/null
+++ b/metadata/glsa/glsa-201612-39.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-39">
+  <title>Bash: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Bash could potentially lead to arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">bash</product>
+  <announced>2016-12-13</announced>
+  <revised count="2">2016-12-13</revised>
+  <bug>594496</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-shells/bash" auto="yes" arch="*">
+      <unaffected range="ge">4.3_p46-r1</unaffected>
+      <vulnerable range="lt">4.3_p46-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bash is the standard GNU Bourne Again SHell.</p>
+  </background>
+  <description>
+    <p>A vulnerability was found in the way Bash expands $HOSTNAME. Injecting
+      malicious code into $HOSTNAME could cause it to run each time Bash
+      expands \h in the prompt string.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker controlling the system’s hostname (i.e. via DHCP)
+      could possibly execute arbitrary code with the privileges of the process,
+      or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.3_p46-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0634">CVE-2016-0634</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-23T02:45:43Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T07:00:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-40.xml b/metadata/glsa/glsa-201612-40.xml
new file mode 100644
index 000000000000..10e35dbf6dbd
--- /dev/null
+++ b/metadata/glsa/glsa-201612-40.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-40">
+  <title>SQUASHFS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SQUASHFS, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">squashfs-tools</product>
+  <announced>2016-12-13</announced>
+  <revised count="3">2016-12-14</revised>
+  <bug>427356</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-fs/squashfs-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.3</unaffected>
+      <vulnerable range="lt">4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squashfs is a compressed read-only filesystem for Linux. Squashfs is
+      intended for general read-only filesystem use, for archival use (i.e. in
+      cases where a .tar.gz file may be used), and in constrained block
+      device/memory systems (e.g. embedded systems) where low overhead is
+      needed.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SQUASHFS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted .sqsh
+      file using unsquashfs; possibly resulting in the execution of arbitrary
+      code with the privileges of the process, or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All squashfs-tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/squashfs-tools-4.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4024">CVE-2012-4024</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4025">CVE-2012-4025</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-29T23:27:04Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-14T10:21:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-41.xml b/metadata/glsa/glsa-201612-41.xml
new file mode 100644
index 000000000000..bd3ebba71b09
--- /dev/null
+++ b/metadata/glsa/glsa-201612-41.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-41">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2016-12-13</announced>
+  <revised count="3">2016-12-13</revised>
+  <bug>570034</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.4.10-r200</unaffected>
+      <vulnerable range="lt">2.4.10-r200</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers. It offers WebKit’s
+      full functionality and is useful in a wide range of systems from desktop
+      computers to embedded systems like phones, tablets, and televisions.
+      WebKitGTK+ is made by a lively community of developers and designers, who
+      hope to bring the web platform to everyone. It’s the official web
+      engine of the GNOME platform and is used in browsers such as Epiphany and
+      Midori.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can use multiple vectors to execute arbitrary code or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.4.10-r200"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4412">CVE-2014-4412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4413">CVE-2014-4413</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4414">CVE-2014-4414</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-03-12T11:54:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T13:01:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-42.xml b/metadata/glsa/glsa-201612-42.xml
new file mode 100644
index 000000000000..f8b02b1f6651
--- /dev/null
+++ b/metadata/glsa/glsa-201612-42.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-42">
+  <title>Zabbix: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Zabbix, the worst of
+    which may allow execution of arbitrary code. 
+  </synopsis>
+  <product type="ebuild">zabbix</product>
+  <announced>2016-12-13</announced>
+  <revised count="1">2016-12-13</revised>
+  <bug>582536</bug>
+  <bug>598762</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/zabbix" auto="yes" arch="*">
+      <unaffected range="ge">2.2.16</unaffected>
+      <vulnerable range="lt">2.2.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Zabbix is software for monitoring applications, networks, and servers.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Zabbix. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Zabbix users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/zabbix-2.2.16"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4338">CVE-2016-4338</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9140">CVE-2016-9140</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-21T02:35:28Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T11:41:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-43.xml b/metadata/glsa/glsa-201612-43.xml
new file mode 100644
index 000000000000..7f9be8c6037d
--- /dev/null
+++ b/metadata/glsa/glsa-201612-43.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-43">
+  <title>Node.js: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Node.js, the worst of
+    which can allow remote attackers to cause Denial of Service conditions.
+  </synopsis>
+  <product type="ebuild">nodejs</product>
+  <announced>2016-12-13</announced>
+  <revised count="1">2016-12-13</revised>
+  <bug>568900</bug>
+  <bug>586084</bug>
+  <bug>595256</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/nodejs" auto="yes" arch="*">
+      <unaffected range="rge">0.12.17</unaffected>
+      <unaffected range="ge">4.6.1</unaffected>
+      <vulnerable range="lt">4.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript
+      engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Node.js. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition, or
+      conduct man-in-the-middle attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Node.js 0.12.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/nodejs-0.12.17"
+    </code>
+    
+    <p>All Node.js 4.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/nodejs-4.6.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8027">CVE-2015-8027</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2086">CVE-2016-2086</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2216">CVE-2016-2216</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5325">CVE-2016-5325</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-07T07:02:17Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-13T14:35:08Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-44.xml b/metadata/glsa/glsa-201612-44.xml
new file mode 100644
index 000000000000..a8462bee0db5
--- /dev/null
+++ b/metadata/glsa/glsa-201612-44.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-44">
+  <title>Roundcube: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Roundcube could potentially lead to arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">roundcube</product>
+  <announced>2016-12-24</announced>
+  <revised count="1">2016-12-24</revised>
+  <bug>601410</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/roundcube" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3</unaffected>
+      <vulnerable range="lt">1.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Free and open source webmail software for the masses, written in PHP.</p>
+  </background>
+  <description>
+    <p>Roundcube, when no SMTP server is configured and the sendmail program is
+      enabled, does not properly restrict the use of custom envelope-from
+      addresses on the sendmail command line.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An authenticated remote attacker could possibly execute arbitrary code
+      with the privileges of the process, or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Don’t use a MTA (Mail Transfer Agent) in conjunction with Roundcube
+      which implements sendmail’s “-O” or “-X” parameter, or
+      configure Roundcube to use a SMTP server as recommended by upstream.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Roundcube users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/roundcube-1.2.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9920">CVE-2016-9920</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-12-23T15:26:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-24T06:42:27Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-45.xml b/metadata/glsa/glsa-201612-45.xml
new file mode 100644
index 000000000000..b8f482328991
--- /dev/null
+++ b/metadata/glsa/glsa-201612-45.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-45">
+  <title>Tor: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Tor, the worst of which
+    could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2016-12-24</announced>
+  <revised count="1">2016-12-24</revised>
+  <bug>591008</bug>
+  <bug>597394</bug>
+  <bug>597524</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.2.8.9</unaffected>
+      <vulnerable range="lt">0.2.8.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tor is an implementation of second generation Onion Routing, a
+      connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tor. Please review the
+      CVE identifier and change log referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tor-0.2.8.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8860">CVE-2016-8860</uri>
+    <uri link="https://raw.githubusercontent.com/torproject/tor/tor-0.2.8.9/ChangeLog">
+      Tor 0.2.8.9 Change Log
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-28T01:21:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-24T06:50:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-46.xml b/metadata/glsa/glsa-201612-46.xml
new file mode 100644
index 000000000000..6e02cb85b6c1
--- /dev/null
+++ b/metadata/glsa/glsa-201612-46.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-46">
+  <title>Xerces-C++: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xerces-C++, the worst
+    of which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xerces-c</product>
+  <announced>2016-12-24</announced>
+  <revised count="1">2016-12-24</revised>
+  <bug>575700</bug>
+  <bug>584506</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/xerces-c" auto="yes" arch="*">
+      <unaffected range="ge">3.1.4-r1</unaffected>
+      <vulnerable range="lt">3.1.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xerces-C++ is a validating XML parser written in a portable subset of
+      C++.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xerces-C++. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file, possibly resulting in the remote execution of arbitrary code with
+      the privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xerces-C++ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/xerces-c-3.1.4-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0729">CVE-2016-0729</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2099">CVE-2016-2099</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-10-15T11:41:27Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-24T07:11:18Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-47.xml b/metadata/glsa/glsa-201612-47.xml
new file mode 100644
index 000000000000..c7a6b9449fcf
--- /dev/null
+++ b/metadata/glsa/glsa-201612-47.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-47">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which may allow execution of arbitrary code with root privileges. 
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2016-12-24</announced>
+  <revised count="1">2016-12-24</revised>
+  <bug>568432</bug>
+  <bug>578004</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">4.2.11</unaffected>
+      <vulnerable range="lt">4.2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with root
+      privileges, cause a Denial of Service condition, conduct a
+      man-in-the-middle attack, obtain sensitive information, or bypass file
+      permissions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.2.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3223">CVE-2015-3223</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5252">CVE-2015-5252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5296">CVE-2015-5296</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5299">CVE-2015-5299</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5330">CVE-2015-5330</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7540">CVE-2015-7540</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8467">CVE-2015-8467</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2110">CVE-2016-2110</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2111">CVE-2016-2111</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2112">CVE-2016-2112</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2113">CVE-2016-2113</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2114">CVE-2016-2114</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2115">CVE-2016-2115</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2118">CVE-2016-2118</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-12-19T13:31:34Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-24T07:24:48Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-48.xml b/metadata/glsa/glsa-201612-48.xml
new file mode 100644
index 000000000000..6b43fffcaa30
--- /dev/null
+++ b/metadata/glsa/glsa-201612-48.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-48">
+  <title>Firejail: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in Firejail, the
+    worst of which may allow bypassing of sandbox protection.
+  </synopsis>
+  <product type="ebuild">firejail</product>
+  <announced>2016-12-27</announced>
+  <revised count="1">2016-12-27</revised>
+  <bug>601994</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/firejail" auto="yes" arch="*">
+      <unaffected range="ge">0.9.44.2</unaffected>
+      <vulnerable range="lt">0.9.44.2</vulnerable>
+    </package>
+    <package name="sys-apps/firejail-lts" auto="yes" arch="*">
+      <unaffected range="ge">0.9.38.6</unaffected>
+    </package>
+  </affected>
+  <background>
+    <p>A SUID program that reduces the risk of security breaches by restricting
+      the running environment of untrusted applications using Linux namespaces
+      and seccomp-bpf.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Firejail. Please review
+      upstream’s release notes below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly bypass sandbox protection, cause a
+      Denial of Service condition, or change a system’s DNS server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firejail users should switch to the newly added LTS version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-lts-0.9.38.6"
+    </code>
+    
+    <p>Users who want to stay on the current branch should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-0.9.44.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://firejail.wordpress.com/download-2/release-notes/">
+      Firejail Release Notes
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-12-05T02:08:23Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-27T00:43:05Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-49.xml b/metadata/glsa/glsa-201612-49.xml
new file mode 100644
index 000000000000..05f6ebd824e5
--- /dev/null
+++ b/metadata/glsa/glsa-201612-49.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-49">
+  <title>mod_wsgi: Privilege escalation</title>
+  <synopsis>A vulnerability in mod_wsgi could lead to privilege escalation.</synopsis>
+  <product type="ebuild">mod_wsgi</product>
+  <announced>2016-12-30</announced>
+  <revised count="1">2016-12-30</revised>
+  <bug>536270</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-apache/mod_wsgi" auto="yes" arch="*">
+      <unaffected range="ge">4.3.0</unaffected>
+      <vulnerable range="lt">4.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mod_wsgi is an Apache2 module for running Python WSGI applications.</p>
+  </background>
+  <description>
+    <p>mod_wsgi, when creating a daemon process group, does not properly handle
+      dropping group privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Context-dependent attackers could escalate privileges due to the
+      improper handling of group privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mod_wsgi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_wsgi-4.3.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8583">CVE-2014-8583</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-23T00:29:47Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-30T00:41:42Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-50.xml b/metadata/glsa/glsa-201612-50.xml
new file mode 100644
index 000000000000..0cf829c57da3
--- /dev/null
+++ b/metadata/glsa/glsa-201612-50.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-50">
+  <title>Openfire: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Openfire, the worst of
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">openfire</product>
+  <announced>2016-12-31</announced>
+  <revised count="1">2016-12-31</revised>
+  <bug>603604</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/openfire" auto="yes" arch="*">
+      <unaffected range="ge">4.1.0</unaffected>
+      <vulnerable range="lt">4.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Openfire (formerly Wildfire) is a cross-platform real-time collaboration
+      server based on the XMPP (Jabber) protocol.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Openfire. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could bypass the CSRF protection mechanism, conduct
+      Cross-Site Scripting attacks, or an authenticated remote attacker could
+      gain privileges while accessing Openfire’s web interface.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Openfire users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/openfire-4.1.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6972">CVE-2015-6972</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6973">CVE-2015-6973</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7707">CVE-2015-7707</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-12-31T00:17:25Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-31T06:27:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-51.xml b/metadata/glsa/glsa-201612-51.xml
new file mode 100644
index 000000000000..17a8201f4ee5
--- /dev/null
+++ b/metadata/glsa/glsa-201612-51.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-51">
+  <title>Icinga: Privilege escalation</title>
+  <synopsis>A vulnerability in Icinga could lead to privilege escalation.</synopsis>
+  <product type="ebuild">icinga</product>
+  <announced>2016-12-31</announced>
+  <revised count="1">2016-12-31</revised>
+  <bug>603534</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/icinga" auto="yes" arch="*">
+      <unaffected range="ge">1.13.4</unaffected>
+      <vulnerable range="lt">1.13.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Icinga is an open source computer system and network monitoring
+      application. It was originally created as a fork of the Nagios system
+      monitoring application in 2009.
+    </p>
+  </background>
+  <description>
+    <p>Icinga daemon was found to perform unsafe operations when handling the
+      log file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker, who either is already Icinga’s system user or
+      belongs to Icinga’s group, could potentially escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Icinga users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/icinga-1.13.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9566">CVE-2016-9566</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-12-30T23:44:53Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-31T06:37:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-52.xml b/metadata/glsa/glsa-201612-52.xml
new file mode 100644
index 000000000000..90321a68340c
--- /dev/null
+++ b/metadata/glsa/glsa-201612-52.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-52">
+  <title>Pillow: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Pillow, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pillow</product>
+  <announced>2016-12-31</announced>
+  <revised count="1">2016-12-31</revised>
+  <bug>507982</bug>
+  <bug>573958</bug>
+  <bug>599608</bug>
+  <bug>599610</bug>
+  <bug>599612</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-python/pillow" auto="yes" arch="*">
+      <unaffected range="ge">3.4.2</unaffected>
+      <vulnerable range="lt">3.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The friendly PIL fork.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pillow. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application, or obtain
+      sensitive information.
+    </p>
+    
+    <p>A remote attackers could execute arbitrary code with the privileges of
+      the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pillow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pillow-3.4.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1932">CVE-2014-1932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1933">CVE-2014-1933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0740">CVE-2016-0740</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0775">CVE-2016-0775</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2533">CVE-2016-2533</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4009">CVE-2016-4009</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9189">CVE-2016-9189</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9190">CVE-2016-9190</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-08-04T19:10:45Z">
+    keytoaster
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-31T14:15:38Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-53.xml b/metadata/glsa/glsa-201612-53.xml
new file mode 100644
index 000000000000..a459b2f4ff8b
--- /dev/null
+++ b/metadata/glsa/glsa-201612-53.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-53">
+  <title>CyaSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in CyaSSL, the worst of
+    which may allow attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">cyassl</product>
+  <announced>2016-12-31</announced>
+  <revised count="1">2016-12-31</revised>
+  <bug>507418</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/cyassl" auto="yes" arch="*">
+      <vulnerable range="rle">2.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CyaSSL is a small, fast, portable implementation of TLS/SSL for embedded
+      devices to the cloud.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in CyaSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, or conduct a
+      man-in-the-middle attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Upstream has discontinued the software in favor of wolfSSL. Therefore,
+      the CyaSSL package has been removed from the Gentoo repository and
+      current users are advised to unmerge the package.
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-libs/cyassl"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2896">CVE-2014-2896</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2897">CVE-2014-2897</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2898">CVE-2014-2898</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2899">CVE-2014-2899</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2900">CVE-2014-2900</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-23T15:11:37Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2016-12-31T14:47:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-54.xml b/metadata/glsa/glsa-201612-54.xml
new file mode 100644
index 000000000000..f6d3d7b96c68
--- /dev/null
+++ b/metadata/glsa/glsa-201612-54.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-54">
+  <title>Chicken: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chicken, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">chicken</product>
+  <announced>2016-12-31</announced>
+  <revised count="1">2016-12-31</revised>
+  <bug>467966</bug>
+  <bug>486350</bug>
+  <bug>510712</bug>
+  <bug>536448</bug>
+  <bug>552202</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-scheme/chicken" auto="yes" arch="*">
+      <unaffected range="ge">4.10.0-r1</unaffected>
+      <vulnerable range="lt">4.10.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chicken is a scheme interpreter and native scheme to C compiler.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chicken. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chicken users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-scheme/chicken-4.10.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2024">CVE-2013-2024</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4385">CVE-2013-4385</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3776">CVE-2014-3776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9651">CVE-2014-9651</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4556">CVE-2015-4556</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-21T14:54:52Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2016-12-31T15:19:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-55.xml b/metadata/glsa/glsa-201612-55.xml
new file mode 100644
index 000000000000..7cdd17a73e45
--- /dev/null
+++ b/metadata/glsa/glsa-201612-55.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-55">
+  <title>libjpeg-turbo: User-assisted execution of arbitrary code</title>
+  <synopsis>An out-of-bounds read in libjpeg-turbo might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libjpeg-turbo</product>
+  <announced>2016-12-31</announced>
+  <revised count="1">2016-12-31</revised>
+  <bug>585782</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
+      <unaffected range="ge">1.5.0</unaffected>
+      <vulnerable range="lt">1.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX,
+      SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and
+      decompression.
+    </p>
+  </background>
+  <description>
+    <p>The accelerated Huffman decoder was previously invoked if there were 128
+      bytes in the input buffer. However, it is possible to construct a JPEG
+      image with Huffman blocks &gt; 430 bytes in length. This release simply
+      increases the minimum buffer size for the accelerated Huffman decoder to
+      512 bytes, which should accommodate any possible input.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could coerce the victim to run a specially crafted
+      image file resulting in the execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libjpeg-turbo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libjpeg-turbo-1.5.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://wiki.mozilla.org/images/7/77/Libjpeg-turbo-report.pdf">
+      LJT-01-005
+    </uri>
+    <uri link="https://github.com/libjpeg-turbo/libjpeg-turbo/commit/0463f7c9aad060fcd56e98d025ce16185279e2bc">
+      Prevent overread when decoding malformed JPEG
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-20T06:32:59Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2016-12-31T15:38:15Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201612-56.xml b/metadata/glsa/glsa-201612-56.xml
new file mode 100644
index 000000000000..731137fb51ba
--- /dev/null
+++ b/metadata/glsa/glsa-201612-56.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-56">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could lead to the execution of arbitrary code on the host system.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2016-12-31</announced>
+  <revised count="2">2017-01-03</revised>
+  <bug>600382</bug>
+  <bug>600662</bug>
+  <bug>601248</bug>
+  <bug>601250</bug>
+  <bug>601986</bug>
+  <bug>603420</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.7.1-r4</unaffected>
+      <vulnerable range="lt">4.7.1-r4</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.7.1-r4</unaffected>
+      <vulnerable range="lt">4.7.1-r4</vulnerable>
+    </package>
+    <package name="app-emulation/xen-pvgrub" auto="yes" arch="*">
+      <unaffected range="ge">4.7.1-r1</unaffected>
+      <vulnerable range="lt">4.7.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process, could gain privileges on the host system,
+      cause a Denial of Service condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.7.1-r4"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.7.1-r4"
+    </code>
+    
+    <p>All Xen PvGrub users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-pvgrub-4.7.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10024">
+      CVE-2016-10024
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9377">CVE-2016-9377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9378">CVE-2016-9378</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9379">CVE-2016-9379</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9380">CVE-2016-9380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9381">CVE-2016-9381</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9382">CVE-2016-9382</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9383">CVE-2016-9383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9384">CVE-2016-9384</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9385">CVE-2016-9385</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9386">CVE-2016-9386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9637">CVE-2016-9637</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9815">CVE-2016-9815</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9816">CVE-2016-9816</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9817">CVE-2016-9817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9818">CVE-2016-9818</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9932">CVE-2016-9932</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-26T10:47:37Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-03T05:55:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-01.xml b/metadata/glsa/glsa-201701-01.xml
new file mode 100644
index 000000000000..35d3eababc52
--- /dev/null
+++ b/metadata/glsa/glsa-201701-01.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-01">
+  <title>MariaDB and MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MariaDB and MySQL, the
+    worst of which could lead to the remote execution of arbitrary code. 
+  </synopsis>
+  <product type="ebuild">mysql, mariadb</product>
+  <announced>2017-01-01</announced>
+  <revised count="2">2017-01-01</revised>
+  <bug>593584</bug>
+  <bug>593608</bug>
+  <bug>593614</bug>
+  <bug>593618</bug>
+  <bug>597538</bug>
+  <bug>598704</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge">10.0.28</unaffected>
+      <vulnerable range="lt">10.0.28</vulnerable>
+    </package>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.34</unaffected>
+      <vulnerable range="lt">5.6.34</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
+      enhanced, drop-in replacement for MySQL.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MariaDB and MySQL.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Attackers could execute arbitrary code, escalate privileges, and impact
+      availability via unspecified vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.0.28"
+    </code>
+    
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.34"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3492">CVE-2016-3492</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3495">CVE-2016-3495</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5507">CVE-2016-5507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5584">CVE-2016-5584</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5609">CVE-2016-5609</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5612">CVE-2016-5612</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5625">CVE-2016-5625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5626">CVE-2016-5626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5627">CVE-2016-5627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5628">CVE-2016-5628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5629">CVE-2016-5629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5630">CVE-2016-5630</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5631">CVE-2016-5631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5632">CVE-2016-5632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5633">CVE-2016-5633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5634">CVE-2016-5634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5635">CVE-2016-5635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6652">CVE-2016-6652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6662">CVE-2016-6662</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8283">CVE-2016-8283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8284">CVE-2016-8284</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8286">CVE-2016-8286</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8287">CVE-2016-8287</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8288">CVE-2016-8288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8289">CVE-2016-8289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8290">CVE-2016-8290</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-19T05:29:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T13:32:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-02.xml b/metadata/glsa/glsa-201701-02.xml
new file mode 100644
index 000000000000..35de6fc88b65
--- /dev/null
+++ b/metadata/glsa/glsa-201701-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-02">
+  <title>Bash: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Bash, the worst of which may
+    allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">bash</product>
+  <announced>2017-01-01</announced>
+  <revised count="1">2017-01-01</revised>
+  <bug>595268</bug>
+  <bug>600174</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-shells/bash" auto="yes" arch="*">
+      <unaffected range="ge">4.3_p48-r1</unaffected>
+      <vulnerable range="lt">4.3_p48-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bash is the standard GNU Bourne Again SHell.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Bash. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-4.3_p48-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7543">CVE-2016-7543</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9401">CVE-2016-9401</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-21T09:45:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T13:44:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-03.xml b/metadata/glsa/glsa-201701-03.xml
new file mode 100644
index 000000000000..17a9c833f1cf
--- /dev/null
+++ b/metadata/glsa/glsa-201701-03.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-03">
+  <title>libarchive: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libarchive, the worst
+    of which allows for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libarchive</product>
+  <announced>2017-01-01</announced>
+  <revised count="1">2017-01-01</revised>
+  <bug>548110</bug>
+  <bug>552646</bug>
+  <bug>582526</bug>
+  <bug>586086</bug>
+  <bug>586182</bug>
+  <bug>596568</bug>
+  <bug>598950</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/libarchive" auto="yes" arch="*">
+      <unaffected range="ge">3.2.2</unaffected>
+      <vulnerable range="lt">3.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libarchive is a library for manipulating different streaming archive
+      formats, including certain tar variants, several cpio formats, and both
+      BSD and GNU ar variants.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libarchive. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive file possibly resulting in the execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libarchive users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/libarchive-3.2.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2304">CVE-2015-2304</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8915">CVE-2015-8915</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8916">CVE-2015-8916</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8917">CVE-2015-8917</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8918">CVE-2015-8918</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8919">CVE-2015-8919</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8920">CVE-2015-8920</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8921">CVE-2015-8921</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8922">CVE-2015-8922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8923">CVE-2015-8923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8924">CVE-2015-8924</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8925">CVE-2015-8925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8926">CVE-2015-8926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8927">CVE-2015-8927</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8928">CVE-2015-8928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8929">CVE-2015-8929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8930">CVE-2015-8930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8931">CVE-2015-8931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8932">CVE-2015-8932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8933">CVE-2015-8933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8934">CVE-2015-8934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1541">CVE-2016-1541</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4300">CVE-2016-4300</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4301">CVE-2016-4301</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4302">CVE-2016-4302</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4809">CVE-2016-4809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5418">CVE-2016-5418</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5844">CVE-2016-5844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6250">CVE-2016-6250</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7166">CVE-2016-7166</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8687">CVE-2016-8687</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8688">CVE-2016-8688</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8689">CVE-2016-8689</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-27T12:09:04Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T14:31:15Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-04.xml b/metadata/glsa/glsa-201701-04.xml
new file mode 100644
index 000000000000..1c0f8545941b
--- /dev/null
+++ b/metadata/glsa/glsa-201701-04.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-04">
+  <title>Mutt: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in Mutt might allow remote attackers
+    to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">mutt</product>
+  <announced>2017-01-01</announced>
+  <revised count="1">2017-01-01</revised>
+  <bug>530842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">1.5.23-r5</unaffected>
+      <vulnerable range="lt">1.5.23-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow was discovered in Mutt’s mutt_substrdup
+      function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-1.5.23-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9116">CVE-2014-9116</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-01T11:02:45Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T15:05:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-05.xml b/metadata/glsa/glsa-201701-05.xml
new file mode 100644
index 000000000000..7dc6c70320a1
--- /dev/null
+++ b/metadata/glsa/glsa-201701-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-05">
+  <title>BusyBox: Denial of service</title>
+  <synopsis>A vulnerability in BusyBox might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">busybox</product>
+  <announced>2017-01-01</announced>
+  <revised count="1">2017-01-01</revised>
+  <bug>590478</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/busybox" auto="yes" arch="*">
+      <unaffected range="ge">1.25.1</unaffected>
+      <vulnerable range="lt">1.25.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BusyBox is a set of tools for embedded systems and is a replacement for
+      GNU Coreutils.
+    </p>
+  </background>
+  <description>
+    <p>The recv_and_process_client_pkt function in networking/ntpd.c in BusyBox
+      allows remote attackers to cause a Denial of Service (CPU and bandwidth
+      consumption) via a forged NTP packet, which triggers a communication
+      loop.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might send a specially crafted package to a machine
+      running BusyBox ntpd, possibly resulting in a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BusyBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/busybox-1.25.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6301">CVE-2016-6301</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-01T12:19:19Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T15:33:56Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-06.xml b/metadata/glsa/glsa-201701-06.xml
new file mode 100644
index 000000000000..906cf6a707fb
--- /dev/null
+++ b/metadata/glsa/glsa-201701-06.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-06">
+  <title>e2fsprogs: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in e2fsprogs might allow local
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">e2fsprogs</product>
+  <announced>2017-01-01</announced>
+  <revised count="1">2017-01-01</revised>
+  <bug>538930</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-fs/e2fsprogs" auto="yes" arch="*">
+      <unaffected range="ge">1.42.12</unaffected>
+      <vulnerable range="lt">1.42.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4
+      file systems.
+    </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow was discovered in openfs.c in the libext2fs
+      library in e2fsprogs.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to use ext2fs library (for
+      example, fsck) on a specially crafted Ext2/3/4 file system possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All e2fsprogs users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/e2fsprogs-1.42.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0247">CVE-2015-0247</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-01T11:12:55Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T15:41:00Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-07.xml b/metadata/glsa/glsa-201701-07.xml
new file mode 100644
index 000000000000..82cb51f2d41e
--- /dev/null
+++ b/metadata/glsa/glsa-201701-07.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-07">
+  <title>Open vSwitch: Remote execution of arbitrary code</title>
+  <synopsis>A buffer overflow in Open vSwitch might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">openvswitch</product>
+  <announced>2017-01-01</announced>
+  <revised count="2">2017-01-01</revised>
+  <bug>577568</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openvswitch" auto="yes" arch="*">
+      <unaffected range="ge">2.5.0</unaffected>
+      <vulnerable range="lt">2.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Open vSwitch is a production quality multilayer virtual switch.</p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in lib/flow.c in ovs-vswitchd.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, using a specially crafted MPLS packet, could execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Open vSwitch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openvswitch-2.5.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2074">
+      CVE-2016-2074
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-01T12:31:09Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T16:00:54Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-08.xml b/metadata/glsa/glsa-201701-08.xml
new file mode 100644
index 000000000000..bb198141e59d
--- /dev/null
+++ b/metadata/glsa/glsa-201701-08.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-08">
+  <title>w3m: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in w3m, the worst of which
+    could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">w3m</product>
+  <announced>2017-01-01</announced>
+  <revised count="1">2017-01-01</revised>
+  <bug>579312</bug>
+  <bug>600176</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/w3m" auto="yes" arch="*">
+      <unaffected range="ge">0.5.3-r9</unaffected>
+      <vulnerable range="lt">0.5.3-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>w3m is a text based WWW browser.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in w3m. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition via a maliciously
+      crafted HTML file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All w3m users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/w3m-0.5.3-r9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9422">CVE-2016-9422</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9423">CVE-2016-9423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9424">CVE-2016-9424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9425">CVE-2016-9425</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9426">CVE-2016-9426</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9428">CVE-2016-9428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9429">CVE-2016-9429</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9430">CVE-2016-9430</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9431">CVE-2016-9431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9432">CVE-2016-9432</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9433">CVE-2016-9433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9434">CVE-2016-9434</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9435">CVE-2016-9435</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9436">CVE-2016-9436</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9437">CVE-2016-9437</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9438">CVE-2016-9438</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9439">CVE-2016-9439</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9440">CVE-2016-9440</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9441">CVE-2016-9441</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9442">CVE-2016-9442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9443">CVE-2016-9443</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-01T13:18:36Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T16:15:30Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-09.xml b/metadata/glsa/glsa-201701-09.xml
new file mode 100644
index 000000000000..bd878eeca82c
--- /dev/null
+++ b/metadata/glsa/glsa-201701-09.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-09">
+  <title>Xdg-Utils: Command injection</title>
+  <synopsis>A command injection vulnerability in Xdg-Utils may allow for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">xdg-utils</product>
+  <announced>2017-01-01</announced>
+  <revised count="1">2017-01-01</revised>
+  <bug>472888</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-misc/xdg-utils" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1</unaffected>
+      <vulnerable range="lt">1.1.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xdg-Utils is a set of tools allowing all applications to easily
+      integrate with the Free Desktop configuration.
+    </p>
+  </background>
+  <description>
+    <p>An eval injection vulnerability was discovered in Xdg-Utils.</p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could execute arbitrary code via the URL
+      argument to xdg-open.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xdg-Utils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-misc/xdg-utils-1.1.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9622">CVE-2014-9622</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-01T12:56:54Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-01T16:34:46Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-10.xml b/metadata/glsa/glsa-201701-10.xml
new file mode 100644
index 000000000000..7805cc14beb4
--- /dev/null
+++ b/metadata/glsa/glsa-201701-10.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-10">
+  <title>libotr, Pidgin OTR: Remote execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in libotr and Pidgin OTR,
+    allowing remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libotr, pidgin-otr</product>
+  <announced>2017-01-02</announced>
+  <revised count="1">2017-01-02</revised>
+  <bug>576914</bug>
+  <bug>576916</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libotr" auto="yes" arch="*">
+      <unaffected range="ge">4.1.1</unaffected>
+      <vulnerable range="lt">4.1.1</vulnerable>
+    </package>
+    <package name="x11-plugins/pidgin-otr" auto="yes" arch="*">
+      <unaffected range="ge">4.0.2</unaffected>
+      <vulnerable range="lt">4.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pidgin Off-the-Record (OTR) messaging allows you to have private
+      conversations over instant messaging. libotr is a portable off-the-record
+      messaging library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities exist in both libotr and Pidgin OTR. Please
+      review the CVE identifiers for more information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted message, possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libotr users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libotr-4.1.1"
+    </code>
+    
+    <p>All Pidgin OTR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-plugins/pidgin-otr-4.0.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8833">CVE-2015-8833</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2851">CVE-2016-2851</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-01T11:51:33Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-02T14:19:57Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-11.xml b/metadata/glsa/glsa-201701-11.xml
new file mode 100644
index 000000000000..09dc2a24cb38
--- /dev/null
+++ b/metadata/glsa/glsa-201701-11.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-11">
+  <title>musl: Integer overflow</title>
+  <synopsis>An integer overflow in musl might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">musl</product>
+  <announced>2017-01-02</announced>
+  <revised count="1">2017-01-02</revised>
+  <bug>597498</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/musl" auto="yes" arch="*">
+      <unaffected range="ge">1.1.15-r2</unaffected>
+      <vulnerable range="lt">1.1.15-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>musl is a “libc”, an implementation of the standard library
+      functionality described in the ISO C and POSIX standards, plus common
+      extensions, intended for use on Linux-based systems.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in musl’s tre_tnfa_run_parallel
+      function buffer overflow logic, due to the incorrect use of integer types
+      and missing overflow checks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, who controls the regular expression and/or string being
+      searched, could execute arbitrary code with the privileges of the
+      process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All musl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/musl-1.1.15-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8859">CVE-2016-8859</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-02T07:23:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-02T14:34:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-12.xml b/metadata/glsa/glsa-201701-12.xml
new file mode 100644
index 000000000000..baccd3426c72
--- /dev/null
+++ b/metadata/glsa/glsa-201701-12.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-12">
+  <title>memcached: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in memcached which could
+    lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">memcached</product>
+  <announced>2017-01-02</announced>
+  <revised count="1">2017-01-02</revised>
+  <bug>598836</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/memcached" auto="yes" arch="*">
+      <unaffected range="ge">1.4.33</unaffected>
+      <vulnerable range="lt">1.4.33</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>memcached is a high-performance, distributed memory object caching
+      system
+    </p>
+  </background>
+  <description>
+    <p>Multiple integer overflow vulnerabilities were discovered in memcached.
+      Please review the CVE identifiers and Cisco TALOS reports referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could abuse memcached’s binary protocol leading to
+      the remote execution of arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All memcached users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/memcached-1.4.33"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8704">CVE-2016-8704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8705">CVE-2016-8705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8706">CVE-2016-8706</uri>
+    <uri link="https://www.talosintelligence.com/reports/TALOS-2016-0219/">
+      TALOS-2016-0219
+    </uri>
+    <uri link="https://www.talosintelligence.com/reports/TALOS-2016-0220/">
+      TALOS-2016-0220
+    </uri>
+    <uri link="https://www.talosintelligence.com/reports/TALOS-2016-0221/">
+      TALOS-2016-0221
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-02T07:31:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-02T14:42:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-13.xml b/metadata/glsa/glsa-201701-13.xml
new file mode 100644
index 000000000000..d9d8ae425aa9
--- /dev/null
+++ b/metadata/glsa/glsa-201701-13.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-13">
+  <title>HDF5: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in HDF5 which could lead
+    to the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">hdf5</product>
+  <announced>2017-01-02</announced>
+  <revised count="1">2017-01-02</revised>
+  <bug>601404</bug>
+  <bug>601408</bug>
+  <bug>601414</bug>
+  <bug>601420</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sci-libs/hdf5" auto="yes" arch="*">
+      <unaffected range="ge">1.8.18</unaffected>
+      <vulnerable range="lt">1.8.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>HDF5 technology suite includes a data model, library, and file format
+      for storing and managing data.
+    </p>
+  </background>
+  <description>
+    <p>Multiple arbitrary code execution vulnerabilities have been discovered
+      in HDF5. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary code with the privileges of the
+      process via a maliciously crafted database file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All HDF5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sci-libs/hdf5-1.8.18"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4330">CVE-2016-4330</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4331">CVE-2016-4331</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4332">CVE-2016-4332</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4333">CVE-2016-4333</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-02T07:36:29Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-02T14:52:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-14.xml b/metadata/glsa/glsa-201701-14.xml
new file mode 100644
index 000000000000..0ef110bafb99
--- /dev/null
+++ b/metadata/glsa/glsa-201701-14.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-14">
+  <title>LZO: Multiple vulnerabilities</title>
+  <synopsis>An integer overflow in LZO might allow remote attackers to execute
+    arbitrary code or cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">lzo</product>
+  <announced>2017-01-02</announced>
+  <revised count="1">2017-01-02</revised>
+  <bug>515238</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/lzo" auto="yes" arch="*">
+      <unaffected range="ge">2.08</unaffected>
+      <vulnerable range="lt">2.08</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LZO is an extremely fast compression and decompression library</p>
+  </background>
+  <description>
+    <p>LZO is vulnerable to an integer overflow condition in the
+      “lzo1x_decompress_safe” function which could result in a possible
+      buffer overrun when processing maliciously crafted compressed input data.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send specially crafted compressed input data
+      possibly resulting in a Denial of Service condition or arbitrary code
+      execution.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LZO users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/lzo-2.08"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4607">CVE-2014-4607</uri>
+  </references>
+  <metadata tag="requester" timestamp="2014-07-10T05:18:15Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2017-01-02T15:16:02Z">
+    BlueKnight
+  </metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-15.xml b/metadata/glsa/glsa-201701-15.xml
new file mode 100644
index 000000000000..5370da49cb04
--- /dev/null
+++ b/metadata/glsa/glsa-201701-15.xml
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-15">
+  <title>Mozilla Firefox, Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Thunderbird the worst of which could lead to the execution of arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">firefox, thunderbird</product>
+  <announced>2017-01-03</announced>
+  <revised count="2">2017-01-04</revised>
+  <bug>581326</bug>
+  <bug>590330</bug>
+  <bug>594616</bug>
+  <bug>599924</bug>
+  <bug>601320</bug>
+  <bug>602576</bug>
+  <bug>604024</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">45.6.0</unaffected>
+      <vulnerable range="lt">45.6.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">45.6.0</unaffected>
+      <vulnerable range="lt">45.6.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">45.6.0</unaffected>
+      <vulnerable range="lt">45.6.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">45.6.0</unaffected>
+      <vulnerable range="lt">45.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a cross-platform web browser from Mozilla. The
+      Mozilla Thunderbird mail client is a redesign of the Mozilla Mail
+      component. The goal is to produce a cross-platform stand-alone mail
+      application using XUL (XML User Interface Language).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Thunderbird. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition via
+      multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-45.6.0"
+    </code>
+    
+    <p>All Firefox-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-45.6.0"
+    </code>
+    
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-45.6.0"
+    </code>
+    
+    <p>All Thunderbird-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-45.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2804">CVE-2016-2804</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2805">CVE-2016-2805</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2806">CVE-2016-2806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2807">CVE-2016-2807</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2808">CVE-2016-2808</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2809">CVE-2016-2809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2810">CVE-2016-2810</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2811">CVE-2016-2811</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2812">CVE-2016-2812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2813">CVE-2016-2813</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2814">CVE-2016-2814</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2816">CVE-2016-2816</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2817">CVE-2016-2817</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2820">CVE-2016-2820</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2827">CVE-2016-2827</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2830">CVE-2016-2830</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2835">CVE-2016-2835</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2836">CVE-2016-2836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2837">CVE-2016-2837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2838">CVE-2016-2838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2839">CVE-2016-2839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5250">CVE-2016-5250</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5251">CVE-2016-5251</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5252">CVE-2016-5252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5253">CVE-2016-5253</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5254">CVE-2016-5254</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5255">CVE-2016-5255</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5256">CVE-2016-5256</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5257">CVE-2016-5257</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5258">CVE-2016-5258</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5259">CVE-2016-5259</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5260">CVE-2016-5260</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5261">CVE-2016-5261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5262">CVE-2016-5262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5263">CVE-2016-5263</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5264">CVE-2016-5264</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5265">CVE-2016-5265</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5266">CVE-2016-5266</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5267">CVE-2016-5267</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5268">CVE-2016-5268</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5270">CVE-2016-5270</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5271">CVE-2016-5271</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5272">CVE-2016-5272</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5273">CVE-2016-5273</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5274">CVE-2016-5274</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5275">CVE-2016-5275</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5276">CVE-2016-5276</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5277">CVE-2016-5277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5278">CVE-2016-5278</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5279">CVE-2016-5279</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5280">CVE-2016-5280</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5281">CVE-2016-5281</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5282">CVE-2016-5282</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5283">CVE-2016-5283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5284">CVE-2016-5284</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5290">CVE-2016-5290</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5291">CVE-2016-5291</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5293">CVE-2016-5293</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5294">CVE-2016-5294</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5296">CVE-2016-5296</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5297">CVE-2016-5297</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9064">CVE-2016-9064</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9066">CVE-2016-9066</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074">CVE-2016-9074</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9079">CVE-2016-9079</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9893">CVE-2016-9893</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9895">CVE-2016-9895</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9897">CVE-2016-9897</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9898">CVE-2016-9898</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9899">CVE-2016-9899</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9900">CVE-2016-9900</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9901">CVE-2016-9901</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9902">CVE-2016-9902</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9904">CVE-2016-9904</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9905">CVE-2016-9905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-02T23:32:38Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-04T14:37:04Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-16.xml b/metadata/glsa/glsa-201701-16.xml
new file mode 100644
index 000000000000..b77224b5cb42
--- /dev/null
+++ b/metadata/glsa/glsa-201701-16.xml
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-16">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libTIFF, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2017-01-09</announced>
+  <revised count="2">2017-01-09</revised>
+  <bug>484542</bug>
+  <bug>534108</bug>
+  <bug>538318</bug>
+  <bug>561880</bug>
+  <bug>572876</bug>
+  <bug>585274</bug>
+  <bug>585508</bug>
+  <bug>599746</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">4.0.7</unaffected>
+      <vulnerable range="lt">4.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The TIFF library contains encoding and decoding routines for the Tag
+      Image File Format. It is called by numerous programs, including GNOME and
+      KDE applications, to interpret TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libTIFF. Please review
+      the CVE identifier and bug reports referenced for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      image file, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libTIFF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.0.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243">CVE-2013-4243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127">CVE-2014-8127</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128">CVE-2014-8128</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129">CVE-2014-8129</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130">CVE-2014-8130</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330">CVE-2014-9330</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655">CVE-2014-9655</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547">CVE-2015-1547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313">CVE-2015-7313</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554">CVE-2015-7554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665">CVE-2015-8665</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668">CVE-2015-8668</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683">CVE-2015-8683</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781">CVE-2015-8781</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782">CVE-2015-8782</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783">CVE-2015-8783</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784">CVE-2015-8784</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186">CVE-2016-3186</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619">CVE-2016-3619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620">CVE-2016-3620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621">CVE-2016-3621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622">CVE-2016-3622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623">CVE-2016-3623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624">CVE-2016-3624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625">CVE-2016-3625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631">CVE-2016-3631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632">CVE-2016-3632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633">CVE-2016-3633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634">CVE-2016-3634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658">CVE-2016-3658</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945">CVE-2016-3945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990">CVE-2016-3990</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991">CVE-2016-3991</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102">CVE-2016-5102</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314">CVE-2016-5314</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315">CVE-2016-5315</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316">CVE-2016-5316</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317">CVE-2016-5317</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318">CVE-2016-5318</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319">CVE-2016-5319</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320">CVE-2016-5320</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321">CVE-2016-5321</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322">CVE-2016-5322</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323">CVE-2016-5323</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652">CVE-2016-5652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875">CVE-2016-5875</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223">CVE-2016-6223</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331">CVE-2016-8331</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273">CVE-2016-9273</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297">CVE-2016-9297</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448">CVE-2016-9448</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453">CVE-2016-9453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532">CVE-2016-9532</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-11T05:00:13Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-09T20:05:48Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-17.xml b/metadata/glsa/glsa-201701-17.xml
new file mode 100644
index 000000000000..d06ac3aac8ac
--- /dev/null
+++ b/metadata/glsa/glsa-201701-17.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-17">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2017-01-10</announced>
+  <revised count="1">2017-01-10</revised>
+  <bug>602546</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">24.0.0.186</unaffected>
+      <vulnerable range="lt">24.0.0.186</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-24.0.0.186"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://helpx.adobe.com/security/products/flash-player/apsb16-39.html">
+      APSB16-39
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7867">CVE-2016-7867</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7868">CVE-2016-7868</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7869">CVE-2016-7869</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7870">CVE-2016-7870</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7871">CVE-2016-7871</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7872">CVE-2016-7872</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7873">CVE-2016-7873</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7874">CVE-2016-7874</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7875">CVE-2016-7875</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7876">CVE-2016-7876</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7877">CVE-2016-7877</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7878">CVE-2016-7878</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7879">CVE-2016-7879</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7880">CVE-2016-7880</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7881">CVE-2016-7881</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7890">CVE-2016-7890</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7892">CVE-2016-7892</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-08T17:46:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-10T13:49:58Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-18.xml b/metadata/glsa/glsa-201701-18.xml
new file mode 100644
index 000000000000..4f558ed96312
--- /dev/null
+++ b/metadata/glsa/glsa-201701-18.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-18">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2017-01-10</announced>
+  <revised count="2">2017-02-24</revised>
+  <bug>531002</bug>
+  <bug>585910</bug>
+  <bug>585946</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.12</unaffected>
+      <unaffected range="ge" slot="3.4">3.4.5</unaffected>
+      <vulnerable range="lt">3.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted index
+      file using Python’s dumbdbm module, possibly resulting in execution of
+      arbitrary code with the privileges of the process.
+    </p>
+    
+    <p>A remote attacker could entice a user to process a specially crafted
+      input stream using Python’s zipimporter module, possibly allowing
+      attackers to cause unspecified impact.
+    </p>
+    
+    <p>A man in the middle attacker could strip out the STARTTLS command
+      without generating an exception on the Python SMTP client application,
+      preventing the establishment of the TLS layer.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.12:2.7"
+    </code>
+    
+    <p>All Python 3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.4.5:3.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0772">CVE-2016-0772</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5636">CVE-2016-5636</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-03T06:13:03Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-24T10:28:53Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-19.xml b/metadata/glsa/glsa-201701-19.xml
new file mode 100644
index 000000000000..3fa8ee00af1e
--- /dev/null
+++ b/metadata/glsa/glsa-201701-19.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-19">
+  <title>NTFS-3G: Privilege escalation</title>
+  <synopsis>A vulnerability in NTFS-3G allows local users to gain root
+    privileges.
+  </synopsis>
+  <product type="ebuild">ntfs3g</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>550970</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/ntfs3g" auto="yes" arch="*">
+      <unaffected range="ge">2016.2.22</unaffected>
+      <vulnerable range="lt">2016.2.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTFS-3G is a stable, full-featured, read-write NTFS driver for various
+      operating systems.
+    </p>
+  </background>
+  <description>
+    <p>NTFS-3G is affected by the same vulnerability as reported in “GLSA
+      201603-04” when the bundled fuse-lite implementation is used.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local user could gain root privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time. However, on Gentoo when the
+      “external-fuse” USE flag is set or the “suid” USE flag is not set
+      then NTFS-3G is not affected. Both of these cases are the default
+      configuration.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All NTFS-3G users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/ntfs3g-2016.2.22"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3202">CVE-2015-3202</uri>
+    <uri link="https://security.gentoo.org/glsa/201603-04">GLSA 201603-04</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-09-07T01:46:01Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:04:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-20.xml b/metadata/glsa/glsa-201701-20.xml
new file mode 100644
index 000000000000..c20d60be2f82
--- /dev/null
+++ b/metadata/glsa/glsa-201701-20.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-20">
+  <title>D-Bus: Format string vulnerability</title>
+  <synopsis>A vulnerability has been found in D-Bus possibly resulting in a
+    local Denial of Service. 
+  </synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>596772</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.10.12</unaffected>
+      <vulnerable range="lt">1.10.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system, a simple way for applications to talk to
+      one another.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that D-Bus incorrectly handles certain format strings.</p>
+    
+    <p>The impact of this new vulnerability is believed to not be exploitable
+      if D-Bus is patched against CVE-2015-0245. The previous vulnerability
+      (CVE-2015-0245) was addressed in GLSA-201503-02 referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause a Denial of Service condition or possibly
+      execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>The vulnerable D-Bus interface is intended only for use by systemd
+      running as root.
+    </p>
+    
+    <p>The administrator can install a policy which denies sending from 
+      org.freedesktop.systemd1.Activator” to D-Bus. This will prevent
+      non-root attackers from reaching the interface in order to exercise this
+      flaw.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.10.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://security.gentoo.org/glsa/201503-02">GLSA-201503-02</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-08T23:47:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:08:23Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-21.xml b/metadata/glsa/glsa-201701-21.xml
new file mode 100644
index 000000000000..8c62edcc681e
--- /dev/null
+++ b/metadata/glsa/glsa-201701-21.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-21">
+  <title>Expat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Expat, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">expat</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>458742</bug>
+  <bug>555642</bug>
+  <bug>577928</bug>
+  <bug>583268</bug>
+  <bug>585510</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/expat" auto="yes" arch="*">
+      <unaffected range="ge">2.2.0-r1</unaffected>
+      <vulnerable range="lt">2.2.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Expat is a set of XML parsing libraries.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Expat. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted XML
+      file, could execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.  This attack could also be used
+      against automated systems that arbitrarily process XML files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Expat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/expat-2.2.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702">CVE-2012-6702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340">CVE-2013-0340</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283">CVE-2015-1283</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718">CVE-2016-0718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472">CVE-2016-4472</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300">CVE-2016-5300</uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-12-31T03:24:00Z">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:13:03Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-22.xml b/metadata/glsa/glsa-201701-22.xml
new file mode 100644
index 000000000000..150ddf5af5be
--- /dev/null
+++ b/metadata/glsa/glsa-201701-22.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-22">
+  <title>NGINX: Privilege escalation</title>
+  <synopsis>Gentoo's NGINX ebuilds are vulnerable to privilege escalation due
+    to the way log files are handled.
+  </synopsis>
+  <product type="ebuild">nginx</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>605008</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge">1.10.2-r3</unaffected>
+      <vulnerable range="lt">1.10.2-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s default NGINX installation applied
+      similar problematic permissions on “/var/log/nginx” as Debian
+      (DSA-3701) and is therefore vulnerable to the same attack described in
+      CVE-2016-1247.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker, who either is already NGINX’s system user or belongs
+      to NGINX’s group, could potentially escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>Ensure that no untrusted user can create files in directories which are
+      used by NGINX (or an NGINX vhost) to store log files.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All NGINX users should upgrade to the latest ebuild revision:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.10.2-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1247">CVE-2016-1247</uri>
+    <uri link="https://www.debian.org/security/2016/dsa-3701">DSA-3701</uri>
+    <uri link="https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html">
+      Technical analysis
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-10T15:37:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:18:42Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-23.xml b/metadata/glsa/glsa-201701-23.xml
new file mode 100644
index 000000000000..fcfad15126b6
--- /dev/null
+++ b/metadata/glsa/glsa-201701-23.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-23">
+  <title>Botan: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Botan, the worst of
+    which might allow remote attackers to obtain ECDSA secret keys.
+  </synopsis>
+  <product type="ebuild">botan</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>581324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/botan" auto="yes" arch="*">
+      <unaffected range="ge">1.10.13</unaffected>
+      <vulnerable range="lt">1.10.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Botan (Japanese for peony) is a cryptography library written in C++11.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Botan. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might obtain ECDSA secret keys via a timing
+      side-channel attack or could possibly bypass TLS policy.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Botan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/botan-1.10.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2849">CVE-2016-2849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2850">CVE-2016-2850</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-09T17:45:34Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:23:40Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-24.xml b/metadata/glsa/glsa-201701-24.xml
new file mode 100644
index 000000000000..922c053c1fc7
--- /dev/null
+++ b/metadata/glsa/glsa-201701-24.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-24">
+  <title>PgBouncer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PgBouncer, the worst of
+    which may allow an attacker to bypass authentication.
+  </synopsis>
+  <product type="ebuild">pgbouncer</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>550124</bug>
+  <bug>600184</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/pgbouncer" auto="yes" arch="*">
+      <unaffected range="ge">1.7.2</unaffected>
+      <vulnerable range="lt">1.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PgBouncer is a lightweight connection pooler for PostgreSQL.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PgBouncer. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might send a specially crafted package possibly
+      resulting in a Denial of Service condition. Furthermore, a remote
+      attacker might bypass authentication in configurations using the
+      “auth_user” feature.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PgBouncer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/pgbouncer-1.7.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4054">CVE-2015-4054</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6817">CVE-2015-6817</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-09T13:32:34Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:24:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-25.xml b/metadata/glsa/glsa-201701-25.xml
new file mode 100644
index 000000000000..e0badeacf665
--- /dev/null
+++ b/metadata/glsa/glsa-201701-25.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-25">
+  <title>phpBB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in phpBB, the worst of
+    which may allow remote attackers to inject arbitrary web script or HTML.
+  </synopsis>
+  <product type="ebuild">phpBB</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>538360</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phpBB" auto="yes" arch="*">
+      <vulnerable range="lt">3.1.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpBB is an Open Source bulletin board package.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in phpBB. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to change settings, inject arbitrary web
+      script or HTML, or conduct cross-site request forgery (CSRF) attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo Security support has been discontinued due to phpBB being dropped
+      to unstable. As such, we recommend that users unmerge phpBB:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-apps/phpBB"
+    </code>
+    
+    <p>NOTE: Users could alternatively upgrade to
+      “&gt;=www-apps/phpBB-3.1.10”, however, these packages are not
+      currently marked stable.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1431">CVE-2015-1431</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1432">CVE-2015-1432</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-08T20:58:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:26:07Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-26.xml b/metadata/glsa/glsa-201701-26.xml
new file mode 100644
index 000000000000..7a8fc557c10b
--- /dev/null
+++ b/metadata/glsa/glsa-201701-26.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-26">
+  <title>BIND: Denial of service</title>
+  <synopsis>A vulnerability in BIND might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>598750</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.10.4_p4</unaffected>
+      <vulnerable range="lt">9.10.4_p4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
+  </background>
+  <description>
+    <p>A defect in BIND’s handling of responses containing a DNAME answer can
+      cause a resolver to exit after encountering an assertion failure in db.c
+      or resolver.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted DNS request to the BIND
+      resolver possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BIND users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.10.4_p4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8864">CVE-2016-8864</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-04T02:59:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:27:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-27.xml b/metadata/glsa/glsa-201701-27.xml
new file mode 100644
index 000000000000..6ad0a2d1f143
--- /dev/null
+++ b/metadata/glsa/glsa-201701-27.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-27">
+  <title>7-Zip: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in 7-Zip, the worst of
+    which may allow execution of arbitrary code. 
+  </synopsis>
+  <product type="ebuild">7zip</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>582832</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/p7zip" auto="yes" arch="*">
+      <unaffected range="ge">16.02-r1</unaffected>
+      <vulnerable range="lt">16.02-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>7-Zip is an open-source file archiver, an application used primarily to
+      compress files. 7-Zip uses its own 7z archive format, but can read and
+      write several other archive formats.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in 7-Zip. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive file possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All 7-Zip users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/p7zip-16.02-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2334">CVE-2016-2334</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2335">CVE-2016-2335</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-09T17:11:43Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:28:26Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-28.xml b/metadata/glsa/glsa-201701-28.xml
new file mode 100644
index 000000000000..dcd73edbaaec
--- /dev/null
+++ b/metadata/glsa/glsa-201701-28.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-28">
+  <title>c-ares: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in c-ares might allow remote attackers
+    to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">c-ares</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>595536</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/c-ares" auto="yes" arch="*">
+      <unaffected range="ge">1.12.0</unaffected>
+      <vulnerable range="lt">1.12.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>c-ares is a C library for asynchronous DNS requests (including name
+      resolves).
+    </p>
+  </background>
+  <description>
+    <p>A hostname with an escaped trailing dot (such as “hello\.”) would
+      have its size calculated incorrectly leading to a single byte written
+      beyond the end of a buffer on the heap.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to provide a specially crafted hostname to an
+      application using c-ares, could potentially cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All c-ares users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/c-ares-1.12.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5180">CVE-2016-5180</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-09T14:14:23Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:29:54Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-29.xml b/metadata/glsa/glsa-201701-29.xml
new file mode 100644
index 000000000000..43a5c34c21ea
--- /dev/null
+++ b/metadata/glsa/glsa-201701-29.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-29">
+  <title>Vim, gVim: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in Vim and gVim concerning how
+    certain modeline options are treated.
+  </synopsis>
+  <product type="ebuild">vim, gvim</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>600650</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/vim" auto="yes" arch="*">
+      <unaffected range="ge">8.0.0106</unaffected>
+      <vulnerable range="lt">8.0.0106</vulnerable>
+    </package>
+    <package name="app-editors/gvim" auto="yes" arch="*">
+      <unaffected range="ge">8.0.0106</unaffected>
+      <vulnerable range="lt">8.0.0106</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Vim is an efficient, highly configurable improved version of the classic
+      ‘vi’ text editor. gVim is the GUI version of Vim.
+    </p>
+  </background>
+  <description>
+    <p>Vim and gVim do not properly validate values for the ‘filetype’,
+      ‘syntax’, and ‘keymap’ options.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using Vim/gVim with certain modeline options enabled possibly resulting
+      in execution of arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disabling modeline support in .vimrc by adding “set nomodeline” will
+      prevent exploitation of this flaw. By default, modeline is enabled for
+      ordinary users but disabled for root.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Vim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/vim-8.0.0106"
+    </code>
+    
+    <p>All gVim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/gvim-8.0.0106"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1248">CVE-2016-1248</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-09T17:07:43Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:33:33Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-30.xml b/metadata/glsa/glsa-201701-30.xml
new file mode 100644
index 000000000000..afb52bb3a8bf
--- /dev/null
+++ b/metadata/glsa/glsa-201701-30.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-30">
+  <title>vzctl: Security bypass</title>
+  <synopsis>A vulnerability in vzctl might allow attackers to gain control over
+    ploop containers.
+  </synopsis>
+  <product type="ebuild">vzctl</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>560522</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-cluster/vzctl" auto="yes" arch="*">
+      <unaffected range="ge">4.9.4</unaffected>
+      <vulnerable range="lt">4.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>vzctl is a set of control tools for the OpenVZ server virtualization
+      solution.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that vzctl determined the virtual environment (VE)
+      layout based on the presence of root.hdd/DiskDescriptor.xml in the VE
+      private directory.  This allows local simfs container (CT) root users to
+      change the root password for arbitrary ploop containers.  This is
+      demonstrated by a symlink attack on the ploop container root.hdd file
+      which can then be used to access a control panel.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker with root privileges, in a simfs-based container, could gain
+      control over ploop-based containers.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All vzctl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/vzctl-4.9.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6927">CVE-2015-6927</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-10T16:32:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:39:20Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-31.xml b/metadata/glsa/glsa-201701-31.xml
new file mode 100644
index 000000000000..57860d847a23
--- /dev/null
+++ b/metadata/glsa/glsa-201701-31.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-31">
+  <title>flex: Potential insecure code generation</title>
+  <synopsis>Flex might generate code with a buffer overflow making applications
+    using such scanners vulnerable to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">flex</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>589820</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-devel/flex" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1</unaffected>
+      <vulnerable range="lt">2.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>flex is a programming tool used to generate scanners (programs which
+      recognize lexical patterns in text).
+    </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow in the yy_get_next_buffer function in Flex
+      might allow context-dependent attackers to cause a denial of service or
+      possibly execute arbitrary code via vectors involving num_to_read.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Context-dependent attackers could cause a Denial of Service condition or
+      possibly execute arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All flex users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/flex-2.6.1"
+    </code>
+    
+    <p>Packages which depend on flex may need to be recompiled. Tools such as
+      qdepends (included in app-portage/portage-utils) may assist in
+      identifying these packages:
+    </p>
+    
+    <code>
+      # emerge --oneshot --ask --verbose $(qdepends -CQ sys-devel/flex | sed
+      's/^/=/')
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6354">CVE-2016-6354</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-09T14:07:40Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T12:41:44Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-32.xml b/metadata/glsa/glsa-201701-32.xml
new file mode 100644
index 000000000000..c752f69ed720
--- /dev/null
+++ b/metadata/glsa/glsa-201701-32.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-32">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in phpMyAdmin, the worst
+    of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">phpMyAdmin</product>
+  <announced>2017-01-11</announced>
+  <revised count="1">2017-01-11</revised>
+  <bug>586964</bug>
+  <bug>593582</bug>
+  <bug>600814</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">4.6.5.1</unaffected>
+      <vulnerable range="lt">4.6.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A authenticated remote attacker could exploit these vulnerabilities to
+      execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site
+      Scripting attacks.
+    </p>
+    
+    <p>In certain configurations, an unauthenticated remote attacker could
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.6.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4412">CVE-2016-4412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5097">CVE-2016-5097</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5098">CVE-2016-5098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5099">CVE-2016-5099</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5701">CVE-2016-5701</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5702">CVE-2016-5702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5703">CVE-2016-5703</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5704">CVE-2016-5704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5705">CVE-2016-5705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5706">CVE-2016-5706</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5730">CVE-2016-5730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5731">CVE-2016-5731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5732">CVE-2016-5732</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5733">CVE-2016-5733</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5734">CVE-2016-5734</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5739">CVE-2016-5739</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6606">CVE-2016-6606</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6607">CVE-2016-6607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6608">CVE-2016-6608</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6609">CVE-2016-6609</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6610">CVE-2016-6610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6611">CVE-2016-6611</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6612">CVE-2016-6612</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6613">CVE-2016-6613</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6614">CVE-2016-6614</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6615">CVE-2016-6615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6616">CVE-2016-6616</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6617">CVE-2016-6617</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6618">CVE-2016-6618</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6619">CVE-2016-6619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6620">CVE-2016-6620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6622">CVE-2016-6622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6623">CVE-2016-6623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6624">CVE-2016-6624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6625">CVE-2016-6625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6626">CVE-2016-6626</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6627">CVE-2016-6627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6628">CVE-2016-6628</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6629">CVE-2016-6629</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6630">CVE-2016-6630</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6631">CVE-2016-6631</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6632">CVE-2016-6632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6633">CVE-2016-6633</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9847">CVE-2016-9847</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9848">CVE-2016-9848</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9849">CVE-2016-9849</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9850">CVE-2016-9850</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9851">CVE-2016-9851</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9852">CVE-2016-9852</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9853">CVE-2016-9853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9854">CVE-2016-9854</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9855">CVE-2016-9855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9856">CVE-2016-9856</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9857">CVE-2016-9857</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9858">CVE-2016-9858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9859">CVE-2016-9859</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9860">CVE-2016-9860</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9861">CVE-2016-9861</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9862">CVE-2016-9862</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9863">CVE-2016-9863</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9864">CVE-2016-9864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9865">CVE-2016-9865</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9866">CVE-2016-9866</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-10T14:45:51Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-11T13:05:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-33.xml b/metadata/glsa/glsa-201701-33.xml
new file mode 100644
index 000000000000..c934ec19ed21
--- /dev/null
+++ b/metadata/glsa/glsa-201701-33.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-33">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in execution of arbitrary code or privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">postgres</product>
+  <announced>2017-01-12</announced>
+  <revised count="4">2017-01-12</revised>
+  <bug>562586</bug>
+  <bug>574456</bug>
+  <bug>602130</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.5">9.5.4</unaffected>
+      <unaffected range="ge" slot="9.4">9.4.9</unaffected>
+      <unaffected range="ge" slot="9.3">9.3.14</unaffected>
+      <unaffected range="ge" slot="9.2">9.2.18</unaffected>
+      <unaffected range="ge" slot="9.1">9.1.23</unaffected>
+      <vulnerable range="lt">9.5.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or
+      escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.4:9.5"
+    </code>
+    
+    <p>All PostgreSQL 9.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;dev-db/postgresql-9.4.9:9.4"
+    </code>
+    
+    <p>All PostgreSQL 9.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;dev-db/postgresql-9.3.14:9.3"
+    </code>
+    
+    <p>All PostgreSQL 9.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;dev-db/postgresql-9.2.18:9.2"
+    </code>
+    
+    <p>All PostgreSQL 9.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;dev-db/postgresql-9.1.23:9.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5288">CVE-2015-5288</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5289">CVE-2015-5289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0766">CVE-2016-0766</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0773">CVE-2016-0773</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5423">CVE-2016-5423</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5424">CVE-2016-5424</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-12T10:16:19Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-12T16:06:39Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-34.xml b/metadata/glsa/glsa-201701-34.xml
new file mode 100644
index 000000000000..59c71593f9c1
--- /dev/null
+++ b/metadata/glsa/glsa-201701-34.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-34">
+  <title>runC: Privilege escalation</title>
+  <synopsis>A vulnerability in runC could lead to privilege escalation.</synopsis>
+  <product type="ebuild">runc</product>
+  <announced>2017-01-12</announced>
+  <revised count="1">2017-01-12</revised>
+  <bug>605378</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/runc" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0_rc2-r2</unaffected>
+      <vulnerable range="lt">1.0.0_rc2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RunC is a CLI tool for spawning and running containers according to the
+      OCI specification.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in runC that allows additional container
+      processes via ‘runc exec’ to be ptraced by the pid 1 of the
+      container.  This allows the main processes of the container, if running
+      as root, to gain access to file-descriptors of these new processes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, who is able to successfully escape the container or modify
+      runC’s state before process initialization, could escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All runC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/runc-1.0.0_rc2-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9962">CVE-2016-9962</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-12T13:07:29Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-12T22:52:16Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-35.xml b/metadata/glsa/glsa-201701-35.xml
new file mode 100644
index 000000000000..3f6a9fb89d41
--- /dev/null
+++ b/metadata/glsa/glsa-201701-35.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-35">
+  <title>Mozilla SeaMonkey: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla SeaMonkey, the
+    worst of which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">seamonkey</product>
+  <announced>2017-01-13</announced>
+  <revised count="3">2017-01-13</revised>
+  <bug>539242</bug>
+  <bug>541506</bug>
+  <bug>574968</bug>
+  <bug>604500</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">2.46-r1</unaffected>
+      <vulnerable range="lt">2.46-r1</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.46</unaffected>
+      <vulnerable range="lt">2.46</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla SeaMonkey is a free and open-source Internet suite. It is the
+      continuation of the former Mozilla Application Suite, based on the same
+      source code.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla SeaMonkey.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla SeaMonkey users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-2.46-r1"
+    </code>
+    
+    <p>All Mozilla SeaMonkey-bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-2.46"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1521">CVE-2016-1521</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1521">CVE-2016-1521</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1522">CVE-2016-1522</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1522">CVE-2016-1522</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1526">CVE-2016-1526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1526">CVE-2016-1526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9079">CVE-2016-9079</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-30T12:33:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-13T15:14:27Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-36.xml b/metadata/glsa/glsa-201701-36.xml
new file mode 100644
index 000000000000..5ff07a59562d
--- /dev/null
+++ b/metadata/glsa/glsa-201701-36.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-36">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache, the worst of
+    which could lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2017-01-15</announced>
+  <revised count="02">2017-01-17</revised>
+  <bug>529130</bug>
+  <bug>589226</bug>
+  <bug>601736</bug>
+  <bug>603130</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.25</unaffected>
+      <vulnerable range="lt">2.4.25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the CVE identifiers, upstream Apache Software Foundation documentation,
+      and HTTPoxy website referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition via multiple
+      vectors or response splitting and cache pollution. Additionally, an
+      attacker could intercept unsecured (HTTP) transmissions via the HTTPoxy
+      vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.25"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://www.apache.org/security/asf-httpoxy-response.txt">Apache
+      Software Foundation Projects and "httpoxy" CERT VU #797896
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3583">CVE-2014-3583</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0736">CVE-2016-0736</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2161">CVE-2016-2161</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5387">CVE-2016-5387</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8740">CVE-2016-8740</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8743">CVE-2016-8743</uri>
+    <uri link="https://httpoxy.org/">HTTPoxy Website</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-01T05:14:20Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-01-17T12:28:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-37.xml b/metadata/glsa/glsa-201701-37.xml
new file mode 100644
index 000000000000..fd9f8eedafa1
--- /dev/null
+++ b/metadata/glsa/glsa-201701-37.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-37">
+  <title>libxml2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libxml2, the worst of
+    which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2017-01-16</announced>
+  <revised count="01">2017-01-16</revised>
+  <bug>564776</bug>
+  <bug>566374</bug>
+  <bug>572878</bug>
+  <bug>573820</bug>
+  <bug>577998</bug>
+  <bug>582538</bug>
+  <bug>582540</bug>
+  <bug>583888</bug>
+  <bug>589816</bug>
+  <bug>597112</bug>
+  <bug>597114</bug>
+  <bug>597116</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.4-r1</unaffected>
+      <vulnerable range="lt">2.9.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML (eXtended Markup Language) C parser and toolkit
+      initially developed for the Gnome project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxml2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to process a
+      specially crafted XML document, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.4-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819">CVE-2015-1819</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312">CVE-2015-5312</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497">CVE-2015-7497</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498">CVE-2015-7498</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499">CVE-2015-7499</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500">CVE-2015-7500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941">CVE-2015-7941</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942">CVE-2015-7942</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035">CVE-2015-8035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242">CVE-2015-8242</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806">CVE-2015-8806</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836">CVE-2016-1836</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838">CVE-2016-1838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839">CVE-2016-1839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840">CVE-2016-1840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073">CVE-2016-2073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627">CVE-2016-3627</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705">CVE-2016-3705</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483">CVE-2016-4483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658">CVE-2016-4658</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131">CVE-2016-5131</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-17T10:31:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-16T21:14:46Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-38.xml b/metadata/glsa/glsa-201701-38.xml
new file mode 100644
index 000000000000..f3b07b313147
--- /dev/null
+++ b/metadata/glsa/glsa-201701-38.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-38">
+  <title>Pidgin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Pidgin, the worst of
+    which could lead to execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pidgin</product>
+  <announced>2017-01-17</announced>
+  <revised count="01">2017-01-17</revised>
+  <bug>586698</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/pidgin" auto="yes" arch="*">
+      <unaffected range="ge">2.11.0</unaffected>
+      <vulnerable range="lt">2.11.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pidgin is a client for a variety of instant messaging protocols.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pidgin. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might send specially crafted data using the MXit
+      protocol, possibly resulting in the remote execution of arbitrary code
+      with the privileges of the process, a Denial of Service condition, or in
+      leaking confidential information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pidgin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.11.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000030">
+      CVE-2016-1000030
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2365">CVE-2016-2365</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2366">CVE-2016-2366</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2367">CVE-2016-2367</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2368">CVE-2016-2368</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2369">CVE-2016-2369</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2370">CVE-2016-2370</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2371">CVE-2016-2371</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2372">CVE-2016-2372</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2373">CVE-2016-2373</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2374">CVE-2016-2374</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2375">CVE-2016-2375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2376">CVE-2016-2376</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2377">CVE-2016-2377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2378">CVE-2016-2378</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2379">CVE-2016-2379</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2380">CVE-2016-2380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4323">CVE-2016-4323</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-16T06:16:34Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-17T03:34:45Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-39.xml b/metadata/glsa/glsa-201701-39.xml
new file mode 100644
index 000000000000..c38822187e7d
--- /dev/null
+++ b/metadata/glsa/glsa-201701-39.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-39">
+  <title>VLC: Buffer overflow</title>
+  <synopsis>A buffer overflow in VLC might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2017-01-17</announced>
+  <revised count="01">2017-01-17</revised>
+  <bug>584510</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">2.2.4</unaffected>
+      <vulnerable range="lt">2.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in the DecodeAdpcmImaQT function in
+      modules/codec/adpcm.c in the VideoLAN VLC media player.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to execute a specially crafted
+      QuickTime IMA file, could cause a Denial of Service condition or possibly
+      execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-2.2.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5108">CVE-2016-5108</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-15T19:15:46Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-17T03:38:25Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-40.xml b/metadata/glsa/glsa-201701-40.xml
new file mode 100644
index 000000000000..0b3807cbf402
--- /dev/null
+++ b/metadata/glsa/glsa-201701-40.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-40">
+  <title>xdelta: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in xdelta might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">xdelta</product>
+  <announced>2017-01-17</announced>
+  <revised count="01">2017-01-17</revised>
+  <bug>574408</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/xdelta" auto="yes" arch="*">
+      <unaffected range="ge">3.0.10</unaffected>
+      <vulnerable range="lt">3.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xdelta is a C library and command-line tool for delta compression using
+      VCDIFF/RFC 3284 streams.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow can be triggered within xdelta when ran against a
+      malicious input file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could coerce the victim to run xdelta against a
+      malicious input file. This may be leveraged by an attacker to crash
+      xdelta and gain control of program execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All xdelta users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/xdelta-3.0.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9765">
+      CVE-2014-9765
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-25T00:33:49Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-17T03:41:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-41.xml b/metadata/glsa/glsa-201701-41.xml
new file mode 100644
index 000000000000..7891231bfb79
--- /dev/null
+++ b/metadata/glsa/glsa-201701-41.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-41">
+  <title>MiniUPnPc: Buffer overflow</title>
+  <synopsis>A buffer overflow in MiniUPnPc might allow remote attackers to
+    cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">miniupnpc</product>
+  <announced>2017-01-17</announced>
+  <revised count="01">2017-01-17</revised>
+  <bug>512666</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/miniupnpc" auto="yes" arch="*">
+      <unaffected range="ge">1.9.20150427</unaffected>
+      <vulnerable range="lt">1.9.20150427</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>UPnP client library and a simple UPnP client.</p>
+  </background>
+  <description>
+    <p>An out-of-bounds read was discovered in the getHTTPResponse function in
+      miniwget.c in MiniUPnPc.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, through specially crafted headers, could cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MiniUPnPc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/miniupnpc-1.9.20150427"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3985">CVE-2014-3985</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-15T18:49:39Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-17T09:18:54Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-42.xml b/metadata/glsa/glsa-201701-42.xml
new file mode 100644
index 000000000000..d549793a079b
--- /dev/null
+++ b/metadata/glsa/glsa-201701-42.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-42">
+  <title>file: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in file, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2017-01-17</announced>
+  <revised count="01">2017-01-17</revised>
+  <bug>526544</bug>
+  <bug>538660</bug>
+  <bug>539106</bug>
+  <bug>579306</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.23</unaffected>
+      <vulnerable range="lt">5.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>file is a utility that guesses a file format by scanning binary data for
+      patterns.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in file. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to process a
+      specially crafted input file, possibly resulting in execution of
+      arbitrary code with the privileges of the process, a Denial of Service
+      condition or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.23"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710">CVE-2014-3710</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9652">CVE-2014-9652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9653">CVE-2014-9653</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865">CVE-2015-8865</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-23T00:36:33Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-17T09:20:27Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-43.xml b/metadata/glsa/glsa-201701-43.xml
new file mode 100644
index 000000000000..85e0d28f1602
--- /dev/null
+++ b/metadata/glsa/glsa-201701-43.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-43">
+  <title>IcedTea: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in IcedTea allowing remote
+    attackers to affect confidentiality, integrity, and availability through
+    various vectors.
+  </synopsis>
+  <product type="ebuild">icedtea, java</product>
+  <announced>2017-01-19</announced>
+  <revised count="01">2017-01-19</revised>
+  <bug>590590</bug>
+  <bug>600224</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="7">7.2.6.8</unaffected>
+      <unaffected range="ge" slot="8">3.2.0</unaffected>
+      <vulnerable range="lt">7.2.6.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy
+      configuration, compilation and distribution with the primary goal of
+      allowing inclusion in GNU/Linux distributions.
+    </p>
+  </background>
+  <description>
+    <p>Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot,
+      Libraries, and JAXP, exist which allows remote attackers to affect the
+      confidentiality, integrity, and availability of vulnerable systems. Many
+      of the vulnerabilities can only be exploited through sandboxed Java Web
+      Start applications and java applets. Please review the CVE identifiers
+      referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers may execute arbitrary code, compromise information, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All IcedTea-bin 7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-7.2.6.8:7"
+    </code>
+    
+    <p>All IcedTea-bin 3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-3.2.0:8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3458">CVE-2016-3458</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3485">CVE-2016-3485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3500">CVE-2016-3500</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3508">CVE-2016-3508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3550">CVE-2016-3550</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3587">CVE-2016-3587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3598">CVE-2016-3598</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3606">CVE-2016-3606</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3610">CVE-2016-3610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5542">CVE-2016-5542</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5554">CVE-2016-5554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5568">CVE-2016-5568</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5573">CVE-2016-5573</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5582">CVE-2016-5582</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5597">CVE-2016-5597</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-04T03:38:18Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-19T18:34:11Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-44.xml b/metadata/glsa/glsa-201701-44.xml
new file mode 100644
index 000000000000..e87cef4dfdda
--- /dev/null
+++ b/metadata/glsa/glsa-201701-44.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-44">
+  <title>CVS: Heap-based overflow</title>
+  <synopsis>A heap-based buffer overflow in CVS might allow remote attackers to
+    execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">cvs</product>
+  <announced>2017-01-19</announced>
+  <revised count="01">2017-01-19</revised>
+  <bug>402593</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/cvs" auto="yes" arch="*">
+      <unaffected range="ge">1.12.12-r11</unaffected>
+      <vulnerable range="lt">1.12.12-r11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CVS (Concurrent Versions System) is an open-source network-transparent
+      version control system. It contains both a client utility and a server.
+    </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow was discovered in the proxy_connect
+      function in src/client.c in CVS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, utilizing a remote HTTP proxy server, could cause a Denial
+      of Service condition or possibly execute arbitrary code via a crafted
+      HTTP response.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CVS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/cvs-1.12.12-r11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0804">CVE-2012-0804</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T08:43:18Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-19T19:06:48Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-45.xml b/metadata/glsa/glsa-201701-45.xml
new file mode 100644
index 000000000000..1b450aae06ac
--- /dev/null
+++ b/metadata/glsa/glsa-201701-45.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-45">
+  <title>irssi: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in irssi, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">irssi</product>
+  <announced>2017-01-19</announced>
+  <revised count="01">2017-01-19</revised>
+  <bug>604772</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/irssi" auto="yes" arch="*">
+      <unaffected range="ge">0.8.21</unaffected>
+      <vulnerable range="lt">0.8.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>irssi is a modular textUI IRC client with IPv6 support.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in irssi. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All irssi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/irssi-0.8.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5193">CVE-2017-5193</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5194">CVE-2017-5194</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5195">CVE-2017-5195</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5196">CVE-2017-5196</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T08:22:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-19T19:13:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-46.xml b/metadata/glsa/glsa-201701-46.xml
new file mode 100644
index 000000000000..53f0f0798b62
--- /dev/null
+++ b/metadata/glsa/glsa-201701-46.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-46">
+  <title>Mozilla Network Security Service (NSS): Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NSS, the worst of which
+    could allow remote attackers to obtain access to private key information.
+  </synopsis>
+  <product type="ebuild">mozilla, nss</product>
+  <announced>2017-01-19</announced>
+  <revised count="01">2017-01-19</revised>
+  <bug>550288</bug>
+  <bug>571086</bug>
+  <bug>604916</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.28</unaffected>
+      <vulnerable range="lt">3.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Mozilla Network Security Service (NSS) is a library implementing
+      security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
+      #12, S/MIME and X.509 certificates.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NSS. Please review the
+      CVE identifiers and technical papers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could conduct man-in-the-middle attacks, obtain access
+      to private key information, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NSS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.28"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721">CVE-2015-2721</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000">CVE-2015-4000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575">CVE-2015-7575</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938">CVE-2016-1938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5285">CVE-2016-5285</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8635">CVE-2016-8635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074">CVE-2016-9074</uri>
+    <uri link="https://www.mitls.org/pages/attacks/SLOTH">SLOTH Attack Technical
+      Paper
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-19T08:24:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-19T19:17:52Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-47.xml b/metadata/glsa/glsa-201701-47.xml
new file mode 100644
index 000000000000..bf2b45a0bb4d
--- /dev/null
+++ b/metadata/glsa/glsa-201701-47.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-47">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2017-01-19</announced>
+  <revised count="01">2017-01-19</revised>
+  <bug>536014</bug>
+  <bug>573102</bug>
+  <bug>583394</bug>
+  <bug>590482</bug>
+  <bug>592974</bug>
+  <bug>593716</bug>
+  <bug>597760</bug>
+  <bug>603370</bug>
+  <bug>603574</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.52.1</unaffected>
+      <vulnerable range="lt">7.52.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cURL is a tool and libcurl is a library for transferring data with URL
+      syntax.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers and bug reports referenced for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could conduct a Man-in-the-Middle attack to obtain
+      sensitive information, cause a Denial of Service condition, or execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.52.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8150">CVE-2014-8150</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8151">CVE-2014-8151</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0755">CVE-2016-0755</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3739">CVE-2016-3739</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5419">CVE-2016-5419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5420">CVE-2016-5420</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5421">CVE-2016-5421</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7141">CVE-2016-7141</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7167">CVE-2016-7167</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8615">CVE-2016-8615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8616">CVE-2016-8616</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8617">CVE-2016-8617</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8618">CVE-2016-8618</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8619">CVE-2016-8619</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8620">CVE-2016-8620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8621">CVE-2016-8621</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8622">CVE-2016-8622</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8623">CVE-2016-8623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8624">CVE-2016-8624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8625">CVE-2016-8625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9586">CVE-2016-9586</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9594">CVE-2016-9594</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-07-01T05:35:33Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-19T19:23:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-48.xml b/metadata/glsa/glsa-201701-48.xml
new file mode 100644
index 000000000000..1f2f527e7615
--- /dev/null
+++ b/metadata/glsa/glsa-201701-48.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-48">
+  <title>Quagga: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Quagga, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">quagga</product>
+  <announced>2017-01-21</announced>
+  <revised count="1">2017-01-21</revised>
+  <bug>581526</bug>
+  <bug>597410</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/quagga" auto="yes" arch="*">
+      <unaffected range="ge">1.1.0-r2</unaffected>
+      <vulnerable range="lt">1.1.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and
+      BGP.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Quagga. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted packet possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quagga users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-1.1.0-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1245">CVE-2016-1245</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4049">CVE-2016-4049</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-12-15T10:32:23Z">pinkbyte</metadata>
+  <metadata tag="submitter" timestamp="2017-01-21T05:46:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-49.xml b/metadata/glsa/glsa-201701-49.xml
new file mode 100644
index 000000000000..3951728a015c
--- /dev/null
+++ b/metadata/glsa/glsa-201701-49.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-49">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2017-01-23</announced>
+  <revised count="1">2017-01-23</revised>
+  <bug>598330</bug>
+  <bug>601450</bug>
+  <bug>601824</bug>
+  <bug>601826</bug>
+  <bug>601830</bug>
+  <bug>601832</bug>
+  <bug>602626</bug>
+  <bug>602628</bug>
+  <bug>602630</bug>
+  <bug>602632</bug>
+  <bug>602634</bug>
+  <bug>603444</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.8.0</unaffected>
+      <vulnerable range="lt">2.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A privileged user/process within a guest QEMU environment can cause a
+      Denial of Service condition against the QEMU guest process or the host.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.8.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10028">
+      CVE-2016-10028
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9101">CVE-2016-9101</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9776">CVE-2016-9776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9845">CVE-2016-9845</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9846">CVE-2016-9846</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9907">CVE-2016-9907</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9908">CVE-2016-9908</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9911">CVE-2016-9911</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9912">CVE-2016-9912</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9913">CVE-2016-9913</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9914">CVE-2016-9914</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9915">CVE-2016-9915</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9916">CVE-2016-9916</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9921">CVE-2016-9921</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9923">CVE-2016-9923</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-21T23:01:11Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T03:01:17Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-50.xml b/metadata/glsa/glsa-201701-50.xml
new file mode 100644
index 000000000000..69f904761062
--- /dev/null
+++ b/metadata/glsa/glsa-201701-50.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-50">
+  <title>PPP: Buffer overflow</title>
+  <synopsis>A buffer overflow in PPP might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ppp</product>
+  <announced>2017-01-23</announced>
+  <revised count="1">2017-01-23</revised>
+  <bug>546554</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/ppp" auto="yes" arch="*">
+      <unaffected range="ge">2.4.7-r3</unaffected>
+      <vulnerable range="lt">2.4.7-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PPP is a Unix implementation of the Point-to-Point Protocol</p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in the rc_mksid function in
+      plugins/radius/util.c in PPP when the PID for pppd is greater than 65535.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PPP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/ppp-2.4.7-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3310">CVE-2015-3310</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T22:55:39Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T03:15:31Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-51.xml b/metadata/glsa/glsa-201701-51.xml
new file mode 100644
index 000000000000..ec13c02e1614
--- /dev/null
+++ b/metadata/glsa/glsa-201701-51.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-51">
+  <title>DBD::mysql: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in DBD::mysql, the worst
+    of which might allow an attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">dbd,mysql</product>
+  <announced>2017-01-23</announced>
+  <revised count="2">2017-01-23</revised>
+  <bug>589818</bug>
+  <bug>596424</bug>
+  <bug>600180</bug>
+  <bug>601144</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-perl/DBD-mysql" auto="yes" arch="*">
+      <unaffected range="ge">4.41.0</unaffected>
+      <vulnerable range="lt">4.41.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL driver for the Perl5 Database Interface (DBI)</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in DBD::mysql. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a Denial of Service condition, execute arbitrary
+      code, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All DBD::mysql users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-perl/DBD-mysql-4.41.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8949">CVE-2015-8949</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1246">CVE-2016-1246</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1249">CVE-2016-1249</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1251">CVE-2016-1251</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-22T09:49:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T03:20:17Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-52.xml b/metadata/glsa/glsa-201701-52.xml
new file mode 100644
index 000000000000..9a8a2832fe2e
--- /dev/null
+++ b/metadata/glsa/glsa-201701-52.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-52">
+  <title>libupnp: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libupnp, the worst of
+    which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libupnp</product>
+  <announced>2017-01-23</announced>
+  <revised count="1">2017-01-23</revised>
+  <bug>589136</bug>
+  <bug>598202</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libupnp" auto="yes" arch="*">
+      <unaffected range="ge">1.6.21</unaffected>
+      <vulnerable range="lt">1.6.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libupnp is a portable, open source, UPnP development kit.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libupnp. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attack could arbitrarily write files to a users file system,
+      cause a Denial of Service condition, or execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libupnp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libupnp-1.6.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6255">CVE-2016-6255</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8863">CVE-2016-8863</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-19T08:52:15Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T03:28:22Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-53.xml b/metadata/glsa/glsa-201701-53.xml
new file mode 100644
index 000000000000..e56844dd4e5c
--- /dev/null
+++ b/metadata/glsa/glsa-201701-53.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-53">
+  <title>Lua: Buffer overflow</title>
+  <synopsis>A buffer overflow in Lua might allow context-dependent attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">lua</product>
+  <announced>2017-01-23</announced>
+  <revised count="1">2017-01-23</revised>
+  <bug>520480</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/lua" auto="yes" arch="*">
+      <unaffected range="ge">5.1.5-r4</unaffected>
+      <vulnerable range="lt">5.1.5-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Lua is a powerful, efficient, lightweight, embeddable scripting
+      language. It supports procedural programming, object-oriented
+      programming, functional programming, data-driven programming, and data
+      description.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in the vararg functions in ldo.c in
+      Lua.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Context-dependent could cause a Denial of Service condition or execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Lua users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/lua-5.1.5-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5461">CVE-2014-5461</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-19T10:51:05Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T03:32:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-54.xml b/metadata/glsa/glsa-201701-54.xml
new file mode 100644
index 000000000000..b4edd4cab9be
--- /dev/null
+++ b/metadata/glsa/glsa-201701-54.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-54">
+  <title>DCRaw: Buffer overflow</title>
+  <synopsis>A buffer overflow in DCRaw might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">dcraw</product>
+  <announced>2017-01-23</announced>
+  <revised count="1">2017-01-23</revised>
+  <bug>549336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/dcraw" auto="yes" arch="*">
+      <unaffected range="ge">9.26.0</unaffected>
+      <vulnerable range="lt">9.26.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Command-line decoder for raw digital photos.</p>
+  </background>
+  <description>
+    <p>An integer overflow was discovered in the ljpeg_start function in DCRaw.</p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to open a specially crafted image,
+      could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All DCRaw users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/dcraw-9.26.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3885">CVE-2015-3885</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T08:16:14Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T03:34:47Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-55.xml b/metadata/glsa/glsa-201701-55.xml
new file mode 100644
index 000000000000..6051775e456c
--- /dev/null
+++ b/metadata/glsa/glsa-201701-55.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-55">
+  <title>DirectFB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in DirectFB, all of which
+    could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">directfb</product>
+  <announced>2017-01-23</announced>
+  <revised count="1">2017-01-23</revised>
+  <bug>510472</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/DirectFB" auto="yes" arch="*">
+      <unaffected range="ge">1.7.5</unaffected>
+      <vulnerable range="lt">1.7.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>DirectFB (Direct Frame Buffer) is a set of graphics APIs implemented on
+      top of the Linux Frame Buffer (fbdev) abstraction layer.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in DirectFB. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition or execute
+      arbitrary code via the Voodoo interface.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All DirectFB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/DirectFB-1.7.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2977">CVE-2014-2977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2978">CVE-2014-2978</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T08:12:23Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T03:38:25Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-56.xml b/metadata/glsa/glsa-201701-56.xml
new file mode 100644
index 000000000000..c2b5d37e71d0
--- /dev/null
+++ b/metadata/glsa/glsa-201701-56.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-56">
+  <title>zlib: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in zlib, the worst of
+    which could allow attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">zlib</product>
+  <announced>2017-01-23</announced>
+  <revised count="1">2017-01-23</revised>
+  <bug>601828</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/zlib" auto="yes" arch="*">
+      <unaffected range="ge">1.2.9</unaffected>
+      <vulnerable range="lt">1.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>zlib is a widely used free and patent unencumbered data compression
+      library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in zlib. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All zlib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/zlib-1.2.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9840">CVE-2016-9840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9841">CVE-2016-9841</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9842">CVE-2016-9842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9843">CVE-2016-9843</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-16T18:59:28Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T03:40:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-57.xml b/metadata/glsa/glsa-201701-57.xml
new file mode 100644
index 000000000000..60f54bf99999
--- /dev/null
+++ b/metadata/glsa/glsa-201701-57.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-57">
+  <title>T1Lib: : Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in T1Lib, the worst
+    of which could lead to remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">t1lib</product>
+  <announced>2017-01-23</announced>
+  <revised count="1">2017-01-23</revised>
+  <bug>358667</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/t1lib" auto="yes" arch="*">
+      <unaffected range="ge">5.1.2-r1</unaffected>
+      <vulnerable range="lt">5.1.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in T1Lib. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by coercing users to process specially crafted AFM
+      font or PDF file, could cause a Denial of Service condition or execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All T1Lib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/t1lib-5.1.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2642">CVE-2010-2642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0433">CVE-2011-0433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0764">CVE-2011-0764</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1552">CVE-2011-1552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1553">CVE-2011-1553</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1554">CVE-2011-1554</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5244">CVE-2011-5244</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T03:19:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-23T22:39:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-58.xml b/metadata/glsa/glsa-201701-58.xml
new file mode 100644
index 000000000000..a435e49357e1
--- /dev/null
+++ b/metadata/glsa/glsa-201701-58.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-58">
+  <title>ICU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ICU, the worst of which
+    could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2017-01-24</announced>
+  <revised count="1">2017-01-24</revised>
+  <bug>589814</bug>
+  <bug>594494</bug>
+  <bug>601396</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">58.1</unaffected>
+      <vulnerable range="lt">58.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ICU is a mature, widely used set of C/C++ and Java libraries providing
+      Unicode and Globalization support for software applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ICU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition or possibly
+      have other unspecified impacts via a long locale string or
+      httpAcceptLanguage argument.  Additionally, A remote attacker, via a
+      specially crafted file, could cause an application using ICU to parse
+      untrusted font files resulting in a Denial of Service condition. 
+      Finally, remote attackers could affect confidentiality via unknown
+      vectors related to 2D.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ICU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-58.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632">CVE-2015-2632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6293">CVE-2016-6293</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7415">CVE-2016-7415</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-16T18:37:12Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-24T10:46:19Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-59.xml b/metadata/glsa/glsa-201701-59.xml
new file mode 100644
index 000000000000..e95c7ab9ffb5
--- /dev/null
+++ b/metadata/glsa/glsa-201701-59.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-59">
+  <title>ADOdb: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ADOdb, all of which
+    could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adodb</product>
+  <announced>2017-01-24</announced>
+  <revised count="1">2017-01-24</revised>
+  <bug>604714</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/adodb" auto="yes" arch="*">
+      <unaffected range="ge">5.20.9</unaffected>
+      <vulnerable range="lt">5.20.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ADOdb is an abstraction library for PHP creating a common API for a wide
+      range of database backends.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ADOdb. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, through the use of SQL injection or Cross Site
+      Scripting (XSS) attacks, could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ADOdb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/adodb-5.20.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4855">CVE-2016-4855</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7405">CVE-2016-7405</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-21T23:56:54Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-24T10:50:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-60.xml b/metadata/glsa/glsa-201701-60.xml
new file mode 100644
index 000000000000..4614c1f70fa9
--- /dev/null
+++ b/metadata/glsa/glsa-201701-60.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-60">
+  <title>LibRaw: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibRaw, the worst of
+    which may allow attackers to execute arbitrary code. 
+  </synopsis>
+  <product type="ebuild">libraw</product>
+  <announced>2017-01-24</announced>
+  <revised count="2">2017-04-30</revised>
+  <bug>549338</bug>
+  <bug>567254</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libraw" auto="yes" arch="*">
+      <unaffected range="ge">0.17.1</unaffected>
+      <vulnerable range="lt">0.17.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibRaw is a library for reading RAW files obtained from digital photo
+      cameras.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibRaw. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary code, cause a Denial of Service
+      condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibRaw users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libraw-0.17.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3885">CVE-2015-3885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8366">CVE-2015-8366</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8367">CVE-2015-8367</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T08:14:05Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-04-30T20:28:16Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-61.xml b/metadata/glsa/glsa-201701-61.xml
new file mode 100644
index 000000000000..968bb9830dc0
--- /dev/null
+++ b/metadata/glsa/glsa-201701-61.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-61">
+  <title>WebP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in WebP, the worst of
+    which could allow a remote attacker to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">webp</product>
+  <announced>2017-01-24</announced>
+  <revised count="3">2017-01-24</revised>
+  <bug>598208</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libwebp" auto="yes" arch="*">
+      <unaffected range="ge">0.5.2</unaffected>
+      <vulnerable range="lt">0.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebP is an image format employing both lossy and lossless compression.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebP’s gif2webp tool.
+      Please review the CVE identifier and bug reference for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      file using WebP’s gif2webp tool, could possibly cause a Denial of
+      Service condition or other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libwebp-0.5.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9085">CVE-2016-9085</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-19T08:48:39Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-24T11:09:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-62.xml b/metadata/glsa/glsa-201701-62.xml
new file mode 100644
index 000000000000..929967e87dee
--- /dev/null
+++ b/metadata/glsa/glsa-201701-62.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-62">
+  <title>Firejail: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in Firejail, the
+    worst of which may allow privilege escalation.
+  </synopsis>
+  <product type="ebuild">firejail</product>
+  <announced>2017-01-24</announced>
+  <revised count="2">2017-01-31</revised>
+  <bug>604758</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/firejail" auto="yes" arch="*">
+      <unaffected range="ge">0.9.44.4</unaffected>
+      <vulnerable range="lt">0.9.44.4</vulnerable>
+    </package>
+    <package name="sys-apps/firejail-lts" auto="yes" arch="*">
+      <unaffected range="ge">0.9.38.8</unaffected>
+      <vulnerable range="lt">0.9.38.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A SUID program that reduces the risk of security breaches by restricting
+      the running environment of untrusted applications using Linux namespaces
+      and seccomp-bpf.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Firejail. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly bypass sandbox protection, cause a Denial of
+      Service condition, or escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firejail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-0.9.44.4"
+    </code>
+    
+    <p>All Firejail-lts users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-lts-0.9.38.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5180">CVE-2017-5180</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5206">CVE-2017-5206</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5207">CVE-2017-5207</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-13T15:06:51Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-31T03:41:42Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-63.xml b/metadata/glsa/glsa-201701-63.xml
new file mode 100644
index 000000000000..9232730e0422
--- /dev/null
+++ b/metadata/glsa/glsa-201701-63.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-63">
+  <title>Graphite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Graphite, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">graphite</product>
+  <announced>2017-01-24</announced>
+  <revised count="1">2017-01-24</revised>
+  <bug>574276</bug>
+  <bug>576864</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphite2" auto="yes" arch="*">
+      <unaffected range="ge">1.3.7</unaffected>
+      <vulnerable range="lt">1.3.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Graphite is a “smart font” system developed specifically to handle
+      the complexities of lesser-known languages of the world.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Graphite. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Graphite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphite2-1.3.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1521">CVE-2016-1521</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1522">CVE-2016-1522</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1526">CVE-2016-1526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977">CVE-2016-1977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790">CVE-2016-2790</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791">CVE-2016-2791</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792">CVE-2016-2792</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793">CVE-2016-2793</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794">CVE-2016-2794</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795">CVE-2016-2795</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796">CVE-2016-2796</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797">CVE-2016-2797</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798">CVE-2016-2798</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799">CVE-2016-2799</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800">CVE-2016-2800</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801">CVE-2016-2801</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-06-30T12:16:41Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-24T16:36:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-64.xml b/metadata/glsa/glsa-201701-64.xml
new file mode 100644
index 000000000000..571344272467
--- /dev/null
+++ b/metadata/glsa/glsa-201701-64.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-64">
+  <title>X.Org X Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org X Server, the
+    worst of which may allow authenticated attackers to read from or send
+    information to arbitrary X11 clients.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2017-01-25</announced>
+  <revised count="1">2017-01-25</revised>
+  <bug>493294</bug>
+  <bug>548002</bug>
+  <bug>551680</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.18.4</unaffected>
+      <vulnerable range="lt">1.18.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org X Server. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An authenticated attacker could possibly cause a Denial of Service
+      condition or read from or send information to arbitrary X11 clients.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.18.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6424">CVE-2013-6424</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3164">CVE-2015-3164</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3418">CVE-2015-3418</uri>
+    <uri link="https://lists.x.org/archives/xorg-announce/2015-June/002611.html">
+      X.Org/Wayland Security Advisory: Missing authentication in XWayland
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2015-07-16T14:04:33Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-01-25T12:57:10Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-65.xml b/metadata/glsa/glsa-201701-65.xml
new file mode 100644
index 000000000000..bb5755927603
--- /dev/null
+++ b/metadata/glsa/glsa-201701-65.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-65">
+  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's JRE and JDK
+    software suites, the worst of which may allow execution of arbitrary code
+  </synopsis>
+  <product type="ebuild">jre,jdk,oracle</product>
+  <announced>2017-01-25</announced>
+  <revised count="1">2017-01-25</revised>
+  <bug>606118</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.121</unaffected>
+      <vulnerable range="lt">1.8.0.121</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.121</unaffected>
+      <vulnerable range="lt">1.8.0.121</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in in Oracle’s JRE and
+      JDK. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, gain access to information, or cause a Denial
+      of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JRE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.121"
+    </code>
+    
+    <p>All Oracle JDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.121"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183">CVE-2016-2183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5546">CVE-2016-5546</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5547">CVE-2016-5547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5548">CVE-2016-5548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5549">CVE-2016-5549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5552">CVE-2016-5552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8328">CVE-2016-8328</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3231">CVE-2017-3231</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3241">CVE-2017-3241</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3252">CVE-2017-3252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3253">CVE-2017-3253</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3259">CVE-2017-3259</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3260">CVE-2017-3260</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3261">CVE-2017-3261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3262">CVE-2017-3262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3272">CVE-2017-3272</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3289">CVE-2017-3289</uri>
+    <uri link="https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA">
+      Oracle Critical Patch Update Advisory - January 2017
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-21T22:56:38Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-25T13:04:35Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-66.xml b/metadata/glsa/glsa-201701-66.xml
new file mode 100644
index 000000000000..d2abbb68b113
--- /dev/null
+++ b/metadata/glsa/glsa-201701-66.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-66">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>607276</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">56.0.2924.76</unaffected>
+      <vulnerable range="lt">56.0.2924.76</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, bypass security restrictions, or perform
+      cross-site scripting (XSS).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-56.0.2924.76"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5006">CVE-2017-5006</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5007">CVE-2017-5007</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5008">CVE-2017-5008</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5009">CVE-2017-5009</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5010">CVE-2017-5010</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5011">CVE-2017-5011</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5012">CVE-2017-5012</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5013">CVE-2017-5013</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5014">CVE-2017-5014</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5015">CVE-2017-5015</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5016">CVE-2017-5016</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5017">CVE-2017-5017</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5018">CVE-2017-5018</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5019">CVE-2017-5019</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5020">CVE-2017-5020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5021">CVE-2017-5021</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5022">CVE-2017-5022</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5023">CVE-2017-5023</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5024">CVE-2017-5024</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5025">CVE-2017-5025</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5026">CVE-2017-5026</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-28T01:28:05Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T01:03:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-67.xml b/metadata/glsa/glsa-201701-67.xml
new file mode 100644
index 000000000000..9ae27ec661ce
--- /dev/null
+++ b/metadata/glsa/glsa-201701-67.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-67">
+  <title>a2ps: Arbitrary code execution</title>
+  <synopsis>A vulnerability in a2ps' fixps script might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">a2ps</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>506352</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/a2ps" auto="yes" arch="*">
+      <unaffected range="ge">4.14-r5</unaffected>
+      <vulnerable range="lt">4.14-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>a2ps is an Any to PostScript filter.</p>
+  </background>
+  <description>
+    <p>a2ps’ fixps script does not invoke gs with the -dSAFER option.</p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to process a specially crafted
+      PostScript file, could delete arbitrary files or execute arbitrary code
+      with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All a2ps users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/a2ps-4.14-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0466">CVE-2014-0466</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-24T18:44:55Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T16:07:45Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-68.xml b/metadata/glsa/glsa-201701-68.xml
new file mode 100644
index 000000000000..b3fbd87b2fbd
--- /dev/null
+++ b/metadata/glsa/glsa-201701-68.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-68">
+  <title>FreeImage: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeImage, the worst of
+    which may allow execution of arbitrary code
+  </synopsis>
+  <product type="ebuild">freeimage</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>559006</bug>
+  <bug>596350</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freeimage" auto="yes" arch="*">
+      <unaffected range="ge">3.15.4-r1</unaffected>
+      <vulnerable range="lt">3.15.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeImage is an Open Source library project for developers who would
+      like to support popular graphics image formats like PNG, BMP, JPEG, TIFF
+      and others as needed by today’s multimedia applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in in FreeImage. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      image file, could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeImage users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freeimage-3.15.4-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0852">CVE-2015-0852</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5684">CVE-2016-5684</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-23T08:24:46Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T16:12:52Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-69.xml b/metadata/glsa/glsa-201701-69.xml
new file mode 100644
index 000000000000..d7b22b3457ea
--- /dev/null
+++ b/metadata/glsa/glsa-201701-69.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-69">
+  <title>Ark: Unintended execution of scripts and executable files</title>
+  <synopsis>A vulnerability in Ark might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">ark</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>604846</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-apps/ark" auto="yes" arch="*">
+      <unaffected range="ge">16.08.3-r1</unaffected>
+      <vulnerable range="lt">16.08.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ark is a graphical file compression/decompression utility with support
+      for multiple formats.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in how Ark handles executable files while
+      browsing a compressed archive.  A user could unintentionally execute a
+      malicious script which has the executable bit set inside of the archive. 
+      This is due to Ark not displaying what files are executable and running
+      the associated applications for the file type upon execution.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by coercing a user to browse a malicious archive file
+      within Ark and execute certain files, could execute arbitrary code with
+      the privileges of the user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/ark-16.08.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5330">CVE-2017-5330</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-20T15:24:35Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T16:19:07Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-70.xml b/metadata/glsa/glsa-201701-70.xml
new file mode 100644
index 000000000000..4d198253f5e1
--- /dev/null
+++ b/metadata/glsa/glsa-201701-70.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-70">
+  <title>Firewalld: Improper authentication methods</title>
+  <synopsis>A vulnerability in Firewalld allows firewall configurations to be
+    modified by unauthenticated users.
+  </synopsis>
+  <product type="ebuild">firewalld</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>591458</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-firewall/firewalld" auto="yes" arch="*">
+      <unaffected range="ge">0.4.3.3</unaffected>
+      <vulnerable range="lt">0.4.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Firewalld provides a dynamically managed firewall with support for
+      network/firewall zones to define the trust level of network connections
+      or interfaces.
+    </p>
+  </background>
+  <description>
+    <p>A flaw in Firewalld allows any locally logged in user to tamper with or
+      change firewall settings.  This is due to how Firewalld handles
+      authentication via polkit which is not properly applied to 5 particular
+      functions to include: addPassthrough, removePassthrough, addEntry,
+      removeEntry, and setEntries.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could tamper or change firewall settings leading to the
+      additional exposure of systems to include unauthorized remote access.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firewalld users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-firewall/firewalld-0.4.3.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5410">CVE-2016-5410</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-04T03:14:04Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T16:21:27Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-71.xml b/metadata/glsa/glsa-201701-71.xml
new file mode 100644
index 000000000000..fa4bf6dcdf19
--- /dev/null
+++ b/metadata/glsa/glsa-201701-71.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-71">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ffmpeg</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>596760</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">2.8.10</unaffected>
+      <vulnerable range="lt">2.8.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition via various
+      crafted media file types or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-2.8.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7122">CVE-2016-7122</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7450">CVE-2016-7450</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7502">CVE-2016-7502</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7555">CVE-2016-7555</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7562">CVE-2016-7562</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7785">CVE-2016-7785</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7905">CVE-2016-7905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-19T09:23:50Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T16:22:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-72.xml b/metadata/glsa/glsa-201701-72.xml
new file mode 100644
index 000000000000..3eaad2a1d131
--- /dev/null
+++ b/metadata/glsa/glsa-201701-72.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-72">
+  <title>libXpm: Remote execution of arbitrary code</title>
+  <synopsis>An integer overflow in libXpm might allow remote attackers to
+    execute arbitrary code or cause a Denial of Service Condition.
+  </synopsis>
+  <product type="ebuild">libxpm</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>602782</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/libXpm" auto="yes" arch="*">
+      <unaffected range="ge">3.5.12</unaffected>
+      <vulnerable range="lt">3.5.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X PixMap image format is an extension of the monochrome X BitMap
+      format specified in the X protocol, and is commonly used in traditional X
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>An integer overflow was discovered in libXpm’s src/CrDatFrI.c file. 
+      On 64 bit systems, this allows an overflow to occur on 32 bit integers
+      while parsing XPM extensions in a file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted XPM
+      file, could execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libXpm users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXpm-3.5.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10164">
+      CVE-2016-10164
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-26T15:22:27Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T16:58:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-73.xml b/metadata/glsa/glsa-201701-73.xml
new file mode 100644
index 000000000000..4829edd6b258
--- /dev/null
+++ b/metadata/glsa/glsa-201701-73.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-73">
+  <title>SQUASHFS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in SQUASHFS, the
+    worst of which may allow execution of arbitrary code
+  </synopsis>
+  <product type="ebuild">squashfs</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>552484</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-fs/squashfs-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.3-r1</unaffected>
+      <vulnerable range="lt">4.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squashfs is a compressed read-only filesystem for Linux. Squashfs is
+      intended for general read-only filesystem use, for archival use (i.e. in
+      cases where a .tar.gz file may be used), and in constrained block
+      device/memory systems (e.g. embedded systems) where low overhead is
+      needed.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SQUASHFS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to process a specially crafted
+      SQUASHFS image, could execute arbitrary code with the privileges of the
+      process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQUASHFS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/squashfs-tools-4.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4645">CVE-2015-4645</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4646">CVE-2015-4646</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-19T10:43:44Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T16:58:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-74.xml b/metadata/glsa/glsa-201701-74.xml
new file mode 100644
index 000000000000..1e78425acae3
--- /dev/null
+++ b/metadata/glsa/glsa-201701-74.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-74">
+  <title>libpng: Remote execution of arbitrary code</title>
+  <synopsis>A null pointer dereference in libpng might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2017-01-29</announced>
+  <revised count="1">2017-01-29</revised>
+  <bug>604082</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge">1.6.27</unaffected>
+      <unaffected range="ge" slot="1.5">1.5.28</unaffected>
+      <unaffected range="ge" slot="1.2">1.2.57</unaffected>
+      <vulnerable range="lt">1.6.27</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpng is a standard library used to process PNG (Portable Network
+      Graphics) images. It is used by several programs, including web browsers
+      and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>A null pointer dereference was discovered in libpng in the
+      png_push_save_buffer function.  In order to be vulnerable, an application
+      has to load a text chunk into the PNG structure, then delete all text,
+      then add another text chunk to the same PNG structure, which seems to be
+      an unlikely sequence, but it is possible.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted PNG
+      file, could execute arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpng 1.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.6.27"
+    </code>
+    
+    <p>All libpng 1.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.5.28:1.5"
+    </code>
+    
+    <p>All libpng 1.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.2.57:1.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10087">
+      CVE-2016-10087
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T08:20:53Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-01-29T17:07:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-75.xml b/metadata/glsa/glsa-201701-75.xml
new file mode 100644
index 000000000000..c2cff29a36e5
--- /dev/null
+++ b/metadata/glsa/glsa-201701-75.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-75">
+  <title>Perl: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Perl, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2017-01-29</announced>
+  <revised count="2">2017-06-01</revised>
+  <bug>580612</bug>
+  <bug>588592</bug>
+  <bug>589680</bug>
+  <bug>606750</bug>
+  <bug>606752</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.22.3_rc4</unaffected>
+      <vulnerable range="lt">5.22.3_rc4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Perl is a highly capable, feature-rich programming language.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Perl. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or
+      escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.22.3_rc4"
+    </code>
+    
+    <p>Warning: When you are upgrading to a new major Perl version, the
+      commands above may not be sufficient. Please visit the Gentoo wiki
+      referenced below to learn how to upgrade to a new major Perl version.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8607">CVE-2015-8607</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8853">CVE-2015-8853</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1238">CVE-2016-1238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2381">CVE-2016-2381</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6185">CVE-2016-6185</uri>
+    <uri link="https://wiki.gentoo.org/wiki/Perl#Upgrading_.28major_version.29">
+      Gentoo Wiki: How to upgrade Perl
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-21T22:09:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-01T01:14:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-76.xml b/metadata/glsa/glsa-201701-76.xml
new file mode 100644
index 000000000000..70f5a763d6bd
--- /dev/null
+++ b/metadata/glsa/glsa-201701-76.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-76">
+  <title>HarfBuzz: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in HarfBuzz, the worst of
+    which could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">harfbuzz</product>
+  <announced>2017-01-31</announced>
+  <revised count="1">2017-01-31</revised>
+  <bug>572856</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/harfbuzz" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6</unaffected>
+      <vulnerable range="lt">1.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>HarfBuzz is an OpenType text shaping engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in HarfBuzz. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, through the use of crafted data, could cause a Denial
+      of Service condition or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All HarfBuzz users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/harfbuzz-1.0.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8947">CVE-2015-8947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2052">CVE-2016-2052</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T02:23:28Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-31T12:22:13Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201701-77.xml b/metadata/glsa/glsa-201701-77.xml
new file mode 100644
index 000000000000..7bb75b8c76d5
--- /dev/null
+++ b/metadata/glsa/glsa-201701-77.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201701-77">
+  <title>Ansible: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability in Ansible may allow rogue clients to execute
+    commands on the Ansible controller. 
+  </synopsis>
+  <product type="ebuild">ansible</product>
+  <announced>2017-01-31</announced>
+  <revised count="1">2017-01-31</revised>
+  <bug>605342</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/ansible" auto="yes" arch="*">
+      <unaffected range="ge">2.1.4.0_rc3</unaffected>
+      <unaffected range="ge">2.2.1.0_rc5</unaffected>
+      <vulnerable range="lt">2.1.4.0_rc3</vulnerable>
+      <vulnerable range="lt">2.2.1.0_rc5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ansible is a radically simple IT automation platform.</p>
+  </background>
+  <description>
+    <p>An input validation vulnerability was found in Ansible’s handling of
+      data sent from client systems.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker with control over a client system being managed by Ansible
+      and the ability to send facts back to the Ansible server could execute
+      arbitrary code on the Ansible server using the Ansible-server privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ansible 2.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/ansible-2.1.4.0_rc3"
+    </code>
+    
+    <p>All Ansible 2.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/ansible-2.2.1.0_rc5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9587">CVE-2016-9587</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T01:33:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-01-31T15:20:20Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-01.xml b/metadata/glsa/glsa-201702-01.xml
new file mode 100644
index 000000000000..c3c155acac87
--- /dev/null
+++ b/metadata/glsa/glsa-201702-01.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-01">
+  <title>PCSC-Lite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PCSC-Lite, the worst of
+    which could lead to privilege escalation. 
+  </synopsis>
+  <product type="ebuild">PCSC-Lite</product>
+  <announced>2017-02-01</announced>
+  <revised count="1">2017-02-01</revised>
+  <bug>604574</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/pcsc-lite" auto="yes" arch="*">
+      <unaffected range="ge">1.8.20</unaffected>
+      <vulnerable range="lt">1.8.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PCSC-Lite is a middleware to access a smart card using the SCard API
+      (PC/SC).
+    </p>
+  </background>
+  <description>
+    <p>The SCardReleaseContext function normally releases resources associated
+      with the given handle (including “cardsList”) and clients should
+      cease using this handle. However, a malicious client can make the daemon
+      invoke SCardReleaseContext and continue issuing other commands that use
+      “cardsList”, resulting in a use-after-free. When SCardReleaseContext
+      is invoked multiple times it additionally results in a double-free of
+      “cardsList”.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could use a malicious client to connect to pcscd’s
+      Unix socket, possibly resulting in a Denial of Service condition or
+      privilege escalation since the daemon is running as root.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCSC-Lite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/pcsc-lite-1.8.20"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10109">
+      CVE-2016-10109
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T01:16:33Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-01T02:32:53Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-02.xml b/metadata/glsa/glsa-201702-02.xml
new file mode 100644
index 000000000000..0850b4ed655e
--- /dev/null
+++ b/metadata/glsa/glsa-201702-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-02">
+  <title>RTMPDump: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in RTMPDump, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">rtmpdump</product>
+  <announced>2017-02-06</announced>
+  <revised count="1">2017-02-06</revised>
+  <bug>570242</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/rtmpdump" auto="yes" arch="*">
+      <unaffected range="ge">2.4_p20161210</unaffected>
+      <vulnerable range="lt">2.4_p20161210</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RTMPDump is an RTMP client intended to stream audio or video flash
+      content
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in RTMPDump.</p>
+    
+    <p>The following is a list of vulnerabilities fixed:</p>
+    
+    <ul>
+      <li>Additional decode input size checks</li>
+      <li>Ignore zero-length packets</li>
+      <li>Potential integer overflow in RTMPPacket_Alloc().</li>
+      <li>Obsolete RTMPPacket_Free() call left over from original C++ to C
+        rewrite
+      </li>
+      <li>AMFProp_GetObject must make sure the prop is actually an object</li>
+    </ul>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      flash file using RTMPDump. This could possibly result in the execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RTMPDump users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-video/rtmpdump-2.4_p20161210"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://www.openwall.com/lists/oss-security/2015/12/30/1">OSS ML
+      CVE Request
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-27T06:35:09Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-02-06T02:08:12Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-03.xml b/metadata/glsa/glsa-201702-03.xml
new file mode 100644
index 000000000000..443e7dc30829
--- /dev/null
+++ b/metadata/glsa/glsa-201702-03.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-03">
+  <title>Firejail: Privilege escalation</title>
+  <synopsis>Firejail is vulnerable to the escalation of privileges due to an
+    incomplete fix for CVE-2017-5180.
+  </synopsis>
+  <product type="ebuild">firejail</product>
+  <announced>2017-02-09</announced>
+  <revised count="1">2017-02-09</revised>
+  <bug>607382</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/firejail" auto="yes" arch="*">
+      <unaffected range="ge">0.9.44.8</unaffected>
+      <vulnerable range="lt">0.9.44.8</vulnerable>
+    </package>
+    <package name="sys-apps/firejail-lts" auto="yes" arch="*">
+      <unaffected range="ge">0.9.38.10</unaffected>
+      <vulnerable range="lt">0.9.38.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A SUID program that reduces the risk of security breaches by restricting
+      the running environment of untrusted applications using Linux namespaces
+      and seccomp-bpf.
+    </p>
+  </background>
+  <description>
+    <p>The unaffected packages listed in GLSA 201612-48 had an incomplete fix
+      as reported by Sebastian Krahmer of SuSE. This has been properly patched
+      in the latest releases.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly bypass sandbox protection, cause a Denial of
+      Service condition, or escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firejail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-0.9.44.8"
+    </code>
+    
+    <p>All Firejail-lts users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-lts-0.9.38.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5940">CVE-2017-5940</uri>
+    <uri link="https://firejail.wordpress.com/download-2/release-notes/">
+      Firejail Release Notes
+    </uri>
+    <uri link="https://security.gentoo.org/glsa/201612-48">GLSA 201612-48</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T13:28:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-09T15:35:45Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-04.xml b/metadata/glsa/glsa-201702-04.xml
new file mode 100644
index 000000000000..64ef714f129d
--- /dev/null
+++ b/metadata/glsa/glsa-201702-04.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-04">
+  <title>GnuTLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GnuTLS, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2017-02-10</announced>
+  <revised count="1">2017-02-10</revised>
+  <bug>605238</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">3.3.26</unaffected>
+      <vulnerable range="lt">3.3.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS and SSL protocols.</p>
+  </background>
+  <description>
+    <p>Multiple heap and stack overflows and double free vulnerabilities have
+      been discovered in GnuTLS by the OSS-Fuzz project. Please review the CVE
+      identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to process a
+      specially crafted certificate using an application linked against GnuTLS.
+      This could possibly result in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-3.3.26"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5334">CVE-2017-5334</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5335">CVE-2017-5335</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5336">CVE-2017-5336</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5337">CVE-2017-5337</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T01:21:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-10T23:04:35Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-05.xml b/metadata/glsa/glsa-201702-05.xml
new file mode 100644
index 000000000000..e02d7708145d
--- /dev/null
+++ b/metadata/glsa/glsa-201702-05.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-05">
+  <title>Lsyncd: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability in Lsyncd allows execution of arbitrary code.</synopsis>
+  <product type="ebuild">lsyncd</product>
+  <announced>2017-02-10</announced>
+  <revised count="1">2017-02-10</revised>
+  <bug>529678</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-admin/lsyncd" auto="yes" arch="*">
+      <unaffected range="ge">2.1.6</unaffected>
+      <vulnerable range="lt">2.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A daemon to synchronize local directories using rsync.</p>
+  </background>
+  <description>
+    <p>default-rsyncssh.lua in Lsyncd performed insufficient sanitising of
+      filenames.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, able to control files processed by Lsyncd, could possibly
+      execute arbitrary code with the privileges of the process or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Lsyncd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/lsyncd-2.1.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8990">CVE-2014-8990</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-01T09:30:15Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-10T23:08:07Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-06.xml b/metadata/glsa/glsa-201702-06.xml
new file mode 100644
index 000000000000..deb10f2cc5b1
--- /dev/null
+++ b/metadata/glsa/glsa-201702-06.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-06">
+  <title>Graphviz: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Graphviz and the extent
+    of these vulnerabilities are unspecified.
+  </synopsis>
+  <product type="ebuild">graphviz</product>
+  <announced>2017-02-10</announced>
+  <revised count="1">2017-02-10</revised>
+  <bug>497274</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphviz" auto="yes" arch="*">
+      <unaffected range="ge">2.36.0</unaffected>
+      <vulnerable range="lt">2.36.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Graphviz is an open source graph visualization software.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities in Graphviz were discovered. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to control input matched against a regular
+      expression or by enticing a user to process a specially crafted file,
+      could cause unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Graphviz users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphviz-2.36.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0978">CVE-2014-0978</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1235">CVE-2014-1235</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1236">CVE-2014-1236</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T01:53:41Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-10T23:14:56Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-07.xml b/metadata/glsa/glsa-201702-07.xml
new file mode 100644
index 000000000000..aefe04bd3391
--- /dev/null
+++ b/metadata/glsa/glsa-201702-07.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-07">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which might allow attackers to access sensitive information.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2017-02-14</announced>
+  <revised count="1">2017-02-14</revised>
+  <bug>607318</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2k</unaffected>
+      <vulnerable range="lt">1.0.2k</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker is able to crash applications linked against OpenSSL
+      or could obtain sensitive private-key information via an attack against
+      the Diffie-Hellman (DH) ciphersuite.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2k"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055">CVE-2016-7055</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730">CVE-2017-3730</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731">CVE-2017-3731</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732">CVE-2017-3732</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-13T01:30:38Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-14T12:34:58Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-08.xml b/metadata/glsa/glsa-201702-08.xml
new file mode 100644
index 000000000000..fe66ec086c4f
--- /dev/null
+++ b/metadata/glsa/glsa-201702-08.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-08">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
+    of which might allow unauthorized changes to some critical or all
+    accessible data.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2017-02-14</announced>
+  <revised count="1">2017-02-14</revised>
+  <bug>607674</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">5.0.32</unaffected>
+      <vulnerable range="lt">5.0.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VirtualBox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could cause a Denial of Service condition. Additionally, an
+      attacker could create, delete or modify critical or all accessible data.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VirtualBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-5.0.32"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5545">CVE-2016-5545</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3290">CVE-2017-3290</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3316">CVE-2017-3316</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3332">CVE-2017-3332</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-13T02:06:40Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-14T12:37:26Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-09.xml b/metadata/glsa/glsa-201702-09.xml
new file mode 100644
index 000000000000..fee8f8c0a1ef
--- /dev/null
+++ b/metadata/glsa/glsa-201702-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-09">
+  <title>ImageMagick: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ImageMagick, the worst
+    of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2017-02-17</announced>
+  <revised count="2">2017-02-17</revised>
+  <bug>599744</bug>
+  <bug>606654</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.9.7.4</unaffected>
+      <vulnerable range="lt">6.9.7.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ImageMagick is a collection of tools and libraries for many image
+      formats.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ImageMagick. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      image file, could execute arbitrary code with the privileges of the
+      process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.9.7.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10144">
+      CVE-2016-10144
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10145">
+      CVE-2016-10145
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10146">
+      CVE-2016-10146
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9298">CVE-2016-9298</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5506">CVE-2017-5506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5507">CVE-2017-5507</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5508">CVE-2017-5508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5509">CVE-2017-5509</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5510">CVE-2017-5510</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5511">CVE-2017-5511</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-21T00:45:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-17T08:09:06Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-10.xml b/metadata/glsa/glsa-201702-10.xml
new file mode 100644
index 000000000000..94bf833238b5
--- /dev/null
+++ b/metadata/glsa/glsa-201702-10.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-10">
+  <title>NTFS-3G: Privilege escalation</title>
+  <synopsis>A vulnerability in NTFS-3G allows local users to gain root
+    privileges.
+  </synopsis>
+  <product type="ebuild">ntfs-3g</product>
+  <announced>2017-02-19</announced>
+  <revised count="1">2017-02-19</revised>
+  <bug>607912</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-fs/ntfs3g" auto="yes" arch="*">
+      <unaffected range="ge">2016.2.22-r2</unaffected>
+      <vulnerable range="lt">2016.2.22-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTFS-3G is a stable, full-featured, read-write NTFS driver for various
+      operating systems.
+    </p>
+  </background>
+  <description>
+    <p>The NTFS-3G driver does not properly clear environment variables before
+      invoking mount or umount.
+    </p>
+    
+    <p>This flaw is similar to the vulnerability described in
+      “GLSA-201701-19” and “GLSA-201603-04” referenced below but is now
+      implemented in the NTFS-3G driver itself.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local user could gain root privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time. However, on Gentoo when the
+      “suid” USE flag is not set (which is the default) an attacker cannot
+      exploit the flaw.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All NTFS-3G users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/ntfs3g-2016.2.22-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0358">CVE-2017-0358</uri>
+    <uri link="https://security.gentoo.org/glsa/201603-04">GLSA-201603-04</uri>
+    <uri link="https://security.gentoo.org/glsa/201701-19">GLSA-201701-19</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-04T11:49:00Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-19T12:03:15Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-11.xml b/metadata/glsa/glsa-201702-11.xml
new file mode 100644
index 000000000000..c729dd4c526e
--- /dev/null
+++ b/metadata/glsa/glsa-201702-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-11">
+  <title>GNU C Library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the GNU C Library, the
+    worst of which allows context-dependent attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2017-02-19</announced>
+  <revised count="1">2017-02-19</revised>
+  <bug>560420</bug>
+  <bug>560526</bug>
+  <bug>572416</bug>
+  <bug>576726</bug>
+  <bug>578602</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.23-r3</unaffected>
+      <vulnerable range="lt">2.23-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU C library is the standard C library used by Gentoo Linux
+      systems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the GNU C Library.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could possibly execute arbitrary code with
+      the privileges of the process, disclose sensitive information, or cause a
+      Denial of Service condition via multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU C Library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.23-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9761">CVE-2014-9761</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5277">CVE-2015-5277</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776">CVE-2015-8776</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8777">CVE-2015-8777</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778">CVE-2015-8778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779">CVE-2015-8779</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1234">CVE-2016-1234</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3075">CVE-2016-3075</uri>
+  </references>
+  <metadata tag="requester" timestamp="2016-11-29T21:44:07Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-19T12:31:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-12.xml b/metadata/glsa/glsa-201702-12.xml
new file mode 100644
index 000000000000..e5da6ea8b8d3
--- /dev/null
+++ b/metadata/glsa/glsa-201702-12.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-12">
+  <title>MuPDF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MuPDF, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mupdf</product>
+  <announced>2017-02-19</announced>
+  <revised count="1">2017-02-19</revised>
+  <bug>589826</bug>
+  <bug>590480</bug>
+  <bug>608702</bug>
+  <bug>608712</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/mupdf" auto="yes" arch="*">
+      <unaffected range="ge">1.10a-r1</unaffected>
+      <vulnerable range="lt">1.10a-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A lightweight PDF, XPS, and E-book viewer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MuPDF. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      document using MuPDF possibly resulting in the execution of arbitrary
+      code, with the privileges of the process, or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MuPDF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/mupdf-1.10a-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6265">CVE-2016-6265</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6525">CVE-2016-6525</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5896">CVE-2017-5896</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-05T22:42:31Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-19T12:47:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-13.xml b/metadata/glsa/glsa-201702-13.xml
new file mode 100644
index 000000000000..90bae4123a6d
--- /dev/null
+++ b/metadata/glsa/glsa-201702-13.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-13">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>607310</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">45.7.0</unaffected>
+      <vulnerable range="lt">45.7.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">45.7.0</unaffected>
+      <vulnerable range="lt">45.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by enticing a user to open a specially crafted email
+      or web page, could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-45.7.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-45.7.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5373">CVE-2017-5373</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5375">CVE-2017-5375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5376">CVE-2017-5376</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5378">CVE-2017-5378</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5380">CVE-2017-5380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5383">CVE-2017-5383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5390">CVE-2017-5390</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5396">CVE-2017-5396</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/">
+      Mozilla Foundation Security Advisory 2017-03
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-10T22:02:00Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:12:29Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-14.xml b/metadata/glsa/glsa-201702-14.xml
new file mode 100644
index 000000000000..fb1f487f6add
--- /dev/null
+++ b/metadata/glsa/glsa-201702-14.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-14">
+  <title>PyCrypto: Remote execution of arbitrary code</title>
+  <synopsis>A heap-based buffer overflow in PyCrypto might allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">pycrypto</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>576494</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pycrypto" auto="yes" arch="*">
+      <unaffected range="ge">2.6.1-r2</unaffected>
+      <vulnerable range="lt">2.6.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Python Cryptography Toolkit (PyCrypto) is a collection of both
+      secure hash functions (such as SHA256 and RIPEMD160), and various
+      encryption algorithms (AES, DES, RSA, ElGamal, etc.).
+    </p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow vulnerability has been discovered in
+      PyCrypto. Please review the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to control the mode of operation in PyCrypto’s
+      AES module, could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PyCrypto users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pycrypto-2.6.1-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7459">CVE-2013-7459</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-06T00:09:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:17:13Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-15.xml b/metadata/glsa/glsa-201702-15.xml
new file mode 100644
index 000000000000..78189a4907a1
--- /dev/null
+++ b/metadata/glsa/glsa-201702-15.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-15">
+  <title>OCaml: Buffer overflow and information disclosure</title>
+  <synopsis>A buffer overflow in OCaml might allow remote attackers to obtain
+    sensitive information or crash an OCaml-based application.
+  </synopsis>
+  <product type="ebuild">ocaml</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>581946</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ocaml" auto="yes" arch="*">
+      <unaffected range="ge">4.04.0</unaffected>
+      <vulnerable range="lt">4.04.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OCaml is a high-level, strongly-typed, functional, and object-oriented
+      programming language from the ML family of languages.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that OCaml was vulnerable to a runtime bug that, on
+      64-bit platforms, causes size arguments to internal memmove calls to be
+      sign-extended from 32- to 64-bits before being passed to the memmove
+      function. This leads to arguments between 2GiB and 4GiB being interpreted
+      as larger than they are (specifically, a bit below 2^64), causing a
+      buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted
+      as 4GiB smaller than they should be causing a possible information leak.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to interact with an OCaml-based application,
+      could possibly obtain sensitive information or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OCaml users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ocam-4.04.0"
+    </code>
+    
+    <p>Packages which depend on OCaml may need to be recompiled. Tools such as
+      qdepends (included in app-portage/portage-utils) may assist in
+      identifying these packages:
+    </p>
+    
+    <code>
+      # emerge --oneshot --ask --verbose $(qdepends -CQ dev-lang/ocaml | sed
+      's/^/=/')
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8869">CVE-2015-8869</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-13T00:59:45Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:19:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-16.xml b/metadata/glsa/glsa-201702-16.xml
new file mode 100644
index 000000000000..f61b614981cd
--- /dev/null
+++ b/metadata/glsa/glsa-201702-16.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-16">
+  <title>Redis: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Redis, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>551274</bug>
+  <bug>565188</bug>
+  <bug>595730</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">3.2.5</unaffected>
+      <unaffected range="ge">3.0.7</unaffected>
+      <vulnerable range="lt">3.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Redis. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to connect to a Redis instance, could issue
+      malicious commands possibly resulting in the execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis 3.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-3.0.7"
+    </code>
+    
+    <p>All Redis 3.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-3.2.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4335">CVE-2015-4335</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8080">CVE-2015-8080</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8339">CVE-2016-8339</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T02:05:41Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:26:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-17.xml b/metadata/glsa/glsa-201702-17.xml
new file mode 100644
index 000000000000..7ac9017a45cd
--- /dev/null
+++ b/metadata/glsa/glsa-201702-17.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-17">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MySQL, the worst of
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>606254</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.35</unaffected>
+      <vulnerable range="lt">5.6.35</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
+      enhanced, drop-in replacement for MySQL.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly escalate privileges, gain access to critical
+      data or complete access to all MySQL server accessible data, or cause a
+      Denial of Service condition via unspecified vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.35"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8318">CVE-2016-8318</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8327">CVE-2016-8327</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3238">CVE-2017-3238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3243">CVE-2017-3243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3244">CVE-2017-3244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3251">CVE-2017-3251</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3256">CVE-2017-3256</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3257">CVE-2017-3257</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3258">CVE-2017-3258</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3265">CVE-2017-3265</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3273">CVE-2017-3273</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3291">CVE-2017-3291</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3312">CVE-2017-3312</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3313">CVE-2017-3313</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3317">CVE-2017-3317</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3318">CVE-2017-3318</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3319">CVE-2017-3319</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3320">CVE-2017-3320</uri>
+    <uri link="https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL">
+      Oracle Critical Patch Update Advisory - January 2017
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-12T18:49:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:27:11Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-18.xml b/metadata/glsa/glsa-201702-18.xml
new file mode 100644
index 000000000000..8b0e795d6c63
--- /dev/null
+++ b/metadata/glsa/glsa-201702-18.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-18">
+  <title>MariaDB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MariaDB, the worst of
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">mariadb</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>606258</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge">10.0.29</unaffected>
+      <vulnerable range="lt">10.0.29</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MariaDB is an enhanced, drop-in replacement for MySQL.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MariaDB. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly escalate privileges, gain access to critical
+      data or complete access to all MariaDB Server accessible data, or cause a
+      Denial of Service condition via unspecified vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.0.29"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6664">CVE-2016-6664</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3238">CVE-2017-3238</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3243">CVE-2017-3243</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3244">CVE-2017-3244</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3257">CVE-2017-3257</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3258">CVE-2017-3258</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3265">CVE-2017-3265</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3291">CVE-2017-3291</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3312">CVE-2017-3312</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3317">CVE-2017-3317</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3318">CVE-2017-3318</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-13T00:33:47Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:27:31Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-19.xml b/metadata/glsa/glsa-201702-19.xml
new file mode 100644
index 000000000000..ad85e0b4876c
--- /dev/null
+++ b/metadata/glsa/glsa-201702-19.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-19">
+  <title>TigerVNC: Buffer overflow</title>
+  <synopsis>A buffer overflow in TigerVNC might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">tigervnc</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>606998</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/tigervnc" auto="yes" arch="*">
+      <unaffected range="ge">1.7.1</unaffected>
+      <vulnerable range="lt">1.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TigerVNC is a high-performance VNC server/client.</p>
+  </background>
+  <description>
+    <p>A buffer overflow vulnerability in ModifiablePixelBuffer::fillRect in
+      vncviewer was found.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, utilizing a malicious VNC server, could execute
+      arbitrary code with the privileges of the user running the client or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TigerVNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tigervnc-1.7.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5581">CVE-2017-5581</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-13T02:16:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:29:04Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-20.xml b/metadata/glsa/glsa-201702-20.xml
new file mode 100644
index 000000000000..2f1816097a61
--- /dev/null
+++ b/metadata/glsa/glsa-201702-20.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-20">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">flash</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>605314</bug>
+  <bug>609330</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">24.0.0.221</unaffected>
+      <vulnerable range="lt">24.0.0.221</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-24.0.0.221"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2925">CVE-2017-2925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2926">CVE-2017-2926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2927">CVE-2017-2927</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2928">CVE-2017-2928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2930">CVE-2017-2930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2931">CVE-2017-2931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2932">CVE-2017-2932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2933">CVE-2017-2933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2934">CVE-2017-2934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2935">CVE-2017-2935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2936">CVE-2017-2936</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2937">CVE-2017-2937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2938">CVE-2017-2938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2982">CVE-2017-2982</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2984">CVE-2017-2984</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2985">CVE-2017-2985</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2986">CVE-2017-2986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2987">CVE-2017-2987</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2988">CVE-2017-2988</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2990">CVE-2017-2990</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2991">CVE-2017-2991</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2992">CVE-2017-2992</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2993">CVE-2017-2993</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2994">CVE-2017-2994</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2995">CVE-2017-2995</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2996">CVE-2017-2996</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-16T12:43:25Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:44:37Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-21.xml b/metadata/glsa/glsa-201702-21.xml
new file mode 100644
index 000000000000..630e6bc3b284
--- /dev/null
+++ b/metadata/glsa/glsa-201702-21.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-21">
+  <title>Opus: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in Opus could cause memory corruption.</synopsis>
+  <product type="ebuild">opus</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>605894</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/opus" auto="yes" arch="*">
+      <unaffected range="ge">1.1.3-r1</unaffected>
+      <vulnerable range="lt">1.1.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Opus is a totally open, royalty-free, highly versatile audio codec.</p>
+  </background>
+  <description>
+    <p>A large NLSF values could cause the stabilization code in
+      silk/NLSF_stabilize.c to wrap-around and have the last value in
+      NLSF_Q15[] to be negative, close to -32768.
+    </p>
+    
+    <p>Under normal circumstances, the code will simply read from the wrong
+      table resulting in an unstable LPC filter. The filter would then go
+      through the LPC stabilization code at the end of silk_NLSF2A().
+    </p>
+    
+    <p>Ultimately, the output audio would be garbage, but no worse than with
+      any other harmless bad packet.
+    </p>
+    
+    <p>Please see the referenced upstream patch and Debian bug report below for
+      a detailed analysis.
+    </p>
+    
+    <p>However, the original report was about a successful exploitation of
+      Android’s Mediaserver in conjunction with this vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      stream, possibly resulting in execution of arbitrary code with the
+      privileges of the process, or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Opus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/opus-1.1.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0381">CVE-2017-0381</uri>
+    <uri link="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851612#10">
+      Debian Bug 851612
+    </uri>
+    <uri link="https://git.xiph.org/?p=opus.git;a=commitdiff;h=70a3d641b">
+      Upstream patch
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-16T12:24:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:45:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-22.xml b/metadata/glsa/glsa-201702-22.xml
new file mode 100644
index 000000000000..94f8d0571257
--- /dev/null
+++ b/metadata/glsa/glsa-201702-22.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-22">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>607138</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">45.7.0</unaffected>
+      <vulnerable range="lt">45.7.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">45.7.0</unaffected>
+      <vulnerable range="lt">45.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      access restriction, access otherwise protected information, or spoof
+      content via multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-45.7.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-45.7.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5373">CVE-2017-5373</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5375">CVE-2017-5375</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5376">CVE-2017-5376</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5378">CVE-2017-5378</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5380">CVE-2017-5380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5383">CVE-2017-5383</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5386">CVE-2017-5386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5390">CVE-2017-5390</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5396">CVE-2017-5396</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/">
+      Mozilla Foundation Security Advisory 2017-02
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T01:26:06Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:45:18Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-23.xml b/metadata/glsa/glsa-201702-23.xml
new file mode 100644
index 000000000000..90c81f87b734
--- /dev/null
+++ b/metadata/glsa/glsa-201702-23.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-23">
+  <title>Dropbear: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dropbear, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">dropbear</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>605560</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dropbear" auto="yes" arch="*">
+      <unaffected range="ge">2016.74</unaffected>
+      <vulnerable range="lt">2016.74</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dropbear is an SSH server and client designed with a small memory
+      footprint.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dropbear. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with root
+      privileges if usernames containing special characters can be created on a
+      system. Also, a dbclient user who can control username or host arguments
+      could potentially run arbitrary code with the privileges of the process.
+    </p>
+    
+    <p>In addition, a remote attacker could entice a user to process a
+      specially crafted SSH key using dropbearconvert, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dropbear users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dropbear-2016.74"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7406">CVE-2016-7406</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7407">CVE-2016-7407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7408">CVE-2016-7408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7409">CVE-2016-7409</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-05T22:53:36Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:45:39Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-24.xml b/metadata/glsa/glsa-201702-24.xml
new file mode 100644
index 000000000000..23f8f9172d3b
--- /dev/null
+++ b/metadata/glsa/glsa-201702-24.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-24">
+  <title>LibVNCServer/LibVNCClient: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in
+    LibVNCServer/LibVNCClient, the worst of which allows remote attackers to
+    execute arbitrary code when connecting to a malicious server.
+  </synopsis>
+  <product type="ebuild">libvncserver</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>605326</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libvncserver" auto="yes" arch="*">
+      <unaffected range="ge">0.9.11</unaffected>
+      <vulnerable range="lt">0.9.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibVNCServer/LibVNCClient are cross-platform C libraries that allow you
+      to easily implement VNC server or client functionality in your program.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibVNCServer and
+      LibVNCClient. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to connect to a malicious VNC
+      server or leverage Man-in-the-Middle attacks to cause the execution of
+      arbitrary code with the privileges of the user running a VNC client
+      linked against LibVNCClient.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibVNCServer/LibVNCClient users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libvncserver-0.9.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9941">CVE-2016-9941</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9942">CVE-2016-9942</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-05T22:55:00Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:45:56Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-25.xml b/metadata/glsa/glsa-201702-25.xml
new file mode 100644
index 000000000000..7b4b9805887a
--- /dev/null
+++ b/metadata/glsa/glsa-201702-25.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-25">
+  <title>libass: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libass, the worst of
+    which have unknown impacts.
+  </synopsis>
+  <product type="ebuild">libass</product>
+  <announced>2017-02-20</announced>
+  <revised count="1">2017-02-20</revised>
+  <bug>596422</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libass" auto="yes" arch="*">
+      <unaffected range="ge">0.13.4</unaffected>
+      <vulnerable range="lt">0.13.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libass is a portable subtitle renderer for the ASS/SSA (Advanced
+      Substation Alpha/Substation Alpha) subtitle format.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libass. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition or other
+      unknown impacts via unknown attack vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libass users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libass-0.13.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7969">CVE-2016-7969</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7970">CVE-2016-7970</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7971">CVE-2016-7971</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7972">CVE-2016-7972</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-05T23:35:59Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-20T23:46:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-26.xml b/metadata/glsa/glsa-201702-26.xml
new file mode 100644
index 000000000000..405f14fe4318
--- /dev/null
+++ b/metadata/glsa/glsa-201702-26.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-26">
+  <title>Nagios: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Nagios, the worst of
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">nagios</product>
+  <announced>2017-02-21</announced>
+  <revised count="1">2017-02-21</revised>
+  <bug>595194</bug>
+  <bug>598104</bug>
+  <bug>600864</bug>
+  <bug>602216</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/nagios-core" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4</unaffected>
+      <vulnerable range="lt">4.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nagios is an open source host, service and network monitoring program.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Nagios. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker, who either is already Nagios’s system user or
+      belongs to Nagios’s group, could potentially escalate privileges.
+    </p>
+    
+    <p>In addition, a remote attacker could read or write to arbitrary files by
+      spoofing a crafted response from the Nagios RSS feed server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nagios users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nagios-core-4.2.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4796">CVE-2008-4796</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7313">CVE-2008-7313</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8641">CVE-2016-8641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9565">CVE-2016-9565</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9566">CVE-2016-9566</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-30T01:56:03Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-21T00:04:00Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-27.xml b/metadata/glsa/glsa-201702-27.xml
new file mode 100644
index 000000000000..19af85a70b84
--- /dev/null
+++ b/metadata/glsa/glsa-201702-27.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-27">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could lead to the execution of arbitrary code on the host system.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2017-02-21</announced>
+  <revised count="1">2017-02-21</revised>
+  <bug>607840</bug>
+  <bug>609160</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.7.1-r5</unaffected>
+      <vulnerable range="lt">4.7.1-r5</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.7.1-r6</unaffected>
+      <vulnerable range="lt">4.7.1-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers and Xen Security Advisory referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could potentially execute arbitrary code with
+      privileges of Xen (QEMU) process on the host, gain privileges on the host
+      system, cause a Denial of Service condition, or obtain sensitive
+      information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.7.1-r5"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.7.1-r6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2615">CVE-2017-2615</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-207.html">XSA-207</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-208.html">XSA-208</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-16T18:01:38Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-21T00:04:19Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-28.xml b/metadata/glsa/glsa-201702-28.xml
new file mode 100644
index 000000000000..de090c04e2ed
--- /dev/null
+++ b/metadata/glsa/glsa-201702-28.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-28">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could lead to the execution of arbitrary code on the host system.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2017-02-21</announced>
+  <revised count="1">2017-02-21</revised>
+  <bug>606264</bug>
+  <bug>606720</bug>
+  <bug>606722</bug>
+  <bug>607000</bug>
+  <bug>607100</bug>
+  <bug>607766</bug>
+  <bug>608034</bug>
+  <bug>608036</bug>
+  <bug>608038</bug>
+  <bug>608520</bug>
+  <bug>608728</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.8.0-r1</unaffected>
+      <vulnerable range="lt">2.8.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could potentially execute arbitrary code with
+      privileges of QEMU process on the host, gain privileges on the host
+      system, cause a Denial of Service condition, or obtain sensitive
+      information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.8.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10155">
+      CVE-2016-10155
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2615">CVE-2017-2615</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5525">CVE-2017-5525</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5552">CVE-2017-5552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5578">CVE-2017-5578</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5579">CVE-2017-5579</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5667">CVE-2017-5667</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5856">CVE-2017-5856</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5857">CVE-2017-5857</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5898">CVE-2017-5898</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5931">CVE-2017-5931</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-16T18:41:09Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-21T00:04:45Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-29.xml b/metadata/glsa/glsa-201702-29.xml
new file mode 100644
index 000000000000..041cd1edb79e
--- /dev/null
+++ b/metadata/glsa/glsa-201702-29.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-29">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could lead to arbitrary code execution or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2017-02-21</announced>
+  <revised count="1">2017-02-21</revised>
+  <bug>604776</bug>
+  <bug>606626</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge" slot="5.6">5.6.30</unaffected>
+      <vulnerable range="lt" slot="5.6">5.6.30</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code or create a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.6.30:5.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10158">
+      CVE-2016-10158
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10159">
+      CVE-2016-10159
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10160">
+      CVE-2016-10160
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10161">
+      CVE-2016-10161
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9935">CVE-2016-9935</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T23:06:15Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-21T00:05:07Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-30.xml b/metadata/glsa/glsa-201702-30.xml
new file mode 100644
index 000000000000..291149a3abf2
--- /dev/null
+++ b/metadata/glsa/glsa-201702-30.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-30">
+  <title>tcpdump: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in tcpdump, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tcpdump</product>
+  <announced>2017-02-21</announced>
+  <revised count="1">2017-02-21</revised>
+  <bug>606516</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/tcpdump" auto="yes" arch="*">
+      <unaffected range="ge">4.9.0</unaffected>
+      <vulnerable range="lt">4.9.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tcpdump is a tool for network monitoring and data acquisition.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in tcpdump. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending a specially crafted network package, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tcpdump users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tcpdump-4.9.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7922">CVE-2016-7922</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7923">CVE-2016-7923</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7924">CVE-2016-7924</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7925">CVE-2016-7925</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7926">CVE-2016-7926</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7927">CVE-2016-7927</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7928">CVE-2016-7928</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7929">CVE-2016-7929</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7930">CVE-2016-7930</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7931">CVE-2016-7931</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7932">CVE-2016-7932</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7933">CVE-2016-7933</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7934">CVE-2016-7934</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7935">CVE-2016-7935</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7936">CVE-2016-7936</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7937">CVE-2016-7937</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7938">CVE-2016-7938</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7939">CVE-2016-7939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7940">CVE-2016-7940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7973">CVE-2016-7973</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7974">CVE-2016-7974</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7975">CVE-2016-7975</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7983">CVE-2016-7983</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7984">CVE-2016-7984</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7985">CVE-2016-7985</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7986">CVE-2016-7986</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7992">CVE-2016-7992</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7993">CVE-2016-7993</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8574">CVE-2016-8574</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8575">CVE-2016-8575</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5202">CVE-2017-5202</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5203">CVE-2017-5203</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5204">CVE-2017-5204</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5205">CVE-2017-5205</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5341">CVE-2017-5341</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5342">CVE-2017-5342</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5482">CVE-2017-5482</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5483">CVE-2017-5483</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5484">CVE-2017-5484</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5485">CVE-2017-5485</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5486">CVE-2017-5486</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-05T22:50:53Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-02-21T00:35:31Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-31.xml b/metadata/glsa/glsa-201702-31.xml
new file mode 100644
index 000000000000..b93c2539abe4
--- /dev/null
+++ b/metadata/glsa/glsa-201702-31.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-31">
+  <title>GPL Ghostscript: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ghostscript</product>
+  <announced>2017-02-22</announced>
+  <revised count="1">2017-02-22</revised>
+  <bug>596576</bug>
+  <bug>607190</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">9.20-r1</unaffected>
+      <vulnerable range="lt">9.20-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GPL Ghostscript and the
+      bundled OpenJPEG. Please review the CVE identifiers and GLSA-201612-26
+      (OpenJPEG) referenced below for additional information.
+    </p>
+    
+    <p>Note: GPL Ghostscript in Gentoo since app-text/ghostscript-gpl-9.20-r1
+      no longer bundles OpenJPEG.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted PostScript file or PDF using GPL Ghostscript possibly resulting
+      in the execution of arbitrary code with the privileges of the process or
+      a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-text/ghostscript-gpl-9.20-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7976">CVE-2016-7976</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7977">CVE-2016-7977</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7978">CVE-2016-7978</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7979">CVE-2016-7979</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8602">CVE-2016-8602</uri>
+    <uri link="https://security.gentoo.org/glsa/201612-26">GLSA-201612-26</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-21T18:24:37Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-22T11:12:25Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201702-32.xml b/metadata/glsa/glsa-201702-32.xml
new file mode 100644
index 000000000000..544689f5c9eb
--- /dev/null
+++ b/metadata/glsa/glsa-201702-32.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201702-32">
+  <title>Ruby Archive::Tar::Minitar: Directory traversal</title>
+  <synopsis>Ruby Archive::Tar::Minitar is vulnerable to a directory traversal
+    attack.
+  </synopsis>
+  <product type="ebuild">archive-tar-minitar</product>
+  <announced>2017-02-22</announced>
+  <revised count="1">2017-02-22</revised>
+  <bug>607110</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/archive-tar-minitar" auto="yes" arch="*">
+      <unaffected range="ge">0.6.1</unaffected>
+      <vulnerable range="lt">0.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Archive::Tar::Minitar is a pure-Ruby library and command-line utility
+      that provides the ability to deal with POSIX tar(1) archive files.
+    </p>
+  </background>
+  <description>
+    <p>Michal Marek discovered that Ruby Archive::Tar::Minitar is vulnerable to
+      a directory traversal vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or an automated system to process
+      a specially crafted archive using Ruby Archive::Tar::Minitar possibly
+      allowing the writing of arbitrary files with the privileges of the
+      process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ruby Archive::Tar::Minitar users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-ruby/archive-tar-minitar-0.6.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10173">
+      CVE-2016-10173
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-21T18:53:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-02-22T11:12:42Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201703-01.xml b/metadata/glsa/glsa-201703-01.xml
new file mode 100644
index 000000000000..3b93b498f790
--- /dev/null
+++ b/metadata/glsa/glsa-201703-01.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201703-01">
+  <title>OpenOffice: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in OpenOffice Impress could cause memory
+    corruption.
+  </synopsis>
+  <product type="ebuild">openoffice</product>
+  <announced>2017-03-19</announced>
+  <revised count="1">2017-03-19</revised>
+  <bug>597080</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/openoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">4.1.3</unaffected>
+      <vulnerable range="lt">4.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache OpenOffice is an open-source office software suite for word
+      processing, spreadsheets, presentations, graphics, databases and more.
+    </p>
+  </background>
+  <description>
+    <p>An exploitable out-of-bounds vulnerability exists in OpenOffice Impress
+      when handling MetaActions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      OpenDocument Presentation .ODP or Presentation Template .OTP file using
+      OpenOffice Impress, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/openoffice-bin-4.1.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1513">CVE-2016-1513</uri>
+    <uri link="https://www.talosintelligence.com/reports/TALOS-2016-0051/">
+      TALOS-2016-0051
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-13T01:25:25Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-03-19T18:32:36Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201703-02.xml b/metadata/glsa/glsa-201703-02.xml
new file mode 100644
index 000000000000..d20df80e4e89
--- /dev/null
+++ b/metadata/glsa/glsa-201703-02.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201703-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2017-03-19</announced>
+  <revised count="1">2017-03-19</revised>
+  <bug>612588</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">25.0.0.127</unaffected>
+      <vulnerable range="lt">25.0.0.127</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-25.0.0.127"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://helpx.adobe.com/security/products/flash-player/apsb17-07.html">
+      APSB17-07
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2997">CVE-2017-2997</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2998">CVE-2017-2998</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2999">CVE-2017-2999</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3000">CVE-2017-3000</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3001">CVE-2017-3001</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3002">CVE-2017-3002</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3003">CVE-2017-3003</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-16T08:44:22Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-03-19T18:32:52Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201703-03.xml b/metadata/glsa/glsa-201703-03.xml
new file mode 100644
index 000000000000..0b10e3313ace
--- /dev/null
+++ b/metadata/glsa/glsa-201703-03.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201703-03">
+  <title>PuTTY: Buffer overflow </title>
+  <synopsis>A buffer overflow in PuTTY might allow remote attackers to execute
+    arbitrary code or cause a denial of service.
+  </synopsis>
+  <product type="ebuild">PuTTY</product>
+  <announced>2017-03-19</announced>
+  <revised count="1">2017-03-19</revised>
+  <bug>610552</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/putty" auto="yes" arch="*">
+      <unaffected range="ge">0.68</unaffected>
+      <vulnerable range="lt">0.68</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PuTTY is a free implementation of Telnet and SSH for Windows and Unix
+      platforms, along with an xterm terminal emulator.
+    </p>
+  </background>
+  <description>
+    <p>A heap-corrupting buffer overflow bug in the ssh_agent_channel_data
+      function of PuTTY was found.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, utilizing the SSH agent forwarding of an SSH server,
+      could execute arbitrary code with the privileges of the user running the
+      client or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PuTTY users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/putty-0.68"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6542">CVE-2017-6542</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-07T21:53:38Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-03-19T18:47:02Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201703-04.xml b/metadata/glsa/glsa-201703-04.xml
new file mode 100644
index 000000000000..d702529b3866
--- /dev/null
+++ b/metadata/glsa/glsa-201703-04.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201703-04">
+  <title>cURL: Certificate validation error</title>
+  <synopsis>A coding error has been found in cURL, causing the TLS Certificate
+    Status Request extension check to always return true.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2017-03-28</announced>
+  <revised count="1">2017-03-28</revised>
+  <bug>610572</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.53.0</unaffected>
+      <vulnerable range="lt">7.53.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cURL is a tool and libcurl is a library for transferring data with URL
+      syntax.
+    </p>
+  </background>
+  <description>
+    <p>cURL and applications linked against libcurl support “OCSP
+      stapling”, also known as the TLS Certificate Status Request extension
+      (using the CURLOPT_SSL_VERIFYSTATUS option). When telling cURL to use
+      this feature, it uses that TLS extension to ask for a fresh proof of the
+      server’s certificate’s validity. If the server doesn’t support the
+      extension, or fails to provide said proof, cURL is expected to return an
+      error.
+      Due to a coding mistake, the code that checks for a test success or
+      failure, ends up always thinking there’s valid proof, even when there
+      is none or if the server doesn’t support the TLS extension in question.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Due to the error, a user maybe does not detect when a server’s
+      certificate goes invalid or otherwise be mislead that the server is in a
+      better shape than it is in reality.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.53.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2629">CVE-2017-2629</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-07T21:41:04Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-03-28T01:57:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201703-05.xml b/metadata/glsa/glsa-201703-05.xml
new file mode 100644
index 000000000000..6b0df1ab9a0d
--- /dev/null
+++ b/metadata/glsa/glsa-201703-05.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201703-05">
+  <title>GNU Libtasn1: Denial of service</title>
+  <synopsis>A vulnerability in Libtasn1 allows remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libtasn1</product>
+  <announced>2017-03-28</announced>
+  <revised count="1">2017-03-28</revised>
+  <bug>579748</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libtasn1" auto="yes" arch="*">
+      <unaffected range="ge">4.8</unaffected>
+      <vulnerable range="lt">4.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library that provides Abstract Syntax Notation One (ASN.1, as
+      specified by the X.680 ITU-T recommendation) parsing and structures
+      management, and Distinguished Encoding Rules (DER, as per X.690) encoding
+      and decoding functions.
+    </p>
+  </background>
+  <description>
+    <p>Libtasn1 does not correctly handle certain malformed DER certificates.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to process a
+      specially crafted certificate using Libtasn1, resulting in a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libtasn1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libtasn1-4.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4008">CVE-2016-4008</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-22T11:00:00Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-03-28T02:54:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201703-06.xml b/metadata/glsa/glsa-201703-06.xml
new file mode 100644
index 000000000000..a4e15aa66c95
--- /dev/null
+++ b/metadata/glsa/glsa-201703-06.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201703-06">
+  <title>Deluge: Remote execution of arbitrary code </title>
+  <synopsis>A vulnerability in Deluge might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">deluge</product>
+  <announced>2017-03-28</announced>
+  <revised count="1">2017-03-28</revised>
+  <bug>612144</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/deluge" auto="yes" arch="*">
+      <unaffected range="ge">1.3.14</unaffected>
+      <vulnerable range="lt">1.3.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Deluge is a BitTorrent client.</p>
+  </background>
+  <description>
+    <p>A CSRF vulnerability was discovered in the web UI of Deluge.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user currently logged in into Deluge
+      web UI to visit a malicious web page which uses forged requests to make
+      Deluge download and install a Deluge plug-in provided by the attacker.
+      The plug-in can then execute arbitrary code as the user running Deluge.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Deluge users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-p2p/deluge-1.3.14"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7178">CVE-2017-7178</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-18T12:56:30Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-03-28T03:08:19Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201703-07.xml b/metadata/glsa/glsa-201703-07.xml
new file mode 100644
index 000000000000..715195a47297
--- /dev/null
+++ b/metadata/glsa/glsa-201703-07.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201703-07">
+  <title>Xen: Privilege Escalation</title>
+  <synopsis>A vulnerability in Xen's bundled QEMU version might allow privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2017-03-28</announced>
+  <revised count="1">2017-03-28</revised>
+  <bug>609120</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.7.1-r8</unaffected>
+      <vulnerable range="lt">4.7.1-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
+      cirrus_bitblt_cputovideo fails to check wethehr the specified memory
+      region is safe.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could potentially execute arbitrary code with
+      privileges of Xen (QEMU) process on the host, gain privileges on the host
+      system, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Running guests in Paravirtualization (PV)  mode,  or running guests in
+      Hardware-assisted virtualizion (HVM) utilizing stub domains mitigate
+      the issue.
+    </p>
+    
+    <p>Running HVM guests with the device model in a stubdomain will mitigate
+      the issue.
+    </p>
+    
+    <p>Changing the video card emulation to stdvga (stdvga=1, vga=”stdvga”,
+      in the xl domain configuration) will avoid the vulnerability.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.7.1-r8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2620">CVE-2017-2620</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-02-24T02:24:45Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-03-28T03:15:18Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201704-01.xml b/metadata/glsa/glsa-201704-01.xml
new file mode 100644
index 000000000000..bb2c3def80da
--- /dev/null
+++ b/metadata/glsa/glsa-201704-01.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201704-01">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could the worst of which could lead to arbitrary code execution, or
+    cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">QEMU</product>
+  <announced>2017-04-10</announced>
+  <revised count="1">2017-04-10</revised>
+  <bug>606088</bug>
+  <bug>609206</bug>
+  <bug>609334</bug>
+  <bug>609396</bug>
+  <bug>609398</bug>
+  <bug>609638</bug>
+  <bug>612220</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.8.0-r9</unaffected>
+      <vulnerable range="lt">2.8.0-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Remote server can cause a crash in the client causing execution of
+      arbitrary code, and a Denial of Service within the QEMU process. Remote
+      or Local users within a guest QEMU environment can cause a Denial of
+      Service condition of the QEMU guest process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.8.0-r9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9602">CVE-2016-9602</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2620">CVE-2017-2620</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2630">CVE-2017-2630</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5973">CVE-2017-5973</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5987">CVE-2017-5987</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6058">CVE-2017-6058</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6505">CVE-2017-6505</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-28T03:29:39Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-04-10T21:20:32Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201704-02.xml b/metadata/glsa/glsa-201704-02.xml
new file mode 100644
index 000000000000..59f6b781abb5
--- /dev/null
+++ b/metadata/glsa/glsa-201704-02.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201704-02">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2017-04-10</announced>
+  <revised count="2">2017-04-14</revised>
+  <bug>612190</bug>
+  <bug>614276</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">57.0.2987.133</unaffected>
+      <vulnerable range="lt">57.0.2987.133</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is the open-source web browser project behind Google Chrome</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-57.0.2987.133"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5030">CVE-2017-5030</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5031">CVE-2017-5031</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5032">CVE-2017-5032</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5033">CVE-2017-5033</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5034">CVE-2017-5034</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5035">CVE-2017-5035</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5036">CVE-2017-5036</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5037">CVE-2017-5037</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5038">CVE-2017-5038</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5039">CVE-2017-5039</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5040">CVE-2017-5040</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5041">CVE-2017-5041</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5042">CVE-2017-5042</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5043">CVE-2017-5043</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5044">CVE-2017-5044</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5045">CVE-2017-5045</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5046">CVE-2017-5046</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5052">CVE-2017-5052</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5053">CVE-2017-5053</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5054">CVE-2017-5054</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5055">CVE-2017-5055</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5056">CVE-2017-5056</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-02T12:37:12Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-04-14T15:04:47Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201704-03.xml b/metadata/glsa/glsa-201704-03.xml
new file mode 100644
index 000000000000..3b138dcfb2d8
--- /dev/null
+++ b/metadata/glsa/glsa-201704-03.xml
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201704-03">
+  <title>X.Org: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org  server and
+    libraries, the worse of which allowing local attackers to execute arbitrary
+    code. 
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2017-04-10</announced>
+  <revised count="1">2017-04-10</revised>
+  <bug>596182</bug>
+  <bug>611350</bug>
+  <bug>611352</bug>
+  <bug>611354</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.19.2</unaffected>
+      <vulnerable range="lt">1.19.2</vulnerable>
+    </package>
+    <package name="x11-libs/libICE" auto="yes" arch="*">
+      <unaffected range="ge">1.0.9-r1</unaffected>
+      <vulnerable range="lt">1.0.9-r1</vulnerable>
+    </package>
+    <package name="x11-libs/libXdmcp" auto="yes" arch="*">
+      <unaffected range="ge">1.1.2-r1</unaffected>
+      <vulnerable range="lt">1.1.2-r1</vulnerable>
+    </package>
+    <package name="x11-libs/libXrender" auto="yes" arch="*">
+      <unaffected range="ge">0.9.10</unaffected>
+      <vulnerable range="lt">0.9.10</vulnerable>
+    </package>
+    <package name="x11-libs/libXi" auto="yes" arch="*">
+      <unaffected range="ge">1.7.7</unaffected>
+      <vulnerable range="lt">1.7.7</vulnerable>
+    </package>
+    <package name="x11-libs/libXrandr" auto="yes" arch="*">
+      <unaffected range="ge">1.5.1</unaffected>
+      <vulnerable range="lt">1.5.1</vulnerable>
+    </package>
+    <package name="x11-libs/libXfixes" auto="yes" arch="*">
+      <unaffected range="ge">5.0.3</unaffected>
+      <vulnerable range="lt">5.0.3</vulnerable>
+    </package>
+    <package name="x11-libs/libXv" auto="yes" arch="*">
+      <unaffected range="ge">1.0.11</unaffected>
+      <vulnerable range="lt">1.0.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org X servers</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org server and
+      libraries. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local or remote users can utilize the vulnerabilities to attach to the
+      X.Org session as a user and execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org-server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.19.2"
+    </code>
+    
+    <p>All libICE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libICE-1.0.9-r1"
+    </code>
+    
+    <p>All libXdmcp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXdmcp-1.1.2-r1"
+    </code>
+    
+    <p>All libXrender users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXrender-0.9.10"
+    </code>
+    
+    <p>All libXi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXi-1.7.7"
+    </code>
+    
+    <p>All libXrandr users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXrandr-1.5.1"
+    </code>
+    
+    <p>All libXfixes users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfixes-5.0.3"
+    </code>
+    
+    <p>All libXv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXv-1.0.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5407">CVE-2016-5407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7942">CVE-2016-7942</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7943">CVE-2016-7943</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7944">CVE-2016-7944</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7945">CVE-2016-7945</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7946">CVE-2016-7946</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7947">CVE-2016-7947</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7948">CVE-2016-7948</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7949">CVE-2016-7949</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7950">CVE-2016-7950</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7953">CVE-2016-7953</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2624">CVE-2017-2624</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2625">CVE-2017-2625</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2626">CVE-2017-2626</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-18T13:24:57Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-04-10T21:30:03Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201704-04.xml b/metadata/glsa/glsa-201704-04.xml
new file mode 100644
index 000000000000..0f4b31ce51d7
--- /dev/null
+++ b/metadata/glsa/glsa-201704-04.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201704-04">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2017-04-27</announced>
+  <revised count="2">2017-04-27</revised>
+  <bug>615244</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">25.0.0.148</unaffected>
+      <vulnerable range="lt">25.0.0.148</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-25.0.0.148"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3058">CVE-2017-3058</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3059">CVE-2017-3059</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3060">CVE-2017-3060</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3061">CVE-2017-3061</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3062">CVE-2017-3062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3063">CVE-2017-3063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3064">CVE-2017-3064</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-13T15:19:39Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-04-27T05:32:52Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-01.xml b/metadata/glsa/glsa-201705-01.xml
new file mode 100644
index 000000000000..f52485e8615e
--- /dev/null
+++ b/metadata/glsa/glsa-201705-01.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-01">
+  <title>libevent: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libevent, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libevent</product>
+  <announced>2017-05-07</announced>
+  <revised count="1">2017-05-07</revised>
+  <bug>608042</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libevent" auto="yes" arch="*">
+      <unaffected range="ge">2.1.7_rc</unaffected>
+      <vulnerable range="lt">2.1.7_rc</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libevent is a library to execute a function when a specific event occurs
+      on a file descriptor.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libevent. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libevent users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libevent-2.1.7_rc"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10195">
+      CVE-2016-10195
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10196">
+      CVE-2016-10196
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10197">
+      CVE-2016-10197
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-27T05:45:34Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-07T20:14:35Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-02.xml b/metadata/glsa/glsa-201705-02.xml
new file mode 100644
index 000000000000..0ed6210c2ab5
--- /dev/null
+++ b/metadata/glsa/glsa-201705-02.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-02">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2017-05-07</announced>
+  <revised count="1">2017-05-07</revised>
+  <bug>616048</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">58.0.3029.81</unaffected>
+      <vulnerable range="lt">58.0.3029.81</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, bypass security restrictions or spoof content.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-58.0.3029.81"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5057">CVE-2017-5057</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5058">CVE-2017-5058</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5059">CVE-2017-5059</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5060">CVE-2017-5060</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5061">CVE-2017-5061</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5062">CVE-2017-5062</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5063">CVE-2017-5063</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5064">CVE-2017-5064</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5065">CVE-2017-5065</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5066">CVE-2017-5066</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5067">CVE-2017-5067</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5069">CVE-2017-5069</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-28T01:40:34Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-07T20:15:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-03.xml b/metadata/glsa/glsa-201705-03.xml
new file mode 100644
index 000000000000..26cf1d257cb0
--- /dev/null
+++ b/metadata/glsa/glsa-201705-03.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-03">
+  <title>Oracle JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's JRE and JDK
+    software suites, the worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">jre,jdk,oracle</product>
+  <announced>2017-05-07</announced>
+  <revised count="1">2017-05-07</revised>
+  <bug>616050</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.131</unaffected>
+      <vulnerable range="lt">1.8.0.131</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.131</unaffected>
+      <vulnerable range="lt">1.8.0.131</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in in Oracle’s JRE and
+      JDK. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, gain access to information, or cause a Denial
+      of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JRE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.131"
+    </code>
+    
+    <p>All Oracle JDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.131"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3509">CVE-2017-3509</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3511">CVE-2017-3511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3512">CVE-2017-3512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3514">CVE-2017-3514</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3526">CVE-2017-3526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3533">CVE-2017-3533</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3539">CVE-2017-3539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3544">CVE-2017-3544</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-28T06:54:02Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-07T20:16:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-04.xml b/metadata/glsa/glsa-201705-04.xml
new file mode 100644
index 000000000000..2d8db6a2576c
--- /dev/null
+++ b/metadata/glsa/glsa-201705-04.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-04">
+  <title>Mozilla Network Security Service (NSS): Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NSS, the worst of which
+    may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nss</product>
+  <announced>2017-05-07</announced>
+  <revised count="1">2017-05-07</revised>
+  <bug>616032</bug>
+  <bug>616036</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.29.5</unaffected>
+      <vulnerable range="lt">3.29.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Mozilla Network Security Service (NSS) is a library implementing
+      security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
+      #12, S/MIME and X.509 certificates.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NSS. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or view
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NSS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.29.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5461">CVE-2017-5461</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5462">CVE-2017-5462</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-30T13:52:41Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-07T20:17:08Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-05.xml b/metadata/glsa/glsa-201705-05.xml
new file mode 100644
index 000000000000..f0c8f246dd45
--- /dev/null
+++ b/metadata/glsa/glsa-201705-05.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-05">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ffmpeg</product>
+  <announced>2017-05-09</announced>
+  <revised count="1">2017-05-09</revised>
+  <bug>608868</bug>
+  <bug>610810</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">3.2.4</unaffected>
+      <vulnerable range="lt">3.2.4</vulnerable>
+    </package>
+    <package name="media-plugins/gst-plugins-libav" auto="yes" arch="*">
+      <unaffected range="ge">1.10.4</unaffected>
+      <vulnerable range="lt">1.10.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+    
+    <p>gst-plugins-libav is affected because this package is bundling a
+      vulnerable FFmpeg version.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system using FFmpeg
+      to process a specially crafted file, resulting in the execution of
+      arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-3.2.4"
+    </code>
+    
+    <p>All gst-plugins-libav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-plugins/gst-plugins-libav-1.10.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5024">CVE-2017-5024</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5025">CVE-2017-5025</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-07T18:51:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-05-09T19:30:37Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-06.xml b/metadata/glsa/glsa-201705-06.xml
new file mode 100644
index 000000000000..8b4805d6f95a
--- /dev/null
+++ b/metadata/glsa/glsa-201705-06.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-06">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2017-05-09</announced>
+  <revised count="1">2017-05-09</revised>
+  <bug>611976</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">45.8.0</unaffected>
+      <vulnerable range="lt">45.8.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">45.8.0</unaffected>
+      <vulnerable range="lt">45.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      access restriction, access otherwise protected information, or spoof
+      content via multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-45.8.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-45.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5398">CVE-2017-5398</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5400">CVE-2017-5400</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5401">CVE-2017-5401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5402">CVE-2017-5402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5404">CVE-2017-5404</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5405">CVE-2017-5405</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5407">CVE-2017-5407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5408">CVE-2017-5408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5410">CVE-2017-5410</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-26T01:32:17Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-09T19:36:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-07.xml b/metadata/glsa/glsa-201705-07.xml
new file mode 100644
index 000000000000..ac8aa6c8b550
--- /dev/null
+++ b/metadata/glsa/glsa-201705-07.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-07">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">thunderbird,mozilla</product>
+  <announced>2017-05-09</announced>
+  <revised count="1">2017-05-09</revised>
+  <bug>611954</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">45.8.0</unaffected>
+      <vulnerable range="lt">45.8.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">45.8.0</unaffected>
+      <vulnerable range="lt">45.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted email
+      or web page, could possibly execute arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, spoof content or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-45.8.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-45.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5398">CVE-2017-5398</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5400">CVE-2017-5400</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5401">CVE-2017-5401</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5402">CVE-2017-5402</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5404">CVE-2017-5404</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5405">CVE-2017-5405</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5407">CVE-2017-5407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5408">CVE-2017-5408</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5410">CVE-2017-5410</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-06T17:25:08Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-05-09T19:41:25Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-08.xml b/metadata/glsa/glsa-201705-08.xml
new file mode 100644
index 000000000000..9846c308adc2
--- /dev/null
+++ b/metadata/glsa/glsa-201705-08.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-08">
+  <title>libav: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libav, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libav</product>
+  <announced>2017-05-09</announced>
+  <revised count="1">2017-05-09</revised>
+  <bug>552320</bug>
+  <bug>571870</bug>
+  <bug>600706</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/libav" auto="yes" arch="*">
+      <unaffected range="ge">11.8</unaffected>
+      <vulnerable range="lt">11.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libav is a complete solution to record, convert and stream audio and
+      video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libav. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file in an application linked against libav, possibly resulting in
+      execution of arbitrary code with the privileges of the application, a
+      Denial of Service condition or access the content of arbitrary local
+      files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/libav-11.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395">CVE-2015-3395</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3417">CVE-2015-3417</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1897">CVE-2016-1897</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1898">CVE-2016-1898</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2326">CVE-2016-2326</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3062">CVE-2016-3062</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T06:09:28Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-09T19:51:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-09.xml b/metadata/glsa/glsa-201705-09.xml
new file mode 100644
index 000000000000..a69adf959584
--- /dev/null
+++ b/metadata/glsa/glsa-201705-09.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-09">
+  <title>Apache Tomcat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache Tomcat, the
+    worst of which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2017-05-18</announced>
+  <revised count="1">2017-05-18</revised>
+  <bug>575796</bug>
+  <bug>586966</bug>
+  <bug>595978</bug>
+  <bug>615868</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge">8.0.36</unaffected>
+      <unaffected range="ge">7.0.70</unaffected>
+      <vulnerable range="lt">8.0.36</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tomcat. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to cause a Denial of Service condition,
+      obtain sensitive information, bypass protection mechanisms and
+      authentication restrictions.
+    </p>
+    
+    <p>A local attacker, who is a tomcat’s system user or belongs to
+      tomcat’s group, could potentially escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Tomcat users have to manually check their Tomcat runscripts
+      to make sure that they don’t use an old, vulnerable runscript. In
+      addition:
+    </p>
+    
+    <p>All Apache Tomcat 7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-7.0.70:7"
+    </code>
+    
+    <p>All Apache Tomcat 8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-8.0.36:8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5174">CVE-2015-5174</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5345">CVE-2015-5345</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5346">CVE-2015-5346</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5351">CVE-2015-5351</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0706">CVE-2016-0706</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0714">CVE-2016-0714</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0763">CVE-2016-0763</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1240">CVE-2016-1240</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3092">CVE-2016-3092</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8745">CVE-2016-8745</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5647">CVE-2017-5647</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5648">CVE-2017-5648</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5650">CVE-2017-5650</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5651">CVE-2017-5651</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T05:58:37Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-18T01:49:59Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-10.xml b/metadata/glsa/glsa-201705-10.xml
new file mode 100644
index 000000000000..8f66cab3afa3
--- /dev/null
+++ b/metadata/glsa/glsa-201705-10.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-10">
+  <title>GStreamer plug-ins: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in various GStreamer
+    plug-ins, the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gstreamer,gst-plugins</product>
+  <announced>2017-05-18</announced>
+  <revised count="1">2017-05-18</revised>
+  <bug>600142</bug>
+  <bug>601354</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gst-plugins-bad" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-good" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-base" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-ugly" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GStreamer plug-ins provide decoders to the GStreamer open source
+      media framework.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in various GStreamer
+      plug-ins. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system using a
+      GStreamer plug-in to process a specially crafted file, resulting in the
+      execution of arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gst-plugins-bad users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-bad-1.10.3:1.0"
+    </code>
+    
+    <p>All gst-plugins-good users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-good-1.10.3:1.0"
+    </code>
+    
+    <p>All gst-plugins-base users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-base-1.10.3:1.0"
+    </code>
+    
+    <p>All gst-plugins-ugly users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-ugly-1.10.3:1.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10198">
+      CVE-2016-10198
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10199">
+      CVE-2016-10199
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9445">CVE-2016-9445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9446">CVE-2016-9446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9447">CVE-2016-9447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9634">CVE-2016-9634</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9635">CVE-2016-9635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9636">CVE-2016-9636</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9807">CVE-2016-9807</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9808">CVE-2016-9808</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9809">CVE-2016-9809</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9810">CVE-2016-9810</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9811">CVE-2016-9811</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9812">CVE-2016-9812</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9813">CVE-2016-9813</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5837">CVE-2017-5837</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5838">CVE-2017-5838</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5839">CVE-2017-5839</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5840">CVE-2017-5840</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5841">CVE-2017-5841</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5842">CVE-2017-5842</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5843">CVE-2017-5843</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5844">CVE-2017-5844</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5845">CVE-2017-5845</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5846">CVE-2017-5846</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5847">CVE-2017-5847</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5848">CVE-2017-5848</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-07T18:49:56Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-05-18T02:03:55Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-11.xml b/metadata/glsa/glsa-201705-11.xml
new file mode 100644
index 000000000000..11160623465b
--- /dev/null
+++ b/metadata/glsa/glsa-201705-11.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-11">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could allow for privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2017-05-26</announced>
+  <revised count="1">2017-05-26</revised>
+  <bug>615980</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.7.2-r1</unaffected>
+      <vulnerable range="lt">4.7.2-r1</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.7.2</unaffected>
+      <vulnerable range="lt">4.7.2</vulnerable>
+    </package>
+    <package name="app-emulation/xen-pvgrub" auto="yes" arch="*">
+      <unaffected range="ge">4.7.2</unaffected>
+      <vulnerable range="lt">4.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers and Xen Security Advisory referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could potentially execute arbitrary code with
+      privileges of Xen (QEMU) process on the host, gain privileges on the host
+      system, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.7.2-r1:0"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-tools-4.7.2:0"
+    </code>
+    
+    <p>All Xen pvgrub users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-pvgrub-4.7.2:0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8903">CVE-2017-8903</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8904">CVE-2017-8904</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8905">CVE-2017-8905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-11T07:53:09Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-26T06:07:35Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-12.xml b/metadata/glsa/glsa-201705-12.xml
new file mode 100644
index 000000000000..9c1a3d785ede
--- /dev/null
+++ b/metadata/glsa/glsa-201705-12.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-12">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2017-05-26</announced>
+  <revised count="1">2017-05-26</revised>
+  <bug>617968</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">25.0.0.171</unaffected>
+      <vulnerable range="lt">25.0.0.171</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-25.0.0.171 :22"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3068">CVE-2017-3068</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3069">CVE-2017-3069</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3070">CVE-2017-3070</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3071">CVE-2017-3071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3072">CVE-2017-3072</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3073">CVE-2017-3073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3074">CVE-2017-3074</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-11T07:37:48Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-26T06:07:53Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-13.xml b/metadata/glsa/glsa-201705-13.xml
new file mode 100644
index 000000000000..b48328b8b606
--- /dev/null
+++ b/metadata/glsa/glsa-201705-13.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-13">
+  <title>Teeworlds: Remote execution of arbitrary code on client</title>
+  <synopsis>Teeworlds client vulnerability in snap handling could result in
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">teeworlds</product>
+  <announced>2017-05-26</announced>
+  <revised count="2">2017-05-26</revised>
+  <bug>600178</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-action/teeworlds" auto="yes" arch="*">
+      <unaffected range="ge">0.6.4</unaffected>
+      <vulnerable range="lt">0.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Teeworlds is an online multi-player platform 2D shooter.</p>
+  </background>
+  <description>
+    <p>Teeworlds client contains a vulnerability allowing a malicious server to
+      execute arbitrary code, or write to arbitrary physical memory via the
+      CClient::ProcessServerPacket method.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote malicious server can write to arbitrary physical memory
+      locations and possibly execute arbitrary if a vulnerable client joins the
+      server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Teeworlds users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-action/teeworlds-0.6.4:0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9400">CVE-2016-9400</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-09T06:08:59Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-26T06:22:30Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-14.xml b/metadata/glsa/glsa-201705-14.xml
new file mode 100644
index 000000000000..21a3d9766b1a
--- /dev/null
+++ b/metadata/glsa/glsa-201705-14.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-14">
+  <title>Smb4K: Arbitrary command execution as root</title>
+  <synopsis>A vulnerability in Smb4K could allow local attackers to execute
+    commands as root.
+  </synopsis>
+  <product type="ebuild">smb4k</product>
+  <announced>2017-05-26</announced>
+  <revised count="2">2017-05-26</revised>
+  <bug>618106</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/smb4k" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3-r1</unaffected>
+      <vulnerable range="lt">1.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Smb4K is a SMB/CIFS (Windows) share browser for KDE.</p>
+  </background>
+  <description>
+    <p>Smb4k contains a logic flaw in which mount helper binary does not
+      properly verify the mount command it is being asked to run.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local user can execute commands with the root privilege due to the
+      mount helper being installed as suid.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Smb4K users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/smb4k-1.2.3-r1:4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8849">CVE-2017-8849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-12T04:22:20Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-26T12:18:57Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201705-15.xml b/metadata/glsa/glsa-201705-15.xml
new file mode 100644
index 000000000000..bbe749e94191
--- /dev/null
+++ b/metadata/glsa/glsa-201705-15.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-15">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>A vulnerability in sudo allows local users to gain root privileges.</synopsis>
+  <product type="ebuild">sudo,privilege</product>
+  <announced>2017-05-30</announced>
+  <revised count="4">2017-10-10</revised>
+  <bug>620182</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.20_p1</unaffected>
+      <vulnerable range="lt">1.8.20_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo (su “do”) allows a system administrator to delegate authority
+      to give certain users (or groups of users) the ability to run some (or
+      all) commands as root or another user while providing an audit trail of
+      the commands and their arguments.
+    </p>
+  </background>
+  <description>
+    <p>Qualys discovered a vulnerability in sudo’s get_process_ttyname() for
+      Linux, that via sudo_ttyname_scan() can be directed to use a
+      user-controlled, arbitrary tty device during its traversal of “/dev”
+      by utilizing the world-writable /dev/shm.
+    </p>
+    
+    <p>For further information, please see the Qualys Security Advisory</p>
+  </description>
+  <impact type="high">
+    <p>A local attacker can pretend that his tty is any character device on the
+      filesystem, and after two race conditions, an attacker can pretend that
+      the controlled tty is any file on the filesystem allowing for privilege
+      escalation
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.20_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000367">
+      CVE-2017-1000367
+    </uri>
+    <uri link="https://www.qualys.com/2017/05/30/cve-2017-1000367/cve-2017-1000367.txt">
+      Qualys Security Advisory for CVE-2017-1000367
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-30T07:27:08Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2017-10-10T00:11:49Z">K_F</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-01.xml b/metadata/glsa/glsa-201706-01.xml
new file mode 100644
index 000000000000..89062f70008d
--- /dev/null
+++ b/metadata/glsa/glsa-201706-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-01">
+  <title>MUNGE: Privilege escalation </title>
+  <synopsis>Gentoo's MUNGE ebuilds are vulnerable to privilege escalation due
+    to improper permissions.
+  </synopsis>
+  <product type="ebuild">munge</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>602596</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-auth/munge" auto="yes" arch="*">
+      <unaffected range="ge">0.5.10-r2</unaffected>
+      <vulnerable range="lt">0.5.10-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>An authentication service for creating and validating credentials.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s default MUNGE installation suffered
+      from a privilege escalation vulnerability (munge user to root) due to
+      improper permissions and a runscript which called chown() on a user
+      controlled file.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker, who either is already MUNGE’s system user or belongs
+      to MUNGE’s group, could potentially escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MUNGE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/munge-0.5.10-r2"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-08T22:27:29Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T06:21:40Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-02.xml b/metadata/glsa/glsa-201706-02.xml
new file mode 100644
index 000000000000..01623f77be78
--- /dev/null
+++ b/metadata/glsa/glsa-201706-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-02">
+  <title>Shadow: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Shadow, the worst of
+    which might allow privilege escalation.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>610804</bug>
+  <bug>620510</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.4-r2</unaffected>
+      <vulnerable range="lt">4.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Shadow is a set of tools to deal with user accounts.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Shadow. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could possibly cause a Denial of Service condition,
+      gain privileges via crafted input, or SIGKILL arbitrary processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Shadow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.4-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6252">CVE-2016-6252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2616">CVE-2017-2616</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-07T23:12:11Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T06:29:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-03.xml b/metadata/glsa/glsa-201706-03.xml
new file mode 100644
index 000000000000..42d4bbf90370
--- /dev/null
+++ b/metadata/glsa/glsa-201706-03.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-03">
+  <title>QEMU: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which may allow a remote attacker to cause a Denial of Service or gain
+    elevated privileges from a guest VM.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>614744</bug>
+  <bug>615874</bug>
+  <bug>616460</bug>
+  <bug>616462</bug>
+  <bug>616482</bug>
+  <bug>616484</bug>
+  <bug>616636</bug>
+  <bug>616870</bug>
+  <bug>616872</bug>
+  <bug>616874</bug>
+  <bug>618808</bug>
+  <bug>619018</bug>
+  <bug>619020</bug>
+  <bug>620322</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.9.0-r2</unaffected>
+      <vulnerable range="lt">2.9.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might cause a Denial of Service or gain escalated
+      privileges from a guest VM.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.9.0-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9603">CVE-2016-9603</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7377">CVE-2017-7377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7471">CVE-2017-7471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7493">CVE-2017-7493</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7718">CVE-2017-7718</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7980">CVE-2017-7980</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8086">CVE-2017-8086</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8112">CVE-2017-8112</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8309">CVE-2017-8309</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8379">CVE-2017-8379</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8380">CVE-2017-8380</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9060">CVE-2017-9060</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9310">CVE-2017-9310</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9330">CVE-2017-9330</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T06:36:34Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T06:41:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-04.xml b/metadata/glsa/glsa-201706-04.xml
new file mode 100644
index 000000000000..c2d574253fb4
--- /dev/null
+++ b/metadata/glsa/glsa-201706-04.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-04">
+  <title>Git: Security bypass</title>
+  <synopsis>A vulnerability in Git might allow remote attackers to bypass
+    security restrictions.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>618126</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">2.13.0</unaffected>
+      <vulnerable range="lt">2.13.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency.
+    </p>
+  </background>
+  <description>
+    <p>Timo Schmid discovered that the Git restricted shell incorrectly
+      filtered allowed commands.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly bypass security restrictions and access
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.13.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8386">CVE-2017-8386</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-18T06:04:29Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T08:33:25Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-05.xml b/metadata/glsa/glsa-201706-05.xml
new file mode 100644
index 000000000000..0f9791b9a6c2
--- /dev/null
+++ b/metadata/glsa/glsa-201706-05.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-05">
+  <title>D-Bus: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in D-Bus might allow an attacker to
+    overwrite files with a fixed filename in arbitrary directories or conduct a
+    symlink attack.
+  </synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>611392</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.10.18</unaffected>
+      <vulnerable range="lt">1.10.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system which processes can use to talk to each
+      other.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in D-Bus. Please review
+      the original report referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly overwrite arbitrary files named “once”
+      with content not controlled by the attacker.
+    </p>
+    
+    <p>A local attacker could perform a symlink attack against D-Bus’ test
+      suite.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.10.18"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://www.openwall.com/lists/oss-security/2017/02/16/4">
+      Original report
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-21T07:09:05Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T08:33:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-06.xml b/metadata/glsa/glsa-201706-06.xml
new file mode 100644
index 000000000000..717836d81621
--- /dev/null
+++ b/metadata/glsa/glsa-201706-06.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-06">
+  <title>ImageWorsener: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in ImageWorsener, the
+    worst of which allows remote attackers to cause a Denial of Service
+    condition or have other unspecified impact.
+  </synopsis>
+  <product type="ebuild">ImageWorsener</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>618014</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imageworsener" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1</unaffected>
+      <vulnerable range="lt">1.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ImageWorsener is a cross-platform command-line utility and library for
+      image scaling and other image processing.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ImageWorsener. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      image file using ImageWorsener, possibly resulting in a Denial of Service
+      condition or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageWorsener users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/imageworsener-1.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7452">CVE-2017-7452</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7453">CVE-2017-7453</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7454">CVE-2017-7454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7939">CVE-2017-7939</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7940">CVE-2017-7940</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7962">CVE-2017-7962</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8325">CVE-2017-8325</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8326">CVE-2017-8326</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8327">CVE-2017-8327</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-18T06:32:49Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T08:33:56Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-07.xml b/metadata/glsa/glsa-201706-07.xml
new file mode 100644
index 000000000000..f273307c04bd
--- /dev/null
+++ b/metadata/glsa/glsa-201706-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-07">
+  <title>Libtirpc and RPCBind: Denial of Service </title>
+  <synopsis>A vulnerability has been found in Libtirpc and RPCBind which may
+    allow a remote attacker to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">RPCBind,Libtirpc</product>
+  <announced>2017-06-06</announced>
+  <revised count="2">2017-06-06</revised>
+  <bug>617472</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-nds/rpcbind" auto="yes" arch="*">
+      <unaffected range="ge">0.2.4-r1</unaffected>
+      <vulnerable range="lt">0.2.4-r1</vulnerable>
+    </package>
+    <package name="net-libs/libtirpc" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1-r1</unaffected>
+      <vulnerable range="lt">1.0.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The RPCBind utility is a server that converts RPC program numbers into
+      universal addresses.
+    </p>
+    
+    <p>Libtirpc is a port of Suns Transport-Independent RPC library to Linux.</p>
+  </background>
+  <description>
+    <p>It was found that due to the way RPCBind uses libtirpc (libntirpc), a
+      memory leak can occur when parsing specially crafted XDR messages.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send thousands of messages to RPCBind, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RPCBind users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-nds/rpcbind-0.2.4-r1"
+    </code>
+    
+    <p>All Libtirpc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libtirpc-1.0.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8779">CVE-2017-8779</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-21T07:26:12Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T11:58:19Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-08.xml b/metadata/glsa/glsa-201706-08.xml
new file mode 100644
index 000000000000..8a5779766b2b
--- /dev/null
+++ b/metadata/glsa/glsa-201706-08.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-08">
+  <title>MuPDF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MuPDF, the worst of
+    which allows remote attackers to cause a Denial of Service condition or
+    have other unspecified impact.
+  </synopsis>
+  <product type="ebuild">mupdf</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>611444</bug>
+  <bug>614044</bug>
+  <bug>614852</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/mupdf" auto="yes" arch="*">
+      <unaffected range="ge">1.11-r1</unaffected>
+      <vulnerable range="lt">1.11-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A lightweight PDF, XPS, and E-book viewer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MuPDF. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted PDF
+      document or image using MuPDF, possibly resulting in a Denial of Service
+      condition or have other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MuPDF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/mupdf-1.11-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10221">
+      CVE-2016-10221
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5991">CVE-2017-5991</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6060">CVE-2017-6060</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-21T07:28:46Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T08:34:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-09.xml b/metadata/glsa/glsa-201706-09.xml
new file mode 100644
index 000000000000..9b13a1c3e693
--- /dev/null
+++ b/metadata/glsa/glsa-201706-09.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-09">
+  <title>FileZilla: Buffer overflow</title>
+  <synopsis>A vulnerability in a bundled copy of PuTTY in FileZilla might allow
+    remote attackers to execute arbitrary code or cause a denial of service.
+  </synopsis>
+  <product type="ebuild">filezilla</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>610554</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/filezilla" auto="yes" arch="*">
+      <unaffected range="ge">3.25.2</unaffected>
+      <vulnerable range="lt">3.25.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FileZilla is an open source FTP client.</p>
+  </background>
+  <description>
+    <p>FileZilla is affected by the same vulnerability as reported in “GLSA
+      201703-03” because the package included a vulnerable copy of PuTTY.
+      Please read the GLSA for PuTTY referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, utilizing the SSH agent forwarding of an SSH server,
+      could execute arbitrary code with the privileges of the user running
+      FileZilla or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FileZilla users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/filezilla-3.25.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6542">CVE-2017-6542</uri>
+    <uri link="https://security.gentoo.org/glsa/201703-03">GLSA 201703-03</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-04T11:05:52Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T08:34:45Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-10.xml b/metadata/glsa/glsa-201706-10.xml
new file mode 100644
index 000000000000..e16aa55cc849
--- /dev/null
+++ b/metadata/glsa/glsa-201706-10.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-10">
+  <title>Pidgin: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Pidgin might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pidgin</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>612188</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/pidgin" auto="yes" arch="*">
+      <unaffected range="ge">2.12.0</unaffected>
+      <vulnerable range="lt">2.12.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pidgin is a GTK Instant Messenger client for a variety of instant
+      messaging protocols.
+    </p>
+  </background>
+  <description>
+    <p>Joseph Bisch discovered that Pidgin incorrectly handled certain xml
+      messages.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted instant message,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the Pidgin process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pidgin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.12.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2640">CVE-2017-2640</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T06:30:00Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T19:36:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-11.xml b/metadata/glsa/glsa-201706-11.xml
new file mode 100644
index 000000000000..e520317c30a4
--- /dev/null
+++ b/metadata/glsa/glsa-201706-11.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-11">
+  <title>PCRE library: Denial of service</title>
+  <synopsis>A vulnerability in PCRE library allows remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">PCRE</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>609592</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre" auto="yes" arch="*">
+      <unaffected range="ge">8.40-r1</unaffected>
+      <vulnerable range="lt">8.40-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PCRE library is a set of functions that implement regular expression
+      pattern matching using the same syntax and semantics as Perl 5.
+    </p>
+  </background>
+  <description>
+    <p>It was found that the compile_bracket_matchingpath function in
+      pcre_jit_compile.c in PCRE library is vulnerable to an out-of-bounds
+      read.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      a special crafted regular expression.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCRE library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-8.40-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6004">CVE-2017-6004</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-26T00:55:28Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T19:43:31Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-12.xml b/metadata/glsa/glsa-201706-12.xml
new file mode 100644
index 000000000000..458e043e8ad2
--- /dev/null
+++ b/metadata/glsa/glsa-201706-12.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-12">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
+    which allows remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>609646</bug>
+  <bug>615462</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">2.2.6</unaffected>
+      <vulnerable range="lt">2.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      network packet using Wireshark, possibly resulting a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-2.2.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6014">CVE-2017-6014</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7700">CVE-2017-7700</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7701">CVE-2017-7701</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7702">CVE-2017-7702</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7703">CVE-2017-7703</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7704">CVE-2017-7704</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7705">CVE-2017-7705</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-24T05:23:51Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T19:48:46Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-13.xml b/metadata/glsa/glsa-201706-13.xml
new file mode 100644
index 000000000000..ca4eef03336e
--- /dev/null
+++ b/metadata/glsa/glsa-201706-13.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-13">
+  <title>minicom: Remote execution of arbitrary code</title>
+  <synopsis>An out-of-bounds data access in minicom might allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">minicom</product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>615996</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/minicom" auto="yes" arch="*">
+      <unaffected range="ge">2.7.1</unaffected>
+      <vulnerable range="lt">2.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Minicom is a text-based serial port communications program.</p>
+  </background>
+  <description>
+    <p>In minicom before version 2.7.1, the escparms[] buffer in vt100.c is
+      vulnerable to an overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to connect to a minicom port, could possibly
+      execute arbitrary code with the privileges of the process, or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All minicom users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/minicom-2.7.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7467">CVE-2017-7467</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-30T12:15:55Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T20:02:58Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-14.xml b/metadata/glsa/glsa-201706-14.xml
new file mode 100644
index 000000000000..f406e48f4ff8
--- /dev/null
+++ b/metadata/glsa/glsa-201706-14.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-14">
+  <title>FreeType: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeType, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">freetype </product>
+  <announced>2017-06-06</announced>
+  <revised count="1">2017-06-06</revised>
+  <bug>612192</bug>
+  <bug>616730</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.8</unaffected>
+      <vulnerable range="lt">2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeType is a high-quality and portable font engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeType. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to use a specially crafted font
+      file using FreeType, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeType users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10244">
+      CVE-2016-10244
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10328">
+      CVE-2016-10328
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7857">CVE-2017-7857</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7858">CVE-2017-7858</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7864">CVE-2017-7864</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8105">CVE-2017-8105</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8287">CVE-2017-8287</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-11T06:23:01Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-06T20:06:36Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-15.xml b/metadata/glsa/glsa-201706-15.xml
new file mode 100644
index 000000000000..897eaa694dad
--- /dev/null
+++ b/metadata/glsa/glsa-201706-15.xml
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-15">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2017-06-07</announced>
+  <revised count="1">2017-06-07</revised>
+  <bug>543650</bug>
+  <bug>573656</bug>
+  <bug>577068</bug>
+  <bug>608958</bug>
+  <bug>614876</bug>
+  <bug>619788</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.16.3</unaffected>
+      <vulnerable range="lt">2.16.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attack can use multiple vectors to execute arbitrary code or
+      cause a denial of service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.16.3:4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330">CVE-2015-2330</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096">CVE-2015-7096</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098">CVE-2015-7098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723">CVE-2016-1723</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724">CVE-2016-1724</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725">CVE-2016-1725</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726">CVE-2016-1726</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727">CVE-2016-1727</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728">CVE-2016-1728</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692">CVE-2016-4692</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743">CVE-2016-4743</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586">CVE-2016-7586</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587">CVE-2016-7587</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589">CVE-2016-7589</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592">CVE-2016-7592</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598">CVE-2016-7598</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599">CVE-2016-7599</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610">CVE-2016-7610</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611">CVE-2016-7611</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623">CVE-2016-7623</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632">CVE-2016-7632</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635">CVE-2016-7635</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639">CVE-2016-7639</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640">CVE-2016-7640</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641">CVE-2016-7641</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642">CVE-2016-7642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645">CVE-2016-7645</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646">CVE-2016-7646</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648">CVE-2016-7648</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649">CVE-2016-7649</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652">CVE-2016-7652</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654">CVE-2016-7654</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656">CVE-2016-7656</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642">CVE-2016-9642</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643">CVE-2016-9643</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350">CVE-2017-2350</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354">CVE-2017-2354</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355">CVE-2017-2355</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356">CVE-2017-2356</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362">CVE-2017-2362</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363">CVE-2017-2363</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364">CVE-2017-2364</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365">CVE-2017-2365</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366">CVE-2017-2366</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367">CVE-2017-2367</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369">CVE-2017-2369</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371">CVE-2017-2371</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373">CVE-2017-2373</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376">CVE-2017-2376</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377">CVE-2017-2377</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386">CVE-2017-2386</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392">CVE-2017-2392</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394">CVE-2017-2394</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395">CVE-2017-2395</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396">CVE-2017-2396</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405">CVE-2017-2405</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415">CVE-2017-2415</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419">CVE-2017-2419</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433">CVE-2017-2433</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442">CVE-2017-2442</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445">CVE-2017-2445</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446">CVE-2017-2446</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447">CVE-2017-2447</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454">CVE-2017-2454</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455">CVE-2017-2455</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457">CVE-2017-2457</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459">CVE-2017-2459</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460">CVE-2017-2460</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464">CVE-2017-2464</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465">CVE-2017-2465</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466">CVE-2017-2466</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468">CVE-2017-2468</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469">CVE-2017-2469</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470">CVE-2017-2470</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471">CVE-2017-2471</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475">CVE-2017-2475</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476">CVE-2017-2476</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481">CVE-2017-2481</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496">CVE-2017-2496</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504">CVE-2017-2504</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505">CVE-2017-2505</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506">CVE-2017-2506</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508">CVE-2017-2508</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510">CVE-2017-2510</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514">CVE-2017-2514</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515">CVE-2017-2515</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521">CVE-2017-2521</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525">CVE-2017-2525</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526">CVE-2017-2526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528">CVE-2017-2528</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530">CVE-2017-2530</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531">CVE-2017-2531</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536">CVE-2017-2536</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539">CVE-2017-2539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544">CVE-2017-2544</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547">CVE-2017-2547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549">CVE-2017-2549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980">CVE-2017-6980</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984">CVE-2017-6984</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T06:44:45Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-07T11:52:15Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-16.xml b/metadata/glsa/glsa-201706-16.xml
new file mode 100644
index 000000000000..8d9f27a2d16a
--- /dev/null
+++ b/metadata/glsa/glsa-201706-16.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-16">
+  <title>GNU Wget: Header injection</title>
+  <synopsis>A header injection vulnerability in GNU Wget might allow remote
+    attackers to inject arbitrary HTTP headers.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2017-06-20</announced>
+  <revised count="1">2017-06-20</revised>
+  <bug>612326</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.19.1-r1</unaffected>
+      <vulnerable range="lt">1.19.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that there was a header injection vulnerability in GNU
+      Wget which allowed remote attackers to inject arbitrary HTTP headers via
+      CRLF sequences in the host subcomponent of a URL.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could inject arbitrary HTTP headers in requests by
+      tricking a user running GNU Wget into processing crafted URLs.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.19.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6508">CVE-2017-6508</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-23T20:33:13Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T17:09:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-17.xml b/metadata/glsa/glsa-201706-17.xml
new file mode 100644
index 000000000000..8fef81ffedbb
--- /dev/null
+++ b/metadata/glsa/glsa-201706-17.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-17">
+  <title>Kodi: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Kodi, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">kodi</product>
+  <announced>2017-06-20</announced>
+  <revised count="1">2017-06-20</revised>
+  <bug>549342</bug>
+  <bug>619492</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-tv/kodi" auto="yes" arch="*">
+      <unaffected range="ge">17.2</unaffected>
+      <vulnerable range="lt">17.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Kodi (formerly XBMC) is a free and open-source media player software
+      application.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Kodi. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using Kodi, possibly resulting in a Denial of Service condition.
+    </p>
+    
+    <p>Furthermore, a remote attacker could entice a user process a specially
+      crafted ZIP file containing subtitles using Kodi, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Kodi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-tv/kodi-17.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3885">CVE-2015-3885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8314">CVE-2017-8314</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-06T16:37:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T17:18:36Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-18.xml b/metadata/glsa/glsa-201706-18.xml
new file mode 100644
index 000000000000..238964603b07
--- /dev/null
+++ b/metadata/glsa/glsa-201706-18.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-18">
+  <title>mbed TLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in mbed TLS, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mbedtls</product>
+  <announced>2017-06-20</announced>
+  <revised count="1">2017-06-20</revised>
+  <bug>562608</bug>
+  <bug>571102</bug>
+  <bug>618824</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/mbedtls" auto="yes" arch="*">
+      <unaffected range="ge">2.4.2</unaffected>
+      <vulnerable range="lt">2.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mbed TLS (previously PolarSSL) is an “easy to understand, use,
+      integrate and expand” implementation of the TLS and SSL protocols and
+      the respective cryptographic algorithms and support code required.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mbed TLS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mbed TLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/mbedtls-2.4.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5291">CVE-2015-5291</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575">CVE-2015-7575</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2784">CVE-2017-2784</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-17T22:12:43Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T17:42:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-19.xml b/metadata/glsa/glsa-201706-19.xml
new file mode 100644
index 000000000000..f7043d0988b9
--- /dev/null
+++ b/metadata/glsa/glsa-201706-19.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-19">
+  <title>GNU C Library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the GNU C Library, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2017-06-20</announced>
+  <revised count="2">2017-06-20</revised>
+  <bug>608698</bug>
+  <bug>608706</bug>
+  <bug>622220</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.23-r4</unaffected>
+      <vulnerable range="lt">2.23-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU C library is the standard C library used by Gentoo Linux
+      systems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the GNU C Library.
+      Please review the CVE identifiers and Qualys’ security advisory
+      referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process, escalate privileges or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU C Library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.23-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5180">CVE-2015-5180</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6323">CVE-2016-6323</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000366">
+      CVE-2017-1000366
+    </uri>
+    <uri link="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt">
+      Qualys Security Advisory - The Stack Clash
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-20T17:01:37Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T17:49:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-20.xml b/metadata/glsa/glsa-201706-20.xml
new file mode 100644
index 000000000000..a36169ed34fe
--- /dev/null
+++ b/metadata/glsa/glsa-201706-20.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-20">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">Chromium</product>
+  <announced>2017-06-20</announced>
+  <revised count="1">2017-06-20</revised>
+  <bug>617504</bug>
+  <bug>620956</bug>
+  <bug>621886</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">59.0.3071.104</unaffected>
+      <vulnerable range="lt">59.0.3071.104</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, bypass security restrictions or spoof content.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-59.0.3071.104"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5068">CVE-2017-5068</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5070">CVE-2017-5070</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5071">CVE-2017-5071</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5072">CVE-2017-5072</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5073">CVE-2017-5073</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5074">CVE-2017-5074</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5075">CVE-2017-5075</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5076">CVE-2017-5076</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5077">CVE-2017-5077</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5078">CVE-2017-5078</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5079">CVE-2017-5079</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5080">CVE-2017-5080</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5081">CVE-2017-5081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5082">CVE-2017-5082</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5083">CVE-2017-5083</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5084">CVE-2017-5084</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5085">CVE-2017-5085</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5086">CVE-2017-5086</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5087">CVE-2017-5087</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5088">CVE-2017-5088</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5089">CVE-2017-5089</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-09T11:21:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T19:00:15Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-21.xml b/metadata/glsa/glsa-201706-21.xml
new file mode 100644
index 000000000000..742106706ce4
--- /dev/null
+++ b/metadata/glsa/glsa-201706-21.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-21">
+  <title>nettle: Information disclosure</title>
+  <synopsis>A cache-related side channel vulnerability was found in nettle
+    which might allow an attacker to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">nettle</product>
+  <announced>2017-06-22</announced>
+  <revised count="1">2017-06-22</revised>
+  <bug>590484</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/nettle" auto="yes" arch="*">
+      <unaffected range="ge">3.2-r1</unaffected>
+      <vulnerable range="lt">3.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nettle is a cryptographic library that is designed to fit easily in
+      almost any context: In cryptographic toolkits for object-oriented
+      languages, such as C++, Python, or Pike, in applications like lsh or
+      GnuPG, or even in kernel space.
+    </p>
+  </background>
+  <description>
+    <p>It was found that nettle’s RSA and DSA decryption code was vulnerable
+      to cache-related side channel attacks.
+    </p>
+    
+    <p>See the referenced technical paper “Cache Attacks Enable Bulk Key
+      Recovery on the Cloud” below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could recover the private key from a co-located
+      virtual-machine instance.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nettle users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nettle-3.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6489">CVE-2016-6489</uri>
+    <uri link="https://eprint.iacr.org/2016/596.pdf">Cache Attacks Enable Bulk
+      Key Recovery on the Cloud
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T05:47:07Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-22T17:24:59Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-22.xml b/metadata/glsa/glsa-201706-22.xml
new file mode 100644
index 000000000000..8f3dc1c06fb0
--- /dev/null
+++ b/metadata/glsa/glsa-201706-22.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-22">
+  <title>libksba: Denial of Service and information disclosure</title>
+  <synopsis>Multiple vulnerabilities have been found in libksba which might
+    allow remote attackers to obtain sensitive information or crash an
+    libksba-based application.
+  </synopsis>
+  <product type="ebuild">libksba</product>
+  <announced>2017-06-22</announced>
+  <revised count="1">2017-06-22</revised>
+  <bug>592078</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libksba" auto="yes" arch="*">
+      <unaffected range="ge">1.3.5</unaffected>
+      <vulnerable range="lt">1.3.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libksba is a X.509 and CMS (PKCS#7) library.</p>
+  </background>
+  <description>
+    <p>It was found that an unproportionate amount of memory is allocated when
+      parsing crafted certificates in libskba, which may lead to Denial of
+      Service condition.
+    </p>
+    
+    <p>Moreover in libksba 1.3.4, allocated memory is uninitialized and could
+      potentially contain sensitive data left in freed memory block.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to interact with an libksba-based application,
+      could possibly obtain sensitive information or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libksba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libksba-1.3.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4579">CVE-2016-4579</uri>
+    <uri link="http://seclists.org/oss-sec/2016/q3/343">Upstream report</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T05:51:10Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-22T17:42:08Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-23.xml b/metadata/glsa/glsa-201706-23.xml
new file mode 100644
index 000000000000..6e4e8e5e68c1
--- /dev/null
+++ b/metadata/glsa/glsa-201706-23.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-23">
+  <title>Urban Terror: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Urban Terror, the worst
+    of which allows for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">UrbanTerror</product>
+  <announced>2017-06-22</announced>
+  <revised count="1">2017-06-22</revised>
+  <bug>606702</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-fps/urbanterror" auto="yes" arch="*">
+      <unaffected range="ge">4.3.2_p20170426</unaffected>
+      <vulnerable range="lt">4.3.2_p20170426</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Urban Terror is a free multiplayer first person shooter developed by
+      FrozenSand, that will run on any Quake III Arena compatible engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Urban Terror. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to connect to a malicious server
+      or leverage Man-in-the-Middle attacks to cause the execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Urban Terror users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=games-fps/urbanterror-4.3.2_p20170426"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1412">CVE-2011-1412</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2764">CVE-2011-2764</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3012">CVE-2011-3012</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3345">CVE-2012-3345</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-09T11:09:47Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-22T17:57:40Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-24.xml b/metadata/glsa/glsa-201706-24.xml
new file mode 100644
index 000000000000..1d192754bd78
--- /dev/null
+++ b/metadata/glsa/glsa-201706-24.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-24">
+  <title>jbig2dec: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in jbig2dec, the worst of
+    which might allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">jbig2dec</product>
+  <announced>2017-06-22</announced>
+  <revised count="1">2017-06-22</revised>
+  <bug>545234</bug>
+  <bug>607188</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jbig2dec" auto="yes" arch="*">
+      <unaffected range="ge">0.13-r1</unaffected>
+      <vulnerable range="lt">0.13-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>jbig2dec is a decoder implementation of the JBIG2 image compression
+      format.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in jbig2dec. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to process a
+      specially crafted JBIG2 image file using an application linked against
+      jbig2dec library, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All jbig2dec users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/jbig2dec-0.13-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9601">CVE-2016-9601</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-24T05:06:12Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-22T18:31:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-25.xml b/metadata/glsa/glsa-201706-25.xml
new file mode 100644
index 000000000000..20c72ead8e7a
--- /dev/null
+++ b/metadata/glsa/glsa-201706-25.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-25">
+  <title>Graphite: User-assisted execution of arbitrary code</title>
+  <synopsis>An out-of-bounds write in Graphite might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">graphite</product>
+  <announced>2017-06-22</announced>
+  <revised count="1">2017-06-22</revised>
+  <bug>616034</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphite2" auto="yes" arch="*">
+      <unaffected range="ge">1.3.8-r1</unaffected>
+      <vulnerable range="lt">1.3.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Graphite is a “smart font” system developed specifically to handle
+      the complexities of lesser-known languages of the world.
+    </p>
+  </background>
+  <description>
+    <p>An out-of-bounds write has been found in the Graphite 2 library.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      document using Graphite or an application linked against Graphite
+      library, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Graphite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphite2-1.3.8-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5436">CVE-2017-5436</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-21T07:18:42Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-22T19:02:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-26.xml b/metadata/glsa/glsa-201706-26.xml
new file mode 100644
index 000000000000..ebba96d1f398
--- /dev/null
+++ b/metadata/glsa/glsa-201706-26.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-26">
+  <title>Vim, gVim: Remote execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in Vim and gVim, the worst
+    of which might allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">vim,gvim</product>
+  <announced>2017-06-22</announced>
+  <revised count="1">2017-06-22</revised>
+  <bug>609150</bug>
+  <bug>611386</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/vim" auto="yes" arch="*">
+      <unaffected range="ge">8.0.0386</unaffected>
+      <vulnerable range="lt">8.0.0386</vulnerable>
+    </package>
+    <package name="app-editors/gvim" auto="yes" arch="*">
+      <unaffected range="ge">8.0.0386</unaffected>
+      <vulnerable range="lt">8.0.0386</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Vim is an efficient, highly configurable improved version of the classic
+      ‘vi’ text editor. gVim is the GUI version of Vim.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Vim and gVim. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted spell
+      file using Vim or gVim, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Vim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/vim-8.0.0386"
+    </code>
+    
+    <p>All gVim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/gvim-8.0.0386"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5953">CVE-2017-5953</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6349">CVE-2017-6349</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6350">CVE-2017-6350</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-24T05:30:35Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-22T19:18:53Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-27.xml b/metadata/glsa/glsa-201706-27.xml
new file mode 100644
index 000000000000..83f3b8f85752
--- /dev/null
+++ b/metadata/glsa/glsa-201706-27.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-27">
+  <title>FreeRADIUS: Security bypass</title>
+  <synopsis>A vulnerability in FreeRADIUS might allow remote attackers to
+    bypass authentication.
+  </synopsis>
+  <product type="ebuild">freeradius</product>
+  <announced>2017-06-27</announced>
+  <revised count="1">2017-06-27</revised>
+  <bug>620186</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">3.0.14</unaffected>
+      <vulnerable range="lt">3.0.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeRADIUS is an open source RADIUS authentication server.</p>
+  </background>
+  <description>
+    <p>It was discovered that the implementation of TTLS and PEAP in FreeRADIUS
+      skips inner authentication when it handles a resumed TLS connection. The
+      affected versions of FreeRADIUS fails to reliably prevent the resumption
+      of unauthenticated sessions unless the TLS session cache is disabled
+      completely.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote user can bypass authentication by starting a
+      session, and then resuming an unauthenticated TLS session before inner
+      authentication has been completed successfully.
+    </p>
+  </impact>
+  <workaround>
+    <p>Set “enabled = no” in the cache subsection of eap module settings to
+      disable TLS session caching.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All FreeRADIUS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/freeradius-3.0.14"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9148">CVE-2017-9148</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-09T12:42:38Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-27T09:57:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-28.xml b/metadata/glsa/glsa-201706-28.xml
new file mode 100644
index 000000000000..48fc132a6594
--- /dev/null
+++ b/metadata/glsa/glsa-201706-28.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-28">
+  <title>LibreOffice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibreOffice, the worst
+    of which allows for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libreoffice</product>
+  <announced>2017-06-27</announced>
+  <revised count="1">2017-06-27</revised>
+  <bug>616472</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/libreoffice" auto="yes" arch="*">
+      <unaffected range="ge">5.2.7.2</unaffected>
+      <vulnerable range="lt">5.2.7.2</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">5.2.7.2</unaffected>
+      <vulnerable range="lt">5.2.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibreOffice is a powerful office suite; its clean interface and powerful
+      tools let you unleash your creativity and grow your productivity.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibreOffice. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using LibreOffice, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibreOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-5.2.7.2"
+    </code>
+    
+    <p>All LibreOffice binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-5.2.7.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10327">
+      CVE-2016-10327
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7870">CVE-2017-7870</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-08T18:53:54Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-27T09:57:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201706-29.xml b/metadata/glsa/glsa-201706-29.xml
new file mode 100644
index 000000000000..fc18b9223015
--- /dev/null
+++ b/metadata/glsa/glsa-201706-29.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-29">
+  <title>KAuth and KDELibs: Privilege escalation</title>
+  <synopsis>A vulnerability in KAuth and KDELibs allows local users to gain
+    root privileges.
+  </synopsis>
+  <product type="ebuild">kauth,kdelibs</product>
+  <announced>2017-06-27</announced>
+  <revised count="1">2017-06-27</revised>
+  <bug>618108</bug>
+  <access>local</access>
+  <affected>
+    <package name="kde-frameworks/kauth" auto="yes" arch="*">
+      <unaffected range="ge">5.29.0-r1</unaffected>
+      <vulnerable range="lt">5.29.0-r1</vulnerable>
+    </package>
+    <package name="kde-frameworks/kdelibs" auto="yes" arch="*">
+      <unaffected range="ge">4.14.32</unaffected>
+      <vulnerable range="lt">4.14.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KAuth provides a convenient, system-integrated way to offload actions
+      that need to be performed as a privileged user (root, for example) to
+      small (hopefully secure) helper utilities.
+    </p>
+    
+    <p>The KDE libraries, basis of KDE and used by many open source projects.</p>
+  </background>
+  <description>
+    <p>KAuth and KDELibs contains a logic flaw in which the service invoking
+      D-Bus is not properly checked. This allows spoofing the identity of the
+      caller and with some carefully crafted calls can lead to gaining root
+      from an unprivileged account.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could spoof the identity of the caller invoking D-Bus,
+      possibly resulting in gaining privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KAuth users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-frameworks/kauth-5.29.0-r1"
+    </code>
+    
+    <p>All KDELibs users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-frameworks/kdelibs-4.14.32"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8422">CVE-2017-8422</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-06T14:01:55Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-27T09:58:27Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-01.xml b/metadata/glsa/glsa-201707-01.xml
new file mode 100644
index 000000000000..fb852432617f
--- /dev/null
+++ b/metadata/glsa/glsa-201707-01.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-01">
+  <title>IcedTea: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in IcedTea, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">icedtea</product>
+  <announced>2017-07-05</announced>
+  <revised count="1">2017-07-05</revised>
+  <bug>607676</bug>
+  <bug>609562</bug>
+  <bug>618874</bug>
+  <bug>619458</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="7">7.2.6.10</unaffected>
+      <unaffected range="ge" slot="8">3.4.0</unaffected>
+      <vulnerable range="lt">7.2.6.10</vulnerable>
+      <vulnerable range="lt">3.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy
+      configuration, compilation and distribution with the primary goal of
+      allowing inclusion in GNU/Linux distributions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in IcedTea. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+    
+    <p>Note: If the web browser plug-in provided by the dev-java/icedtea-web
+      package was installed, the issues exposed via Java applets could have
+      been exploited without user interaction if a user visited a malicious
+      website.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, gain access to information, or cause a Denial
+      of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All IcedTea binary 7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-7.2.6.10:7"
+    </code>
+    
+    <p>All IcedTea binary 3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-3.4.0:8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183">CVE-2016-2183</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5546">CVE-2016-5546</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5547">CVE-2016-5547</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5548">CVE-2016-5548</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5549">CVE-2016-5549</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5552">CVE-2016-5552</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3231">CVE-2017-3231</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3241">CVE-2017-3241</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3252">CVE-2017-3252</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3253">CVE-2017-3253</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3260">CVE-2017-3260</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3261">CVE-2017-3261</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3272">CVE-2017-3272</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3289">CVE-2017-3289</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3509">CVE-2017-3509</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3511">CVE-2017-3511</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3512">CVE-2017-3512</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3514">CVE-2017-3514</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3526">CVE-2017-3526</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3533">CVE-2017-3533</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3539">CVE-2017-3539</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3544">CVE-2017-3544</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-31T16:38:05Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-07-05T09:02:19Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-02.xml b/metadata/glsa/glsa-201707-02.xml
new file mode 100644
index 000000000000..195a8a40f865
--- /dev/null
+++ b/metadata/glsa/glsa-201707-02.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-02">
+  <title>Game Music Emu: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Game Music Emu, the
+    worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">game-music-emu</product>
+  <announced>2017-07-08</announced>
+  <revised count="2">2017-08-06</revised>
+  <bug>603092</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/game-music-emu" auto="yes" arch="*">
+      <unaffected range="ge">0.6.1</unaffected>
+      <vulnerable range="lt">0.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Game Music Emu is a multi-purpose console music emulator and player
+      library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Game Music Emu. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted SPC
+      music file, using Game Music Emu or an application linked against the
+      Game Music Emu library, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Game Music Emu users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/game-music-emu-0.6.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9957">CVE-2016-9957</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9958">CVE-2016-9958</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9959">CVE-2016-9959</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9960">CVE-2016-9960</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9961">CVE-2016-9961</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-24T05:27:52Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:04:13Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-03.xml b/metadata/glsa/glsa-201707-03.xml
new file mode 100644
index 000000000000..64c44c93e7a7
--- /dev/null
+++ b/metadata/glsa/glsa-201707-03.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-03">
+  <title>phpMyAdmin: Security bypass</title>
+  <synopsis>A vulnerability in phpMyAdmin might allow remote attackers to
+    bypass authentication.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2017-07-08</announced>
+  <revised count="2">2017-08-06</revised>
+  <bug>614522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">4.0.10.20</unaffected>
+      <unaffected range="ge">4.7.0</unaffected>
+      <vulnerable range="lt">4.0.10.20</vulnerable>
+      <vulnerable range="lt">4.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered where the restrictions caused by
+      “$cfg[‘Servers’][$i][‘AllowNoPassword’] = false” are bypassed
+      under certain PHP versions. This can lead compromised user accounts, who
+      have no passwords set, even if the administrator has set
+      “$cfg[‘Servers’][$i][‘AllowNoPassword’]” to false (which is
+      the default).
+    </p>
+    
+    <p>This behavior depends on the PHP version used (it seems PHP 5 is
+      affected, while PHP 7.0 is not).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, who only needs to know the username, could bypass
+      security restrictions and access phpMyAdmin.
+    </p>
+  </impact>
+  <workaround>
+    <p>Set a password for all users.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin 4.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-db/phpmyadmin-4.0.10.20:4.0.10.20"
+    </code>
+    
+    <p>All other phpMyAdmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.7.0:4.7.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://www.phpmyadmin.net/security/PMASA-2017-8/">PMASA-2017-8</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-28T01:10:27Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:05:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-04.xml b/metadata/glsa/glsa-201707-04.xml
new file mode 100644
index 000000000000..661341bd5746
--- /dev/null
+++ b/metadata/glsa/glsa-201707-04.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-04">
+  <title>libsndfile: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libsndfile, the worst
+    of which might allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libsndfile</product>
+  <announced>2017-07-08</announced>
+  <revised count="2">2017-08-06</revised>
+  <bug>618010</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsndfile" auto="yes" arch="*">
+      <unaffected range="ge">1.0.28</unaffected>
+      <vulnerable range="lt">1.0.28</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libsndfile is a C library for reading and writing files containing
+      sampled sound.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libsndfile. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file,
+      possibly resulting in the execution of arbitrary code with the privileges
+      of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libsndfile users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libsndfile-1.0.28"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7585">CVE-2017-7585</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7586">CVE-2017-7586</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7741">CVE-2017-7741</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7742">CVE-2017-7742</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-21T07:41:05Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:06:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-05.xml b/metadata/glsa/glsa-201707-05.xml
new file mode 100644
index 000000000000..89c451bc6df1
--- /dev/null
+++ b/metadata/glsa/glsa-201707-05.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-05">
+  <title>OpenSLP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSLP, the worst of
+    which allows remote attackers to cause a Denial of Service condition or
+    other unspecified impacts.
+  </synopsis>
+  <product type="ebuild">OpenSLP</product>
+  <announced>2017-07-08</announced>
+  <revised count="3">2017-08-06</revised>
+  <bug>360061</bug>
+  <bug>434918</bug>
+  <bug>583396</bug>
+  <bug>595542</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/openslp" auto="yes" arch="*">
+      <unaffected range="ge">2.0.0-r4</unaffected>
+      <vulnerable range="lt">2.0.0-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSLP is an open-source implementation of Service Location Protocol
+      (SLP).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSLP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition or
+      have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSLP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/openslp-2.0.0-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3609">CVE-2010-3609</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4428">CVE-2012-4428</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4912">CVE-2016-4912</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7567">CVE-2016-7567</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-21T02:50:48Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:06:57Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-06.xml b/metadata/glsa/glsa-201707-06.xml
new file mode 100644
index 000000000000..625288b2f541
--- /dev/null
+++ b/metadata/glsa/glsa-201707-06.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-06">
+  <title>virglrenderer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in virglrenderer, the
+    worst of which could allow local guest OS users to cause a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">virglrenderer</product>
+  <announced>2017-07-08</announced>
+  <revised count="2">2017-08-06</revised>
+  <bug>606996</bug>
+  <bug>607022</bug>
+  <bug>608734</bug>
+  <bug>609400</bug>
+  <bug>609402</bug>
+  <bug>609492</bug>
+  <bug>609494</bug>
+  <bug>610678</bug>
+  <bug>610680</bug>
+  <bug>611378</bug>
+  <bug>611380</bug>
+  <bug>611382</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-libs/virglrenderer" auto="yes" arch="*">
+      <unaffected range="ge">0.6.0</unaffected>
+      <vulnerable range="lt">0.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A virtual 3D GPU library, that allows the guest operating system to use
+      the host GPU to accelerate 3D rendering.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in virglrenderer. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All virglrenderer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/virglrenderer-0.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10163">
+      CVE-2016-10163
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10214">
+      CVE-2016-10214
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5580">CVE-2017-5580</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5956">CVE-2017-5956</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5957">CVE-2017-5957</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5993">CVE-2017-5993</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5994">CVE-2017-5994</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6209">CVE-2017-6209</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6210">CVE-2017-6210</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6317">CVE-2017-6317</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6355">CVE-2017-6355</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6386">CVE-2017-6386</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-05T00:14:09Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:08:07Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-07.xml b/metadata/glsa/glsa-201707-07.xml
new file mode 100644
index 000000000000..4fb4c82b3a86
--- /dev/null
+++ b/metadata/glsa/glsa-201707-07.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-07">
+  <title>JasPer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in JasPer, the worst of
+    which could could allow an attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">JasPer</product>
+  <announced>2017-07-08</announced>
+  <revised count="2">2017-08-06</revised>
+  <bug>559164</bug>
+  <bug>559168</bug>
+  <bug>571256</bug>
+  <bug>599430</bug>
+  <bug>602848</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jasper" auto="yes" arch="*">
+      <unaffected range="ge">2.0.12</unaffected>
+      <vulnerable range="lt">2.0.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>JasPer is a software-based implementation of the codec specified in the
+      JPEG-2000 Part-1 standard.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in JasPer. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using JasPer possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All JasPer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/jasper-2.0.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5203">CVE-2015-5203</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8751">CVE-2015-8751</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9262">CVE-2016-9262</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9591">CVE-2016-9591</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-30T19:55:35Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:08:50Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-08.xml b/metadata/glsa/glsa-201707-08.xml
new file mode 100644
index 000000000000..d2b1478d5691
--- /dev/null
+++ b/metadata/glsa/glsa-201707-08.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-08">
+  <title>feh: Arbitrary remote code execution</title>
+  <synopsis>A vulnerability in feh might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">feh</product>
+  <announced>2017-07-08</announced>
+  <revised count="2">2017-08-06</revised>
+  <bug>616470</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/feh" auto="yes" arch="*">
+      <unaffected range="ge">2.18.3</unaffected>
+      <vulnerable range="lt">2.18.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>feh is an X11 image viewer aimed mostly at console users.</p>
+  </background>
+  <description>
+    <p>Tobias Stoeckmann discovered it was possible to trigger an
+      out-of-boundary heap write with the image viewer feh while receiving an
+      IPC message.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, pretending to be the E17 window manager, could
+      possibly trigger an out-of-boundary heap write in feh while receiving an
+      IPC message.  This could result in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All feh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/feh-2.18.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7875">CVE-2017-7875</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-05T00:04:28Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:09:29Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-09.xml b/metadata/glsa/glsa-201707-09.xml
new file mode 100644
index 000000000000..19ed1df6f664
--- /dev/null
+++ b/metadata/glsa/glsa-201707-09.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-09">
+  <title>GNOME applet for NetworkManager: Arbitrary file read/write</title>
+  <synopsis>A vulnerability has been found in GNOME applet for NetworkManager
+    allowing local attackers to access the local filesystem.
+  </synopsis>
+  <product type="ebuild">nm-applet</product>
+  <announced>2017-07-08</announced>
+  <revised count="2">2017-08-06</revised>
+  <bug>613768</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-extra/nm-applet" auto="yes" arch="*">
+      <unaffected range="ge">1.4.6-r1</unaffected>
+      <vulnerable range="lt">1.4.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNOME applet for NetworkManager is a GTK+ 3 front-end which works under
+      Xorg environments with a systray.
+    </p>
+  </background>
+  <description>
+    <p>Frederic Bardy and Quentin Biguenet discovered that GNOME applet for
+      NetworkManager incorrectly checked permissions when connecting to certain
+      wireless networks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could bypass security restrictions at the login screen
+      to access local files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNOME applet for NetworkManager users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=gnome-extra/nm-applet-1.4.6-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6590">CVE-2017-6590</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-02T12:44:50Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:10:08Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-10.xml b/metadata/glsa/glsa-201707-10.xml
new file mode 100644
index 000000000000..de1c47bee596
--- /dev/null
+++ b/metadata/glsa/glsa-201707-10.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-10">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VLC, the worst of which
+    may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2017-07-08</announced>
+  <revised count="1">2017-07-08</revised>
+  <bug>619494</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">2.2.6</unaffected>
+      <vulnerable range="lt">2.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VLC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted
+      subtitles file, could possibly execute arbitrary code with the privileges
+      of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-2.2.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8310">CVE-2017-8310</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8311">CVE-2017-8311</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8312">CVE-2017-8312</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8313">CVE-2017-8313</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-28T11:50:57Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-07-08T20:11:58Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-11.xml b/metadata/glsa/glsa-201707-11.xml
new file mode 100644
index 000000000000..3ad5a2a32a87
--- /dev/null
+++ b/metadata/glsa/glsa-201707-11.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-11">
+  <title>RoundCube: Security bypass</title>
+  <synopsis>A vulnerability in RoundCube may allow authenticated users to
+    bypass security restrictions.
+  </synopsis>
+  <product type="ebuild">roundcube</product>
+  <announced>2017-07-08</announced>
+  <revised count="1">2017-07-08</revised>
+  <bug>618322</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/roundcube" auto="yes" arch="*">
+      <unaffected range="ge">1.2.5</unaffected>
+      <vulnerable range="lt">1.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Free and open source webmail software for the masses, written in PHP.</p>
+  </background>
+  <description>
+    <p>Authenticated users can arbitrarily reset passwords due to a problem
+      caused by an improperly restricted exec call in the virtualmin and sasl
+      drivers of the password plugin.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Authenticated users can bypass security restrictions and elevate
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RoundCube users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/roundcube-1.2.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8114">CVE-2017-8114</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-19T11:26:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-07-08T20:12:11Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-12.xml b/metadata/glsa/glsa-201707-12.xml
new file mode 100644
index 000000000000..1ef7787eb02c
--- /dev/null
+++ b/metadata/glsa/glsa-201707-12.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-12">
+  <title>MAN DB: Privilege escalation</title>
+  <synopsis>A vulnerability in MAN DB allows local users to gain root
+    privileges.
+  </synopsis>
+  <product type="ebuild">man-db</product>
+  <announced>2017-07-09</announced>
+  <revised count="2">2017-08-06</revised>
+  <bug>602588</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/man-db" auto="yes" arch="*">
+      <unaffected range="ge">2.7.6.1-r2</unaffected>
+      <vulnerable range="lt">2.7.6.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MAN DB is a man replacement that utilizes BerkelyDB instead of flat
+      files.
+    </p>
+  </background>
+  <description>
+    <p>The /var/cache/man directory as part of the MAN DB package has group
+      permissions set to root.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local user who does not belong to the root group, but has the ability
+      to modify the /var/cache/man directory can escalate privileges to the
+      group root.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MAN DB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/man-db-2.7.6.1-r2:0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1336">CVE-2015-1336</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-01-18T16:57:30Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:10:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-13.xml b/metadata/glsa/glsa-201707-13.xml
new file mode 100644
index 000000000000..dda2df5595e6
--- /dev/null
+++ b/metadata/glsa/glsa-201707-13.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-13">
+  <title>libcroco: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libcroco, the worst of
+    which may have unspecified impacts.
+  </synopsis>
+  <product type="ebuild">libcroco</product>
+  <announced>2017-07-09</announced>
+  <revised count="3">2017-08-06</revised>
+  <bug>618012</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libcroco" auto="yes" arch="*">
+      <unaffected range="ge">0.6.12-r1</unaffected>
+      <vulnerable range="lt">0.6.12-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libcroco is a standalone CSS2 parsing and manipulation library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libcroco. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted CSS
+      file possibly resulting in a Denial of Service condition or other
+      unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libcroco users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libcroco-0.6.12-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7960">CVE-2017-7960</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7961">CVE-2017-7961</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-21T07:37:50Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-06T11:11:14Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-14.xml b/metadata/glsa/glsa-201707-14.xml
new file mode 100644
index 000000000000..ba4e8ef4a235
--- /dev/null
+++ b/metadata/glsa/glsa-201707-14.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-14">
+  <title>Gajim: Information disclosure</title>
+  <synopsis>A vulnerability in Gajim might allow remote attackers to intercept
+    encrypted communications.
+  </synopsis>
+  <product type="ebuild">gajim</product>
+  <announced>2017-07-10</announced>
+  <revised count="1">2017-07-10</revised>
+  <bug>620146</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/gajim" auto="yes" arch="*">
+      <unaffected range="ge">0.16.6-r1</unaffected>
+      <vulnerable range="lt">0.16.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Gajim is a Jabber/XMPP client which uses GTK+.</p>
+  </background>
+  <description>
+    <p>Gajim unconditionally implements the “XEP-0146: Remote Controlling
+      Clients” extension.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to connect to a malicious XMPP
+      server, could extract plaintext from Off The Record (OTR) encrypted
+      sessions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Gajim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/gajim-0.16.6-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10376">
+      CVE-2016-10376
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-07-04T21:23:24Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-07-10T00:02:36Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201707-15.xml b/metadata/glsa/glsa-201707-15.xml
new file mode 100644
index 000000000000..9c6215716976
--- /dev/null
+++ b/metadata/glsa/glsa-201707-15.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201707-15">
+  <title>Adobe Flash Player: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobeflashplayer</product>
+  <announced>2017-07-21</announced>
+  <revised count="1">2017-07-21</revised>
+  <bug>621680</bug>
+  <bug>624620</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">26.0.0.137</unaffected>
+      <vulnerable range="lt">26.0.0.137</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-26.0.0.137"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3075">CVE-2017-3075</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3076">CVE-2017-3076</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3077">CVE-2017-3077</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3078">CVE-2017-3078</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3079">CVE-2017-3079</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3080">CVE-2017-3080</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3081">CVE-2017-3081</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3082">CVE-2017-3082</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3083">CVE-2017-3083</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3084">CVE-2017-3084</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3099">CVE-2017-3099</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3100">CVE-2017-3100</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-07-16T01:48:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-07-21T23:12:54Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-01.xml b/metadata/glsa/glsa-201708-01.xml
new file mode 100644
index 000000000000..63b94844e5c0
--- /dev/null
+++ b/metadata/glsa/glsa-201708-01.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-01">
+  <title>BIND: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, the worst of
+    which allows remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2017-08-17</announced>
+  <revised count="1">2017-08-17</revised>
+  <bug>605454</bug>
+  <bug>608740</bug>
+  <bug>615420</bug>
+  <bug>621730</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.11.1_p1</unaffected>
+      <vulnerable range="lt">9.11.1_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted DNS request to the BIND
+      resolver resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BIND users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.11.1_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9131">CVE-2016-9131</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9147">CVE-2016-9147</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9444">CVE-2016-9444</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9778">CVE-2016-9778</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3135">CVE-2017-3135</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3136">CVE-2017-3136</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3137">CVE-2017-3137</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3138">CVE-2017-3138</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3140">CVE-2017-3140</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3141">CVE-2017-3141</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-08T18:18:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-08-17T02:10:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-02.xml b/metadata/glsa/glsa-201708-02.xml
new file mode 100644
index 000000000000..feae06e43313
--- /dev/null
+++ b/metadata/glsa/glsa-201708-02.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-02">
+  <title>TNEF: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in TNEF, the worst of
+    which allows remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tnef</product>
+  <announced>2017-08-17</announced>
+  <revised count="1">2017-08-17</revised>
+  <bug>611426</bug>
+  <bug>618658</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/tnef" auto="yes" arch="*">
+      <unaffected range="ge">1.4.15</unaffected>
+      <vulnerable range="lt">1.4.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TNEF is a program for unpacking MIME attachments of type
+      “application/ms-tnef”.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in TNEF. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      MIME attachment of type “application/ms-tnef” using TNEF, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TNEF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/tnef-1.4.15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6307">CVE-2017-6307</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6308">CVE-2017-6308</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6309">CVE-2017-6309</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6310">CVE-2017-6310</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8911">CVE-2017-8911</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-21T07:12:51Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-17T03:12:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-04.xml b/metadata/glsa/glsa-201708-04.xml
new file mode 100644
index 000000000000..69c6e762e429
--- /dev/null
+++ b/metadata/glsa/glsa-201708-04.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-04">
+  <title>Ked Password Manager: Information leak</title>
+  <synopsis>An insecure file usage has been reported in Ked Password Manager
+    possibly allowing confidential information to be disclosed.
+  </synopsis>
+  <product type="ebuild">kedpm</product>
+  <announced>2017-08-21</announced>
+  <revised count="3">2017-08-26</revised>
+  <bug>616690</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-admin/kedpm" auto="yes" arch="*">
+      <vulnerable range="le">0.4.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Helps to manage large numbers of passwords and related information and
+      simplifies the tasks of searching and entering password data.
+    </p>
+  </background>
+  <description>
+    <p>A history file in ~/.kedpm/history is written in clear text. All of the
+      commands performed in the password manager are written there. This can
+      lead to the disclosure of the master password if the “password”
+      command is used with an argument. The names of the password entries
+      created and consulted are also accessible in clear text.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could obtain confidential information.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo Security recommends that users unmerge Ked Password Manager:</p>
+    
+    <code>
+      # emerge --unmerge "app-admin/kedpm"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8296">CVE-2017-8296</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-08-14T23:18:50Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-08-26T14:46:29Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-05.xml b/metadata/glsa/glsa-201708-05.xml
new file mode 100644
index 000000000000..2af512abac2b
--- /dev/null
+++ b/metadata/glsa/glsa-201708-05.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-05">
+  <title>RAR and UnRAR: User-assisted execution of arbitrary code</title>
+  <synopsis>An integer overflow in RAR and UnRAR might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rar,unrar</product>
+  <announced>2017-08-21</announced>
+  <revised count="1">2017-08-21</revised>
+  <bug>622342</bug>
+  <bug>622382</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/rar" auto="yes" arch="*">
+      <unaffected range="ge">5.5.0_beta4_p20170628</unaffected>
+      <vulnerable range="lt">5.5.0_beta4_p20170628</vulnerable>
+    </package>
+    <package name="app-arch/unrar" auto="yes" arch="*">
+      <unaffected range="ge">5.5.5</unaffected>
+      <vulnerable range="lt">5.5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RAR and UnRAR provide command line interfaces for compressing and
+      decompressing RAR files.
+    </p>
+  </background>
+  <description>
+    <p>A VMSF_DELTA memory corruption was discovered in which an integer
+      overflow can be caused in DataSize+CurChannel. The result is a negative
+      value of the “DestPos” variable which allows writing out of bounds
+      when setting Mem[DestPos].
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted
+      archive, could execute arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RAR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-arch/rar-5.5.0_beta4_p20170628"
+    </code>
+    
+    <p>All UnRAR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/unrar-5.5.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6706">CVE-2012-6706</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-21T12:23:53Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-08-21T01:03:02Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-06.xml b/metadata/glsa/glsa-201708-06.xml
new file mode 100644
index 000000000000..c4a223d488cb
--- /dev/null
+++ b/metadata/glsa/glsa-201708-06.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-06">
+  <title>GPL Ghostscript: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
+    worst of which can resulting in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ghostscriptgpl</product>
+  <announced>2017-08-21</announced>
+  <revised count="1">2017-08-21</revised>
+  <bug>616814</bug>
+  <bug>617016</bug>
+  <bug>617018</bug>
+  <bug>617020</bug>
+  <bug>617022</bug>
+  <bug>618818</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">9.21</unaffected>
+      <vulnerable range="lt">9.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
+      review the CVE identifiers referenced below for additional information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted PostScript file or PDF document using GPL Ghostscript possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-9.21"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10219">
+      CVE-2016-10219
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10220">
+      CVE-2016-10220
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5951">CVE-2017-5951</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6196">CVE-2017-6196</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7207">CVE-2017-7207</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8291">CVE-2017-8291</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-07-17T22:58:42Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-08-21T01:03:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-07.xml b/metadata/glsa/glsa-201708-07.xml
new file mode 100644
index 000000000000..00364d8b84db
--- /dev/null
+++ b/metadata/glsa/glsa-201708-07.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-07">
+  <title>evilvte: User-assisted execution of arbitrary code </title>
+  <synopsis>Improper hypertext validation might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">evilvte</product>
+  <announced>2017-08-21</announced>
+  <revised count="2">2017-08-26</revised>
+  <bug>611290</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-terms/evilvte" auto="yes" arch="*">
+      <vulnerable range="le">0.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VTE based, highly customizable terminal emulator</p>
+  </background>
+  <description>
+    <p>Steve Kemp of Debian identified a flaw in evilvte which does not
+      properly validate hypertext links.  Please review the Debian bug report
+      referenced below.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code by enticing a user to
+      click a hyperlink in their terminal.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo Security recommends that users unmerge evilvte:</p>
+    
+    <code>
+      # emerge --unmerge "x11-terms/evilvte"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854585">Debian
+      Bug #854585
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-08-14T23:29:51Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-08-26T14:45:16Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-08.xml b/metadata/glsa/glsa-201708-08.xml
new file mode 100644
index 000000000000..9e374ef5653f
--- /dev/null
+++ b/metadata/glsa/glsa-201708-08.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-08">
+  <title>bzip2: Denial of service</title>
+  <synopsis>An use-after-free vulnerability has been found in bzip2 that could
+    allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">bzip2</product>
+  <announced>2017-08-21</announced>
+  <revised count="1">2017-08-21</revised>
+  <bug>620466</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/bzip2" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6-r8</unaffected>
+      <vulnerable range="lt">1.0.6-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>bzip2 is a high-quality data compressor used extensively by Gentoo
+      Linux.
+    </p>
+  </background>
+  <description>
+    <p>A use-after-free flaw was found in bzip2recover, leading to a null
+      pointer dereference, or a write to a closed file descriptor. Please
+      review the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      bzip2 archive using bzip2recover, possibly resulting in a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All bzip2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/bzip2-1.0.6-r8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3189">CVE-2016-3189</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-04T20:39:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-08-21T01:24:45Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-09.xml b/metadata/glsa/glsa-201708-09.xml
new file mode 100644
index 000000000000..7919098d3e93
--- /dev/null
+++ b/metadata/glsa/glsa-201708-09.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-09">
+  <title>AutoTrace: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in AutoTrace, the worst of
+    which could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">autotrace</product>
+  <announced>2017-08-26</announced>
+  <revised count="1">2017-08-26</revised>
+  <bug>613992</bug>
+  <bug>619040</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/autotrace" auto="yes" arch="*">
+      <vulnerable range="le">0.31.1-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>AutoTrace converts bitmap to vector graphics.</p>
+  </background>
+  <description>
+    <p>Heap-based buffer overflows have been discovered in the
+      pstoedit_suffix_table_init and pnm_load_rawpbm functions of AutoTrace.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to process a crafted bmp image
+      file, could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for AutoTrace. We recommend that users
+      unmerge AutoTrace:
+    </p>
+    
+    <code>
+      # emerge --unmerge "media-gfx/autotrace"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7392">CVE-2016-7392</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9153">CVE-2017-9153</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-08-22T03:00:50Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-08-26T14:47:40Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201708-10.xml b/metadata/glsa/glsa-201708-10.xml
new file mode 100644
index 000000000000..e2c9688c130f
--- /dev/null
+++ b/metadata/glsa/glsa-201708-10.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201708-10">
+  <title>jbig2dec: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple integer overflow flaws have been discovered in jbig2dec,
+    possibly resulting in execution of arbitrary code or Denial of Service.
+  </synopsis>
+  <product type="ebuild">jbig2dec</product>
+  <announced>2017-08-26</announced>
+  <revised count="1">2017-08-26</revised>
+  <bug>616464</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jbig2dec" auto="yes" arch="*">
+      <unaffected range="ge">0.13-r4</unaffected>
+      <vulnerable range="lt">0.13-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>jbig2dec is a decoder implementation of the JBIG2 image compression
+      format.
+    </p>
+  </background>
+  <description>
+    <p>Integer overflow errors have been discovered in the
+      jbig2_decode_symbol_dict, jbig2_build_huffman_table, and
+      jbig2_image_compose functions of jbig2dec.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted JBIG2
+      file using an application linked against jbig2dec, could possibly execute
+      arbitrary code with the privileges of the process or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All jbig2dec users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/jbig2dec-0.13-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7885">CVE-2017-7885</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7975">CVE-2017-7975</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7976">CVE-2017-7976</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-08-02T02:58:46Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-08-26T14:52:50Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-01.xml b/metadata/glsa/glsa-201709-01.xml
new file mode 100644
index 000000000000..3976bced275d
--- /dev/null
+++ b/metadata/glsa/glsa-201709-01.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-01">
+  <title>MCollective: Remote Code Execution</title>
+  <synopsis>A vulnerability in MCollective might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mcollective</product>
+  <announced>2017-09-04</announced>
+  <revised count="1">2017-09-04</revised>
+  <bug>624704</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/mcollective" auto="yes" arch="*">
+      <unaffected range="ge">2.11.0</unaffected>
+      <vulnerable range="lt">2.11.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MCollective is a framework to build server orchestration or parallel job
+      execution systems.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in MCollective which allowed for
+      deserialized YAML from agents without calling safe_load. This allows the
+      potential for arbitrary code execution on the server.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MCollective users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/mcollective-2.11.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2292">CVE-2017-2292</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-08-26T22:18:27Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2017-09-04T22:33:20Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-02.xml b/metadata/glsa/glsa-201709-02.xml
new file mode 100644
index 000000000000..49a6314f5c8f
--- /dev/null
+++ b/metadata/glsa/glsa-201709-02.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-02">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
+    which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>618006</bug>
+  <bug>618514</bug>
+  <bug>618516</bug>
+  <bug>618520</bug>
+  <bug>618826</bug>
+  <bug>621130</bug>
+  <bug>624524</bug>
+  <bug>624702</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.28.1</unaffected>
+      <vulnerable range="lt">2.28.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      References for additional information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to compile/execute a specially
+      crafted ELF file, PE File, or binary file, could possibly cause a Denial
+      of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.28.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6965">
+      CVE-2017-6965
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6966">
+      CVE-2017-6966
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6969">
+      CVE-2017-6969
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7614">
+      CVE-2017-7614
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8392">
+      CVE-2017-8392
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8393">
+      CVE-2017-8393
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8394">
+      CVE-2017-8394
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8395">
+      CVE-2017-8395
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8396">
+      CVE-2017-8396
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8397">
+      CVE-2017-8397
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8398">
+      CVE-2017-8398
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8421">
+      CVE-2017-8421
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9038">
+      CVE-2017-9038
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9039">
+      CVE-2017-9039
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9040">
+      CVE-2017-9040
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9041">
+      CVE-2017-9041
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9042">
+      CVE-2017-9042
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9742">
+      CVE-2017-9742
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9954">
+      CVE-2017-9954
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-16T22:31:03Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T15:30:04Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-03.xml b/metadata/glsa/glsa-201709-03.xml
new file mode 100644
index 000000000000..9494b906bfab
--- /dev/null
+++ b/metadata/glsa/glsa-201709-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-03">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>622442</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.16.5</unaffected>
+      <vulnerable range="lt">2.16.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, offers
+      Webkit’s full functionality and is used on a wide range of systems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
+      review the references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code via crafted web content.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.16.5"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2424">
+      CVE-2017-2424
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2538">
+      CVE-2017-2538
+    </uri>
+    <uri link="https://webkitgtk.org/security/WSA-2017-0005.html">WebkitGTK+
+      Security Announce
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-10T06:48:46Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T15:37:18Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-04.xml b/metadata/glsa/glsa-201709-04.xml
new file mode 100644
index 000000000000..0809d1471a18
--- /dev/null
+++ b/metadata/glsa/glsa-201709-04.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-04">
+  <title>mod_gnutls: Certificate validation error</title>
+  <synopsis>A vulnerability in mod_gnutls allows remote attackers to spoof
+    clients via crafted certificates.
+  </synopsis>
+  <product type="ebuild">mod_gnutls</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>541038</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/mod_gnutls" auto="yes" arch="*">
+      <unaffected range="ge">0.7.3</unaffected>
+      <vulnerable range="lt">0.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mod_gnutls is an extension for ​Apache’s httpd. It uses the
+      ​GnuTLS library to provide HTTPS. It supports some protocols and
+      features that mod_ssl does not.
+    </p>
+    
+  </background>
+  <description>
+    <p>It was discovered that the authentication hook in mod_gnutls does not
+      validate client’s certificates even when option
+      “GnuTLSClientVerify” is set to “require”.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could present a crafted certificate and spoof clients
+      data.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mod_gnutls users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apache/mod_gnutls-0.7.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2091">
+      CVE-2015-2091
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-17T21:37:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T15:43:18Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-05.xml b/metadata/glsa/glsa-201709-05.xml
new file mode 100644
index 000000000000..243bba352c32
--- /dev/null
+++ b/metadata/glsa/glsa-201709-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-05">
+  <title>chkrootkit: Local privilege escalation</title>
+  <synopsis>A vulnerability in chkrootkit may allow local users to gain root
+    privileges.
+  </synopsis>
+  <product type="ebuild">chkrootkit</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>512356</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-forensics/chkrootkit" auto="yes" arch="*">
+      <unaffected range="ge">0.50</unaffected>
+      <vulnerable range="lt">0.50</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>chkrootkit is a tool to locally check for signs of a rootkit.</p>
+  </background>
+  <description>
+    <p>When /tmp is mounted without the noexec option chkrootkit will execute
+      files in /tmp with root privileges.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could possibly execute arbitrary code with root
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>Users should mount /tmp with noexec option.</p>
+  </workaround>
+  <resolution>
+    <p>All chkrootkit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-forensics/chkrootkit-0.50"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0476">
+      CVE-2014-0476
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-10T06:30:28Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T15:44:38Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-06.xml b/metadata/glsa/glsa-201709-06.xml
new file mode 100644
index 000000000000..cae827678bd6
--- /dev/null
+++ b/metadata/glsa/glsa-201709-06.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-06">
+  <title>Supervisor: command injection vulnerability</title>
+  <synopsis>A vulnerability in Supervisor might allow remote attackers to
+    execute arbitrary code.
+    
+  </synopsis>
+  <product type="ebuild">supervisor</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>626100</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/supervisor" auto="yes" arch="*">
+      <unaffected range="ge">3.1.4</unaffected>
+      <vulnerable range="lt">3.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Supervisor is a client/server system that allows its users to monitor
+      and control a number of processes on UNIX-like operating systems.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in Supervisor was discovered in which an authenticated
+      client could send malicious XML-RPC requests and supervidord will run
+      them as shell commands with process privileges. In some cases,
+      supervisord is configured with root permissions.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Supervisor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "=app-admin/supervisor-3.1.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11610">
+      CVE-2017-11610
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-07-27T14:58:00Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T15:45:48Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-07.xml b/metadata/glsa/glsa-201709-07.xml
new file mode 100644
index 000000000000..044c0f88131a
--- /dev/null
+++ b/metadata/glsa/glsa-201709-07.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-07">
+  <title>Kpathsea: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in Kpathsea allows remote attackers to execute
+    arbitrary commands by manipulating the -tex option from mpost program.
+  </synopsis>
+  <product type="ebuild">kpathsea</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>612328</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/kpathsea" auto="yes" arch="*">
+      <unaffected range="ge">6.2.2_p20160523</unaffected>
+      <vulnerable range="lt">6.2.2_p20160523</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Kpathsea is a library to do path searching. It is used by TeX Live and
+      others TeX related software.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that the mpost program from the shell_escape_commands
+      list is capable of executing arbitrary external programs during the
+      conversion of .tex files. The responsible function is runpopen()
+      (texmfmp.c).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted .tex
+      file, could possibly execute arbitrary code with the privileges of the
+      process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Kpathsea users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-libs/kpathsea-6.2.2_p20160523"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10243">
+      CVE-2016-10243
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-17T20:59:54Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T15:47:02Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-08.xml b/metadata/glsa/glsa-201709-08.xml
new file mode 100644
index 000000000000..71e7a2e2f363
--- /dev/null
+++ b/metadata/glsa/glsa-201709-08.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-08">
+  <title>GDK-PixBuf: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GDK-PixBuf, the worst
+    of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gdk-pixbuf</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>592976</bug>
+  <bug>611390</bug>
+  <bug>630026</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gdk-pixbuf" auto="yes" arch="*">
+      <unaffected range="ge">2.36.9</unaffected>
+      <vulnerable range="lt">2.36.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GDK-PixBuf is an image loading library for GTK+.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GDK-PixBuf. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending a specially crafted TIFF, JPEG, or URL,
+      could execute arbitrary code with the privileges of the process or cause
+      a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GDK-PixBuf users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/gdk-pixbuf-2.36.9"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6311">
+      CVE-2017-6311
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6312">
+      CVE-2017-6312
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6313">
+      CVE-2017-6313
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6314">
+      CVE-2017-6314
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-10T23:08:28Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T15:48:14Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-09.xml b/metadata/glsa/glsa-201709-09.xml
new file mode 100644
index 000000000000..9767716e16b1
--- /dev/null
+++ b/metadata/glsa/glsa-201709-09.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-09">
+  <title>Subversion: Arbitrary code execution</title>
+  <synopsis>A command injection vulnerability in Subversion may allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">subversion</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>627480</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.9.7</unaffected>
+      <unaffected range="rgt">1.8.18</unaffected>
+      <vulnerable range="lt">1.9.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Subversion is a version control system intended to eventually replace
+      CVS. Like CVS, it has an optional client-server architecture (where the
+      server can be an Apache server running mod_svn, or an ssh program as in
+      CVS’s :ext: method). In addition to supporting the features found in
+      CVS, Subversion also provides support for moving and copying files and
+      directories.
+    </p>
+  </background>
+  <description>
+    <p>Specially crafted ‘ssh://...’ URLs may allow the owner of the
+      repository to execute arbitrary commands on client’s machine if those
+      commands are already installed on the client’s system. This is
+      especially dangerous when the third-party repository has one or more
+      submodules with specially crafted ‘ssh://...’ URLs. Each time the
+      repository is recursively cloned or submodules are updated the payload
+      will be triggered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to clone a specially crafted
+      repository, could possibly execute arbitrary code with the privileges of
+      the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are several alternative ways to fix this vulnerability. Please
+      refer to Subversion Team Announce for more details.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Subversion 1.9.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/subversion-1.9.7"
+    </code>
+    
+    <p>All Subversion 1.8.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/subversion-1.8.18"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9800">
+      CVE-2017-9800
+    </uri>
+    <uri link="https://subversion.apache.org/security/CVE-2017-9800-advisory.txt">
+      Subversion Team Announce
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-01T12:55:21Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T15:50:43Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-10.xml b/metadata/glsa/glsa-201709-10.xml
new file mode 100644
index 000000000000..0cc40127fedf
--- /dev/null
+++ b/metadata/glsa/glsa-201709-10.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-10">
+  <title>Git: Command injection</title>
+  <synopsis>A command injection vulnerability in Git may allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>627488</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">2.13.5</unaffected>
+      <vulnerable range="lt">2.13.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a small and fast distributed version control system designed to
+      handle small and large projects.
+    </p>
+  </background>
+  <description>
+    <p>Specially crafted ‘ssh://...’ URLs may allow the owner of the
+      repository to execute arbitrary commands on client’s machine if those
+      commands are already installed on the client’s system. This is
+      especially dangerous when the third-party repository has one or more
+      submodules with specially crafted ‘ssh://...’ URLs. Each time the
+      repository is recursively cloned or submodules are updated the payload
+      will be triggered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to clone a specially crafted
+      repository, could possibly execute arbitrary code with the privileges of
+      the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.13.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000117">
+      CVE-2017-1000117
+    </uri>
+    <uri link="https://marc.info/?l=git&amp;m=150238802328673&amp;w=2">Mailing
+      list ARChives (MARC) Git Team Announce
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-08T23:46:38Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T19:03:46Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-11.xml b/metadata/glsa/glsa-201709-11.xml
new file mode 100644
index 000000000000..e5c1522106b4
--- /dev/null
+++ b/metadata/glsa/glsa-201709-11.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-11">
+  <title>GIMPS: Root privilege escalation</title>
+  <synopsis>Gentoo's GIMPS ebuilds are vulnerable to privilege escalation due
+    to improper permissions. A local attacker could use it to gain root
+    privileges.
+  </synopsis>
+  <product type="ebuild">gimps</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>603408</bug>
+  <access>local</access>
+  <affected>
+    <package name="sci-mathematics/gimps" auto="yes" arch="*">
+      <unaffected range="ge">28.10-r1</unaffected>
+      <vulnerable range="lt">28.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GIMPS, the Great Internet Mersenne Prime Search, is a software capable
+      of find Mersenne Primes, which are used in cryptography. GIMPS is also
+      used for hardware testing.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s default GIMPS installation suffered
+      from a privilege escalation vulnerability in the init script. This script
+      calls an unsafe “chown -R” command in checkconfig() function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker who does not belong to the root group, but has the
+      ability to modify the /var/lib/gimps directory can escalate privileges to
+      the root group.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GIMPS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sci-mathematics/gimps-28.10-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14484">CVE-2017-14484</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-10T06:41:04Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T19:05:30Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-12.xml b/metadata/glsa/glsa-201709-12.xml
new file mode 100644
index 000000000000..cde15f17bf6f
--- /dev/null
+++ b/metadata/glsa/glsa-201709-12.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-12">
+  <title>Perl: Race condition vulnerability</title>
+  <synopsis>A vulnerability in module File::Path for Perl allows local
+    attackers to set arbitrary mode values on arbitrary files bypassing
+    security restrictions.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>620304</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.24.1-r2</unaffected>
+      <vulnerable range="lt">5.24.1-r2</vulnerable>
+    </package>
+    <package name="perl-core/File-Path" auto="yes" arch="*">
+      <unaffected range="ge">2.130.0</unaffected>
+      <vulnerable range="lt">2.130.0</vulnerable>
+    </package>
+    <package name="virtual/perl-File-Path" auto="yes" arch="*">
+      <unaffected range="ge">2.130.0</unaffected>
+      <vulnerable range="lt">2.130.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>File::Path module provides a convenient way to create directories of
+      arbitrary depth and to delete an entire directory subtree from the
+      filesystem.
+    </p>
+  </background>
+  <description>
+    <p>A race condition occurs within concurrent environments. This condition
+      was discovered by The cPanel Security Team in the rmtree and remove_tree
+      functions in the File-Path module before 2.13 for Perl. This is due to
+      the  time-of-check-to-time-of-use (TOCTOU) race condition between the
+      stat() that decides the inode is a directory and the chmod() that tries
+      to make it user-rwx.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could exploit this condition to set arbitrary mode
+      values on arbitrary files and hence bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.24.1-r2"
+    </code>
+    
+    <p>All File-Path users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=perl-core/File-Path-2.130.0"
+    </code>
+    
+    <p>All Perl-File-Path users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=virtual/perl-File-Path-2.130.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6512">
+      CVE-2017-6512
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-12T03:14:08Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T19:28:53Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-13.xml b/metadata/glsa/glsa-201709-13.xml
new file mode 100644
index 000000000000..4f2ab544ae9a
--- /dev/null
+++ b/metadata/glsa/glsa-201709-13.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-13">
+  <title>SquirrelMail: Remote Code Execution</title>
+  <synopsis>A vulnerability in SquirrelMail might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">squirrelmail</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>616700</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/squirrelmail" auto="yes" arch="*">
+      <vulnerable range="lt">1.4.23_pre20140426</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SquirrelMail is a webmail package written in PHP. It supports IMAP and
+      SMTP and can optionally be installed with SQL support.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that the sendmail.cf file is mishandled in a popen
+      call.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open an e-mail attachment,
+      could execute arbitrary shell commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for SquirrelMail and recommends that
+      users unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "mail-client/squirrelmail"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7692">CVE-2017-7692</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-08T23:47:24Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T20:28:22Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-14.xml b/metadata/glsa/glsa-201709-14.xml
new file mode 100644
index 000000000000..06590f8d674f
--- /dev/null
+++ b/metadata/glsa/glsa-201709-14.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-14">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which may allow attackers to bypass intended restrictions.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2017-09-17</announced>
+  <revised count="1">2017-09-17</revised>
+  <bug>615870</bug>
+  <bug>615994</bug>
+  <bug>626776</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.55.1</unaffected>
+      <vulnerable range="lt">7.55.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cURL is a tool and libcurl is a library for transferring data with URL
+      syntax.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition, obtain
+      sensitive information, or bypass intended restrictions for TLS sessions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.55.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000099">
+      CVE-2017-1000099
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000100">
+      CVE-2017-1000100
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000101">
+      CVE-2017-1000101
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7407">CVE-2017-7407</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7468">CVE-2017-7468</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-03T21:18:02Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-09-17T21:18:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-15.xml b/metadata/glsa/glsa-201709-15.xml
new file mode 100644
index 000000000000..7382426379b7
--- /dev/null
+++ b/metadata/glsa/glsa-201709-15.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-15">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2017-09-24</announced>
+  <revised count="1">2017-09-24</revised>
+  <bug>626382</bug>
+  <bug>630068</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">61.0.3163.79</unaffected>
+      <vulnerable range="lt">61.0.3163.79</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, bypass security restrictions, or spoof content.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-61.0.3163.79"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5091">
+      CVE-2017-5091
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5092">
+      CVE-2017-5092
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5093">
+      CVE-2017-5093
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5094">
+      CVE-2017-5094
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5095">
+      CVE-2017-5095
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5096">
+      CVE-2017-5096
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5097">
+      CVE-2017-5097
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5098">
+      CVE-2017-5098
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5099">
+      CVE-2017-5099
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5100">
+      CVE-2017-5100
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5101">
+      CVE-2017-5101
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5102">
+      CVE-2017-5102
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5103">
+      CVE-2017-5103
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5104">
+      CVE-2017-5104
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5105">
+      CVE-2017-5105
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5106">
+      CVE-2017-5106
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5107">
+      CVE-2017-5107
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5108">
+      CVE-2017-5108
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5109">
+      CVE-2017-5109
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5110">
+      CVE-2017-5110
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5111">
+      CVE-2017-5111
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5112">
+      CVE-2017-5112
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5113">
+      CVE-2017-5113
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5114">
+      CVE-2017-5114
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5115">
+      CVE-2017-5115
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5116">
+      CVE-2017-5116
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5117">
+      CVE-2017-5117
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5118">
+      CVE-2017-5118
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5119">
+      CVE-2017-5119
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5120">
+      CVE-2017-5120
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7000">
+      CVE-2017-7000
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-17T20:25:44Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-24T15:34:49Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-16.xml b/metadata/glsa/glsa-201709-16.xml
new file mode 100644
index 000000000000..36ffb4f42591
--- /dev/null
+++ b/metadata/glsa/glsa-201709-16.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-16">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2017-09-24</announced>
+  <revised count="1">2017-09-24</revised>
+  <bug>627336</bug>
+  <bug>630964</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">27.0.0.130-r1</unaffected>
+      <vulnerable range="lt">27.0.0.130-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-26.0.0.151"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11281">
+      CVE-2017-11281
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11282">
+      CVE-2017-11282
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3085">
+      CVE-2017-3085
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3106">
+      CVE-2017-3106
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-17T20:12:17Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-24T15:37:00Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-17.xml b/metadata/glsa/glsa-201709-17.xml
new file mode 100644
index 000000000000..447c5041cc9b
--- /dev/null
+++ b/metadata/glsa/glsa-201709-17.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-17">
+  <title>CVS: Command injection</title>
+  <synopsis>A command injection vulnerability in CVS may allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">cvs</product>
+  <announced>2017-09-24</announced>
+  <revised count="1">2017-09-24</revised>
+  <bug>627498</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/cvs" auto="yes" arch="*">
+      <unaffected range="ge">1.12.12-r12</unaffected>
+      <vulnerable range="lt">1.12.12-r12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CVS (Concurrent Versions System) is an open-source network-transparent
+      version control system. It contains both a client utility and a server.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that when CVS is configured to use SSH for remote
+      repositories it allows remote attackers to execute arbitrary code through
+      a repository URL with a specially crafted hostname.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to clone a specially crafted
+      repository, could possibly execute arbitrary code with the privileges of
+      the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CVS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/cvs-1.12.12-r12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12836">
+      CVE-2017-12836
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-17T20:16:04Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-24T15:44:04Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-18.xml b/metadata/glsa/glsa-201709-18.xml
new file mode 100644
index 000000000000..8c11708c0d59
--- /dev/null
+++ b/metadata/glsa/glsa-201709-18.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-18">
+  <title>Mercurial: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mercurial, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mercurial</product>
+  <announced>2017-09-24</announced>
+  <revised count="1">2017-09-24</revised>
+  <bug>621068</bug>
+  <bug>627484</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/mercurial" auto="yes" arch="*">
+      <unaffected range="ge">4.3</unaffected>
+      <vulnerable range="lt">4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mercurial is a distributed source control management system.</p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mercurial. Please
+      review the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mercurial users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/mercurial-4.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000115">
+      CVE-2017-1000115
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000116">
+      CVE-2017-1000116
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9462">
+      CVE-2017-9462
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-17T20:06:48Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-24T15:47:31Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-19.xml b/metadata/glsa/glsa-201709-19.xml
new file mode 100644
index 000000000000..48d8d9c94e27
--- /dev/null
+++ b/metadata/glsa/glsa-201709-19.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-19">
+  <title>Exim: Local privilege escalation</title>
+  <synopsis>A vulnerability in Exim may allow local users to gain root
+    privileges.
+    
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2017-09-24</announced>
+  <revised count="1">2017-09-24</revised>
+  <bug>622212</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.89-r1</unaffected>
+      <vulnerable range="lt">4.89-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) developed at the University of
+      Cambridge for use on Unix systems connected to the Internet.
+    </p>
+  </background>
+  <description>
+    <p>Exim supports the use of multiple “-p” command line arguments
+      causing a memory leak. This could lead to a stack-clash in user-space and
+      as result the attacker can, “clash” or “smash” the stack or
+      another memory region, or “jump” over the stack guard-page.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could obtain root privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.89-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000369">
+      CVE-2017-1000369
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-19T01:45:18Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-24T15:49:28Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-20.xml b/metadata/glsa/glsa-201709-20.xml
new file mode 100644
index 000000000000..daac50fddbe3
--- /dev/null
+++ b/metadata/glsa/glsa-201709-20.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-20">
+  <title>Postfix: Privilege escalation</title>
+  <synopsis>A vulnerability in Postfix may allow local users to gain root
+    privileges.
+    
+  </synopsis>
+  <product type="ebuild">postfix</product>
+  <announced>2017-09-24</announced>
+  <revised count="1">2017-09-24</revised>
+  <bug>621882</bug>
+  <access>local</access>
+  <affected>
+    <package name="mail-mta/postfix" auto="yes" arch="*">
+      <unaffected range="ge">3.1.6</unaffected>
+      <vulnerable range="lt">3.1.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Postfix is a mail server and an alternative to the widely-used Sendmail
+      program.
+    </p>
+  </background>
+  <description>
+    <p>By default, Berkeley DB reads a DB_CONFIG configuration file from the
+      current working directory. This is an undocumented behavior.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker, by using a specially crafted DG_CONFIG file, could
+      possibly escalate privileges to the root group.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Postfix users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/postfix-3.1.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://www.postfix.org/announcements/postfix-3.2.2.html">Postfix
+      Official Announce
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-21T15:43:52Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-24T15:51:13Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-21.xml b/metadata/glsa/glsa-201709-21.xml
new file mode 100644
index 000000000000..175094991203
--- /dev/null
+++ b/metadata/glsa/glsa-201709-21.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-21">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2017-09-24</announced>
+  <revised count="2">2017-09-25</revised>
+  <bug>624054</bug>
+  <bug>626460</bug>
+  <bug>629452</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge" slot="5.6">5.6.31</unaffected>
+      <unaffected range="ge" slot="7.0">7.0.23</unaffected>
+      <vulnerable range="lt" slot="5.6">5.6.31</vulnerable>
+      <vulnerable range="lt" slot="7.0">7.0.23</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is an open source general-purpose scripting language that is
+      especially suited for web development.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.6.31"
+    </code>
+    
+    <p>All PHP 7.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.0.23"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11362">
+      CVE-2017-11362
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11628">
+      CVE-2017-11628
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12932">
+      CVE-2017-12932
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-24T12:43:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-09-25T21:30:08Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-22.xml b/metadata/glsa/glsa-201709-22.xml
new file mode 100644
index 000000000000..6375fe8a8e26
--- /dev/null
+++ b/metadata/glsa/glsa-201709-22.xml
@@ -0,0 +1,187 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-22">
+  <title>Oracle JDK/JRE, IcedTea: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's JRE and JDK
+    software suites, and IcedTea, the worst of which may allow execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">oracle-jdk-bin,oracle-jre-bin,icedtea-bin</product>
+  <announced>2017-09-24</announced>
+  <revised count="2">2017-09-25</revised>
+  <bug>625602</bug>
+  <bug>626088</bug>
+  <bug>627682</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.141</unaffected>
+      <vulnerable range="lt">1.8.0.141</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.141</unaffected>
+      <vulnerable range="lt">1.8.0.141</vulnerable>
+    </package>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="7">7.2.6.11</unaffected>
+      <unaffected range="ge" slot="8">3.5.0</unaffected>
+      <vulnerable range="lt" slot="7">7.2.6.11</vulnerable>
+      <vulnerable range="lt" slot="8">3.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+    
+    <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy
+      configuration, compilation and distribution with the primary goal of
+      allowing inclusion in GNU/Linux distributions.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and
+      IcedTea. Please review the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or gain
+      access to information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JDK binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.141"
+    </code>
+    
+    <p>All Oracle JRE binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.141"
+    </code>
+    
+    <p>All IcedTea binary 7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-7.2.6.11"
+    </code>
+    
+    <p>All IcedTea binary 3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-3.5.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10053">
+      CVE-2017-10053
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10067">
+      CVE-2017-10067
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10074">
+      CVE-2017-10074
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10078">
+      CVE-2017-10078
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10081">
+      CVE-2017-10081
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10086">
+      CVE-2017-10086
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10087">
+      CVE-2017-10087
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10089">
+      CVE-2017-10089
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10090">
+      CVE-2017-10090
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10096">
+      CVE-2017-10096
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10101">
+      CVE-2017-10101
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10102">
+      CVE-2017-10102
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10105">
+      CVE-2017-10105
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10107">
+      CVE-2017-10107
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10108">
+      CVE-2017-10108
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10109">
+      CVE-2017-10109
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10110">
+      CVE-2017-10110
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10111">
+      CVE-2017-10111
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10114">
+      CVE-2017-10114
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10115">
+      CVE-2017-10115
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10116">
+      CVE-2017-10116
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10117">
+      CVE-2017-10117
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10118">
+      CVE-2017-10118
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10121">
+      CVE-2017-10121
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10125">
+      CVE-2017-10125
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10135">
+      CVE-2017-10135
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10176">
+      CVE-2017-10176
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10193">
+      CVE-2017-10193
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10198">
+      CVE-2017-10198
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10243">
+      CVE-2017-10243
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-17T20:31:23Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-25T08:54:45Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-23.xml b/metadata/glsa/glsa-201709-23.xml
new file mode 100644
index 000000000000..8106edb06175
--- /dev/null
+++ b/metadata/glsa/glsa-201709-23.xml
@@ -0,0 +1,323 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-23">
+  <title>Tcpdump: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Tcpdump, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tcpdump</product>
+  <announced>2017-09-25</announced>
+  <revised count="1">2017-09-25</revised>
+  <bug>624652</bug>
+  <bug>626462</bug>
+  <bug>630110</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/tcpdump" auto="yes" arch="*">
+      <unaffected range="ge">4.9.2</unaffected>
+      <vulnerable range="lt">4.9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tcpdump is a tool for network monitoring and data acquisition.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tcpdump. Please review
+      the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tcpdump users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tcpdump-4.9.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11108">
+      CVE-2017-11108
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11541">
+      CVE-2017-11541
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11542">
+      CVE-2017-11542
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11543">
+      CVE-2017-11543
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11544">
+      CVE-2017-11544
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12893">
+      CVE-2017-12893
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12894">
+      CVE-2017-12894
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12895">
+      CVE-2017-12895
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12896">
+      CVE-2017-12896
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12897">
+      CVE-2017-12897
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12898">
+      CVE-2017-12898
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12899">
+      CVE-2017-12899
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12900">
+      CVE-2017-12900
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12901">
+      CVE-2017-12901
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12902">
+      CVE-2017-12902
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12985">
+      CVE-2017-12985
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12986">
+      CVE-2017-12986
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12987">
+      CVE-2017-12987
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12988">
+      CVE-2017-12988
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12989">
+      CVE-2017-12989
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12990">
+      CVE-2017-12990
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12991">
+      CVE-2017-12991
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12992">
+      CVE-2017-12992
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12993">
+      CVE-2017-12993
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12994">
+      CVE-2017-12994
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12995">
+      CVE-2017-12995
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12996">
+      CVE-2017-12996
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12997">
+      CVE-2017-12997
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12998">
+      CVE-2017-12998
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12999">
+      CVE-2017-12999
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13000">
+      CVE-2017-13000
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13001">
+      CVE-2017-13001
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13002">
+      CVE-2017-13002
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13003">
+      CVE-2017-13003
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13004">
+      CVE-2017-13004
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13005">
+      CVE-2017-13005
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13006">
+      CVE-2017-13006
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13007">
+      CVE-2017-13007
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13008">
+      CVE-2017-13008
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13009">
+      CVE-2017-13009
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13010">
+      CVE-2017-13010
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13011">
+      CVE-2017-13011
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13012">
+      CVE-2017-13012
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13013">
+      CVE-2017-13013
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13014">
+      CVE-2017-13014
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13015">
+      CVE-2017-13015
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13016">
+      CVE-2017-13016
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13017">
+      CVE-2017-13017
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13018">
+      CVE-2017-13018
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13019">
+      CVE-2017-13019
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13020">
+      CVE-2017-13020
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13021">
+      CVE-2017-13021
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13022">
+      CVE-2017-13022
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13023">
+      CVE-2017-13023
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13024">
+      CVE-2017-13024
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13025">
+      CVE-2017-13025
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13026">
+      CVE-2017-13026
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13027">
+      CVE-2017-13027
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13028">
+      CVE-2017-13028
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13029">
+      CVE-2017-13029
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13030">
+      CVE-2017-13030
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13031">
+      CVE-2017-13031
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13032">
+      CVE-2017-13032
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13033">
+      CVE-2017-13033
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13034">
+      CVE-2017-13034
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13035">
+      CVE-2017-13035
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13036">
+      CVE-2017-13036
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13037">
+      CVE-2017-13037
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13038">
+      CVE-2017-13038
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13039">
+      CVE-2017-13039
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13040">
+      CVE-2017-13040
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13041">
+      CVE-2017-13041
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13042">
+      CVE-2017-13042
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13043">
+      CVE-2017-13043
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13044">
+      CVE-2017-13044
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13045">
+      CVE-2017-13045
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13046">
+      CVE-2017-13046
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13047">
+      CVE-2017-13047
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13048">
+      CVE-2017-13048
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13049">
+      CVE-2017-13049
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13050">
+      CVE-2017-13050
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13051">
+      CVE-2017-13051
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13052">
+      CVE-2017-13052
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13053">
+      CVE-2017-13053
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13054">
+      CVE-2017-13054
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13055">
+      CVE-2017-13055
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13687">
+      CVE-2017-13687
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13688">
+      CVE-2017-13688
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13689">
+      CVE-2017-13689
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13690">
+      CVE-2017-13690
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13725">
+      CVE-2017-13725
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-25T02:53:28Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-09-25T11:55:12Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-24.xml b/metadata/glsa/glsa-201709-24.xml
new file mode 100644
index 000000000000..d5492103fa41
--- /dev/null
+++ b/metadata/glsa/glsa-201709-24.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-24">
+  <title>RAR, UnRAR: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in RAR and UnRAR, the
+    worst of which may allow attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rar,unrar</product>
+  <announced>2017-09-25</announced>
+  <revised count="1">2017-09-25</revised>
+  <bug>622342</bug>
+  <bug>628182</bug>
+  <bug>628184</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/rar" auto="yes" arch="*">
+      <unaffected range="ge">5.5.0_p20170811</unaffected>
+      <vulnerable range="lt">5.5.0_p20170811</vulnerable>
+    </package>
+    <package name="app-arch/unrar" auto="yes" arch="*">
+      <unaffected range="ge">5.5.7</unaffected>
+      <vulnerable range="lt">5.5.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RAR and UnRAR provide command line interfaces for compressing and
+      decompressing RAR files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in RAR and UnRAR. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted RAR,
+      could possibly execute arbitrary code with the privileges of the process
+      or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RAR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/rar-5.5.0_p20170811"
+    </code>
+    
+    <p>All UnRAR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/unrar-5.5.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6706">CVE-2012-6706</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12940">
+      CVE-2017-12940
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12941">
+      CVE-2017-12941
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12942">
+      CVE-2017-12942
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-03T22:15:08Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-09-25T21:49:49Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-25.xml b/metadata/glsa/glsa-201709-25.xml
new file mode 100644
index 000000000000..49d0bc1b23ef
--- /dev/null
+++ b/metadata/glsa/glsa-201709-25.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-25">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium, google-chrome</product>
+  <announced>2017-09-25</announced>
+  <revised count="1">2017-09-25</revised>
+  <bug>631784</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">61.0.3163.100</unaffected>
+      <vulnerable range="lt">61.0.3163.100</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-61.0.3163.100"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5121">
+      CVE-2017-5121
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5122">
+      CVE-2017-5122
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-25T13:02:09Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-25T22:00:19Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-26.xml b/metadata/glsa/glsa-201709-26.xml
new file mode 100644
index 000000000000..e507655a3722
--- /dev/null
+++ b/metadata/glsa/glsa-201709-26.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-26">
+  <title>libsoup: Arbitrary remote code execution</title>
+  <synopsis>A vulnerability in libsoup might allow remote attackers to execute
+    arbitrary code.
+    
+  </synopsis>
+  <product type="ebuild">libsoup</product>
+  <announced>2017-09-26</announced>
+  <revised count="1">2017-09-26</revised>
+  <bug>627466</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libsoup" auto="yes" arch="*">
+      <unaffected range="ge">2.56.1</unaffected>
+      <vulnerable range="lt">2.56.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libsoup is an HTTP client/server library for GNOME.</p>
+  </background>
+  <description>
+    <p>A stack based buffer overflow vulnerability was discovered in libsoup.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by using specially crafted HTTP requests, could
+      execute arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libsoup users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libsoup-2.56.1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2885">CVE-2017-2885</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-24T21:06:07Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-26T11:30:15Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201709-27.xml b/metadata/glsa/glsa-201709-27.xml
new file mode 100644
index 000000000000..1b69d1aeb06d
--- /dev/null
+++ b/metadata/glsa/glsa-201709-27.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201709-27">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibTIFF, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2017-09-26</announced>
+  <revised count="2">2017-09-26</revised>
+  <bug>610330</bug>
+  <bug>614020</bug>
+  <bug>614022</bug>
+  <bug>617996</bug>
+  <bug>617998</bug>
+  <bug>618610</bug>
+  <bug>624602</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">4.0.8</unaffected>
+      <vulnerable range="lt">4.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The TIFF library contains encoding and decoding routines for the Tag
+      Image File Format. It is called by numerous programs, including GNOME and
+      KDE applications, to interpret TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibTIFF. Please review
+      the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      TIFF file, could possibly execute arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, obtain sensitive
+      information, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibTIFF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.0.8"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10267">
+      CVE-2016-10267
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10268">
+      CVE-2016-10268
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5225">
+      CVE-2017-5225
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5563">
+      CVE-2017-5563
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7592">
+      CVE-2017-7592
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7593">
+      CVE-2017-7593
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7594">
+      CVE-2017-7594
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7595">
+      CVE-2017-7595
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7596">
+      CVE-2017-7596
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7597">
+      CVE-2017-7597
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7598">
+      CVE-2017-7598
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7599">
+      CVE-2017-7599
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7600">
+      CVE-2017-7600
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7601">
+      CVE-2017-7601
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7602">
+      CVE-2017-7602
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9403">CVE-2017-9403</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-26T15:05:13Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-09-26T22:14:50Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-01.xml b/metadata/glsa/glsa-201710-01.xml
new file mode 100644
index 000000000000..09228d027bf3
--- /dev/null
+++ b/metadata/glsa/glsa-201710-01.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-01">
+  <title>RubyGems: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in RubyGems, the worst of which
+    allows execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">rubygems</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>629230</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/rubygems" auto="yes" arch="*">
+      <unaffected range="ge">2.6.13</unaffected>
+      <vulnerable range="lt">2.6.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RubyGems is a sophisticated package manager for Ruby.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in RubyGems. Please review
+      the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to install a specially crafted
+      gem, could possibly execute arbitrary code with the privileges of the
+      process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RubyGems users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rubygems-2.6.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0899">
+      CVE-2017-0899
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0900">
+      CVE-2017-0900
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0901">
+      CVE-2017-0901
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0902">
+      CVE-2017-0902
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-03T14:54:42Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T12:53:26Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-02.xml b/metadata/glsa/glsa-201710-02.xml
new file mode 100644
index 000000000000..a17282b66b3d
--- /dev/null
+++ b/metadata/glsa/glsa-201710-02.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-02">
+  <title>file: Stack-based buffer overflow</title>
+  <synopsis>A stack-based buffer overflow was found in file, possibly resulting
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>629872</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.32</unaffected>
+      <vulnerable range="lt">5.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>file is a utility that guesses a file format by scanning binary data for
+      patterns.
+    </p>
+  </background>
+  <description>
+    <p>An issue discovered in file allows attackers to write 20 bytes to the
+      stack buffer via a specially crafted .notes section.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by using a specially crafted .notes section in an ELF
+      binary, could execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.32"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000249">
+      CVE-2017-1000249
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-29T23:38:45Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:26:24Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-03.xml b/metadata/glsa/glsa-201710-03.xml
new file mode 100644
index 000000000000..fe881e3228dc
--- /dev/null
+++ b/metadata/glsa/glsa-201710-03.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-03">
+  <title>ICU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ICU, the worst of which
+    could allow remote code execution.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>616468</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">58.2-r1</unaffected>
+      <vulnerable range="lt">58.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ICU is a mature, widely used set of C/C++ and Java libraries providing
+      Unicode and Globalization support for software applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ICU. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ICU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-58.2-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7867">
+      CVE-2017-7867
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7868">
+      CVE-2017-7868
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-03T15:56:43Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:30:01Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-04.xml b/metadata/glsa/glsa-201710-04.xml
new file mode 100644
index 000000000000..23bce111d1e3
--- /dev/null
+++ b/metadata/glsa/glsa-201710-04.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-04">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>A vulnerability in sudo allows local users to gain root privileges.</synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>620482</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.20_p2</unaffected>
+      <vulnerable range="lt">1.8.20_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo (su “do”) allows a system administrator to delegate authority
+      to give certain users (or groups of users) the ability to run some (or
+      all) commands as root or another user while providing an audit trail of
+      the commands and their arguments.
+    </p>
+  </background>
+  <description>
+    <p>The fix present in app-admin/sudo-1.8.20_p1 (GLSA 201705-15) was
+      incomplete as it did not address the problem of a command with a newline
+      in the name.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could execute arbitrary code with root privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.20_p2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000368">
+      CVE-2017-1000368
+    </uri>
+    <uri link="https://security.gentoo.org/glsa/201705-15">GLSA 201705-15</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-05T18:00:01Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:34:25Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-05.xml b/metadata/glsa/glsa-201710-05.xml
new file mode 100644
index 000000000000..c2ebeda43015
--- /dev/null
+++ b/metadata/glsa/glsa-201710-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-05">
+  <title>Munin: Arbitrary file write</title>
+  <synopsis>A vulnerability in Munin allows local attackers to overwrite any
+    file accessible to the www-data user.
+  </synopsis>
+  <product type="ebuild">munin</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>610602</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/munin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.33</unaffected>
+      <vulnerable range="lt">2.0.33</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Munin is an open source server monitoring tool.</p>
+  </background>
+  <description>
+    <p>When Munin is compiled with CGI graphics enabled then the files
+      accessible to the www-data user can be overwritten.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker, by setting multiple upper_limit GET parameters, could
+      overwrite files accessible to the www-user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Munin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/munin-2.0.33"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6188">
+      CVE-2017-6188
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-01T22:42:42Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:43:10Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-06.xml b/metadata/glsa/glsa-201710-06.xml
new file mode 100644
index 000000000000..b0fed3e53b35
--- /dev/null
+++ b/metadata/glsa/glsa-201710-06.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-06">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>618462</bug>
+  <bug>627462</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.6">9.6.4</unaffected>
+      <unaffected range="ge" slot="9.5">9.5.8</unaffected>
+      <unaffected range="ge" slot="9.4">9.4.13</unaffected>
+      <unaffected range="ge" slot="9.3">9.3.18</unaffected>
+      <unaffected range="ge" slot="9.2">9.2.22</unaffected>
+      <vulnerable range="lt">9.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could escalate privileges, cause a Denial of Service
+      condition, obtain passwords, cause a loss in information, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.4"
+    </code>
+    
+    <p>All PostgreSQL 9.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.8"
+    </code>
+    
+    <p>All PostgreSQL 9.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.4.13"
+    </code>
+    
+    <p>All PostgreSQL 9.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.3.18"
+    </code>
+    
+    <p>All PostgreSQL 9.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.2.22"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7484">
+      CVE-2017-7484
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7485">
+      CVE-2017-7485
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7486">
+      CVE-2017-7486
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7546">
+      CVE-2017-7546
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7547">
+      CVE-2017-7547
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7548">
+      CVE-2017-7548
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-02T06:12:53Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:55:26Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-07.xml b/metadata/glsa/glsa-201710-07.xml
new file mode 100644
index 000000000000..2ab58e0c712d
--- /dev/null
+++ b/metadata/glsa/glsa-201710-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-07">
+  <title>OCaml: Privilege escalation</title>
+  <synopsis>A vulnerability in OCaml may allow local users to gain root
+    privileges.
+    
+  </synopsis>
+  <product type="ebuild">ocaml</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>622544</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ocaml" auto="yes" arch="*">
+      <unaffected range="ge">4.04.2</unaffected>
+      <vulnerable range="lt">4.04.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OCaml is a high-level, strongly-typed, functional, and object-oriented
+      programming language from the ML family of languages.
+    </p>
+  </background>
+  <description>
+    <p>A bad sanitization of environment variables: CAML_CPLUGINS,
+      CAML_NATIVE_CPLUGINS and CAML_BYTE_CPLUGINS in the OCaml compiler allows
+      the execution of raised privileges via external code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker, by using specially crafted environment variables,
+      could possibly escalate privileges to the root group.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OCaml users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ocaml-4.04.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9772">
+      CVE-2017-9772
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-27T11:54:27Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T14:04:43Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-08.xml b/metadata/glsa/glsa-201710-08.xml
new file mode 100644
index 000000000000..a4f53783b5d7
--- /dev/null
+++ b/metadata/glsa/glsa-201710-08.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-08">
+  <title>Pacemaker: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Pacemaker, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pacemaker</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>546550</bug>
+  <bug>599194</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-cluster/pacemaker" auto="yes" arch="*">
+      <unaffected range="ge">1.1.16 </unaffected>
+      <vulnerable range="lt">1.1.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pacemaker is an Open Source, High Availability resource manager suitable
+      for both small and large clusters.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pacemaker. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code or a local attacker could
+      escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pacemaker users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/pacemaker-1.1.16 "
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1867">
+      CVE-2015-1867
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7035">
+      CVE-2016-7035
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-03T21:27:22Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T14:14:41Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-09.xml b/metadata/glsa/glsa-201710-09.xml
new file mode 100644
index 000000000000..a5efceb961ea
--- /dev/null
+++ b/metadata/glsa/glsa-201710-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-09">
+  <title>PCRE2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PCRE2, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libpcre2</product>
+  <announced>2017-10-08</announced>
+  <revised count="1">2017-10-08</revised>
+  <bug>614050</bug>
+  <bug>617942</bug>
+  <bug>617944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre2" auto="yes" arch="*">
+      <unaffected range="ge">10.30</unaffected>
+      <vulnerable range="lt">10.30</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PCRE2 is a project based on PCRE (Perl Compatible Regular Expressions)
+      which has a new and revised API.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PCRE2. Please review
+      the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or have
+      other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCRE2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre2-10.30"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7186">
+      CVE-2017-7186
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8399">
+      CVE-2017-8399
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8786">
+      CVE-2017-8786
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-19T01:23:39Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T14:42:50Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-10.xml b/metadata/glsa/glsa-201710-10.xml
new file mode 100644
index 000000000000..400b5def8661
--- /dev/null
+++ b/metadata/glsa/glsa-201710-10.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-10">
+  <title>elfutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in elfutils, the worst of
+    which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">elfutils</product>
+  <announced>2017-10-13</announced>
+  <revised count="1">2017-10-13</revised>
+  <bug>614002</bug>
+  <bug>614004</bug>
+  <bug>618004</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/elfutils" auto="yes" arch="*">
+      <unaffected range="ge">0.169-r1</unaffected>
+      <vulnerable range="lt">0.169-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Elfutils provides a library and utilities to access, modify and analyse
+      ELF objects.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in elfutils. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      specially crafted ELF files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All elfutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/elfutils-0.169-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10254">
+      CVE-2016-10254
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10255">
+      CVE-2016-10255
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7607">
+      CVE-2017-7607
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7608">
+      CVE-2017-7608
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7609">
+      CVE-2017-7609
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7610">
+      CVE-2017-7610
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7611">
+      CVE-2017-7611
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7612">
+      CVE-2017-7612
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7613">
+      CVE-2017-7613
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-08T18:46:38Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-13T22:31:20Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-11.xml b/metadata/glsa/glsa-201710-11.xml
new file mode 100644
index 000000000000..0471b9057c53
--- /dev/null
+++ b/metadata/glsa/glsa-201710-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-11">
+  <title>GNU Libtasn1: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GNU Libtasn1, the worst
+    of which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libtasn1</product>
+  <announced>2017-10-13</announced>
+  <revised count="1">2017-10-13</revised>
+  <bug>619686</bug>
+  <bug>627014</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libtasn1" auto="yes" arch="*">
+      <unaffected range="ge">4.12-r1</unaffected>
+      <vulnerable range="lt">4.12-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library that provides Abstract Syntax Notation One (ASN.1, as
+      specified by the X.680 ITU-T recommendation) parsing and structures
+      management, and Distinguished Encoding Rules (DER, as per X.690) encoding
+      and decoding functions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU Libtasn1. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or have
+      other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Libtasn1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libtasn1-4.12-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10790">
+      CVE-2017-10790
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6891">
+      CVE-2017-6891
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-08T19:04:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-13T22:47:29Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-12.xml b/metadata/glsa/glsa-201710-12.xml
new file mode 100644
index 000000000000..64ab81d008af
--- /dev/null
+++ b/metadata/glsa/glsa-201710-12.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-12">
+  <title>Puppet Agent: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Puppet Agent, the worst
+    of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">puppetagent</product>
+  <announced>2017-10-13</announced>
+  <revised count="1">2017-10-13</revised>
+  <bug>597684</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/puppet-agent" auto="yes" arch="*">
+      <unaffected range="ge">1.7.1</unaffected>
+      <vulnerable range="lt">1.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Puppet Agent contains Puppet’s main code and all of the dependencies
+      needed to run it, including Facter, Hiera, and bundled versions of Ruby
+      and OpenSSL.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Puppet Agent. Please
+      review the references for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Puppet Agent users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/puppet-agent-1.7.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5714">
+      CVE-2016-5714
+    </uri>
+    <uri link="https://puppet.com/security/cve/pxp-agent-oct-2016">Puppet
+      Security Advise Oct 2016
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-08T20:07:35Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-13T23:32:46Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-13.xml b/metadata/glsa/glsa-201710-13.xml
new file mode 100644
index 000000000000..dc85dfe9d9b1
--- /dev/null
+++ b/metadata/glsa/glsa-201710-13.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-13">
+  <title>Graphite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Graphite, the worst of
+    which could lead to the remote execution of arbitrary code.
+    
+  </synopsis>
+  <product type="ebuild">graphite2</product>
+  <announced>2017-10-13</announced>
+  <revised count="1">2017-10-13</revised>
+  <bug>621724</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/graphite2" auto="yes" arch="*">
+      <unaffected range="ge">1.3.10</unaffected>
+      <vulnerable range="lt">1.3.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Graphite is a “smart font” system developed specifically to handle
+      the complexities of lesser-known languages of the world.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Graphite. Please review
+      the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or have
+      other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Graphite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphite2-1.3.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7771">
+      CVE-2017-7771
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7772">
+      CVE-2017-7772
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7773">
+      CVE-2017-7773
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7774">
+      CVE-2017-7774
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7775">
+      CVE-2017-7775
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7776">
+      CVE-2017-7776
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7777">
+      CVE-2017-7777
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7778">
+      CVE-2017-7778
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-08T16:43:14Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-13T23:36:36Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-14.xml b/metadata/glsa/glsa-201710-14.xml
new file mode 100644
index 000000000000..6af98a641d66
--- /dev/null
+++ b/metadata/glsa/glsa-201710-14.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-14">
+  <title>WebKitGTK+: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2017-10-13</announced>
+  <revised count="1">2017-10-13</revised>
+  <bug>626142</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge" slot="4">2.16.6</unaffected>
+      <vulnerable range="lt" slot="4">2.16.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, offers
+      Webkit’s full functionality and is used on a wide range of systems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
+      review the references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code, cause a Denial of
+      Service condition, bypass intended memory-read restrictions, conduct a
+      timing side-channel attack to bypass the Same Origin Policy, obtain
+      sensitive information, or spoof the address bar.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.16.6"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7006">CVE-2017-7006</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7011">CVE-2017-7011</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7012">CVE-2017-7012</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7018">CVE-2017-7018</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7019">CVE-2017-7019</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7020">CVE-2017-7020</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7030">CVE-2017-7030</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7034">CVE-2017-7034</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7037">CVE-2017-7037</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7038">CVE-2017-7038</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7039">CVE-2017-7039</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7040">CVE-2017-7040</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7041">CVE-2017-7041</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7042">CVE-2017-7042</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7043">CVE-2017-7043</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-30T20:06:21Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-10-13T23:53:44Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-15.xml b/metadata/glsa/glsa-201710-15.xml
new file mode 100644
index 000000000000..34aff01db167
--- /dev/null
+++ b/metadata/glsa/glsa-201710-15.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-15">
+  <title>GnuTLS: Denial of service</title>
+  <synopsis>A null pointer dereference in GnuTLS might allow attackers to cause
+    a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2017-10-15</announced>
+  <revised count="1">2017-10-15</revised>
+  <bug>622038</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">3.5.13</unaffected>
+      <vulnerable range="lt">3.5.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is a secure communications library implementing the SSL, TLS and
+      DTLS protocols and technologies around them.
+    </p>
+  </background>
+  <description>
+    <p>A null pointer dereference while decoding a status response TLS
+      extension with valid contents was discovered in GnuTLS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-3.5.13"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7507">CVE-2017-7507</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-17T19:52:42Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-15T04:20:45Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-16.xml b/metadata/glsa/glsa-201710-16.xml
new file mode 100644
index 000000000000..ee7f172541f3
--- /dev/null
+++ b/metadata/glsa/glsa-201710-16.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-16">
+  <title>Shadow: Buffer overflow</title>
+  <synopsis>A vulnerability found in Shadow may allow remote attackers to cause
+    a Denial of Service condition or produce other unspecified behaviors.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2017-10-15</announced>
+  <revised count="1">2017-10-15</revised>
+  <bug>627044</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.5</unaffected>
+      <vulnerable range="lt">4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Shadow is a set of tools to deal with user accounts.</p>
+  </background>
+  <description>
+    <p>Malformed input in the newusers tool may produce crashes and other
+      unspecified behaviors.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition or
+      bypass privilege boundaries in some web-hosting environments in which a
+      Control Panel allows an unprivileged user account to create subaccounts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Shadow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12424">
+      CVE-2017-12424
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-13T22:41:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-15T20:17:52Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-17.xml b/metadata/glsa/glsa-201710-17.xml
new file mode 100644
index 000000000000..48716488b7c9
--- /dev/null
+++ b/metadata/glsa/glsa-201710-17.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-17">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    may allow local attackers to escalate privileges.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2017-10-18</announced>
+  <revised count="1">2017-10-18</revised>
+  <bug>624112</bug>
+  <bug>624116</bug>
+  <bug>624118</bug>
+  <bug>624124</bug>
+  <bug>624128</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.7.3</unaffected>
+      <vulnerable range="lt">4.7.3</vulnerable>
+    </package>
+    <package name="app-emulation/xen-pvgrub" auto="yes" arch="*">
+      <unaffected range="ge">4.7.3</unaffected>
+      <vulnerable range="lt">4.7.3</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.7.3</unaffected>
+      <vulnerable range="lt">4.7.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could escalate privileges, cause a Denial of Service
+      condition, obtain sensitive information, or have other unspecified
+      impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.7.3"
+    </code>
+    
+    <p>All Xen pvgrub users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-pvgrub-4.7.3"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-tools-4.7.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10912">
+      CVE-2017-10912
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10913">
+      CVE-2017-10913
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10914">
+      CVE-2017-10914
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10915">
+      CVE-2017-10915
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10918">
+      CVE-2017-10918
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10920">
+      CVE-2017-10920
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10921">
+      CVE-2017-10921
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10922">
+      CVE-2017-10922
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-15T20:12:25Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-18T00:42:15Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-18.xml b/metadata/glsa/glsa-201710-18.xml
new file mode 100644
index 000000000000..e80d043a353e
--- /dev/null
+++ b/metadata/glsa/glsa-201710-18.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-18">
+  <title>Ruby: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Ruby, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2017-10-18</announced>
+  <revised count="1">2017-10-18</revised>
+  <bug>605536</bug>
+  <bug>629484</bug>
+  <bug>631034</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge">2.2.8</unaffected>
+      <vulnerable range="lt">2.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ruby is an interpreted object-oriented programming language. The
+      elaborate standard library includes an HTTP server (“WEBRick”) and a
+      class for XML parsing (“REXML”).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ruby. Please review the
+      referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code, cause a Denial of
+      Service condition, or obtain sensitive information.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ruby users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-2.2.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2337">
+      CVE-2016-2337
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0898">
+      CVE-2017-0898
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10784">
+      CVE-2017-10784
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14033">
+      CVE-2017-14033
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14064">
+      CVE-2017-14064
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-17T23:47:57Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-18T00:53:55Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-19.xml b/metadata/glsa/glsa-201710-19.xml
new file mode 100644
index 000000000000..99204736f714
--- /dev/null
+++ b/metadata/glsa/glsa-201710-19.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-19">
+  <title>libarchive: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libarchive, the worst
+    of which could lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libarchive</product>
+  <announced>2017-10-18</announced>
+  <revised count="1">2017-10-18</revised>
+  <bug>618026</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/libarchive" auto="yes" arch="*">
+      <unaffected range="ge">3.3.0</unaffected>
+      <vulnerable range="lt">3.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libarchive is a library for manipulating different streaming archive
+      formats, including certain tar variants, several cpio formats, and both
+      BSD and GNU ar variants.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libarchive. Please
+      review the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, via a specially crafted file, could possibly cause a
+      Denial of Service condition.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libarchive users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/libarchive-3.3.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10349">
+      CVE-2016-10349
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10350">
+      CVE-2016-10350
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-15T13:35:50Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-18T00:58:52Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-20.xml b/metadata/glsa/glsa-201710-20.xml
new file mode 100644
index 000000000000..0a2621bcd372
--- /dev/null
+++ b/metadata/glsa/glsa-201710-20.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-20">
+  <title>Nagios: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Nagios, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nagios</product>
+  <announced>2017-10-18</announced>
+  <revised count="1">2017-10-18</revised>
+  <bug>602216</bug>
+  <bug>628086</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/nagios-core" auto="yes" arch="*">
+      <unaffected range="ge">4.3.3</unaffected>
+      <vulnerable range="lt">4.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nagios is an open source host, service and network monitoring program.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Nagios. Please review
+      the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly escalate privileges to root, thus
+      allowing the execution of arbitrary code, by leveraging CVE-2016-9565. 
+      Additionally, a local attacker could cause a Denial of Service condition
+      against arbitrary processes due to the improper dropping of privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nagios users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nagios-core-4.3.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9565">
+      CVE-2016-9565
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9566">
+      CVE-2016-9566
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12847">
+      CVE-2017-12847
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-02T06:35:45Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-10-18T01:17:41Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-21.xml b/metadata/glsa/glsa-201710-21.xml
new file mode 100644
index 000000000000..c4a7e668890f
--- /dev/null
+++ b/metadata/glsa/glsa-201710-21.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-21">
+  <title>Kodi: Arbitrary code execution </title>
+  <synopsis>An integer overflow vulnerability in Kodi could result in remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">kodi</product>
+  <announced>2017-10-22</announced>
+  <revised count="1">2017-10-22</revised>
+  <bug>622384</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-tv/kodi" auto="yes" arch="*">
+      <unaffected range="ge">17.3-r1</unaffected>
+      <vulnerable range="lt">17.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Kodi is a free and open source media-center and entertainment hub
+      previously known as XBMC.
+    </p>
+  </background>
+  <description>
+    <p>Kodi is vulnerable due to shipping with an embedded version of UnRAR.
+      Please review the referenced CVE identifier for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specifically crafted
+      RAR file, could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Kodi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-tv/kodi-17.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-6706">CVE-2012-6706</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-18T03:54:48Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-10-22T00:24:12Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-22.xml b/metadata/glsa/glsa-201710-22.xml
new file mode 100644
index 000000000000..bbb65430180f
--- /dev/null
+++ b/metadata/glsa/glsa-201710-22.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-22">
+  <title>Adobe Flash Player: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability in Adobe Flash Player might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobeflash</product>
+  <announced>2017-10-22</announced>
+  <revised count="1">2017-10-22</revised>
+  <bug>634456</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">27.0.0.170</unaffected>
+      <vulnerable range="lt">27.0.0.170</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>A  critical type confusion vulnerability was discovered in Adobe Flash
+      Player.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-27.0.0.170"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11292">
+      CVE-2017-11292
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-16T21:42:03Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-10-22T00:27:40Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-23.xml b/metadata/glsa/glsa-201710-23.xml
new file mode 100644
index 000000000000..380cf2f5fe08
--- /dev/null
+++ b/metadata/glsa/glsa-201710-23.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-23">
+  <title>Go: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Go, the worst of which
+    may result in the execution of arbitrary commands.
+  </synopsis>
+  <product type="ebuild">go</product>
+  <announced>2017-10-23</announced>
+  <revised count="1">2017-10-23</revised>
+  <bug>632408</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/go" auto="yes" arch="*">
+      <unaffected range="ge">1.9.1</unaffected>
+      <vulnerable range="lt">1.9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Go is an open source programming language that makes it easy to build
+      simple, reliable, and efficient software.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Go. Please review the
+      references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary Go commands or conduct a man in
+      the middle attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Go users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/go-1.9.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15041">
+      CVE-2017-15041
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15042">
+      CVE-2017-15042
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-16T22:06:50Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:03:41Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-24.xml b/metadata/glsa/glsa-201710-24.xml
new file mode 100644
index 000000000000..7ad9e7e0f6ab
--- /dev/null
+++ b/metadata/glsa/glsa-201710-24.xml
@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-24">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,chrome</product>
+  <announced>2017-10-23</announced>
+  <revised count="1">2017-10-23</revised>
+  <bug>634664</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">62.0.3202.62</unaffected>
+      <vulnerable range="lt">62.0.3202.62</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">62.0.3202.62</unaffected>
+      <vulnerable range="lt">62.0.3202.62</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      content security controls, or conduct URL spoofing.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-62.0.3202.62"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-62.0.3202.62"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15386">
+      CVE-2017-15386
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15387">
+      CVE-2017-15387
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15388">
+      CVE-2017-15388
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15389">
+      CVE-2017-15389
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15390">
+      CVE-2017-15390
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15391">
+      CVE-2017-15391
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15392">
+      CVE-2017-15392
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15393">
+      CVE-2017-15393
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15394">
+      CVE-2017-15394
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15395">
+      CVE-2017-15395
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5124">
+      CVE-2017-5124
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5125">
+      CVE-2017-5125
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5126">
+      CVE-2017-5126
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5127">
+      CVE-2017-5127
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5128">
+      CVE-2017-5128
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5129">
+      CVE-2017-5129
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5130">
+      CVE-2017-5130
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5131">
+      CVE-2017-5131
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5132">
+      CVE-2017-5132
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5133">
+      CVE-2017-5133
+    </uri>
+    <uri link="https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html">
+      Google Chrome Releases
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-20T19:48:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:10:56Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-25.xml b/metadata/glsa/glsa-201710-25.xml
new file mode 100644
index 000000000000..1b8cde7db347
--- /dev/null
+++ b/metadata/glsa/glsa-201710-25.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-25">
+  <title>PCRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the PCRE Library, the
+    worst of which may allow remote attackers to cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libpcre</product>
+  <announced>2017-10-23</announced>
+  <revised count="1">2017-10-23</revised>
+  <bug>614048</bug>
+  <bug>614052</bug>
+  <bug>614054</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre" auto="yes" arch="*">
+      <unaffected range="ge">8.41</unaffected>
+      <vulnerable range="lt">8.41</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The PCRE Library provides functions for Perl-compatible regular
+      expressions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in The PCRE Library.
+      Please review the references below for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition or
+      other unspecified impacts via a specially crafted file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCRE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-8.41"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7186">
+      CVE-2017-7186
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7244">
+      CVE-2017-7244
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7245">
+      CVE-2017-7245
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7246">
+      CVE-2017-7246
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-18T23:44:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:19:24Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-26.xml b/metadata/glsa/glsa-201710-26.xml
new file mode 100644
index 000000000000..4c308a0d3bae
--- /dev/null
+++ b/metadata/glsa/glsa-201710-26.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-26">
+  <title>OpenJPEG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJPEG, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">openjpeg</product>
+  <announced>2017-10-23</announced>
+  <revised count="1">2017-10-23</revised>
+  <bug>602180</bug>
+  <bug>606618</bug>
+  <bug>628504</bug>
+  <bug>629372</bug>
+  <bug>629668</bug>
+  <bug>630120</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openjpeg" auto="yes" arch="*">
+      <unaffected range="ge" slot="2">2.3.0</unaffected>
+      <vulnerable range="lt" slot="2">2.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJPEG is an open-source JPEG 2000 library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review
+      the references below for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, via a crafted BMP, PDF, or j2k document, could
+      execute arbitrary code, cause a Denial of Service condition, or have
+      other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJPEG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-2.3.0:2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10504">
+      CVE-2016-10504
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10505">
+      CVE-2016-10505
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10506">
+      CVE-2016-10506
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10507">
+      CVE-2016-10507
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626">
+      CVE-2016-1626
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628">
+      CVE-2016-1628
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9112">
+      CVE-2016-9112
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9113">
+      CVE-2016-9113
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9114">
+      CVE-2016-9114
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9115">
+      CVE-2016-9115
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9116">
+      CVE-2016-9116
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9117">
+      CVE-2016-9117
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9118">
+      CVE-2016-9118
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9572">
+      CVE-2016-9572
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9573">
+      CVE-2016-9573
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9580">
+      CVE-2016-9580
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9581">
+      CVE-2016-9581
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12982">
+      CVE-2017-12982
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14039">
+      CVE-2017-14039
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14164">
+      CVE-2017-14164
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-22T00:00:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:39:09Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-27.xml b/metadata/glsa/glsa-201710-27.xml
new file mode 100644
index 000000000000..61745f463547
--- /dev/null
+++ b/metadata/glsa/glsa-201710-27.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-27">
+  <title>Dnsmasq: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dnsmasq, the worst of
+    which may allow remote attackers to execute arbitrary code.
+    
+  </synopsis>
+  <product type="ebuild">dnsmasq</product>
+  <announced>2017-10-23</announced>
+  <revised count="1">2017-10-23</revised>
+  <bug>632692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.78</unaffected>
+      <vulnerable range="lt">2.78</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dnsmasq. Please review
+      the references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code or cause a Denial of
+      Service condition via crafted DNS, IPv6, or DHCPv6 packets.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dnsmasq users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.78"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491">
+      CVE-2017-14491
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492">
+      CVE-2017-14492
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493">
+      CVE-2017-14493
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494">
+      CVE-2017-14494
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495">
+      CVE-2017-14495
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496">
+      CVE-2017-14496
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-22T23:49:34Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:46:04Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-28.xml b/metadata/glsa/glsa-201710-28.xml
new file mode 100644
index 000000000000..5070b67a7daa
--- /dev/null
+++ b/metadata/glsa/glsa-201710-28.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-28">
+  <title>Jython: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Jython may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">Jython</product>
+  <announced>2017-10-29</announced>
+  <revised count="1">2017-10-29</revised>
+  <bug>621876</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/jython" auto="yes" arch="*">
+      <unaffected range="ge">2.7.0-r2</unaffected>
+      <vulnerable range="lt">2.7.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>An implementation of Python written in Java.</p>
+  </background>
+  <description>
+    <p>It was found that Jython is vulnerable to arbitrary code execution by
+      sending a serialized function to the deserializer.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote execution of arbitrary code by enticing a user to execute
+      malicious code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Jython users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/jython-2.7.0-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000">
+      CVE-2016-4000
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-26T13:31:13Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-10-29T17:17:48Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-29.xml b/metadata/glsa/glsa-201710-29.xml
new file mode 100644
index 000000000000..3a9d3fdf1606
--- /dev/null
+++ b/metadata/glsa/glsa-201710-29.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-29">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
+    which allows remote execution of arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2017-10-29</announced>
+  <revised count="1">2017-10-29</revised>
+  <bug>629682</bug>
+  <bug>629692</bug>
+  <bug>633856</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">11.25.3</unaffected>
+      <vulnerable range="lt">11.25.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A Modular Open Source PBX System.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Asterisk. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code, cause a denial of
+      service condition, or cause an unauthorized data disclosure by enticing a
+      user to run malicious code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-13.17.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14098">CVE-2017-14098</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14099">
+      CVE-2017-14099
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14100">
+      CVE-2017-14100
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14603">CVE-2017-14603</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-26T14:19:30Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-10-29T19:14:13Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-30.xml b/metadata/glsa/glsa-201710-30.xml
new file mode 100644
index 000000000000..21951e08d43c
--- /dev/null
+++ b/metadata/glsa/glsa-201710-30.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-30">
+  <title>X.Org Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org Server the worst
+    of which could allow a local attacker to replace shared memory segments.
+  </synopsis>
+  <product type="ebuild">X.Org Server</product>
+  <announced>2017-10-29</announced>
+  <revised count="1">2017-10-29</revised>
+  <bug>493294</bug>
+  <bug>611350</bug>
+  <bug>633910</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.19.4</unaffected>
+      <vulnerable range="lt">1.19.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X.Org project provides an open source implementation of the X Window
+      System.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org Server. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause a global buffer overflow or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.19.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6424">
+      CVE-2013-6424
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13721">
+      CVE-2017-13721
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13723">
+      CVE-2017-13723
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2624">
+      CVE-2017-2624
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-25T07:28:16Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-10-29T19:44:06Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-31.xml b/metadata/glsa/glsa-201710-31.xml
new file mode 100644
index 000000000000..5faa2070fb29
--- /dev/null
+++ b/metadata/glsa/glsa-201710-31.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-31">
+  <title>Oracle JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's JDK and JRE
+    software suites, the worst of which can be remotely exploited without
+    authentication.
+  </synopsis>
+  <product type="ebuild">oracle,jdk,jre</product>
+  <announced>2017-10-29</announced>
+  <revised count="1">2017-10-29</revised>
+  <bug>635030</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.152-r1</unaffected>
+      <vulnerable range="lt">1.8.0.152-r1</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.152-r1</unaffected>
+      <vulnerable range="lt">1.8.0.152-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oracle’s Java  SE.
+      Please review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition, modify
+      arbitrary data, or have numerous other impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.152-r1"
+    </code>
+    
+    <p>All Oracle JRE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.152-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10274">
+      CVE-2017-10274
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10281">
+      CVE-2017-10281
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10285">
+      CVE-2017-10285
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10293">
+      CVE-2017-10293
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10295">
+      CVE-2017-10295
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10309">
+      CVE-2017-10309
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10345">
+      CVE-2017-10345
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10346">
+      CVE-2017-10346
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10347">
+      CVE-2017-10347
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10348">
+      CVE-2017-10348
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10349">
+      CVE-2017-10349
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10350">
+      CVE-2017-10350
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10355">
+      CVE-2017-10355
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10356">
+      CVE-2017-10356
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10357">
+      CVE-2017-10357
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10388">
+      CVE-2017-10388
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-24T17:32:20Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-10-29T22:47:00Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201710-32.xml b/metadata/glsa/glsa-201710-32.xml
new file mode 100644
index 000000000000..1ec37a589889
--- /dev/null
+++ b/metadata/glsa/glsa-201710-32.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-32">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache, the worst of
+    which may result in the loss of secrets.
+  </synopsis>
+  <product type="ebuild">Apache</product>
+  <announced>2017-10-29</announced>
+  <revised count="1">2017-10-29</revised>
+  <bug>622240</bug>
+  <bug>624868</bug>
+  <bug>631308</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.27-r1</unaffected>
+      <vulnerable range="lt">2.4.27-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>The Optionsbleed vulnerability can leak arbitrary memory from the server
+      process that may contain secrets.  Additionally attackers may cause a
+      Denial of Service condition, bypass authentication, or cause information
+      loss.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.27-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167">
+      CVE-2017-3167
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169">
+      CVE-2017-3169
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659">
+      CVE-2017-7659
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668">
+      CVE-2017-7668
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679">
+      CVE-2017-7679
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788">
+      CVE-2017-9788
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789">
+      CVE-2017-9789
+    </uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798">
+      CVE-2017-9798
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-23T01:26:58Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-10-29T23:04:17Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-01.xml b/metadata/glsa/glsa-201711-01.xml
new file mode 100644
index 000000000000..140bcc8d82e0
--- /dev/null
+++ b/metadata/glsa/glsa-201711-01.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-01">
+  <title>libxml2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libxml2, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2017-11-10</announced>
+  <revised count="2">2017-11-10</revised>
+  <bug>599192</bug>
+  <bug>605208</bug>
+  <bug>618604</bug>
+  <bug>622914</bug>
+  <bug>623206</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.4-r3</unaffected>
+      <vulnerable range="lt">2.9.4-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML (eXtended Markup Language) C parser and toolkit
+      initially developed for the Gnome project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxml2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted XML
+      document, could remotely execute arbitrary code, conduct XML External
+      Entity (XXE) attacks, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.4-r3"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318">
+      CVE-2016-9318
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0663">
+      CVE-2017-0663
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5969">
+      CVE-2017-5969
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7375">
+      CVE-2017-7375
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9047">
+      CVE-2017-9047
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9048">
+      CVE-2017-9048
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9049">
+      CVE-2017-9049
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9050">
+      CVE-2017-9050
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-15T04:17:50Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T02:24:16Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-02.xml b/metadata/glsa/glsa-201711-02.xml
new file mode 100644
index 000000000000..635e7c4c284a
--- /dev/null
+++ b/metadata/glsa/glsa-201711-02.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-02">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2017-11-10</announced>
+  <revised count="2">2017-11-10</revised>
+  <bug>635556</bug>
+  <bug>636800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">62.0.3202.89</unaffected>
+      <vulnerable range="lt">62.0.3202.89</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">62.0.3202.89</unaffected>
+      <vulnerable range="lt">62.0.3202.89</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifier and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attack may be able to execute arbitrary code, cause a Denial of
+      Service condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-62.0.3202.89"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-62.0.3202.89"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15396">
+      CVE-2017-15396
+    </uri>
+    <uri link="https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html">
+      Google Chrome Releases
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15398">
+      CVE-2017-15398
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15399">
+      CVE-2017-15399
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-29T17:15:37Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T16:09:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-03.xml b/metadata/glsa/glsa-201711-03.xml
new file mode 100644
index 000000000000..5c3abd9ee7f0
--- /dev/null
+++ b/metadata/glsa/glsa-201711-03.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-03">
+  <title>hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks</title>
+  <synopsis>A flaw was discovered in the 4-way handshake in hostapd and
+    wpa_supplicant that allows attackers to conduct a Man in the Middle attack.
+  </synopsis>
+  <product type="ebuild">hostapd,wpa_supplicant</product>
+  <announced>2017-11-10</announced>
+  <revised count="1">2017-11-10</revised>
+  <bug>634436</bug>
+  <bug>634438</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-wireless/hostapd" auto="yes" arch="*">
+      <unaffected range="ge">2.6-r1</unaffected>
+      <vulnerable range="lt">2.6-r1</vulnerable>
+    </package>
+    <package name="net-wireless/wpa_supplicant" auto="yes" arch="*">
+      <unaffected range="ge">2.6-r3</unaffected>
+      <vulnerable range="lt">2.6-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
+      802.11i / RSN). hostapd is a user space daemon for access point and
+      authentication servers.
+    </p>
+  </background>
+  <description>
+    <p>WiFi Protected Access (WPA and WPA2) and it’s associated technologies
+      are all vulnerable to the KRACK attacks. Please review the referenced CVE
+      identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can carry out the KRACK attacks on a wireless network in
+      order to gain access to network clients. Once achieved, the attacker can
+      potentially harvest confidential information (e.g. HTTP/HTTPS), inject
+      malware, or perform a myriad of other attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All hostapd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/hostapd-2.6-r1"
+    </code>
+    
+    <p>All wpa_supplicant users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-wireless/wpa_supplicant-2.6-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077">
+      CVE-2017-13077
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078">
+      CVE-2017-13078
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079">
+      CVE-2017-13079
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13080">
+      CVE-2017-13080
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13081">
+      CVE-2017-13081
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13082">
+      CVE-2017-13082
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13084">
+      CVE-2017-13084
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13086">
+      CVE-2017-13086
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13087">
+      CVE-2017-13087
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13088">
+      CVE-2017-13088
+    </uri>
+    <uri link="https://www.krackattacks.com/">KRACK Attacks Website</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-26T21:01:58Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T22:39:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-04.xml b/metadata/glsa/glsa-201711-04.xml
new file mode 100644
index 000000000000..c1d40fab8471
--- /dev/null
+++ b/metadata/glsa/glsa-201711-04.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-04">
+  <title>MariaDB, MySQL: Root privilege escalation</title>
+  <synopsis>A vulnerability was discovered in MariaDB and MySQL which may allow
+    local users to gain root privileges.
+  </synopsis>
+  <product type="ebuild">mariadb,mysql</product>
+  <announced>2017-11-10</announced>
+  <revised count="1">2017-11-10</revised>
+  <bug>635704</bug>
+  <bug>635706</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge">10.0.30-r1</unaffected>
+      <vulnerable range="lt">10.0.30-r1</vulnerable>
+    </package>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.36-r1</unaffected>
+      <vulnerable range="lt">5.6.36-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
+      enhanced, drop-in replacement for MySQL.
+    </p>
+  </background>
+  <description>
+    <p>The Gentoo installation scripts before 2017-09-29 have chown calls for
+      user-writable directory trees, which allows local users to gain
+      privileges by leveraging access to the mysql account for creation of a
+      link.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges to root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.0.30-r1"
+    </code>
+    
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.36-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15945">
+      CVE-2017-15945
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-28T18:23:53Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T22:46:58Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-05.xml b/metadata/glsa/glsa-201711-05.xml
new file mode 100644
index 000000000000..d425384a9024
--- /dev/null
+++ b/metadata/glsa/glsa-201711-05.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-05">
+  <title>X.Org Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org Server, the worst
+    of which could allow an attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2017-11-10</announced>
+  <revised count="1">2017-11-10</revised>
+  <bug>635974</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.19.5</unaffected>
+      <vulnerable range="lt">1.19.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X.Org project provides an open source implementation of the X Window
+      System.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org Server. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Attackers could execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is now know workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.19.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12176">
+      CVE-2017-12176
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12177">
+      CVE-2017-12177
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12178">
+      CVE-2017-12178
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12179">
+      CVE-2017-12179
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12180">
+      CVE-2017-12180
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12181">
+      CVE-2017-12181
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12182">
+      CVE-2017-12182
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12183">
+      CVE-2017-12183
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-10T01:36:08Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T23:06:09Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-06.xml b/metadata/glsa/glsa-201711-06.xml
new file mode 100644
index 000000000000..a9fc557362dd
--- /dev/null
+++ b/metadata/glsa/glsa-201711-06.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-06">
+  <title>GNU Wget: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wget, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2017-11-11</announced>
+  <revised count="1">2017-11-11</revised>
+  <bug>635496</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.19.1-r2</unaffected>
+      <vulnerable range="lt">1.19.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wget. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious server,
+      could remotely execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.19.1-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13089">
+      CVE-2017-13089
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13090">
+      CVE-2017-13090
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-10T01:10:29Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T13:50:38Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-07.xml b/metadata/glsa/glsa-201711-07.xml
new file mode 100644
index 000000000000..a4c7257f655f
--- /dev/null
+++ b/metadata/glsa/glsa-201711-07.xml
@@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-07">
+  <title>ImageMagick: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ImageMagick, the worst
+    of which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2017-11-11</announced>
+  <revised count="1">2017-11-11</revised>
+  <bug>626454</bug>
+  <bug>626906</bug>
+  <bug>627036</bug>
+  <bug>628192</bug>
+  <bug>628490</bug>
+  <bug>628646</bug>
+  <bug>628650</bug>
+  <bug>628700</bug>
+  <bug>628702</bug>
+  <bug>629354</bug>
+  <bug>629482</bug>
+  <bug>629576</bug>
+  <bug>629932</bug>
+  <bug>630256</bug>
+  <bug>630458</bug>
+  <bug>630674</bug>
+  <bug>635200</bug>
+  <bug>635664</bug>
+  <bug>635666</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.9.9.20</unaffected>
+      <vulnerable range="lt">6.9.9.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A collection of tools and libraries for many image formats.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ImageMagick. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to process a specially crafted
+      file, could obtain sensitive information, cause a Denial of Service
+      condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.9.9.20"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640">
+      CVE-2017-11640
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724">
+      CVE-2017-11724
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140">
+      CVE-2017-12140
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418">
+      CVE-2017-12418
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427">
+      CVE-2017-12427
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691">
+      CVE-2017-12691
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692">
+      CVE-2017-12692
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693">
+      CVE-2017-12693
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876">
+      CVE-2017-12876
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12877">
+      CVE-2017-12877
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12983">
+      CVE-2017-12983
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13058">
+      CVE-2017-13058
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13059">
+      CVE-2017-13059
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13060">
+      CVE-2017-13060
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13061">
+      CVE-2017-13061
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13062">
+      CVE-2017-13062
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13131">
+      CVE-2017-13131
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13132">
+      CVE-2017-13132
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13133">
+      CVE-2017-13133
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13134">
+      CVE-2017-13134
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13139">
+      CVE-2017-13139
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13140">
+      CVE-2017-13140
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13141">
+      CVE-2017-13141
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13142">
+      CVE-2017-13142
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13143">
+      CVE-2017-13143
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13144">
+      CVE-2017-13144
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13145">
+      CVE-2017-13145
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13146">
+      CVE-2017-13146
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13758">
+      CVE-2017-13758
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13768">
+      CVE-2017-13768
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13769">
+      CVE-2017-13769
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14060">
+      CVE-2017-14060
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14137">
+      CVE-2017-14137
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14138">
+      CVE-2017-14138
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14139">
+      CVE-2017-14139
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14172">
+      CVE-2017-14172
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14173">
+      CVE-2017-14173
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14174">
+      CVE-2017-14174
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14175">
+      CVE-2017-14175
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14224">
+      CVE-2017-14224
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14248">
+      CVE-2017-14248
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14249">
+      CVE-2017-14249
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15281">
+      CVE-2017-15281
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-28T18:03:58Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T14:15:36Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-08.xml b/metadata/glsa/glsa-201711-08.xml
new file mode 100644
index 000000000000..216e12fa4788
--- /dev/null
+++ b/metadata/glsa/glsa-201711-08.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-08">
+  <title>LibXfont, LibXfont2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibXfont and Libxfont2,
+    the worst of which could allow attackers to cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libxfont,libxfont2</product>
+  <announced>2017-11-11</announced>
+  <revised count="1">2017-11-11</revised>
+  <bug>634044</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/libXfont2" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2</unaffected>
+      <vulnerable range="lt">2.0.2</vulnerable>
+    </package>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.5.3</unaffected>
+      <vulnerable range="lt">1.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org Xfont library</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibXfont and LibXfont2.
+      Please review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local attackers could obtain sensitive information or possibly cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibXfont2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont2-2.0.2"
+    </code>
+    
+    <p>All LibXfont users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.5.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13720">
+      CVE-2017-13720
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13722">
+      CVE-2017-13722
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-04T15:44:47Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T15:02:42Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-09.xml b/metadata/glsa/glsa-201711-09.xml
new file mode 100644
index 000000000000..fe0019a46178
--- /dev/null
+++ b/metadata/glsa/glsa-201711-09.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-09">
+  <title>LXC: Remote security bypass</title>
+  <synopsis>A vulnerability in LXC may lead to an unauthorized security bypass.</synopsis>
+  <product type="ebuild">lxc</product>
+  <announced>2017-11-11</announced>
+  <revised count="1">2017-11-11</revised>
+  <bug>636386</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/lxc" auto="yes" arch="*">
+      <unaffected range="ge">2.0.7</unaffected>
+      <vulnerable range="lt">2.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LinuX Containers userspace utilities</p>
+  </background>
+  <description>
+    <p>Previous versions of lxc-attach ran a shell or the specified command
+      without allocating a pseudo terminal making it vulnerable to input faking
+      via a TIOCSTI ioctl call.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers can escape the container and perform unauthorized
+      modifications.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no know workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LXC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/lxc-2.0.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10124">
+      CVE-2016-10124
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-08T15:29:35Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T15:11:34Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-10.xml b/metadata/glsa/glsa-201711-10.xml
new file mode 100644
index 000000000000..717a6c115832
--- /dev/null
+++ b/metadata/glsa/glsa-201711-10.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-10">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2017-11-11</announced>
+  <revised count="1">2017-11-11</revised>
+  <bug>607732</bug>
+  <bug>626828</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.1.20">1.1.20</unaffected>
+      <vulnerable range="lt" slot="1.1.20">1.1.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code or bypass intended access
+      restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/cacti-1.1.20:1.1.20"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4000">
+      CVE-2014-4000
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2313">
+      CVE-2016-2313
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12065">
+      CVE-2017-12065
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-05T17:08:33Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T19:58:06Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-11.xml b/metadata/glsa/glsa-201711-11.xml
new file mode 100644
index 000000000000..29f3f0e9daa6
--- /dev/null
+++ b/metadata/glsa/glsa-201711-11.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-11">
+  <title>VDE: Privilege escalation</title>
+  <synopsis>A vulnerability was discovered in VDE which may allow local users
+    to gain root privileges.
+  </synopsis>
+  <product type="ebuild">vde</product>
+  <announced>2017-11-12</announced>
+  <revised count="1">2017-11-12</revised>
+  <bug>603382</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/vde" auto="yes" arch="*">
+      <unaffected range="ge">2.3.2-r4</unaffected>
+      <vulnerable range="lt">2.3.2-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VDE is an ethernet compliant virtual network that can be spawned over a
+      set of physical computer over the Internet.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s default VDE installation suffered from
+      a privilege escalation vulnerability in the init script. This script
+      calls an unsafe ‘chown’ command which gives members from “qemu”
+      group root privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges to root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VDE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/vde-2.3.2-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16638">
+      CVE-2017-16638
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-07T14:12:38Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-11-12T22:28:58Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-12.xml b/metadata/glsa/glsa-201711-12.xml
new file mode 100644
index 000000000000..e9685c9c009a
--- /dev/null
+++ b/metadata/glsa/glsa-201711-12.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-12">
+  <title>eGroupWare: Remote code execution</title>
+  <synopsis>Multiple vulnerabilities have been found in eGroupWare, the worst
+    of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">egroupware</product>
+  <announced>2017-11-12</announced>
+  <revised count="2">2017-11-13</revised>
+  <bug>501908</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/egroupware" auto="yes" arch="*">
+      <vulnerable range="le">1.8.004.20120613</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>eGroupWare is a suite of web-based group applications including
+      calendar, address book, messenger and email.
+    </p>
+  </background>
+  <description>
+    <p>It was found that eGroupWare contains multiple code injection
+      vulnerabilities in multiple parameters and routes because of improper
+      input sanitization.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code, delete arbitrary files
+      or inject arbitrary PHP objects via multiple routes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for eGroupWare and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-apps/egroupware"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2027">
+      CVE-2014-2027
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-19T01:11:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-11-13T02:24:20Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-13.xml b/metadata/glsa/glsa-201711-13.xml
new file mode 100644
index 000000000000..86843d838290
--- /dev/null
+++ b/metadata/glsa/glsa-201711-13.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-13">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2017-11-19</announced>
+  <revised count="1">2017-11-19</revised>
+  <bug>637630</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">27.0.0.187</unaffected>
+      <vulnerable range="lt">27.0.0.187</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the referenced CVE identifiers and Adobe Security Bulletin
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-27.0.0.187"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://helpx.adobe.com/security/products/flash-player/apsb17-33.html">
+      Adobe Security Bulletin
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11213">
+      CVE-2017-11213
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11215">
+      CVE-2017-11215
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11225">
+      CVE-2017-11225
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3112">
+      CVE-2017-3112
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3114">
+      CVE-2017-3114
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-16T14:42:07Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-11-19T20:15:44Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-14.xml b/metadata/glsa/glsa-201711-14.xml
new file mode 100644
index 000000000000..3cb0ce84d071
--- /dev/null
+++ b/metadata/glsa/glsa-201711-14.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-14">
+  <title>IcedTea: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in IcedTea, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">icedtea</product>
+  <announced>2017-11-19</announced>
+  <revised count="1">2017-11-19</revised>
+  <bug>636522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge">3.6.0</unaffected>
+      <vulnerable range="lt">3.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy
+      configuration, compilation and distribution with the primary goal of
+      allowing inclusion in GNU/Linux distributions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in IcedTea. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or gain
+      access to information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All IcedTea binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-3.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10274">
+      CVE-2017-10274
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10281">
+      CVE-2017-10281
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10285">
+      CVE-2017-10285
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10295">
+      CVE-2017-10295
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10345">
+      CVE-2017-10345
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10346">
+      CVE-2017-10346
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10347">
+      CVE-2017-10347
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10348">
+      CVE-2017-10348
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10349">
+      CVE-2017-10349
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10350">
+      CVE-2017-10350
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10355">
+      CVE-2017-10355
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10356">
+      CVE-2017-10356
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10357">
+      CVE-2017-10357
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10388">
+      CVE-2017-10388
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-08T16:36:06Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-11-19T20:30:45Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-15.xml b/metadata/glsa/glsa-201711-15.xml
new file mode 100644
index 000000000000..21018511621c
--- /dev/null
+++ b/metadata/glsa/glsa-201711-15.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-15">
+  <title>PHPUnit: Remote code execution</title>
+  <synopsis>A vulnerability was discovered in PHPUnit which may allow an
+    unauthenticated remote attacker to execute arbitrary PHP code.
+  </synopsis>
+  <product type="ebuild">PHPUnit</product>
+  <announced>2017-11-19</announced>
+  <revised count="1">2017-11-19</revised>
+  <bug>635356</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/phpunit" auto="yes" arch="*">
+      <unaffected range="ge">5.7.15-r1</unaffected>
+      <vulnerable range="lt">5.7.15-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHPUnit is a programmer-oriented testing framework for PHP. It is an
+      instance of the xUnit architecture for unit testing frameworks.
+    </p>
+  </background>
+  <description>
+    <p>When PHPUnit is installed in a production environment via composer and
+      these modules are in a web accessible directory, the eval-stdin.php file
+      in PHPUnit contains vulnerable statements that trigger the vulnerability.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary PHP code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are several ways to fix or mitigate this vulnerability:</p>
+    
+    <p>Remove PHPUnit from the production environment.</p>
+    
+    <p>Update PHPUnit.</p>
+    
+    <p>Manually apply the patch.</p>
+    
+    <p>Disable direct access to the composer packages by placing .htaccess file
+      to /vendor folder.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All PHPUnit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/phpunit-5.7.15-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9841">
+      CVE-2017-9841
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-14T01:26:48Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-19T20:43:04Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201711-16.xml b/metadata/glsa/glsa-201711-16.xml
new file mode 100644
index 000000000000..2aba69ec60fc
--- /dev/null
+++ b/metadata/glsa/glsa-201711-16.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-16">
+  <title>CouchDB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in CouchDB, the worst of
+    which could lead to the remote execution of arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">couchdb</product>
+  <announced>2017-11-19</announced>
+  <revised count="1">2017-11-19</revised>
+  <bug>637516</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/couchdb" auto="yes" arch="*">
+      <unaffected range="ge">1.7.1</unaffected>
+      <vulnerable range="lt">1.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache CouchDB is a distributed, fault-tolerant and schema-free
+      document-oriented database.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in CouchDB. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary shell commands or escalate
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CouchDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/couchdb-1.7.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12635">
+      CVE-2017-12635
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12636">
+      CVE-2017-12636
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-18T03:44:29Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-19T20:49:32Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201712-01.xml b/metadata/glsa/glsa-201712-01.xml
new file mode 100644
index 000000000000..05c6677138c4
--- /dev/null
+++ b/metadata/glsa/glsa-201712-01.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201712-01">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in WebKitGTK+, the
+    worst of which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">WebkitGTK</product>
+  <announced>2017-12-14</announced>
+  <revised count="1">2017-12-14</revised>
+  <bug>637076</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.18.3</unaffected>
+      <vulnerable range="lt">2.18.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>By enticing a victim to visit maliciously crafted web content, a remote
+      attacker could execute arbitrary code or cause a denial of service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.18.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783">
+      CVE-2017-13783
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784">
+      CVE-2017-13784
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785">
+      CVE-2017-13785
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788">
+      CVE-2017-13788
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791">
+      CVE-2017-13791
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792">
+      CVE-2017-13792
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793">
+      CVE-2017-13793
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794">
+      CVE-2017-13794
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795">
+      CVE-2017-13795
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796">
+      CVE-2017-13796
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798">
+      CVE-2017-13798
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802">
+      CVE-2017-13802
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803">
+      CVE-2017-13803
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-12-03T01:49:25Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-12-14T16:50:30Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201712-02.xml b/metadata/glsa/glsa-201712-02.xml
new file mode 100644
index 000000000000..be070b6284e1
--- /dev/null
+++ b/metadata/glsa/glsa-201712-02.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201712-02">
+  <title>OpenCV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in OpenCV, the worst
+    of which may result in a denial of service condition.
+  </synopsis>
+  <product type="ebuild">OpenCV</product>
+  <announced>2017-12-14</announced>
+  <revised count="1">2017-12-14</revised>
+  <bug>627230</bug>
+  <bug>627958</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/opencv" auto="yes" arch="*">
+      <unaffected range="ge">2.4.13-r3</unaffected>
+      <vulnerable range="lt">2.4.13-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenCV (Open Source Computer Vision Library) is an open source computer
+      vision and machine learning software library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenCV. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can cause a denial of service condition or conduct other
+      memory corruption attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenCV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/opencv-2.4.13-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12597">
+      CVE-2017-12597
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12598">
+      CVE-2017-12598
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12599">
+      CVE-2017-12599
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12600">
+      CVE-2017-12600
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12601">
+      CVE-2017-12601
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12602">
+      CVE-2017-12602
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12603">
+      CVE-2017-12603
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12604">
+      CVE-2017-12604
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12605">
+      CVE-2017-12605
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12606">
+      CVE-2017-12606
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12862">
+      CVE-2017-12862
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12863">
+      CVE-2017-12863
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12864">
+      CVE-2017-12864
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14136">
+      CVE-2017-14136
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-12-03T01:50:47Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-12-14T16:50:47Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201712-03.xml b/metadata/glsa/glsa-201712-03.xml
new file mode 100644
index 000000000000..406f8a6b3287
--- /dev/null
+++ b/metadata/glsa/glsa-201712-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201712-03">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which may lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2017-12-14</announced>
+  <revised count="1">2017-12-14</revised>
+  <bug>629290</bug>
+  <bug>636264</bug>
+  <bug>640172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2n</unaffected>
+      <vulnerable range="lt">1.0.2n</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
+      Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition, recover a
+      private key in unlikely circumstances, circumvent security restrictions
+      to perform unauthorized actions, or gain access to sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2n"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735">
+      CVE-2017-3735
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736">
+      CVE-2017-3736
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737">
+      CVE-2017-3737
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738">
+      CVE-2017-3738
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-22T00:36:52Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-12-14T18:16:28Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201712-04.xml b/metadata/glsa/glsa-201712-04.xml
new file mode 100644
index 000000000000..012a4e427ba5
--- /dev/null
+++ b/metadata/glsa/glsa-201712-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201712-04">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2017-12-14</announced>
+  <revised count="1">2017-12-14</revised>
+  <bug>633430</bug>
+  <bug>635140</bug>
+  <bug>638734</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.57.0</unaffected>
+      <vulnerable range="lt">7.57.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition, disclose
+      sensitive information or other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.57.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000254">
+      CVE-2017-1000254
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000257">
+      CVE-2017-1000257
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8816">
+      CVE-2017-8816
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8817">
+      CVE-2017-8817
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8818">
+      CVE-2017-8818
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-29T04:20:30Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-12-14T18:43:49Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-01.xml b/metadata/glsa/glsa-201801-01.xml
new file mode 100644
index 000000000000..4502159b306c
--- /dev/null
+++ b/metadata/glsa/glsa-201801-01.xml
@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-01">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
+    which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2018-01-07</announced>
+  <revised count="1">2018-01-07</revised>
+  <bug>624700</bug>
+  <bug>627516</bug>
+  <bug>628538</bug>
+  <bug>629344</bug>
+  <bug>629922</bug>
+  <bug>631324</bug>
+  <bug>632100</bug>
+  <bug>632132</bug>
+  <bug>632384</bug>
+  <bug>632668</bug>
+  <bug>633988</bug>
+  <bug>635218</bug>
+  <bug>635692</bug>
+  <bug>635860</bug>
+  <bug>635968</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.29.1-r1</unaffected>
+      <vulnerable range="lt">2.29.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to compile/execute a specially
+      crafted ELF, tekhex, PE, or binary file, could possibly cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.29.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12456">
+      CVE-2017-12456
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12799">
+      CVE-2017-12799
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12967">
+      CVE-2017-12967
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14128">
+      CVE-2017-14128
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14129">
+      CVE-2017-14129
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14130">
+      CVE-2017-14130
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14333">
+      CVE-2017-14333
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15023">
+      CVE-2017-15023
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15938">
+      CVE-2017-15938
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15939">
+      CVE-2017-15939
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15996">
+      CVE-2017-15996
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7209">
+      CVE-2017-7209
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7210">
+      CVE-2017-7210
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7223">
+      CVE-2017-7223
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7224">
+      CVE-2017-7224
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7225">
+      CVE-2017-7225
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7227">
+      CVE-2017-7227
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9743">
+      CVE-2017-9743
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9746">
+      CVE-2017-9746
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9749">
+      CVE-2017-9749
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9750">
+      CVE-2017-9750
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9751">
+      CVE-2017-9751
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9755">
+      CVE-2017-9755
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9756">
+      CVE-2017-9756
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T05:47:37Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-07T23:07:52Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-02.xml b/metadata/glsa/glsa-201801-02.xml
new file mode 100644
index 000000000000..b250da295fbe
--- /dev/null
+++ b/metadata/glsa/glsa-201801-02.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-02">
+  <title>OptiPNG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OptiPNG, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">optipng</product>
+  <announced>2018-01-07</announced>
+  <revised count="1">2018-01-07</revised>
+  <bug>637936</bug>
+  <bug>639690</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/optipng" auto="yes" arch="*">
+      <unaffected range="ge">0.7.6-r2</unaffected>
+      <vulnerable range="lt">0.7.6-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OptiPNG is a PNG optimizer that re-compresses image files to a smaller
+      size, without losing any information.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OptiPNG. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      image file, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OptiPNG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/optipng-0.7.6-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000229">
+      CVE-2017-1000229
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16938">
+      CVE-2017-16938
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-12-03T01:46:44Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-07T23:16:40Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-03.xml b/metadata/glsa/glsa-201801-03.xml
new file mode 100644
index 000000000000..da4b274b74c7
--- /dev/null
+++ b/metadata/glsa/glsa-201801-03.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-03">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2018-01-07</announced>
+  <revised count="1">2018-01-07</revised>
+  <bug>640334</bug>
+  <bug>641376</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">63.0.3239.108</unaffected>
+      <vulnerable range="lt">63.0.3239.108</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">63.0.3239.108</unaffected>
+      <vulnerable range="lt">63.0.3239.108</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      content security controls, or conduct URL spoofing.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-63.0.3239.108"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-63.0.3239.108"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15407">
+      CVE-2017-15407
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15408">
+      CVE-2017-15408
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15409">
+      CVE-2017-15409
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15410">
+      CVE-2017-15410
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15411">
+      CVE-2017-15411
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15412">
+      CVE-2017-15412
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15413">
+      CVE-2017-15413
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15415">
+      CVE-2017-15415
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15416">
+      CVE-2017-15416
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15417">
+      CVE-2017-15417
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15418">
+      CVE-2017-15418
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15419">
+      CVE-2017-15419
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15420">
+      CVE-2017-15420
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15422">
+      CVE-2017-15422
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15423">
+      CVE-2017-15423
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15424">
+      CVE-2017-15424
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15425">
+      CVE-2017-15425
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15426">
+      CVE-2017-15426
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15427">
+      CVE-2017-15427
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15429">
+      CVE-2017-15429
+    </uri>
+    <uri link="https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html">
+      Google Chrome Release 20171206
+    </uri>
+    <uri link="https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html">
+      Google Chrome Release 20171214
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T05:50:33Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-07T23:22:12Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-04.xml b/metadata/glsa/glsa-201801-04.xml
new file mode 100644
index 000000000000..32a4cab196a5
--- /dev/null
+++ b/metadata/glsa/glsa-201801-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-04">
+  <title>LibXcursor: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in LibXcursor might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">LibXcursor</product>
+  <announced>2018-01-07</announced>
+  <revised count="1">2018-01-07</revised>
+  <bug>639062</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-libs/libXcursor" auto="yes" arch="*">
+      <unaffected range="ge">1.1.15</unaffected>
+      <vulnerable range="lt">1.1.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org X11 libXcursor runtime library.</p>
+  </background>
+  <description>
+    <p>It was discovered that libXcursor is prone to several heap overflows
+      when parsing malicious files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      cursor file, could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibXcursor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXcursor-1.1.15"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16612">
+      CVE-2017-16612
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T05:33:40Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-07T23:27:33Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-05.xml b/metadata/glsa/glsa-201801-05.xml
new file mode 100644
index 000000000000..8f95eebaff0f
--- /dev/null
+++ b/metadata/glsa/glsa-201801-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-05">
+  <title>OpenSSH: Permission issue</title>
+  <synopsis>A flaw has been discovered in OpenSSH which could allow a remote
+    attacker to create zero-length files.
+  </synopsis>
+  <product type="ebuild">OpenSSH</product>
+  <announced>2018-01-07</announced>
+  <revised count="1">2018-01-07</revised>
+  <bug>633428</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">7.5_p1-r3</unaffected>
+      <vulnerable range="lt">7.5_p1-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>The process_open function in sftp-server.c in OpenSSH did not properly
+      prevent write operations in readonly mode.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause the creation of zero-length files.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-7.5_p1-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15906">
+      CVE-2017-15906
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T05:55:47Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-07T23:36:33Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-06.xml b/metadata/glsa/glsa-201801-06.xml
new file mode 100644
index 000000000000..e83ad16bf2cb
--- /dev/null
+++ b/metadata/glsa/glsa-201801-06.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-06">
+  <title>Back In Time: Command injection</title>
+  <synopsis>A command injection vulnerability in 'Back in Time' may allow for
+    the execution of arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">backintime</product>
+  <announced>2018-01-07</announced>
+  <revised count="1">2018-01-07</revised>
+  <bug>636974</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-backup/backintime" auto="yes" arch="*">
+      <unaffected range="ge">1.1.24</unaffected>
+      <vulnerable range="lt">1.1.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A simple backup tool for Linux, inspired by “flyback project”.</p>
+  </background>
+  <description>
+    <p>‘Back in Time’ did improper escaping/quoting of file paths used as
+      arguments to the ‘notify-send’ command leading to some parts of file
+      paths being executed as shell commands within an os.system call.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could execute arbitrary shell commands via
+      a specially crafted file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ‘Back In Time’ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-backup/backintime-1.1.24"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16667">
+      CVE-2017-16667
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T05:36:24Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-07T23:41:27Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-07.xml b/metadata/glsa/glsa-201801-07.xml
new file mode 100644
index 000000000000..249096ef09c9
--- /dev/null
+++ b/metadata/glsa/glsa-201801-07.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-07">
+  <title>GNU Emacs: Command injection</title>
+  <synopsis>A vulnerability has been found in Emacs which may allow for
+    arbitrary command execution.
+  </synopsis>
+  <product type="ebuild">Emacs</product>
+  <announced>2018-01-07</announced>
+  <revised count="2">2018-01-08</revised>
+  <bug>630680</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-editors/emacs" auto="yes" arch="*">
+      <unaffected range="ge" slot="23">23.4-r16</unaffected>
+      <unaffected range="ge" slot="24">24.5-r4</unaffected>
+      <unaffected range="ge" slot="25">25.2-r1</unaffected>
+      <vulnerable range="lt" slot="23">23.4-r16</vulnerable>
+      <vulnerable range="lt" slot="24">24.5-r4</vulnerable>
+      <vulnerable range="lt" slot="25">25.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Emacs is a highly extensible and customizable text editor.</p>
+  </background>
+  <description>
+    <p>A command injection flaw within the Emacs “enriched mode” handling
+      has been discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted file,
+      could execute arbitrary commands with the privileges of process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Emacs 23.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/emacs-23.4-r16:23"
+    </code>
+    
+    <p>All GNU Emacs 24.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/emacs-24.5-r4:24"
+    </code>
+    
+    <p>All GNU Emacs 25.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/emacs-25.2-r1:25"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14482">
+      CVE-2017-14482
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T05:59:49Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-08T13:17:01Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-08.xml b/metadata/glsa/glsa-201801-08.xml
new file mode 100644
index 000000000000..f8f19a598c9e
--- /dev/null
+++ b/metadata/glsa/glsa-201801-08.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-08">
+  <title>MiniUPnPc: Arbitrary code execution</title>
+  <synopsis>A vulnerability in MiniUPnPc might allow remote attackers to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">MiniUPnP</product>
+  <announced>2018-01-07</announced>
+  <revised count="1">2018-01-07</revised>
+  <bug>562684</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/miniupnpc" auto="yes" arch="*">
+      <unaffected range="ge">2.0.20170509</unaffected>
+      <vulnerable range="lt">2.0.20170509</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The client library, enabling applications to access the services
+      provided by an UPnP “Internet Gateway Device” present on the network.
+    </p>
+  </background>
+  <description>
+    <p>An exploitable buffer overflow vulnerability exists in the XML parser
+      functionality of the MiniUPnP library.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious server,
+      could cause the execution of arbitrary code with the privileges of the
+      user running a MiniUPnPc linked application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MiniUPnPc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/miniupnpc-2.0.20170509"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6031">
+      CVE-2015-6031
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T06:06:14Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-07T23:51:08Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-09.xml b/metadata/glsa/glsa-201801-09.xml
new file mode 100644
index 000000000000..3e99f3e4e977
--- /dev/null
+++ b/metadata/glsa/glsa-201801-09.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-09">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which may lead to arbitrary code execution. 
+  </synopsis>
+  <product type="ebuild">WebkitGTK+</product>
+  <announced>2018-01-07</announced>
+  <revised count="1">2018-01-07</revised>
+  <bug>641752</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge" slot="4">2.18.4</unaffected>
+      <vulnerable range="lt" slot="4">2.18.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
+      review the referenced CVE Identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing a user to visit maliciously crafted web
+      content, may be able to execute arbitrary code or cause memory
+      corruption.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.18.4:4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856">
+      CVE-2017-13856
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866">
+      CVE-2017-13866
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870">
+      CVE-2017-13870
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156">
+      CVE-2017-7156
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157">
+      CVE-2017-7157
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T05:25:45Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-07T23:57:41Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-10.xml b/metadata/glsa/glsa-201801-10.xml
new file mode 100644
index 000000000000..3c8cf840f083
--- /dev/null
+++ b/metadata/glsa/glsa-201801-10.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-10">
+  <title>LibXfont, LibXfont2: Arbitrary file access</title>
+  <synopsis>A vulnerability has been found in LibXfont and LibXfont2 which may
+    allow for arbitrary file access.
+  </synopsis>
+  <product type="ebuild">LibXfont, LibXfont2</product>
+  <announced>2018-01-08</announced>
+  <revised count="1">2018-01-08</revised>
+  <bug>639064</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.5.4</unaffected>
+      <vulnerable range="lt">1.5.4</vulnerable>
+    </package>
+    <package name="x11-libs/libXfont2" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3</unaffected>
+      <vulnerable range="lt">2.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org Xfont library.</p>
+  </background>
+  <description>
+    <p>It was discovered that libXfont incorrectly followed symlinks when
+      opening font files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local unprivileged user could use this flaw to cause the X server to
+      access arbitrary files, including special device files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibXfont users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.5.4"
+    </code>
+    
+    <p>All LibXfont2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont2-2.0.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16611">
+      CVE-2017-16611
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T05:31:41Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-08T12:26:24Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-11.xml b/metadata/glsa/glsa-201801-11.xml
new file mode 100644
index 000000000000..89c05bbd2841
--- /dev/null
+++ b/metadata/glsa/glsa-201801-11.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-11">
+  <title>PySAML2: Security bypass</title>
+  <synopsis>A vulnerability in PySAML2 might allow remote attackers to bypass
+    authentication.
+  </synopsis>
+  <product type="ebuild">PySAML2</product>
+  <announced>2018-01-11</announced>
+  <revised count="2">2018-01-12</revised>
+  <bug>644016</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pysaml2" auto="yes" arch="*">
+      <unaffected range="ge">4.0.2-r3</unaffected>
+      <unaffected range="ge">4.5.0</unaffected>
+      <vulnerable range="lt">4.0.2-r3</vulnerable>
+      <vulnerable range="lt">4.5.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PySAML2 is a pure python implementation of SAML2</p>
+  </background>
+  <description>
+    <p>It was found that the PySAML2 relies on an assert statement to check the
+      user’s password. A python optimizations might remove this assertion.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could bypass security restrictions and access any
+      application which is using PySAML2 for authentication.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable python optimizations.</p>
+  </workaround>
+  <resolution>
+    <p>All PySAML2 4.0 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pysaml2-4.0.2-r3"
+    </code>
+    
+    <p>All PySAML2 4.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pysaml2-4.5.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000433">
+      CVE-2017-1000433
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-09T14:46:58Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-01-12T01:23:24Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-12.xml b/metadata/glsa/glsa-201801-12.xml
new file mode 100644
index 000000000000..5171c50eb47c
--- /dev/null
+++ b/metadata/glsa/glsa-201801-12.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-12">
+  <title>icoutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in icoutils, the worst of
+    which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">icoutils</product>
+  <announced>2018-01-11</announced>
+  <revised count="1">2018-01-11</revised>
+  <bug>605138</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-gfx/icoutils" auto="yes" arch="*">
+      <unaffected range="ge">0.32.0</unaffected>
+      <vulnerable range="lt">0.32.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A set of command-line programs for extracting and converting images in
+      Microsoft Windows(R) icon and cursor files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in icoutils. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All icoutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/icoutils-0.32.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5208">
+      CVE-2017-5208
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6009">
+      CVE-2017-6009
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6010">
+      CVE-2017-6010
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6011">
+      CVE-2017-6011
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-05T06:04:02Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-11T22:41:52Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-13.xml b/metadata/glsa/glsa-201801-13.xml
new file mode 100644
index 000000000000..ca541b8c772f
--- /dev/null
+++ b/metadata/glsa/glsa-201801-13.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-13">
+  <title>TigerVNC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in TigerVNC, the worst of
+    which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">tigervnc</product>
+  <announced>2018-01-11</announced>
+  <revised count="1">2018-01-11</revised>
+  <bug>614742</bug>
+  <bug>636396</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/tigervnc" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0</unaffected>
+      <vulnerable range="lt">1.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TigerVNC is a high-performance VNC server/client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in TigerVNC. Please review
+      the referenced CVE Identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TigerVNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/tigervnc-1.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10207">
+      CVE-2016-10207
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7392">
+      CVE-2017-7392
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7393">
+      CVE-2017-7393
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7394">
+      CVE-2017-7394
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7395">
+      CVE-2017-7395
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7396">
+      CVE-2017-7396
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-24T22:29:53Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-01-11T22:42:09Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-14.xml b/metadata/glsa/glsa-201801-14.xml
new file mode 100644
index 000000000000..14031c5a890c
--- /dev/null
+++ b/metadata/glsa/glsa-201801-14.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-14">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could allow for privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2018-01-14</announced>
+  <revised count="1">2018-01-14</revised>
+  <bug>627962</bug>
+  <bug>634668</bug>
+  <bug>637540</bug>
+  <bug>637542</bug>
+  <bug>639688</bug>
+  <bug>641566</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.9.1-r1</unaffected>
+      <vulnerable range="lt">4.9.1-r1</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.9.1-r1</unaffected>
+      <vulnerable range="lt">4.9.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could potentially execute arbitrary code with the
+      privileges of the Xen (QEMU) process on the host, gain privileges on the
+      host system, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.9.1-r1"
+    </code>
+    
+    <p>All Xen tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.9.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12134">
+      CVE-2017-12134
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12135">
+      CVE-2017-12135
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12136">
+      CVE-2017-12136
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12137">
+      CVE-2017-12137
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15588">
+      CVE-2017-15588
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15589">
+      CVE-2017-15589
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15590">
+      CVE-2017-15590
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15591">
+      CVE-2017-15591
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15592">
+      CVE-2017-15592
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15593">
+      CVE-2017-15593
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15594">
+      CVE-2017-15594
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15595">
+      CVE-2017-15595
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17044">
+      CVE-2017-17044
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17045">
+      CVE-2017-17045
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17046">
+      CVE-2017-17046
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17563">
+      CVE-2017-17563
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17564">
+      CVE-2017-17564
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17565">
+      CVE-2017-17565
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17566">
+      CVE-2017-17566
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-30T07:36:44Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-01-14T23:31:54Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-15.xml b/metadata/glsa/glsa-201801-15.xml
new file mode 100644
index 000000000000..6e5669c87459
--- /dev/null
+++ b/metadata/glsa/glsa-201801-15.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-15">
+  <title>PolarSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PolarSSL, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">polarssl</product>
+  <announced>2018-01-15</announced>
+  <revised count="1">2018-01-15</revised>
+  <bug>537108</bug>
+  <bug>620504</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/polarssl" auto="yes" arch="*">
+      <vulnerable range="lt">1.3.9-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PolarSSL is a cryptographic library for embedded systems.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PolarSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker might be able to execute arbitrary code, cause Denial
+      of Service condition or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for PolarSSL and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-libs/polarssl"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1182">
+      CVE-2015-1182
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575">
+      CVE-2015-7575
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-19T20:10:49Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-01-15T04:24:40Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-16.xml b/metadata/glsa/glsa-201801-16.xml
new file mode 100644
index 000000000000..69711dccab31
--- /dev/null
+++ b/metadata/glsa/glsa-201801-16.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-16">
+  <title>rsync: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in rsync, the worst of
+    which could allow remote attackers to bypass access restrictions.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2018-01-17</announced>
+  <revised count="3">2018-01-17</revised>
+  <bug>636714</bug>
+  <bug>640570</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">3.1.2-r2</unaffected>
+      <vulnerable range="lt">3.1.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>File transfer program to keep remote files into sync.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in rsync. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could bypass intended access restrictions or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rsync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-3.1.2-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16548">CVE-2017-16548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17433">CVE-2017-17433</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17434">CVE-2017-17434</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-16T12:20:06Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-01-17T03:06:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-17.xml b/metadata/glsa/glsa-201801-17.xml
new file mode 100644
index 000000000000..962f1b086bbd
--- /dev/null
+++ b/metadata/glsa/glsa-201801-17.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-17">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, the worst of
+    which could allow the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2018-01-17</announced>
+  <revised count="1">2018-01-17</revised>
+  <bug>619558</bug>
+  <bug>620198</bug>
+  <bug>622430</bug>
+  <bug>624708</bug>
+  <bug>627390</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.57.0-r1</unaffected>
+      <vulnerable range="lt">0.57.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted PDF,
+      could execute arbitrary code or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.57.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2820">CVE-2017-2820</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7511">
+      CVE-2017-7511
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9083">
+      CVE-2017-9083
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9406">
+      CVE-2017-9406
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9408">
+      CVE-2017-9408
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9865">
+      CVE-2017-9865
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-24T14:30:16Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-01-17T13:41:30Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-18.xml b/metadata/glsa/glsa-201801-18.xml
new file mode 100644
index 000000000000..9dbf130f7b33
--- /dev/null
+++ b/metadata/glsa/glsa-201801-18.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-18">
+  <title>Newsbeuter: User-assisted execution of arbitrary code</title>
+  <synopsis>Insufficient input validation in Newsbeuter may allow remote
+    attackers to execute arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">newsbeuter</product>
+  <announced>2018-01-17</announced>
+  <revised count="1">2018-01-17</revised>
+  <bug>628796</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-news/newsbeuter" auto="yes" arch="*">
+      <unaffected range="ge">2.9-r3</unaffected>
+      <vulnerable range="lt">2.9-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Newsbeuter is a RSS/Atom feed reader for the text console.</p>
+  </background>
+  <description>
+    <p>Newsbeuter does not properly escape shell meta-characters in the title
+      and description of RSS feeds when bookmarking.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a feed with specially
+      crafted URLs, could possibly execute arbitrary shell commands with the
+      privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Newsbeuter users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-news/newsbeuter-2.9-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12904">CVE-2017-12904</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-12T02:38:59Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-01-17T13:45:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-19.xml b/metadata/glsa/glsa-201801-19.xml
new file mode 100644
index 000000000000..42b4b79dfcef
--- /dev/null
+++ b/metadata/glsa/glsa-201801-19.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-19">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ClamAV, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2018-01-26</announced>
+  <revised count="1">2018-01-26</revised>
+  <bug>645794</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.99.3</unaffected>
+      <vulnerable range="lt">0.99.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ClamAV is a GPL virus scanner.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ClamAV. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could cause ClamAV to scan a specially crafted file,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.99.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12374">CVE-2017-12374</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12375">CVE-2017-12375</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12376">CVE-2017-12376</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12377">CVE-2017-12377</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12378">CVE-2017-12378</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12379">CVE-2017-12379</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12380">CVE-2017-12380</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-26T15:58:04Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-01-26T16:14:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-20.xml b/metadata/glsa/glsa-201801-20.xml
new file mode 100644
index 000000000000..f5f2e01a30c4
--- /dev/null
+++ b/metadata/glsa/glsa-201801-20.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-20">
+  <title>Fossil: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been discovered in Fossil allowing for
+    user-assisted remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">fossil</product>
+  <announced>2018-01-27</announced>
+  <revised count="1">2018-01-27</revised>
+  <bug>640208</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/fossil" auto="yes" arch="*">
+      <unaffected range="ge">2.4</unaffected>
+      <vulnerable range="lt">2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Fossil is a simple, high-reliability, distributed software configuration
+      management system.
+    </p>
+  </background>
+  <description>
+    <p>Fossil does not properly validate SSH sync protocol URLs.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted URL,
+      could possibly execute arbitrary commands with the privileges of the user
+      running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Fossil users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/fossil-2.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17459">CVE-2017-17459</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-22T21:39:18Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-01-27T17:00:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-01.xml b/metadata/glsa/glsa-201802-01.xml
new file mode 100644
index 000000000000..81eb28da9afd
--- /dev/null
+++ b/metadata/glsa/glsa-201802-01.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-01">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
+    of which could allow an attacker to take control of VirtualBox.
+  </synopsis>
+  <product type="ebuild">virtualbox,virtualbox-bin</product>
+  <announced>2018-02-11</announced>
+  <revised count="1">2018-02-11</revised>
+  <bug>644894</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">5.1.32</unaffected>
+      <vulnerable range="lt">5.1.32</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
+      <unaffected range="ge">5.1.32.120294</unaffected>
+      <vulnerable range="lt">5.1.32.120294</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-guest-additions" auto="yes" arch="*">
+      <unaffected range="ge">5.1.32</unaffected>
+      <vulnerable range="lt">5.1.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VirtualBox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could take control of VirtualBox resulting in the execution
+      of arbitrary code with the privileges of the process, a Denial of Service
+      condition, or other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VirtualBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-5.1.32"
+    </code>
+    
+    <p>All VirtualBox Binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-5.1.32.120294"
+    </code>
+    
+    <p>All VirtualBox Guest Additions users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-guest-additions-5.1.32"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2676">CVE-2018-2676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2685">CVE-2018-2685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2686">CVE-2018-2686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2687">CVE-2018-2687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2688">CVE-2018-2688</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2689">CVE-2018-2689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2690">CVE-2018-2690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2693">CVE-2018-2693</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2694">CVE-2018-2694</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2698">CVE-2018-2698</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-23T02:04:52Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-02-11T22:35:40Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-02.xml b/metadata/glsa/glsa-201802-02.xml
new file mode 100644
index 000000000000..98d421432384
--- /dev/null
+++ b/metadata/glsa/glsa-201802-02.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-02">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium, google-chrome</product>
+  <announced>2018-02-19</announced>
+  <revised count="1">2018-02-19</revised>
+  <bug>647124</bug>
+  <bug>647636</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">64.0.3282.167</unaffected>
+      <vulnerable range="lt">64.0.3282.167</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">64.0.3282.167</unaffected>
+      <vulnerable range="lt">64.0.3282.167</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      content security controls, or conduct URL spoofing.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-64.0.3282.167"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-64.0.3282.167"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6031">CVE-2018-6031</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6032">CVE-2018-6032</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6033">CVE-2018-6033</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6034">CVE-2018-6034</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6035">CVE-2018-6035</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6036">CVE-2018-6036</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6037">CVE-2018-6037</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6038">CVE-2018-6038</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6039">CVE-2018-6039</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6040">CVE-2018-6040</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6041">CVE-2018-6041</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6042">CVE-2018-6042</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6043">CVE-2018-6043</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6045">CVE-2018-6045</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6046">CVE-2018-6046</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6047">CVE-2018-6047</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6048">CVE-2018-6048</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6049">CVE-2018-6049</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6050">CVE-2018-6050</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6051">CVE-2018-6051</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6052">CVE-2018-6052</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6053">CVE-2018-6053</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6054">CVE-2018-6054</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6056">CVE-2018-6056</uri>
+    <uri link="https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html">
+      Google Chrome Release 20180124
+    </uri>
+    <uri link="https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html">
+      Google Chrome Release 20180213
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-02-14T18:06:05Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-02-19T22:51:59Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-03.xml b/metadata/glsa/glsa-201802-03.xml
new file mode 100644
index 000000000000..210da4527cac
--- /dev/null
+++ b/metadata/glsa/glsa-201802-03.xml
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-03">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2018-02-20</announced>
+  <revised count="1">2018-02-20</revised>
+  <bug>616030</bug>
+  <bug>621722</bug>
+  <bug>632400</bug>
+  <bug>639854</bug>
+  <bug>645510</bug>
+  <bug>648198</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">52.6.0</unaffected>
+      <vulnerable range="lt">52.6.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">52.6.0</unaffected>
+      <vulnerable range="lt">52.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition. Furthermore,
+      a remote attacker may be able to perform Man-in-the-Middle attacks,
+      obtain sensitive information, spoof the address bar, conduct clickjacking
+      attacks, bypass security restrictions and protection mechanisms, or have
+      other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-52.6.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-52.6.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10195">CVE-2016-10195</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10196">CVE-2016-10196</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10197">CVE-2016-10197</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6354">CVE-2016-6354</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5429">CVE-2017-5429</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5432">CVE-2017-5432</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5433">CVE-2017-5433</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5434">CVE-2017-5434</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5435">CVE-2017-5435</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5436">CVE-2017-5436</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5437">CVE-2017-5437</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5438">CVE-2017-5438</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5439">CVE-2017-5439</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5440">CVE-2017-5440</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5441">CVE-2017-5441</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5442">CVE-2017-5442</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5443">CVE-2017-5443</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5444">CVE-2017-5444</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5445">CVE-2017-5445</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5446">CVE-2017-5446</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5447">CVE-2017-5447</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5448">CVE-2017-5448</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5459">CVE-2017-5459</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5460">CVE-2017-5460</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5461">CVE-2017-5461</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5462">CVE-2017-5462</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5464">CVE-2017-5464</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5465">CVE-2017-5465</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5469">CVE-2017-5469</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5470">CVE-2017-5470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5472">CVE-2017-5472</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7749">CVE-2017-7749</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7750">CVE-2017-7750</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7751">CVE-2017-7751</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7752">CVE-2017-7752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7753">CVE-2017-7753</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7754">CVE-2017-7754</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7756">CVE-2017-7756</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7757">CVE-2017-7757</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7758">CVE-2017-7758</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7764">CVE-2017-7764</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7771">CVE-2017-7771</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7772">CVE-2017-7772</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7773">CVE-2017-7773</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7774">CVE-2017-7774</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7775">CVE-2017-7775</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7776">CVE-2017-7776</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7777">CVE-2017-7777</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7778">CVE-2017-7778</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7779">CVE-2017-7779</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7784">CVE-2017-7784</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7785">CVE-2017-7785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7786">CVE-2017-7786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7787">CVE-2017-7787</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7791">CVE-2017-7791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7792">CVE-2017-7792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7793">CVE-2017-7793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7798">CVE-2017-7798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7800">CVE-2017-7800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7801">CVE-2017-7801</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7802">CVE-2017-7802</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7803">CVE-2017-7803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7805">CVE-2017-7805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7807">CVE-2017-7807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7809">CVE-2017-7809</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7810">CVE-2017-7810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7814">CVE-2017-7814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7818">CVE-2017-7818</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7819">CVE-2017-7819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7823">CVE-2017-7823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7824">CVE-2017-7824</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7843">CVE-2017-7843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7844">CVE-2017-7844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5089">CVE-2018-5089</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5091">CVE-2018-5091</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5095">CVE-2018-5095</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5096">CVE-2018-5096</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5097">CVE-2018-5097</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5098">CVE-2018-5098</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5099">CVE-2018-5099</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5102">CVE-2018-5102</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5103">CVE-2018-5103</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5104">CVE-2018-5104</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5117">CVE-2018-5117</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-17T20:53:31Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-02-20T00:45:47Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-04.xml b/metadata/glsa/glsa-201802-04.xml
new file mode 100644
index 000000000000..b4ff1a8057ca
--- /dev/null
+++ b/metadata/glsa/glsa-201802-04.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-04">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in MySQL, the worst of which
+    may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2018-02-20</announced>
+  <revised count="1">2018-02-20</revised>
+  <bug>616486</bug>
+  <bug>625626</bug>
+  <bug>634652</bug>
+  <bug>644986</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.39</unaffected>
+      <vulnerable range="lt">5.6.39</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A fast, multi-threaded, multi-user SQL database server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code without authentication or
+      cause a partial denial of service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.39"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10155">CVE-2017-10155</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10227">CVE-2017-10227</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10268">CVE-2017-10268</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10276">CVE-2017-10276</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10283">CVE-2017-10283</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10286">CVE-2017-10286</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10294">CVE-2017-10294</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10314">CVE-2017-10314</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10378">CVE-2017-10378</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10379">CVE-2017-10379</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10384">CVE-2017-10384</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3308">CVE-2017-3308</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3309">CVE-2017-3309</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3329">CVE-2017-3329</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3450">CVE-2017-3450</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3452">CVE-2017-3452</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3453">CVE-2017-3453</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3456">CVE-2017-3456</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3461">CVE-2017-3461</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3462">CVE-2017-3462</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3463">CVE-2017-3463</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3464">CVE-2017-3464</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3599">CVE-2017-3599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3600">CVE-2017-3600</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3633">CVE-2017-3633</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3634">CVE-2017-3634</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3635">CVE-2017-3635</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3636">CVE-2017-3636</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3637">CVE-2017-3637</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3641">CVE-2017-3641</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3647">CVE-2017-3647</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3648">CVE-2017-3648</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3649">CVE-2017-3649</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3651">CVE-2017-3651</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3652">CVE-2017-3652</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3653">CVE-2017-3653</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3732">CVE-2017-3732</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2562">CVE-2018-2562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2573">CVE-2018-2573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2583">CVE-2018-2583</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2590">CVE-2018-2590</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2591">CVE-2018-2591</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2612">CVE-2018-2612</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2622">CVE-2018-2622</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2640">CVE-2018-2640</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2645">CVE-2018-2645</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2647">CVE-2018-2647</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2665">CVE-2018-2665</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2668">CVE-2018-2668</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2696">CVE-2018-2696</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2703">CVE-2018-2703</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-18T02:30:08Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-02-20T00:45:52Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-05.xml b/metadata/glsa/glsa-201802-05.xml
new file mode 100644
index 000000000000..c4bb063a7a66
--- /dev/null
+++ b/metadata/glsa/glsa-201802-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-05">
+  <title>Ruby: Command injection</title>
+  <synopsis>A vulnerability has been found in Ruby which may allow for
+    arbitrary command execution.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2018-02-20</announced>
+  <revised count="1">2018-02-20</revised>
+  <bug>641090</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.2">2.2.9</unaffected>
+      <vulnerable range="lt" slot="2.2">2.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ruby is an interpreted object-oriented programming language. The
+      elaborate standard library includes an HTTP server (“WEBRick”) and a
+      class for XML parsing (“REXML”).
+    </p>
+  </background>
+  <description>
+    <p>A command injection flaw was discovered in Net::FTP which impacts Ruby.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to download and open a crafted
+      file from a malicious FTP server, could execute arbitrary commands with
+      the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ruby users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-2.2.9:2.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17405">CVE-2017-17405</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-29T21:08:51Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-02-20T00:47:06Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-06.xml b/metadata/glsa/glsa-201802-06.xml
new file mode 100644
index 000000000000..6fac07cb5001
--- /dev/null
+++ b/metadata/glsa/glsa-201802-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-06">
+  <title>LibreOffice: Information disclosure</title>
+  <synopsis>A vulnerability in LibreOffice might allow remote attackers to read
+    arbitrary files.
+  </synopsis>
+  <product type="ebuild">libreoffice</product>
+  <announced>2018-02-20</announced>
+  <revised count="1">2018-02-20</revised>
+  <bug>647186</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/libreoffice" auto="yes" arch="*">
+      <unaffected range="ge">5.4.5.1</unaffected>
+      <vulnerable range="lt">5.4.5.1</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">5.4.5.1</unaffected>
+      <vulnerable range="lt">5.4.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibreOffice is a powerful office suite; its clean interface and powerful
+      tools let you unleash your creativity and grow your productivity.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that missing restrictions in the implementation of the
+      WEBSERVICE function in LibreOffice could result in the disclosure of
+      arbitrary files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      document using LibreOffice, possibly resulting in the disclosure of
+      arbitrary files readable by the victim.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibreOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-5.4.5.1"
+    </code>
+    
+    <p>All LibreOffice binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-5.4.5.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6871">CVE-2018-6871</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-02-20T00:31:59Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-02-20T00:47:14Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-01.xml b/metadata/glsa/glsa-201803-01.xml
new file mode 100644
index 000000000000..d7c885e909e2
--- /dev/null
+++ b/metadata/glsa/glsa-201803-01.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-01">
+  <title>Exim: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Exim, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2018-03-06</announced>
+  <revised count="1">2018-03-06</revised>
+  <bug>638772</bug>
+  <bug>647240</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.90.1</unaffected>
+      <vulnerable range="lt">4.90.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Exim. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by connecting to the SMTP listener daemon, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.90.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16943">CVE-2017-16943</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16944">CVE-2017-16944</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6789">CVE-2018-6789</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-02-07T23:15:48Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-03-06T19:18:50Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-02.xml b/metadata/glsa/glsa-201803-02.xml
new file mode 100644
index 000000000000..7251591aafb3
--- /dev/null
+++ b/metadata/glsa/glsa-201803-02.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-02">
+  <title>util-linux: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability was discovered in util-linux, which could
+    potentially lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">util-linux</product>
+  <announced>2018-03-07</announced>
+  <revised count="1">2018-03-07</revised>
+  <bug>649812</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/util-linux" auto="yes" arch="*">
+      <unaffected range="ge">2.30.2-r1</unaffected>
+      <vulnerable range="lt">2.30.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>util-linux is a suite of Linux programs including mount and umount,
+      programs used to mount and unmount filesystems.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that the umount bash-completion as provided by
+      util-linux does not escap mount point paths.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker controlling a volume label could entice a user with
+      privileges to mount/umount filesystems to use umount command with auto
+      completion, possibly resulting in execution of arbitrary code with root
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable Bash-completion or remove
+      “/usr/share/bash-completion/completions/umount”.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All util-linux users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/util-linux-2.30.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7738">CVE-2018-7738</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-07T14:57:31Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-03-07T19:03:17Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-03.xml b/metadata/glsa/glsa-201803-03.xml
new file mode 100644
index 000000000000..0477e4cab6af
--- /dev/null
+++ b/metadata/glsa/glsa-201803-03.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-03">
+  <title>Go: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in Go might allow remote attackers to execute
+    arbitrary commands during source code build.
+    
+  </synopsis>
+  <product type="ebuild">go</product>
+  <announced>2018-03-07</announced>
+  <revised count="1">2018-03-07</revised>
+  <bug>647250</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/go" auto="yes" arch="*">
+      <unaffected range="ge">1.9.4</unaffected>
+      <vulnerable range="lt">1.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Go is an open source programming language that makes it easy to build
+      simple, reliable, and efficient software.
+    </p>
+    
+  </background>
+  <description>
+    <p>A command injection flaw was discovered in the source code build phase
+      because of the “go get” command, which does not block -fplugin= and
+      -plugin arguments.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to process a repository containing
+      maliciously-crafted build instructions using “go get”, resulting in
+      the execution of arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Go users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/go-1.9.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6574">CVE-2018-6574</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-06T19:46:03Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-07T19:03:39Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-04.xml b/metadata/glsa/glsa-201803-04.xml
new file mode 100644
index 000000000000..fbb8dc4ac337
--- /dev/null
+++ b/metadata/glsa/glsa-201803-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-04">
+  <title>Newsbeuter: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in Newsbeuter may allow remote attackers to execute
+    arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">newsbeuter</product>
+  <announced>2018-03-11</announced>
+  <revised count="1">2018-03-11</revised>
+  <bug>631150</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-news/newsbeuter" auto="yes" arch="*">
+      <vulnerable range="le">2.9-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Newsbeuter is a RSS/Atom feed reader for the text console.</p>
+    
+  </background>
+  <description>
+    <p>Newsbeuter does not properly escape shell meta-characters in an RSS item
+      with a media enclosure in the podcast playback function of Podbeuter.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a feed with a specially
+      crafted media enclosure, could possibly execute arbitrary shell commands
+      with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Newsbeuter and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-news/newsbeuter"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14500">CVE-2017-14500</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-02-05T14:58:55Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-11T16:29:05Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-05.xml b/metadata/glsa/glsa-201803-05.xml
new file mode 100644
index 000000000000..4feb90ed0823
--- /dev/null
+++ b/metadata/glsa/glsa-201803-05.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-05">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium, google-chrome</product>
+  <announced>2018-03-13</announced>
+  <revised count="2">2018-03-13</revised>
+  <bug>649800</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">65.0.3325.146</unaffected>
+      <vulnerable range="lt">65.0.3325.146</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">65.0.3325.146</unaffected>
+      <vulnerable range="lt">65.0.3325.146</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      content security controls, or conduct URL spoofing.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-65.0.3325.146"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-65.0.3325.146"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6057">CVE-2018-6057</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6058">CVE-2018-6058</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6059">CVE-2018-6059</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6060">CVE-2018-6060</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6061">CVE-2018-6061</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6062">CVE-2018-6062</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6063">CVE-2018-6063</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6064">CVE-2018-6064</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6065">CVE-2018-6065</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6066">CVE-2018-6066</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6067">CVE-2018-6067</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6068">CVE-2018-6068</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6069">CVE-2018-6069</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6070">CVE-2018-6070</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6071">CVE-2018-6071</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6072">CVE-2018-6072</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6073">CVE-2018-6073</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6074">CVE-2018-6074</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6075">CVE-2018-6075</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6076">CVE-2018-6076</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6077">CVE-2018-6077</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6078">CVE-2018-6078</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6079">CVE-2018-6079</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6080">CVE-2018-6080</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6081">CVE-2018-6081</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6082">CVE-2018-6082</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6083">CVE-2018-6083</uri>
+    <uri link="https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html">
+      Google Chrome Release 20180306
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-10T18:57:32Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-13T20:58:50Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-06.xml b/metadata/glsa/glsa-201803-06.xml
new file mode 100644
index 000000000000..ece35c252ce9
--- /dev/null
+++ b/metadata/glsa/glsa-201803-06.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-06">
+  <title>Oracle JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle's JDK and JRE
+    software suites, the worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">oracle-jdk-bin,oracle-jre-bin</product>
+  <announced>2018-03-19</announced>
+  <revised count="1">2018-03-19</revised>
+  <bug>645268</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.8">1.8.0.162</unaffected>
+      <vulnerable range="lt" slot="1.8">1.8.0.162</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.8">1.8.0.162</unaffected>
+      <vulnerable range="lt" slot="1.8">1.8.0.162</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oracle’s Java SE.
+      Please review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, gain access to information, or cause a Denial
+      of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.162:1.8"
+    </code>
+    
+    <p>All Oracle JRE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.162:1.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2579">CVE-2018-2579</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2581">CVE-2018-2581</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2582">CVE-2018-2582</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2588">CVE-2018-2588</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2599">CVE-2018-2599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2602">CVE-2018-2602</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2603">CVE-2018-2603</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2618">CVE-2018-2618</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2627">CVE-2018-2627</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2629">CVE-2018-2629</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2633">CVE-2018-2633</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2634">CVE-2018-2634</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2637">CVE-2018-2637</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2638">CVE-2018-2638</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2639">CVE-2018-2639</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2641">CVE-2018-2641</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2663">CVE-2018-2663</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-15T22:00:47Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-19T00:51:13Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-07.xml b/metadata/glsa/glsa-201803-07.xml
new file mode 100644
index 000000000000..1a657b679528
--- /dev/null
+++ b/metadata/glsa/glsa-201803-07.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-07">
+  <title>JabberD 2.x: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Gentoo's JabberD 2.x
+    ebuild, the worst of which allows local attackers to escalate privileges.
+  </synopsis>
+  <product type="ebuild">jabberd2</product>
+  <announced>2018-03-19</announced>
+  <revised count="1">2018-03-19</revised>
+  <bug>623806</bug>
+  <bug>629412</bug>
+  <bug>631068</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-im/jabberd2" auto="yes" arch="*">
+      <vulnerable range="le">2.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>JabberD 2.x is an open source Jabber server written in C.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Gentoo’s JabberD 2.x
+      ebuild. Please review the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly escalate privileges by owning system binaries
+      in trusted locations, cause a Denial of Service condition by manipulating
+      the PID file from jabberd2 services, bypass security via SASL ANONYMOUS
+      connections or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for JabberD 2.x and recommends that
+      users unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-im/jabberd2"
+    </code>
+    
+    <p>As an alternative, users may want to upgrade their systems to use
+      net-im/prosody instead of net-im/jabberd2.
+    </p>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10807">CVE-2017-10807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18225">CVE-2017-18225</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18226">CVE-2017-18226</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-03T17:23:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-03-19T00:59:10Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-08.xml b/metadata/glsa/glsa-201803-08.xml
new file mode 100644
index 000000000000..194e41f8e18c
--- /dev/null
+++ b/metadata/glsa/glsa-201803-08.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-08">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">flash</product>
+  <announced>2018-03-19</announced>
+  <revised count="1">2018-03-19</revised>
+  <bug>646724</bug>
+  <bug>650424</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">29.0.0.113</unaffected>
+      <vulnerable range="lt">29.0.0.113</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-29.0.0.113"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4871">CVE-2018-4871</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4877">CVE-2018-4877</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4878">CVE-2018-4878</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4919">CVE-2018-4919</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4920">CVE-2018-4920</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-13T18:13:28Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-03-19T01:08:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-09.xml b/metadata/glsa/glsa-201803-09.xml
new file mode 100644
index 000000000000..a2b75c881a85
--- /dev/null
+++ b/metadata/glsa/glsa-201803-09.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-09">
+  <title>KDE Plasma Workspaces: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in KDE Plasma Workspaces,
+    the worst of which allows local attackers to execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">plasma-workspace</product>
+  <announced>2018-03-19</announced>
+  <revised count="1">2018-03-19</revised>
+  <bug>647106</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="kde-plasma/plasma-workspace" auto="yes" arch="*">
+      <unaffected range="ge">5.11.5-r1</unaffected>
+      <vulnerable range="lt">5.11.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KDE Plasma workspace is a widget based desktop environment designed to
+      be fast and efficient.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.
+      Please review the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary commands via specially crafted thumb
+      drive’s volume labels or obtain sensitive information via specially
+      crafted notifications.
+    </p>
+  </impact>
+  <workaround>
+    <p>Users should mount removable devices with Dolphin instead of the device
+      notifier.
+    </p>
+    
+    <p>Users should disable notifications.</p>
+  </workaround>
+  <resolution>
+    <p>All KDE Plasma Workspace users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=kde-plasma/plasma-workspace-5.11.5-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6790">CVE-2018-6790</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6791">CVE-2018-6791</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-02-18T16:21:26Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-19T01:13:47Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-10.xml b/metadata/glsa/glsa-201803-10.xml
new file mode 100644
index 000000000000..b79033cc21c1
--- /dev/null
+++ b/metadata/glsa/glsa-201803-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-10">
+  <title>collectd: Multiple vulnerabilities</title>
+  <synopsis>Gentoo's collectd package contains multiple vulnerabilities, the
+    worst of which may allow local attackers to escalate privileges.
+  </synopsis>
+  <product type="ebuild">collectd</product>
+  <announced>2018-03-22</announced>
+  <revised count="1">2018-03-22</revised>
+  <bug>628540</bug>
+  <bug>637538</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-admin/collectd" auto="yes" arch="*">
+      <unaffected range="ge">5.7.2-r1</unaffected>
+      <vulnerable range="lt">5.7.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>collectd is a daemon which collects system and application performance
+      metrics periodically and provides mechanisms to store the values in a
+      variety of ways, for example in RRD files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been found in Gentoo’s collectd package.
+      Please review the referenced CVE identifiers and bug entries for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker, who either is already collectd’s system user or
+      belongs to collectd’s group, could potentially gain root privileges and
+      cause a Denial of Service condition.
+    </p>
+    
+    <p>Remote attackers could cause a Denial of Service condition via specially
+      crafted SNMP responses.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All collectd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/collectd-5.7.2-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16820">
+      CVE-2017-16820
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18240">
+      CVE-2017-18240
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-03T16:45:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-03-22T00:14:20Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-11.xml b/metadata/glsa/glsa-201803-11.xml
new file mode 100644
index 000000000000..4f435c89f1c3
--- /dev/null
+++ b/metadata/glsa/glsa-201803-11.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-11">
+  <title>WebKitGTK+: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">WebKitGTK+</product>
+  <announced>2018-03-22</announced>
+  <revised count="1">2018-03-22</revised>
+  <bug>645686</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.18.6</unaffected>
+      <vulnerable range="lt">2.18.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary commands via maliciously crafted web
+      content.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.18.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13884">CVE-2017-13884</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13885">CVE-2017-13885</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7153">CVE-2017-7153</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7160">CVE-2017-7160</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7161">CVE-2017-7161</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7165">CVE-2017-7165</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4088">CVE-2018-4088</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4089">CVE-2018-4089</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4096">CVE-2018-4096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-19T02:23:57Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-03-22T00:24:32Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-12.xml b/metadata/glsa/glsa-201803-12.xml
new file mode 100644
index 000000000000..f4c5194fed96
--- /dev/null
+++ b/metadata/glsa/glsa-201803-12.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-12">
+  <title>BusyBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BusyBox, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">busybox</product>
+  <announced>2018-03-26</announced>
+  <revised count="1">2018-03-26</revised>
+  <bug>563756</bug>
+  <bug>635392</bug>
+  <bug>638258</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/busybox" auto="yes" arch="*">
+      <unaffected range="ge">1.28.0</unaffected>
+      <vulnerable range="lt">1.28.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BusyBox is a set of tools for embedded systems and is a replacement for
+      GNU Coreutils.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BusyBox. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or have
+      other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BusyBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/busybox-1.28.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15873">CVE-2017-15873</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15874">CVE-2017-15874</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16544">CVE-2017-16544</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-13T17:58:35Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-26T16:24:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-13.xml b/metadata/glsa/glsa-201803-13.xml
new file mode 100644
index 000000000000..746efc7ec51a
--- /dev/null
+++ b/metadata/glsa/glsa-201803-13.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-13">
+  <title>PLIB: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in PLIB may allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">plib</product>
+  <announced>2018-03-26</announced>
+  <revised count="1">2018-03-26</revised>
+  <bug>440762</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/plib" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5-r1</unaffected>
+      <vulnerable range="lt">1.8.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PLIB includes sound effects, music, a complete 3D engine, font
+      rendering, a simple Windowing library, a game scripting language, a GUI,
+      networking, 3D math library and a collection of handy utility functions.
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow within the error function of
+      ssg/ssgParser.cxx was discovered in PLIB.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted 3d
+      model file, could possibly execute arbitrary code with the privileges of
+      the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PLIB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/plib-1.8.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-4552">CVE-2012-4552</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-25T20:13:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-03-26T16:27:43Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-14.xml b/metadata/glsa/glsa-201803-14.xml
new file mode 100644
index 000000000000..71ba666fb6ac
--- /dev/null
+++ b/metadata/glsa/glsa-201803-14.xml
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-14">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">thunderbird,thunderbird-bin</product>
+  <announced>2018-03-28</announced>
+  <revised count="1">2018-03-28</revised>
+  <bug>627376</bug>
+  <bug>639048</bug>
+  <bug>643842</bug>
+  <bug>645812</bug>
+  <bug>645820</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">52.6.0</unaffected>
+      <vulnerable range="lt">52.6.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">52.6.0</unaffected>
+      <vulnerable range="lt">52.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the referenced Mozilla Foundation Security Advisories and
+      CVE identifiers below for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code, cause a Denial
+      of Service condition, obtain sensitive information, conduct URL
+      hijacking, or conduct cross-site scripting (XSS).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-52.6.0"
+    </code>
+    
+    <p>All Thunderbird binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-52.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7753">
+      CVE-2017-7753
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7779">
+      CVE-2017-7779
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7784">
+      CVE-2017-7784
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7785">
+      CVE-2017-7785
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7786">
+      CVE-2017-7786
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7787">
+      CVE-2017-7787
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7791">
+      CVE-2017-7791
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7792">
+      CVE-2017-7792
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7793">
+      CVE-2017-7793
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7800">
+      CVE-2017-7800
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7801">
+      CVE-2017-7801
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7802">
+      CVE-2017-7802
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7803">
+      CVE-2017-7803
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7805">
+      CVE-2017-7805
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7807">
+      CVE-2017-7807
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7809">
+      CVE-2017-7809
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7810">
+      CVE-2017-7810
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7814">
+      CVE-2017-7814
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7818">
+      CVE-2017-7818
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7819">
+      CVE-2017-7819
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7823">
+      CVE-2017-7823
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7824">
+      CVE-2017-7824
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7825">
+      CVE-2017-7825
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7826">CVE-2017-7826</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7828">CVE-2017-7828</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7829">CVE-2017-7829</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7830">CVE-2017-7830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7846">CVE-2017-7846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7847">CVE-2017-7847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7848">CVE-2017-7848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5089">CVE-2018-5089</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5095">CVE-2018-5095</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5096">CVE-2018-5096</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5097">CVE-2018-5097</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5098">CVE-2018-5098</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5099">CVE-2018-5099</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5102">CVE-2018-5102</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5103">CVE-2018-5103</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5104">CVE-2018-5104</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5117">CVE-2018-5117</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/">
+      Mozilla Foundation Security Advisory 2017-20
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/">
+      Mozilla Foundation Security Advisory 2017-23
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/">
+      Mozilla Foundation Security Advisory 2017-26
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/">
+      Mozilla Foundation Security Advisory 2017-30
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/">
+      Mozilla Foundation Security Advisory 2018-04
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-05T15:42:10Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-28T18:24:10Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-01.xml b/metadata/glsa/glsa-201804-01.xml
new file mode 100644
index 000000000000..96654f77e326
--- /dev/null
+++ b/metadata/glsa/glsa-201804-01.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-01">
+  <title>libxslt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were discovered in libxslt, the worst of
+    which may allow a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libxslt</product>
+  <announced>2018-04-04</announced>
+  <revised count="1">2018-04-04</revised>
+  <bug>598204</bug>
+  <bug>612194</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libxslt" auto="yes" arch="*">
+      <unaffected range="ge">1.1.30</unaffected>
+      <vulnerable range="lt">1.1.30</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxslt is the XSLT C library developed for the GNOME project. XSLT is
+      an XML language to define transformations for XML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxslt. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, via a crafted HTML page, could possibly execute
+      arbitrary code, cause a Denial of Service condition or leak information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxslt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxslt-1.1.30"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-4738">CVE-2016-4738</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5029">CVE-2017-5029</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T05:20:01Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-04-04T01:51:21Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-02.xml b/metadata/glsa/glsa-201804-02.xml
new file mode 100644
index 000000000000..efd4696cb713
--- /dev/null
+++ b/metadata/glsa/glsa-201804-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-02">
+  <title>glibc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in glibc, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2018-04-04</announced>
+  <revised count="1">2018-04-04</revised>
+  <bug>632556</bug>
+  <bug>634920</bug>
+  <bug>635118</bug>
+  <bug>641644</bug>
+  <bug>644278</bug>
+  <bug>646490</bug>
+  <bug>646492</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.25-r11</unaffected>
+      <vulnerable range="lt">2.25-r11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>glibc is a package that contains the GNU C library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in glibc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code, escalate privileges,
+      cause a Denial of Service condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All glibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.25-r11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14062">CVE-2017-14062</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15670">CVE-2017-15670</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15671">CVE-2017-15671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15804">CVE-2017-15804</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16997">CVE-2017-16997</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000001">
+      CVE-2018-1000001
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6485">CVE-2018-6485</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6551">CVE-2018-6551</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-12T23:08:50Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-04T01:53:52Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-03.xml b/metadata/glsa/glsa-201804-03.xml
new file mode 100644
index 000000000000..c59928cc59f0
--- /dev/null
+++ b/metadata/glsa/glsa-201804-03.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-03">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, the worst of
+    which could allow a Denial of Service.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>644388</bug>
+  <bug>645868</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.61.1</unaffected>
+      <vulnerable range="lt">0.61.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted PDF,
+      could cause a Denial of Service condition or have other unspecified
+      impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.61.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000456">
+      CVE-2017-1000456
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14975">CVE-2017-14975</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14976">CVE-2017-14976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14977">CVE-2017-14977</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T12:41:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T14:25:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-04.xml b/metadata/glsa/glsa-201804-04.xml
new file mode 100644
index 000000000000..d12760a99d68
--- /dev/null
+++ b/metadata/glsa/glsa-201804-04.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-04">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>645698</bug>
+  <bug>650056</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.59.0</unaffected>
+      <vulnerable range="lt">7.59.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition, obtain
+      sensitive information, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.59.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000005">
+      CVE-2018-1000005
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000007">
+      CVE-2018-1000007
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000120">
+      CVE-2018-1000120
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000121">
+      CVE-2018-1000121
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000122">
+      CVE-2018-1000122
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T14:02:46Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T14:28:57Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-05.xml b/metadata/glsa/glsa-201804-05.xml
new file mode 100644
index 000000000000..fac50a830abb
--- /dev/null
+++ b/metadata/glsa/glsa-201804-05.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-05">
+  <title>ISC DHCP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ISC DHCP, the worst of
+    which could allow for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">dhcp</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>644708</bug>
+  <bug>649010</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcp" auto="yes" arch="*">
+      <unaffected range="ge">4.3.6_p1</unaffected>
+      <vulnerable range="lt">4.3.6_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ISC DHCP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code, cause a Denial of Service
+      condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time for CVE-2018-5732 or
+      CVE-2018-5733.
+    </p>
+    
+    <p>In accordance with upstream documentation, the recommended workaround
+      for CVE-2017-3144 is, “to disallow access to the OMAPI control port
+      from unauthorized clients (in accordance with best practices for server
+      operation).”
+    </p>
+  </workaround>
+  <resolution>
+    <p>All DHCP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcp-4.3.6_p1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3144">CVE-2017-3144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5732">CVE-2018-5732</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5733">CVE-2018-5733</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-13T18:06:24Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T16:46:04Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-06.xml b/metadata/glsa/glsa-201804-06.xml
new file mode 100644
index 000000000000..a038c242317f
--- /dev/null
+++ b/metadata/glsa/glsa-201804-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-06">
+  <title>mailx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were discovered in mailx, the worst of
+    which may allow a remote attacker to execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">mailx</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>533208</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mailx" auto="yes" arch="*">
+      <unaffected range="ge">8.1.2.20160123</unaffected>
+      <vulnerable range="lt">8.1.2.20160123</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A utility program for sending and receiving mail, also known as a Mail
+      User Agent program.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mailx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary commands.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mailx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/mailx-8.1.2.20160123"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2004-2771">CVE-2004-2771</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-7844">CVE-2014-7844</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T17:41:56Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T23:25:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-07.xml b/metadata/glsa/glsa-201804-07.xml
new file mode 100644
index 000000000000..e47a94f67e7d
--- /dev/null
+++ b/metadata/glsa/glsa-201804-07.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-07">
+  <title>libvirt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst
+    of which may result in the execution of arbitrary commands.
+  </synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>647338</bug>
+  <bug>650018</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">4.1.0</unaffected>
+      <vulnerable range="lt">4.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libvirt. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local privileged attacker could execute arbitrary commands or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-4.1.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5748">CVE-2018-5748</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6764">CVE-2018-6764</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T17:45:31Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T23:28:32Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-08.xml b/metadata/glsa/glsa-201804-08.xml
new file mode 100644
index 000000000000..16b031554877
--- /dev/null
+++ b/metadata/glsa/glsa-201804-08.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-08">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which may allow an attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>629348</bug>
+  <bug>638506</bug>
+  <bug>643432</bug>
+  <bug>646814</bug>
+  <bug>649616</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.11.1-r1</unaffected>
+      <vulnerable range="lt">2.11.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary code, cause a Denial of Service
+      condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.11.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13672">CVE-2017-13672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15124">CVE-2017-15124</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16845">CVE-2017-16845</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17381">CVE-2017-17381</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18030">CVE-2017-18030</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18043">CVE-2017-18043</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5715">CVE-2017-5715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5683">CVE-2018-5683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5748">CVE-2018-5748</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7550">CVE-2018-7550</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T17:31:53Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T23:30:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-09.xml b/metadata/glsa/glsa-201804-09.xml
new file mode 100644
index 000000000000..ab4be111389b
--- /dev/null
+++ b/metadata/glsa/glsa-201804-09.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-09">
+  <title>SPICE VDAgent: Arbitrary command injection</title>
+  <synopsis>A vulnerability in SPICE VDAgent could allow local attackers to
+    execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">spice,vdagent</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>650020</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/spice-vdagent" auto="yes" arch="*">
+      <unaffected range="ge">0.17.0_p20180319</unaffected>
+      <vulnerable range="lt">0.17.0_p20180319</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Provides a complete open source solution for remote access to virtual
+      machines in a seamless way so you can play videos, record audio, share
+      USB devices and share folders without complications.
+    </p>
+  </background>
+  <description>
+    <p>SPICE VDAgent does not properly escape save directory before passing to
+      shell.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute arbitrary commands.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SPICE VDAgent users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/spice-vdagent-0.17.0_p20180319"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15108">CVE-2017-15108</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T17:31:09Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T23:32:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-10.xml b/metadata/glsa/glsa-201804-10.xml
new file mode 100644
index 000000000000..82a5c8731e29
--- /dev/null
+++ b/metadata/glsa/glsa-201804-10.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-10">
+  <title>Zend Framework: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Zend Framework, the
+    worst of which could allow attackers to remotely execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">zendframework</product>
+  <announced>2018-04-09</announced>
+  <revised count="2">2018-04-09</revised>
+  <bug>604182</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/ZendFramework" auto="yes" arch="*">
+      <vulnerable range="le">1.12.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Zend Framework is a high quality and open source framework for
+      developing Web Applications.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Zend Framework that
+      have remain unaddressed. Please review the referenced CVE identifiers for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary commands or conduct SQL
+      injection attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Zend Framework and recommends that
+      users unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "dev-php/ZendFramework"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10034">CVE-2016-10034</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-4861">CVE-2016-4861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6233">CVE-2016-6233</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-09T00:33:10Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-09T17:05:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-11.xml b/metadata/glsa/glsa-201804-11.xml
new file mode 100644
index 000000000000..915c8d2867c7
--- /dev/null
+++ b/metadata/glsa/glsa-201804-11.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-11">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">flash</product>
+  <announced>2018-04-11</announced>
+  <revised count="1">2018-04-11</revised>
+  <bug>652960</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">29.0.0.140</unaffected>
+      <vulnerable range="lt">29.0.0.140</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, disclose sensitive information or bypass
+      security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-29.0.0.140"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://helpx.adobe.com/security/products/flash-player/apsb18-08.html">
+      APSB18-08
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4932">CVE-2018-4932</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4933">CVE-2018-4933</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4934">CVE-2018-4934</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4935">CVE-2018-4935</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4936">CVE-2018-4936</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4937">CVE-2018-4937</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-11T11:03:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-04-11T20:08:20Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-12.xml b/metadata/glsa/glsa-201804-12.xml
new file mode 100644
index 000000000000..097160fddf87
--- /dev/null
+++ b/metadata/glsa/glsa-201804-12.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-12">
+  <title>Go: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Go allows remote attackers to execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">go</product>
+  <announced>2018-04-15</announced>
+  <revised count="1">2018-04-15</revised>
+  <bug>650014</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/go" auto="yes" arch="*">
+      <unaffected range="ge">1.10.1</unaffected>
+      <vulnerable range="lt">1.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Go is an open source programming language that makes it easy to build
+      simple, reliable, and efficient software.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in Go was discovered which does not validate the import
+      path of remote repositories.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to import from a crafted website,
+      could execute arbitrary commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Go users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/go-1.10.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7187">CVE-2018-7187</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-14T16:24:01Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-15T23:23:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-13.xml b/metadata/glsa/glsa-201804-13.xml
new file mode 100644
index 000000000000..7b1706348f35
--- /dev/null
+++ b/metadata/glsa/glsa-201804-13.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-13">
+  <title>ncurses: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ncurses, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ncurses</product>
+  <announced>2018-04-17</announced>
+  <revised count="1">2018-04-17</revised>
+  <bug>624644</bug>
+  <bug>625830</bug>
+  <bug>629276</bug>
+  <bug>639706</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/ncurses" auto="yes" arch="*">
+      <unaffected range="ge" slot="0">6.1</unaffected>
+      <vulnerable range="lt" slot="0">6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Free software emulation of curses in System V.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ncurses. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process untrusted terminfo or
+      other data, could execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ncurses users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/ncurses-6.1:0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10684">CVE-2017-10684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10685">CVE-2017-10685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11112">CVE-2017-11112</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11113">CVE-2017-11113</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13728">CVE-2017-13728</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13729">CVE-2017-13729</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13730">CVE-2017-13730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13731">CVE-2017-13731</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13732">CVE-2017-13732</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13733">CVE-2017-13733</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13734">CVE-2017-13734</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16879">CVE-2017-16879</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-15T18:38:59Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-17T18:18:44Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-14.xml b/metadata/glsa/glsa-201804-14.xml
new file mode 100644
index 000000000000..474c1588cbdc
--- /dev/null
+++ b/metadata/glsa/glsa-201804-14.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-14">
+  <title>GDK-PixBuf: Remote code execution</title>
+  <synopsis>A vulnerability has been found in GDK-PixBuf that may allow a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gdkpixbuf</product>
+  <announced>2018-04-17</announced>
+  <revised count="1">2018-04-17</revised>
+  <bug>644770</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gdk-pixbuf" auto="yes" arch="*">
+      <unaffected range="ge">2.36.11</unaffected>
+      <vulnerable range="lt">2.36.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GDK-PixBuf is an image loading library for GTK+.</p>
+  </background>
+  <description>
+    <p>Several integer overflows were discovered in GDK-PixBuf’s gif_get_lzw
+      function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      image file, could execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GDK-PixBuf users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/gdk-pixbuf-2.36.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000422">
+      CVE-2017-1000422
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-17T17:12:14Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-17T18:21:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-15.xml b/metadata/glsa/glsa-201804-15.xml
new file mode 100644
index 000000000000..fe0526b63a13
--- /dev/null
+++ b/metadata/glsa/glsa-201804-15.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-15">
+  <title>Evince: Command injection</title>
+  <synopsis>A vulnerability has been found in Evince which may allow for
+    arbitrary command execution.
+  </synopsis>
+  <product type="ebuild">evince</product>
+  <announced>2018-04-17</announced>
+  <revised count="1">2018-04-17</revised>
+  <bug>650272</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/evince" auto="yes" arch="*">
+      <unaffected range="ge">3.24.2-r1</unaffected>
+      <vulnerable range="lt">3.24.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Evince is a document viewer for multiple document formats, including
+      PostScript.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Evince’s handling of filenames while
+      printing PDF files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      file, could execute arbitrary commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Evince users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/evince-3.24.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000159">
+      CVE-2017-1000159
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-17T17:27:38Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-17T18:22:39Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-16.xml b/metadata/glsa/glsa-201804-16.xml
new file mode 100644
index 000000000000..14bc438d2f6e
--- /dev/null
+++ b/metadata/glsa/glsa-201804-16.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-16">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ClamAV, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2018-04-22</announced>
+  <revised count="1">2018-04-22</revised>
+  <bug>623534</bug>
+  <bug>625632</bug>
+  <bug>628686</bug>
+  <bug>628690</bug>
+  <bug>649314</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.99.4</unaffected>
+      <vulnerable range="lt">0.99.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ClamAV is a GPL virus scanner.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ClamAV. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, through multiple vectors, could execute arbitrary
+      code, cause a Denial of Service condition, or have other unspecified
+      impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.99.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-6706">CVE-2012-6706</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11423">CVE-2017-11423</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-6418">CVE-2017-6418</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-6419">CVE-2017-6419</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-6420">CVE-2017-6420</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0202">CVE-2018-0202</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000085">
+      CVE-2018-1000085
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-22T21:20:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-22T22:32:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-17.xml b/metadata/glsa/glsa-201804-17.xml
new file mode 100644
index 000000000000..7390b995ad7d
--- /dev/null
+++ b/metadata/glsa/glsa-201804-17.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-17">
+  <title>Quagga: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Quagga, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">quagga</product>
+  <announced>2018-04-22</announced>
+  <revised count="1">2018-04-22</revised>
+  <bug>647788</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/quagga" auto="yes" arch="*">
+      <unaffected range="ge">1.2.4</unaffected>
+      <vulnerable range="lt">1.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and
+      BGP.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Quagga. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by sending specially crafted packets, could execute
+      arbitrary code or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quagga users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-1.2.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5378">CVE-2018-5378</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5379">CVE-2018-5379</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5380">CVE-2018-5380</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5381">CVE-2018-5381</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-20T13:52:43Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-22T22:35:42Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-18.xml b/metadata/glsa/glsa-201804-18.xml
new file mode 100644
index 000000000000..11d18817a8d0
--- /dev/null
+++ b/metadata/glsa/glsa-201804-18.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-18">
+  <title>tenshi: Privilege escalation</title>
+  <synopsis>Gentoo's tenshi ebuild is vulnerable to privilege escalation due to
+    the way pid files are handled.
+  </synopsis>
+  <product type="ebuild">tenshi</product>
+  <announced>2018-04-22</announced>
+  <revised count="1">2018-04-22</revised>
+  <bug>626654</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/tenshi" auto="yes" arch="*">
+      <unaffected range="ge">0.17</unaffected>
+      <vulnerable range="lt">0.17</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A log monitoring program, designed to watch one or more log files for
+      lines matching user defined regular expressions and report on the
+      matches.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that the tenshi ebuild creates a tenshi.pid file after
+      dropping privileges to a non-root account.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges to root or kill arbitrary
+      processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tenshi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/tenshi-0.17"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11746">CVE-2017-11746</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-18T00:37:51Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-22T22:37:25Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-19.xml b/metadata/glsa/glsa-201804-19.xml
new file mode 100644
index 000000000000..0bdefb18b2b8
--- /dev/null
+++ b/metadata/glsa/glsa-201804-19.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-19">
+  <title>mbed TLS: Multiple vulnerabilites</title>
+  <synopsis>Multiple vulnerabilities have been found in mbed TLS, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mbedtls</product>
+  <announced>2018-04-22</announced>
+  <revised count="1">2018-04-22</revised>
+  <bug>647800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/mbedtls" auto="yes" arch="*">
+      <unaffected range="ge">2.7.2</unaffected>
+      <vulnerable range="lt">2.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mbed TLS (previously PolarSSL) is an “easy to understand, use,
+      integrate and expand” implementation of the TLS and SSL protocols and
+      the respective cryptographic algorithms and support code required.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mbed TLS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, through multiple vectors, could possibly execute
+      arbitrary code with the privileges of the process or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mbed TLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/mbedtls-2.7.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18187">CVE-2017-18187</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0487">CVE-2018-0487</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0488">CVE-2018-0488</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-22T21:30:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-22T23:49:11Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-20.xml b/metadata/glsa/glsa-201804-20.xml
new file mode 100644
index 000000000000..e097d700a044
--- /dev/null
+++ b/metadata/glsa/glsa-201804-20.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-20">
+  <title>unADF: Remote code execution</title>
+  <synopsis>Multiple vulnerabilities have been found in unADF that may allow a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">unadf</product>
+  <announced>2018-04-22</announced>
+  <revised count="1">2018-04-22</revised>
+  <bug>636388</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/unadf" auto="yes" arch="*">
+      <unaffected range="ge">0.7.12-r1</unaffected>
+      <vulnerable range="lt">0.7.12-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>An unzip like for .ADF files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities were discovered in unADF that can lead to
+      remote code execution. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      file, could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All unADF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/unadf-0.7.12-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-1243">CVE-2016-1243</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-1244">CVE-2016-1244</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-22T20:59:29Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-22T23:50:47Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-21.xml b/metadata/glsa/glsa-201804-21.xml
new file mode 100644
index 000000000000..f73a5903ab2b
--- /dev/null
+++ b/metadata/glsa/glsa-201804-21.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-21">
+  <title>librelp: Remote code execution</title>
+  <synopsis>A vulnerability has been found in librelp that may allow a remote
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">librelp</product>
+  <announced>2018-04-22</announced>
+  <revised count="1">2018-04-22</revised>
+  <bug>651192</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/librelp" auto="yes" arch="*">
+      <unaffected range="ge">1.2.15</unaffected>
+      <vulnerable range="lt">1.2.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A reliable logging program.</p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in librelp with the handling of x509
+      certificates.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by sending a specially crafted x509 certificate,
+      could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All librelp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/librelp-1.2.15"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000140">
+      CVE-2018-1000140
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-22T21:23:29Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-22T23:52:09Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-22.xml b/metadata/glsa/glsa-201804-22.xml
new file mode 100644
index 000000000000..ae516bd2d3af
--- /dev/null
+++ b/metadata/glsa/glsa-201804-22.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-22">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,chrome</product>
+  <announced>2018-04-24</announced>
+  <revised count="1">2018-04-24</revised>
+  <bug>653696</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">66.0.3359.117</unaffected>
+      <vulnerable range="lt">66.0.3359.117</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">66.0.3359.117</unaffected>
+      <vulnerable range="lt">66.0.3359.117</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      content security controls, or conduct URL spoofing.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-66.0.3359.117"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-66.0.3359.117"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6085">CVE-2018-6085</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6086">CVE-2018-6086</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6087">CVE-2018-6087</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6088">CVE-2018-6088</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6089">CVE-2018-6089</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6090">CVE-2018-6090</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6091">CVE-2018-6091</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6092">CVE-2018-6092</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6093">CVE-2018-6093</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6094">CVE-2018-6094</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6095">CVE-2018-6095</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6096">CVE-2018-6096</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6097">CVE-2018-6097</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6098">CVE-2018-6098</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6099">CVE-2018-6099</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6100">CVE-2018-6100</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6101">CVE-2018-6101</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6102">CVE-2018-6102</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6103">CVE-2018-6103</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6104">CVE-2018-6104</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6105">CVE-2018-6105</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6106">CVE-2018-6106</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6107">CVE-2018-6107</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6108">CVE-2018-6108</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6109">CVE-2018-6109</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6110">CVE-2018-6110</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6111">CVE-2018-6111</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6112">CVE-2018-6112</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6113">CVE-2018-6113</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6114">CVE-2018-6114</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6115">CVE-2018-6115</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6116">CVE-2018-6116</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6117">CVE-2018-6117</uri>
+    <uri link="https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html">
+      Google Chrome Release 20180417
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-23T16:38:49Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-24T00:27:21Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-01.xml b/metadata/glsa/glsa-201805-01.xml
new file mode 100644
index 000000000000..36f403874270
--- /dev/null
+++ b/metadata/glsa/glsa-201805-01.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-01">
+  <title>hesiod: Root privilege escalation </title>
+  <synopsis>A vulnerability was discovered in hesiod which may allow remote
+    attackers to gain root privileges.
+  </synopsis>
+  <product type="ebuild">hesiod</product>
+  <announced>2018-05-02</announced>
+  <revised count="1">2018-05-02</revised>
+  <bug>606652</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-dns/hesiod" auto="yes" arch="*">
+      <vulnerable range="le">3.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>DNS functionality to access to DB of information that changes
+      infrequently.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in hesiod that have
+      remained unaddressed. Please review the referenced CVE identifiers for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote or local attacker may be able to escalate privileges to root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for hesiod and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-dns/hesiod"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10151">CVE-2016-10151</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10152">CVE-2016-10152</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-29T17:50:36Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-02T23:52:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-02.xml b/metadata/glsa/glsa-201805-02.xml
new file mode 100644
index 000000000000..d23f963400e8
--- /dev/null
+++ b/metadata/glsa/glsa-201805-02.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-02">
+  <title>Python: Buffer overflow</title>
+  <synopsis>A buffer overflow in Python might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2018-05-02</announced>
+  <revised count="1">2018-05-02</revised>
+  <bug>637938</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.14</unaffected>
+      <vulnerable range="lt" slot="2.7">2.7.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in Python’s PyString_DecodeEscape
+      function in stringobject.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to process a specially crafted
+      file, could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.14:2.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000158">
+      CVE-2017-1000158
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-24T00:27:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-02T23:53:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-03.xml b/metadata/glsa/glsa-201805-03.xml
new file mode 100644
index 000000000000..4b3387ed8c40
--- /dev/null
+++ b/metadata/glsa/glsa-201805-03.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-03">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium, google-chrome</product>
+  <announced>2018-05-02</announced>
+  <revised count="1">2018-05-02</revised>
+  <bug>654384</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">66.0.3359.139</unaffected>
+      <vulnerable range="lt">66.0.3359.139</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">66.0.3359.139</unaffected>
+      <vulnerable range="lt">66.0.3359.139</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-66.0.3359.139"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-66.0.3359.139"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6118">CVE-2018-6118</uri>
+    <uri link="https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html">
+      Google Chrome Release 20180426
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-01T23:39:45Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-05-02T23:57:25Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-04.xml b/metadata/glsa/glsa-201805-04.xml
new file mode 100644
index 000000000000..f63ce11ab625
--- /dev/null
+++ b/metadata/glsa/glsa-201805-04.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-04">
+  <title>rsync: Arbitrary command execution</title>
+  <synopsis>A vulnerability in rsync might allow remote attackers to execute
+    arbitrary commands.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2018-05-08</announced>
+  <revised count="1">2018-05-08</revised>
+  <bug>646818</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">3.1.3</unaffected>
+      <vulnerable range="lt">3.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>File transfer program to keep remote files into sync.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in rsync’s parse_arguments function in
+      options.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could possibly execute arbitrary commands with the
+      privilege of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rsync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-3.1.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5764">CVE-2018-5764</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-03T08:10:23Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-05-08T15:27:34Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-05.xml b/metadata/glsa/glsa-201805-05.xml
new file mode 100644
index 000000000000..ef4b236a7e27
--- /dev/null
+++ b/metadata/glsa/glsa-201805-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-05">
+  <title>mpv: Remote code execution</title>
+  <synopsis>A vulnerability has been found in mpv that may allow a remote
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mpv</product>
+  <announced>2018-05-14</announced>
+  <revised count="1">2018-05-14</revised>
+  <bug>646886</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-video/mpv" auto="yes" arch="*">
+      <unaffected range="ge">0.27.2</unaffected>
+      <vulnerable range="lt">0.27.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Video player based on MPlayer/mplayer2</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in mpv with the handling of HTML
+      documents containing VIDEO elements. Additionally, mpv accepts arbitrary
+      URLs in a src attribute without a protocol whitelist in
+      player/lua/ytdl_hook.lua.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by enticing the user to visit a specially crafted web
+      site, could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mpv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/mpv-0.27.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6360">CVE-2018-6360</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-07T16:02:12Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-05-14T23:21:56Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-06.xml b/metadata/glsa/glsa-201805-06.xml
new file mode 100644
index 000000000000..41200abbfd16
--- /dev/null
+++ b/metadata/glsa/glsa-201805-06.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-06">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">chromium, chrome</product>
+  <announced>2018-05-20</announced>
+  <revised count="1">2018-05-20</revised>
+  <bug>655720</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">66.0.3359.170</unaffected>
+      <vulnerable range="lt">66.0.3359.170</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">66.0.3359.170</unaffected>
+      <vulnerable range="lt">66.0.3359.170</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to install malicious extensions,
+      could possibly escalate privileges, cause a Denial of Service condition,
+      or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-66.0.3359.170"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-66.0.3359.170"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6120">CVE-2018-6120</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6121">CVE-2018-6121</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6122">CVE-2018-6122</uri>
+    <uri link="https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html">
+      Google Chrome Release 20180510
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-17T12:07:01Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-05-20T14:40:13Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-07.xml b/metadata/glsa/glsa-201805-07.xml
new file mode 100644
index 000000000000..f57a6fb9d6d1
--- /dev/null
+++ b/metadata/glsa/glsa-201805-07.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-07">
+  <title>Samba: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2018-05-22</announced>
+  <revised count="1">2018-05-22</revised>
+  <bug>588262</bug>
+  <bug>619516</bug>
+  <bug>639024</bug>
+  <bug>650382</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">4.5.16</unaffected>
+      <vulnerable range="lt">4.5.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code, cause a Denial
+      of Service condition, conduct a man-in-the-middle attack, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.5.16"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-2119">CVE-2016-2119</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14746">CVE-2017-14746</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15275">CVE-2017-15275</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7494">CVE-2017-7494</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1050">CVE-2018-1050</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1057">CVE-2018-1057</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-15T00:36:47Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-22T22:29:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-08.xml b/metadata/glsa/glsa-201805-08.xml
new file mode 100644
index 000000000000..5b8b52935500
--- /dev/null
+++ b/metadata/glsa/glsa-201805-08.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-08">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
+    of which could allow an attacker to take control of VirtualBox.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2018-05-22</announced>
+  <revised count="1">2018-05-22</revised>
+  <bug>655186</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">5.1.36</unaffected>
+      <vulnerable range="lt">5.1.36</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
+      <unaffected range="ge">5.1.36.122089</unaffected>
+      <vulnerable range="lt">5.1.36.122089</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VirtualBox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could take control of VirtualBox resulting in the execution
+      of arbitrary code with the privileges of the process, a Denial of Service
+      condition, or other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VirtualBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-5.1.36"
+    </code>
+    
+    <p>All VirtualBox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-5.1.36.122089"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2830">CVE-2018-2830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2831">CVE-2018-2831</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2835">CVE-2018-2835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2836">CVE-2018-2836</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2837">CVE-2018-2837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2842">CVE-2018-2842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2843">CVE-2018-2843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2844">CVE-2018-2844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2845">CVE-2018-2845</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2860">CVE-2018-2860</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-14T23:15:39Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-22T22:32:13Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-09.xml b/metadata/glsa/glsa-201805-09.xml
new file mode 100644
index 000000000000..f4af27e4d2fc
--- /dev/null
+++ b/metadata/glsa/glsa-201805-09.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-09">
+  <title>Shadow: security bypass</title>
+  <synopsis>A vulnerability found in Shadow may allow local attackers to bypass
+    security restrictions.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2018-05-22</announced>
+  <revised count="1">2018-05-22</revised>
+  <bug>647790</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.6</unaffected>
+      <vulnerable range="lt">4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Shadow is a set of tools to deal with user accounts.</p>
+  </background>
+  <description>
+    <p>A local attacker could possibly bypass security restrictions if an
+      administrator used “group blacklisting” to restrict access to file
+      system paths.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly bypass security restrictions.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All shadow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7169">CVE-2018-7169</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-22T22:21:35Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-05-22T22:36:37Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-10.xml b/metadata/glsa/glsa-201805-10.xml
new file mode 100644
index 000000000000..75dcf4ebe6b4
--- /dev/null
+++ b/metadata/glsa/glsa-201805-10.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-10">
+  <title>Zsh: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Zsh, the worst of which
+    could allow local attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">zsh</product>
+  <announced>2018-05-26</announced>
+  <revised count="1">2018-05-26</revised>
+  <bug>649614</bug>
+  <bug>651860</bug>
+  <bug>655708</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-shells/zsh" auto="yes" arch="*">
+      <unaffected range="ge">5.5</unaffected>
+      <vulnerable range="lt">5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A shell designed for interactive use, although it is also a powerful
+      scripting language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Zsh. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute arbitrary code, escalate privileges, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Zsh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/zsh-5.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18205">CVE-2017-18205</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18206">CVE-2017-18206</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1071">CVE-2018-1071</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1083">CVE-2018-1083</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1100">CVE-2018-1100</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7548">CVE-2018-7548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7549">CVE-2018-7549</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-26T14:04:43Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-26T15:33:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-11.xml b/metadata/glsa/glsa-201805-11.xml
new file mode 100644
index 000000000000..6e793ac2cc61
--- /dev/null
+++ b/metadata/glsa/glsa-201805-11.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-11">
+  <title>Rootkit Hunter: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in Rootkit Hunter that allows a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rkhunter</product>
+  <announced>2018-05-26</announced>
+  <revised count="1">2018-05-26</revised>
+  <bug>623150</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-forensics/rkhunter" auto="yes" arch="*">
+      <unaffected range="ge">1.4.6</unaffected>
+      <vulnerable range="lt">1.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Scans for known and unknown rootkits, backdoors, and sniffers.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Rootkit Hunter that allows the
+      downloading of mirror updates over insecure channels (HTTP). 
+      Furthermore, the mirror update is then executed in Bash.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by performing a man-in-the-middle attack, could
+      execute arbitrary code, conduct a Denial of Service, or have other
+      unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>Users are advised to not trust insecure protocols such as HTTP and to
+      turn off any mirror updates utilizing such channels.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Rootkit Hunter users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-forensics/rkhunter-1.4.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7480">CVE-2017-7480</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-26T14:19:37Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-26T15:45:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-12.xml b/metadata/glsa/glsa-201805-12.xml
new file mode 100644
index 000000000000..a3a9dfc3d6cf
--- /dev/null
+++ b/metadata/glsa/glsa-201805-12.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-12">
+  <title>NTP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NTP, the worst of which
+    could lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2018-05-26</announced>
+  <revised count="1">2018-05-26</revised>
+  <bug>649612</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.8_p11</unaffected>
+      <vulnerable range="lt">4.2.8_p11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTP contains software for the Network Time Protocol.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NTP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.8_p11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7170">CVE-2018-7170</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7182">CVE-2018-7182</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7183">CVE-2018-7183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7184">CVE-2018-7184</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7185">CVE-2018-7185</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-26T14:29:05Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-26T15:54:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-13.xml b/metadata/glsa/glsa-201805-13.xml
new file mode 100644
index 000000000000..701ee3093bcd
--- /dev/null
+++ b/metadata/glsa/glsa-201805-13.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-13">
+  <title>Git: Multiple vulnerabilities</title>
+  <synopsis>Git contains multiple vulnerabilities that allow for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2018-05-30</announced>
+  <revised count="1">2018-05-30</revised>
+  <bug>656868</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">2.16.4</unaffected>
+      <vulnerable range="lt">2.16.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Git. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Remote attackers could execute arbitrary code on both client and server.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.16.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11233">CVE-2018-11233</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11235">CVE-2018-11235</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-30T00:57:53Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-05-30T01:20:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-14.xml b/metadata/glsa/glsa-201805-14.xml
new file mode 100644
index 000000000000..31c73fc72867
--- /dev/null
+++ b/metadata/glsa/glsa-201805-14.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-14">
+  <title>procps: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in procps, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">procps</product>
+  <announced>2018-05-30</announced>
+  <revised count="1">2018-05-30</revised>
+  <bug>656022</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-process/procps" auto="yes" arch="*">
+      <unaffected range="ge">3.3.15-r1</unaffected>
+      <vulnerable range="lt">3.3.15-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A bunch of small useful utilities that give information about processes
+      using the /proc filesystem.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in procps. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute arbitrary code, escalate privileges, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All procps users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-process/procps-3.3.15-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1120">CVE-2018-1120</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1122">CVE-2018-1122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1123">CVE-2018-1123</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1124">CVE-2018-1124</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-29T13:26:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-30T14:04:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201805-15.xml b/metadata/glsa/glsa-201805-15.xml
new file mode 100644
index 000000000000..f6d2e91d83e2
--- /dev/null
+++ b/metadata/glsa/glsa-201805-15.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-15">
+  <title>beep: Local privilege escalation </title>
+  <synopsis>A vulnerability in beep could allow local attackers to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">beep</product>
+  <announced>2018-05-30</announced>
+  <revised count="1">2018-05-30</revised>
+  <bug>652330</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/beep" auto="yes" arch="*">
+      <unaffected range="ge">1.3-r3</unaffected>
+      <vulnerable range="lt">1.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The advanced PC speaker beeper.</p>
+  </background>
+  <description>
+    <p>A race condition, if setuid, was discovered in beep.</p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All beep users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/beep-1.3-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0492">CVE-2018-0492</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-28T02:25:00Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-30T14:05:31Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-01.xml b/metadata/glsa/glsa-201806-01.xml
new file mode 100644
index 000000000000..b4e460104169
--- /dev/null
+++ b/metadata/glsa/glsa-201806-01.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-01">
+  <title>GNU Wget: Cookie injection</title>
+  <synopsis>A vulnerablity in GNU Wget could allow arbitrary cookies to be
+    injected.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>655216</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.19.5</unaffected>
+      <vulnerable range="lt">1.19.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in GNU Wget’s resp_new function which
+      does not validate \r\n sequences in continuation lines.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could inject arbitrary cookie entry requests.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.19.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0494">CVE-2018-0494</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-12T02:50:06Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:52:56Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-02.xml b/metadata/glsa/glsa-201806-02.xml
new file mode 100644
index 000000000000..c5e008caafbf
--- /dev/null
+++ b/metadata/glsa/glsa-201806-02.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>656230</bug>
+  <bug>657564</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">30.0.0.113</unaffected>
+      <vulnerable range="lt">30.0.0.113</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-30.0.0.113"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4944">CVE-2018-4944</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4945">CVE-2018-4945</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5000">CVE-2018-5000</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5001">CVE-2018-5001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5002">CVE-2018-5002</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-09T15:32:29Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:54:22Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-03.xml b/metadata/glsa/glsa-201806-03.xml
new file mode 100644
index 000000000000..afc08f70bd46
--- /dev/null
+++ b/metadata/glsa/glsa-201806-03.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-03">
+  <title>BURP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were discovered in BURP's Gentoo ebuild,
+    the worst of which could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">burp</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>628770</bug>
+  <bug>641842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-backup/burp" auto="yes" arch="*">
+      <unaffected range="ge">2.1.32</unaffected>
+      <vulnerable range="lt">2.1.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A network backup and restore program.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s BURP ebuild does not properly set
+      permissions or place the pid file in a safe directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>Users should ensure the proper permissions are set as discussed in the
+      referenced bugs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All BURP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-backup/burp-2.1.32"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18284">CVE-2017-18284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18285">CVE-2017-18285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-29T13:34:12Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:55:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-04.xml b/metadata/glsa/glsa-201806-04.xml
new file mode 100644
index 000000000000..d2b15f529f0b
--- /dev/null
+++ b/metadata/glsa/glsa-201806-04.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-04">
+  <title>Quassel: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Quassel, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">net-irc/quassel</product>
+  <announced>2018-06-14</announced>
+  <revised count="1">2018-06-14</revised>
+  <bug>653834</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/quassel" auto="yes" arch="*">
+      <unaffected range="ge">0.12.5</unaffected>
+      <vulnerable range="lt">0.12.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7
+      connectivity.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Quassel. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause arbitrary code execution or a Denial of
+      Service condition.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quassel users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/quassel-0.12.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000178">
+      CVE-2018-1000178
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000179">
+      CVE-2018-1000179
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-05T01:35:09Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-06-14T02:22:47Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-05.xml b/metadata/glsa/glsa-201806-05.xml
new file mode 100644
index 000000000000..a0b0fb5a36c9
--- /dev/null
+++ b/metadata/glsa/glsa-201806-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-05">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2018-06-19</announced>
+  <revised count="1">2018-06-19</revised>
+  <bug>655266</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.60.0</unaffected>
+      <vulnerable range="lt">7.60.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition, obtain
+      sensitive information, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.60.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000300">
+      CVE-2018-1000300
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000301">
+      CVE-2018-1000301
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-13T20:21:48Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-06-19T23:55:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-06.xml b/metadata/glsa/glsa-201806-06.xml
new file mode 100644
index 000000000000..61facab759e0
--- /dev/null
+++ b/metadata/glsa/glsa-201806-06.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-06">
+  <title>Chromium, Google Chrome: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerablity has been found in Chromium and Chrome that could
+    allow a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">chrome,chromium</product>
+  <announced>2018-06-20</announced>
+  <revised count="1">2018-06-20</revised>
+  <bug>658040</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">67.0.3396.87</unaffected>
+      <vulnerable range="lt">67.0.3396.87</vulnerable>
+    </package>
+    <package name="www-client/chrome" auto="yes" arch="*">
+      <unaffected range="ge">67.0.3396.87</unaffected>
+      <vulnerable range="lt">67.0.3396.87</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+    
+  </background>
+  <description>
+    <p>An out of bounds flaw has discovered in Chromium and Chrome’s V8
+      component.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to visit a specially crafted
+      website, could execute arbitrary code with the privileges of the process
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-67.0.3396.87"
+    </code>
+    
+    <p>All Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/chrome-67.0.3396.87"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6149">CVE-2018-6149</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-18T15:45:47Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-06-20T00:23:01Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-07.xml b/metadata/glsa/glsa-201806-07.xml
new file mode 100644
index 000000000000..5f956e06d5ef
--- /dev/null
+++ b/metadata/glsa/glsa-201806-07.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-07">
+  <title>Transmission: Remote code execution </title>
+  <synopsis>A vulnerability in Transmission could allow a remote attacker to
+    execute arbitrary RPC commands.
+  </synopsis>
+  <product type="ebuild">transmission</product>
+  <announced>2018-06-20</announced>
+  <revised count="1">2018-06-20</revised>
+  <bug>644406</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/transmission" auto="yes" arch="*">
+      <unaffected range="ge">2.93</unaffected>
+      <vulnerable range="lt">2.93</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Transmission is a cross-platform BitTorrent client.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in how Transmission handles access
+      control through the X-Transmission-Session-Id.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary RFC commands or consequently
+      conduct a DNS rebinding attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Transmission users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-p2p/transmission-"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5702">CVE-2018-5702</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-11T15:35:43Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-06-20T00:24:22Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-08.xml b/metadata/glsa/glsa-201806-08.xml
new file mode 100644
index 000000000000..9d4493b3898f
--- /dev/null
+++ b/metadata/glsa/glsa-201806-08.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-08">
+  <title>file: Denial of service</title>
+  <synopsis>A vulnerability in file could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2018-06-23</announced>
+  <revised count="1">2018-06-23</revised>
+  <bug>657930</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.33-r2</unaffected>
+      <vulnerable range="lt">5.33-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>file is a utility that guesses a file format by scanning binary data for
+      patterns.
+    </p>
+  </background>
+  <description>
+    <p>File does not properly utilize the do_core_note function in readelf.c in
+      libmagic.a.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted ELF file possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.33-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10360">CVE-2018-10360</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-23T00:28:49Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-06-23T21:38:00Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-09.xml b/metadata/glsa/glsa-201806-09.xml
new file mode 100644
index 000000000000..3cd03fbde533
--- /dev/null
+++ b/metadata/glsa/glsa-201806-09.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-09">
+  <title>PNP4Nagios: Root privilege escalation</title>
+  <synopsis>A vulnerability in PNP4Nagios which may allow local attackers to
+    gain root privileges.
+  </synopsis>
+  <product type="ebuild">pnp4nagios</product>
+  <announced>2018-06-24</announced>
+  <revised count="1">2018-06-24</revised>
+  <bug>637640</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/pnp4nagios" auto="yes" arch="*">
+      <unaffected range="ge">0.6.26-r9</unaffected>
+      <vulnerable range="lt">0.6.26-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PNP4Nagios is an addon for the Nagios Network Monitoring System.</p>
+  </background>
+  <description>
+    <p>It was found that PHP4Nagios creates files owned by an unprivileged user
+      that are used by root.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges to root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PNP4Nagios users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/pnp4nagios-0.6.26-r9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16834">CVE-2017-16834</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-19T23:53:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-06-24T03:10:22Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201807-01.xml b/metadata/glsa/glsa-201807-01.xml
new file mode 100644
index 000000000000..5a945f792950
--- /dev/null
+++ b/metadata/glsa/glsa-201807-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-01">
+  <title>tqdm: Arbitrary code execution</title>
+  <synopsis>A vulnerability in tqdm could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">tqdm</product>
+  <announced>2018-07-18</announced>
+  <revised count="1">2018-07-18</revised>
+  <bug>636384</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/tqdm" auto="yes" arch="*">
+      <unaffected range="ge">4.23.3</unaffected>
+      <vulnerable range="lt">4.23.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tqdm is a smart progress meter.</p>
+  </background>
+  <description>
+    <p>A vulnerablility was discovered in tqdm._version that could allow a
+      malicious git log within the current working directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary commands by enticing a user to
+      clone a crafted repo.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tqdm users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/tqdm-4.23.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10075">CVE-2016-10075</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-02T03:06:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-07-18T03:57:26Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201807-02.xml b/metadata/glsa/glsa-201807-02.xml
new file mode 100644
index 000000000000..ec691f42d00e
--- /dev/null
+++ b/metadata/glsa/glsa-201807-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-02">
+  <title>Passenger: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Passenger, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">passenger</product>
+  <announced>2018-07-22</announced>
+  <revised count="1">2018-07-22</revised>
+  <bug>658346</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/passenger" auto="yes" arch="*">
+      <unaffected range="ge">5.3.2</unaffected>
+      <vulnerable range="lt">5.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Passenger runs and manages your Ruby, Node.js, and Python apps.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Passenger. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could escalate privileges, execute arbitrary code,
+      cause a Denial of Service condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Passenger users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apache/passenger-5.3.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12026">CVE-2018-12026</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12027">CVE-2018-12027</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12028">CVE-2018-12028</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12029">CVE-2018-12029</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-03T02:38:28Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-07-22T20:50:15Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201807-03.xml b/metadata/glsa/glsa-201807-03.xml
new file mode 100644
index 000000000000..60ab861e112d
--- /dev/null
+++ b/metadata/glsa/glsa-201807-03.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-03">
+  <title>ZNC: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ZNC, the worst of which
+    could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">ZNC</product>
+  <announced>2018-07-29</announced>
+  <revised count="2">2018-07-29</revised>
+  <bug>661228</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/znc" auto="yes" arch="*">
+      <unaffected range="ge">1.7.1</unaffected>
+      <vulnerable range="lt">1.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ZNC is an advanced IRC bouncer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ZNC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could read arbitary files and esclate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/znc-1.7.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14055">CVE-2018-14055</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14056">CVE-2018-14056</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-16T11:02:53Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-07-29T21:57:06Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201807-04.xml b/metadata/glsa/glsa-201807-04.xml
new file mode 100644
index 000000000000..4c7b0637d0f1
--- /dev/null
+++ b/metadata/glsa/glsa-201807-04.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-04">
+  <title>cURL: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in cURL might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2018-07-29</announced>
+  <revised count="1">2018-07-29</revised>
+  <bug>660894</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.61.0</unaffected>
+      <vulnerable range="lt">7.61.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+    
+  </background>
+  <description>
+    <p>A heap-based buffer overflow was discovered in cURL’s
+      Curl_smtp_escape_eob() function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a Denial of Service condition or execute
+      arbitrary code via SMTP connections.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.61.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0500">CVE-2018-0500</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-21T22:56:00Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-07-29T22:11:16Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201808-01.xml b/metadata/glsa/glsa-201808-01.xml
new file mode 100644
index 000000000000..6e5632d69a0a
--- /dev/null
+++ b/metadata/glsa/glsa-201808-01.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201808-01">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which allows remote attackers to escalate privileges.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2018-08-22</announced>
+  <revised count="2">2018-08-22</revised>
+  <bug>657376</bug>
+  <bug>662436</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">68.0.3440.75</unaffected>
+      <vulnerable range="lt">68.0.3440.75</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">68.0.3440.75</unaffected>
+      <vulnerable range="lt">68.0.3440.75</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could escalate privileges, cause a heap buffer
+      overflow, obtain sensitive information or spoof a URL.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-68.0.3440.75"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-68.0.3440.75"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4117">CVE-2018-4117</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6044">CVE-2018-6044</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6150">CVE-2018-6150</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6151">CVE-2018-6151</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6152">CVE-2018-6152</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6153">CVE-2018-6153</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6154">CVE-2018-6154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6155">CVE-2018-6155</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6156">CVE-2018-6156</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6157">CVE-2018-6157</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6158">CVE-2018-6158</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6159">CVE-2018-6159</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6160">CVE-2018-6160</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6161">CVE-2018-6161</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6162">CVE-2018-6162</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6163">CVE-2018-6163</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6164">CVE-2018-6164</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6165">CVE-2018-6165</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6166">CVE-2018-6166</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6167">CVE-2018-6167</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6168">CVE-2018-6168</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6169">CVE-2018-6169</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6170">CVE-2018-6170</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6171">CVE-2018-6171</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6172">CVE-2018-6172</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6173">CVE-2018-6173</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6174">CVE-2018-6174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6175">CVE-2018-6175</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6176">CVE-2018-6176</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6177">CVE-2018-6177</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6178">CVE-2018-6178</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6179">CVE-2018-6179</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2108-6150">CVE-2108-6150</uri>
+    <uri link="https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html">
+      Google Chrome 68.0.3440.75 release announcement
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-30T23:07:09Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-08-22T21:30:07Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201808-02.xml b/metadata/glsa/glsa-201808-02.xml
new file mode 100644
index 000000000000..77b6971a058b
--- /dev/null
+++ b/metadata/glsa/glsa-201808-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201808-02">
+  <title>LinuX Containers user space utilities: Arbitrary file read</title>
+  <synopsis>A vulnerability has been found in LXC which may allow for arbitrary
+    file access (read-only).
+  </synopsis>
+  <product type="ebuild">lxc</product>
+  <announced>2018-08-22</announced>
+  <revised count="3">2018-10-17</revised>
+  <bug>662780</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/lxc" auto="yes" arch="*">
+      <unaffected range="ge">2.1.1-r1</unaffected>
+      <vulnerable range="lt">2.1.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LinuX Containers user space utilities.</p>
+  </background>
+  <description>
+    <p>lxc-user-nic when asked to delete a network interface will
+      unconditionally open a user provided path. This code path may be used by
+      an unprivileged user to check for the existence of a path which they
+      wouldn’t otherwise be able to reach.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A local unprivileged user could use this flaw to access arbitrary files,
+      including special device files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LXC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/lxc-2.1.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6556">CVE-2018-6556</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-13T17:16:02Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-10-17T23:09:04Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201808-03.xml b/metadata/glsa/glsa-201808-03.xml
new file mode 100644
index 000000000000..fbb8ec698cb6
--- /dev/null
+++ b/metadata/glsa/glsa-201808-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201808-03">
+  <title>NetworkManager VPNC plugin: Privilege escalation</title>
+  <synopsis>A vulnerability in NetworkManager VPNC plugin allows local users to
+    escalate privileges.
+  </synopsis>
+  <product type="ebuild">networkmanager-vpnc</product>
+  <announced>2018-08-22</announced>
+  <revised count="1">2018-08-22</revised>
+  <bug>661712</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/networkmanager-vpnc" auto="yes" arch="*">
+      <unaffected range="ge">1.2.6</unaffected>
+      <vulnerable range="lt">1.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NetworkManager is an universal network configuration daemon for laptops,
+      desktops, servers and virtualization hosts.
+    </p>
+    
+    <p>The VPNC plugin provides easy access Cisco Concentrator based VPN’s
+      utilizing NetworkManager.
+    </p>
+  </background>
+  <description>
+    <p>When initiating a VPNC connection, NetworkManager spawns a new vpnc
+      process and passes the configuration via STDIN. By injecting a special
+      character into a configuration parameter, an attacker can coerce
+      NetworkManager to set the Password helper option to an attacker
+      controlled executable file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker is able to escalate privileges via a specially crafted
+      configuration file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NetworkManager VPNC plugin users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-misc/networkmanager-vpnc-1.2.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10900">CVE-2018-10900</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-30T00:25:20Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-08-22T21:14:54Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201808-04.xml b/metadata/glsa/glsa-201808-04.xml
new file mode 100644
index 000000000000..842738778130
--- /dev/null
+++ b/metadata/glsa/glsa-201808-04.xml
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201808-04">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2018-08-22</announced>
+  <revised count="1">2018-08-22</revised>
+  <bug>652820</bug>
+  <bug>658168</bug>
+  <bug>662974</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.20.4</unaffected>
+      <vulnerable range="lt">2.20.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary commands or cause a denial of
+      service condition  via a maliciously crafted web content.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.20.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11646">CVE-2018-11646</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11712">CVE-2018-11712</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11713">CVE-2018-11713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12293">CVE-2018-12293</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12294">CVE-2018-12294</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4101">CVE-2018-4101</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4113">CVE-2018-4113</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4114">CVE-2018-4114</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4117">CVE-2018-4117</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4118">CVE-2018-4118</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4119">CVE-2018-4119</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4120">CVE-2018-4120</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4121">CVE-2018-4121</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4122">CVE-2018-4122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4125">CVE-2018-4125</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4127">CVE-2018-4127</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4128">CVE-2018-4128</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4129">CVE-2018-4129</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4133">CVE-2018-4133</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4146">CVE-2018-4146</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4162">CVE-2018-4162</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4163">CVE-2018-4163</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4165">CVE-2018-4165</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4190">CVE-2018-4190</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4192">CVE-2018-4192</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4199">CVE-2018-4199</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4200">CVE-2018-4200</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4201">CVE-2018-4201</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4204">CVE-2018-4204</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4214">CVE-2018-4214</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4218">CVE-2018-4218</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4222">CVE-2018-4222</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4232">CVE-2018-4232</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4233">CVE-2018-4233</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4261">CVE-2018-4261</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4262">CVE-2018-4262</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4263">CVE-2018-4263</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4264">CVE-2018-4264</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4265">CVE-2018-4265</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4266">CVE-2018-4266</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4267">CVE-2018-4267</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4270">CVE-2018-4270</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4272">CVE-2018-4272</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4273">CVE-2018-4273</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4278">CVE-2018-4278</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4284">CVE-2018-4284</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2018-0003.html">WebKitGTK+
+      Security Advisory WSA-2018-0003
+    </uri>
+    <uri link="https://webkitgtk.org/security/WSA-2018-0004.html">WebKitGTK+
+      Security Advisory WSA-2018-0004
+    </uri>
+    <uri link="https://webkitgtk.org/security/WSA-2018-0005.html">WebKitGTK+
+      Security Advisory WSA-2018-0005
+    </uri>
+    <uri link="https://webkitgtk.org/security/WSA-2018-0006.html">WebKitGTK+
+      Security Advisory WSA-2018-0006
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-06T19:11:23Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-08-22T21:15:04Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-01.xml b/metadata/glsa/glsa-201810-01.xml
new file mode 100644
index 000000000000..ebe9c30ed5f3
--- /dev/null
+++ b/metadata/glsa/glsa-201810-01.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-01">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2018-10-02</announced>
+  <revised count="1">2018-10-02</revised>
+  <bug>650422</bug>
+  <bug>657976</bug>
+  <bug>659432</bug>
+  <bug>665496</bug>
+  <bug>666760</bug>
+  <bug>667612</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.2.2</unaffected>
+      <vulnerable range="lt">60.2.2</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.2.2</unaffected>
+      <vulnerable range="lt">60.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition. Furthermore,
+      a remote attacker may be able to perform Man-in-the-Middle attacks,
+      obtain sensitive information, spoof the address bar, conduct clickjacking
+      attacks, bypass security restrictions and protection mechanisms, or have
+      other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.2.2"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.2.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16541">CVE-2017-16541</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12358">CVE-2018-12358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12359">CVE-2018-12359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12360">CVE-2018-12360</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12361">CVE-2018-12361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12362">CVE-2018-12362</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12363">CVE-2018-12363</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12364">CVE-2018-12364</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12365">CVE-2018-12365</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12366">CVE-2018-12366</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12367">CVE-2018-12367</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12368">CVE-2018-12368</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12369">CVE-2018-12369</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12370">CVE-2018-12370</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12371">CVE-2018-12371</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12376">CVE-2018-12376</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12377">CVE-2018-12377</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12378">CVE-2018-12378</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12379">CVE-2018-12379</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12381">CVE-2018-12381</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12383">CVE-2018-12383</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12385">CVE-2018-12385</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12386">CVE-2018-12386</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12387">CVE-2018-12387</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5125">CVE-2018-5125</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5127">CVE-2018-5127</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5129">CVE-2018-5129</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5130">CVE-2018-5130</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5131">CVE-2018-5131</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5144">CVE-2018-5144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5150">CVE-2018-5150</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5154">CVE-2018-5154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5155">CVE-2018-5155</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5156">CVE-2018-5156</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5157">CVE-2018-5157</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5158">CVE-2018-5158</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5159">CVE-2018-5159</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5168">CVE-2018-5168</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5178">CVE-2018-5178</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5183">CVE-2018-5183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5186">CVE-2018-5186</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5187">CVE-2018-5187</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5188">CVE-2018-5188</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6126">CVE-2018-6126</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-02T09:03:17Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-02T22:17:52Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-02.xml b/metadata/glsa/glsa-201810-02.xml
new file mode 100644
index 000000000000..20bc31cf4a1d
--- /dev/null
+++ b/metadata/glsa/glsa-201810-02.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-02">
+  <title>SoX: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SoX, the worst of which
+    may lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">sox</product>
+  <announced>2018-10-06</announced>
+  <revised count="1">2018-10-06</revised>
+  <bug>626702</bug>
+  <bug>627570</bug>
+  <bug>634450</bug>
+  <bug>634814</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/sox" auto="yes" arch="*">
+      <unaffected range="ge">14.4.2-r1</unaffected>
+      <vulnerable range="lt">14.4.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SoX is a command line utility that can convert various formats of
+      computer audio files in to other formats.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SoX. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a crafted WAV, HCOM,
+      SND, or AIFF file, could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SoX users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/sox-14.4.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11332">CVE-2017-11332</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11358">CVE-2017-11358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11359">CVE-2017-11359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15370">CVE-2017-15370</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15371">CVE-2017-15371</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15372">CVE-2017-15372</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15642">CVE-2017-15642</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-30T21:36:08Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-10-06T16:59:06Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-03.xml b/metadata/glsa/glsa-201810-03.xml
new file mode 100644
index 000000000000..9165083ac1cb
--- /dev/null
+++ b/metadata/glsa/glsa-201810-03.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-03">
+  <title>OpenSSH: User enumeration vulnerability</title>
+  <synopsis>A vulnerability in OpenSSH might allow remote attackers to
+    determine valid usernames.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2018-10-06</announced>
+  <revised count="1">2018-10-06</revised>
+  <bug>664264</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">7.7_p1-r8</unaffected>
+      <vulnerable range="lt">7.7_p1-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that OpenSSH was prone to a user enumeration
+      vulnerability.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could conduct user enumeration.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-7.7_p1-r8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15473">CVE-2018-15473</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-23T00:18:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-06T17:02:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-04.xml b/metadata/glsa/glsa-201810-04.xml
new file mode 100644
index 000000000000..8b1b96e811df
--- /dev/null
+++ b/metadata/glsa/glsa-201810-04.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-04">
+  <title>ImageMagick: Security hardening</title>
+  <synopsis>Due to multiple vulnerabilities in various coders used by
+    ImageMagick, Gentoo Linux now installs a policy.xml file which will
+    restrict coder usage by default.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2018-10-06</announced>
+  <revised count="1">2018-10-06</revised>
+  <bug>664236</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.9.10.10-r1</unaffected>
+      <unaffected range="ge">7.0.8.10-r1</unaffected>
+      <vulnerable range="lt">6.9.10.10-r1</vulnerable>
+      <vulnerable range="lt">7.0.8.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ImageMagick is a collection of tools and libraries for many image
+      formats.
+    </p>
+  </background>
+  <description>
+    <p>If you process an image with ImageMagick and don’t validate the file
+      before (e.g. check magic byte), ImageMagick will call any coders found in
+      the given file. So if ImageMagick will find Ghostscript for example, it
+      will call Ghostscript.
+    </p>
+    
+    <p>Due to multiple -dSAFER sandbox bypass vulnerabilities in Ghostscript,
+      this can lead to arbitrary code execution.
+    </p>
+    
+    <p>To mitigate this problem we install a policy.xml file by default which
+      will disable PS, EPS, PDF, and XPS coders.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      image file, could execute arbitrary code with the privileges of the
+      process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick 6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-gfx/imagemagick-6.9.10.10-r1"
+    </code>
+    
+    <p>All ImageMagick 7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-gfx/imagemagick-7.0.8.10-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://www.kb.cert.org/vuls/id/332928">Ghostscript contains
+      multiple -dSAFER sandbox bypass vulnerabilities (VU#332928)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-22T17:43:38Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-06T17:09:35Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-05.xml b/metadata/glsa/glsa-201810-05.xml
new file mode 100644
index 000000000000..d88bef878a13
--- /dev/null
+++ b/metadata/glsa/glsa-201810-05.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-05">
+  <title>xkbcommon: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in xkbcommon, the worst of
+    which may lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libxkbcommon</product>
+  <announced>2018-10-30</announced>
+  <revised count="1">2018-10-30</revised>
+  <bug>665702</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/libxkbcommon" auto="yes" arch="*">
+      <unaffected range="ge">0.8.2</unaffected>
+      <vulnerable range="lt">0.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>xkbcommon is a library to handle keyboard descriptions, including
+      loading them from disk, parsing them and handling their state.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxkbcommon. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could supply a specially crafted keymap file possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxkbcommon users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libxkbcommon-0.8.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15853">CVE-2018-15853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15854">CVE-2018-15854</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15855">CVE-2018-15855</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15856">CVE-2018-15856</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15857">CVE-2018-15857</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15858">CVE-2018-15858</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15859">CVE-2018-15859</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15861">CVE-2018-15861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15862">CVE-2018-15862</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15863">CVE-2018-15863</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15864">CVE-2018-15864</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-14T16:59:09Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:41:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-06.xml b/metadata/glsa/glsa-201810-06.xml
new file mode 100644
index 000000000000..9481d47a7e3d
--- /dev/null
+++ b/metadata/glsa/glsa-201810-06.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-06">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2018-10-30</announced>
+  <revised count="2">2018-10-30</revised>
+  <bug>643350</bug>
+  <bug>655188</bug>
+  <bug>655544</bug>
+  <bug>659442</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.10.1-r2</unaffected>
+      <vulnerable range="lt">4.10.1-r2</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.10.1-r2</unaffected>
+      <vulnerable range="lt">4.10.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause a Denial of Service condition or disclose
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.10.1-r2"
+    </code>
+    
+    <p>All Xen tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.10.1-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5715">CVE-2017-5715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5753">CVE-2017-5753</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5754">CVE-2017-5754</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10471">CVE-2018-10471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10472">CVE-2018-10472</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10981">CVE-2018-10981</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10982">CVE-2018-10982</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12891">CVE-2018-12891</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12892">CVE-2018-12892</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12893">CVE-2018-12893</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15468">CVE-2018-15468</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15469">CVE-2018-15469</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15470">CVE-2018-15470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3620">CVE-2018-3620</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3646">CVE-2018-3646</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5244">CVE-2018-5244</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7540">CVE-2018-7540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7541">CVE-2018-7541</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7542">CVE-2018-7542</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-10T09:38:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:59:58Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-07.xml b/metadata/glsa/glsa-201810-07.xml
new file mode 100644
index 000000000000..a261c2f224d1
--- /dev/null
+++ b/metadata/glsa/glsa-201810-07.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-07">
+  <title>Mutt, NeoMutt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mutt and NeoMutt, the
+    worst of which allows for arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">mutt, neomutt</product>
+  <announced>2018-10-30</announced>
+  <revised count="2">2018-10-30</revised>
+  <bug>661436</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">1.10.1</unaffected>
+      <vulnerable range="lt">1.10.1</vulnerable>
+    </package>
+    <package name="mail-client/neomutt" auto="yes" arch="*">
+      <unaffected range="ge">20180716</unaffected>
+      <vulnerable range="lt">20180716</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+    
+    <p>NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt
+      with added features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mutt, and NeoMutt.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted mail
+      message or connect to malicious mail server using Mutt or NeoMutt,
+      possibly resulting in execution of arbitrary code or directory traversal
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-client/mutt-1.10.1"
+    </code>
+    
+    <p>All NeoMuutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/neomutt-20180716"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14349">CVE-2018-14349</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14350">CVE-2018-14350</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14351">CVE-2018-14351</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14352">CVE-2018-14352</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14353">CVE-2018-14353</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14354">CVE-2018-14354</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14355">CVE-2018-14355</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14356">CVE-2018-14356</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14357">CVE-2018-14357</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14358">CVE-2018-14358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14359">CVE-2018-14359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14362">CVE-2018-14362</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-22T23:01:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T22:34:46Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-08.xml b/metadata/glsa/glsa-201810-08.xml
new file mode 100644
index 000000000000..bcb0c46bb2bd
--- /dev/null
+++ b/metadata/glsa/glsa-201810-08.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-08">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2018-10-30</announced>
+  <revised count="1">2018-10-30</revised>
+  <bug>603716</bug>
+  <bug>603720</bug>
+  <bug>664332</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.3">9.3.24</unaffected>
+      <unaffected range="ge" slot="9.4">9.4.19</unaffected>
+      <unaffected range="ge" slot="9.5">9.5.14</unaffected>
+      <unaffected range="ge" slot="9.6">9.6.10</unaffected>
+      <unaffected range="ge" slot="10">10.5</unaffected>
+      <vulnerable range="lt">10.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the referenced CVE identifiers for details.
+    </p>
+    
+    <p>In addition it was discovered that Gentoo’s PostgreSQL installation
+      suffered from a privilege escalation vulnerability due to a runscript
+      which called OpenRC’s checkpath() on a user controlled path and allowed
+      user running PostgreSQL to kill arbitrary processes via PID file
+      manipulation.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could bypass certain client-side connection security
+      features, read arbitrary server memory or alter certain data.
+    </p>
+    
+    <p>In addition, a local attacker could gain privileges or cause a Denial of
+      Service condition by  killing arbitrary processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL users up to 9.3 should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.3.24:9.3"
+    </code>
+    
+    <p>All PostgreSQL 9.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.4.19:9.4"
+    </code>
+    
+    <p>All PostgreSQL 9.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.14:9.5"
+    </code>
+    
+    <p>All PostgreSQL 9.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.10:9.6"
+    </code>
+    
+    <p>All PostgreSQL 10 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.5:10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10915">CVE-2018-10915</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10925">CVE-2018-10925</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1115">CVE-2018-1115</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-20T23:00:55Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:41:59Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-09.xml b/metadata/glsa/glsa-201810-09.xml
new file mode 100644
index 000000000000..8931f25127fc
--- /dev/null
+++ b/metadata/glsa/glsa-201810-09.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-09">
+  <title>X.Org X Server: Privilege escalation</title>
+  <synopsis>A vulnerability in X.Org X Server allows local users to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">xorg x server</product>
+  <announced>2018-10-30</announced>
+  <revised count="1">2018-10-30</revised>
+  <bug>669588</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.20.3</unaffected>
+      <vulnerable range="lt">1.20.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>An incorrect permission check for -modulepath and -logfile options when
+      starting Xorg. X server allows unprivileged users with the ability to log
+      in to the system via physical console to escalate their privileges and
+      run arbitrary code under root privileges.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker can escalate privileges to root by passing crafted
+      parameters to the X.org X server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.20.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14665">CVE-2018-14665</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-30T15:53:55Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:42:13Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-10.xml b/metadata/glsa/glsa-201810-10.xml
new file mode 100644
index 000000000000..017ec0c1e539
--- /dev/null
+++ b/metadata/glsa/glsa-201810-10.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-10">
+  <title>systemd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in systemd, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">systemd</product>
+  <announced>2018-10-30</announced>
+  <revised count="1">2018-10-30</revised>
+  <bug>669664</bug>
+  <bug>669716</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/systemd" auto="yes" arch="*">
+      <unaffected range="ge">239-r2</unaffected>
+      <vulnerable range="lt">239-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A system and service manager.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in systemd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly execute arbitrary code, cause a Denial of
+      Service condition, or gain escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All systemd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/systemd-239-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15686">CVE-2018-15686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15687">CVE-2018-15687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15688">CVE-2018-15688</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-30T15:33:52Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:42:27Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-01.xml b/metadata/glsa/glsa-201811-01.xml
new file mode 100644
index 000000000000..098096755489
--- /dev/null
+++ b/metadata/glsa/glsa-201811-01.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-01">
+  <title>X.Org X11 library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org X11 library, the
+    worst of which could allow for remote code execution.
+  </synopsis>
+  <product type="ebuild">libX11</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>664184</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/libX11" auto="yes" arch="*">
+      <unaffected range="ge">1.6.6</unaffected>
+      <vulnerable range="lt">1.6.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org is an implementation of the X Window System. The X.Org X11 library
+      provides the X11 protocol library files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org X11 library.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious server,
+      could cause the execution of arbitrary code with the privileges of the
+      process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X11 library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libX11-1.6.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14598">CVE-2018-14598</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14599">CVE-2018-14599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14600">CVE-2018-14600</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-24T03:54:14Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:23:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-02.xml b/metadata/glsa/glsa-201811-02.xml
new file mode 100644
index 000000000000..ce9a6b6e7109
--- /dev/null
+++ b/metadata/glsa/glsa-201811-02.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-02">
+  <title>Python: Buffer overflow</title>
+  <synopsis>A buffer overflow in Python might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">Python</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>647862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.15</unaffected>
+      <vulnerable range="lt" slot="2.7">2.7.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow vulnerability have been discovered in Python. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, in special situations such as function as a service,
+      could violate a trust boundary and cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.15:2.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000030">
+      CVE-2018-1000030
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-16T02:38:25Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:24:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-03.xml b/metadata/glsa/glsa-201811-03.xml
new file mode 100644
index 000000000000..9da180929463
--- /dev/null
+++ b/metadata/glsa/glsa-201811-03.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-03">
+  <title>OpenSSL: Denial of service</title>
+  <synopsis>A vulnerability in OpenSSL might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>663654</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2o-r6</unaffected>
+      <vulnerable range="lt">1.0.2o-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that OpenSSL allow malicious servers to send very
+      large primes to a client during DH(E) based TLS handshakes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending large prime to client during DH(E) TLS
+      handshake, could possibly cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2o-r6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0732">CVE-2018-0732</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-08T02:56:32Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:24:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-04.xml b/metadata/glsa/glsa-201811-04.xml
new file mode 100644
index 000000000000..a32fa0121383
--- /dev/null
+++ b/metadata/glsa/glsa-201811-04.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-04">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>669430</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.3.0</unaffected>
+      <vulnerable range="lt">60.3.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.3.0</unaffected>
+      <vulnerable range="lt">60.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      access restriction, access otherwise protected information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.3.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.3.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12389">CVE-2018-12389</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12390">CVE-2018-12390</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12392">CVE-2018-12392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12393">CVE-2018-12393</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12395">CVE-2018-12395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12396">CVE-2018-12396</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12397">CVE-2018-12397</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/">
+      Mozilla Foundation Security Advisory 2018-27
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-31T21:42:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:25:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-05.xml b/metadata/glsa/glsa-201811-05.xml
new file mode 100644
index 000000000000..f37e9af492b9
--- /dev/null
+++ b/metadata/glsa/glsa-201811-05.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-05">
+  <title>PHProjekt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHProjekt due to
+    embedded Zend Framework, the worst of which could allow attackers to
+    remotely execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">PHProjekt</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>650936</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phprojekt" auto="yes" arch="*">
+      <vulnerable range="le">6.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHProjekt is an application suite that supports communication and
+      management of teams and companies.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHProjekt due to
+      embedded Zend Framework. Please review the GLSA identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary commands or conduct SQL
+      injection attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for PHProjekt and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-apps/phprojekt"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://security.gentoo.org/glsa/201804-10">GLSA 201804-10</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-10T16:56:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:10:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-06.xml b/metadata/glsa/glsa-201811-06.xml
new file mode 100644
index 000000000000..6083ad9ef3d7
--- /dev/null
+++ b/metadata/glsa/glsa-201811-06.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-06">
+  <title>libde265: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libde265, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libde265</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>665520</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libde265" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Open h.265 video codec implementation.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libde265. Please review
+      libde265 changelog referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file using libde265 or linked applications, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libde265 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libde265-1.0.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://github.com/strukturag/libde265/compare/v1.0.2...v1.0.3">
+      libde265 v1.03 Changelog
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-21T12:42:46Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:04Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-07.xml b/metadata/glsa/glsa-201811-07.xml
new file mode 100644
index 000000000000..4980d7d7f9f6
--- /dev/null
+++ b/metadata/glsa/glsa-201811-07.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-07">
+  <title>Pango: Denial of service</title>
+  <synopsis>A vulnerability in Pango could result in a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">pango</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>664108</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/pango" auto="yes" arch="*">
+      <unaffected range="ge">1.42.4</unaffected>
+      <vulnerable range="lt">1.42.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library for layout and rendering of internationalized text.</p>
+  </background>
+  <description>
+    <p>Processing certain invalid Emoji sequences in a GTK+ application can
+      trigger a reachable assertion resulting in an application crash.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could provide a specially crafted Emoji sequences,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pango users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pango-1.42.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15120">CVE-2018-15120</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-30T12:31:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-08.xml b/metadata/glsa/glsa-201811-08.xml
new file mode 100644
index 000000000000..7b0bc67ea86f
--- /dev/null
+++ b/metadata/glsa/glsa-201811-08.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-08">
+  <title>Okular: Directory traversal</title>
+  <synopsis>Okular is vulnerable to a directory traversal attack.</synopsis>
+  <product type="ebuild">Okular</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>665662</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-apps/okular" auto="yes" arch="*">
+      <unaffected range="ge">18.04.3-r1</unaffected>
+      <vulnerable range="lt">18.04.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Okular is a universal document viewer based on KPDF for KDE 4.</p>
+  </background>
+  <description>
+    <p>It was discovered that Okular contains a Directory Traversal
+      vulnerability in function unpackDocumentArchive() in core/document.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted Okular
+      archive, possibly allowing the writing of arbitrary files with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Okular users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/okular-18.04.3-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000801">
+      CVE-2018-1000801
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-09T10:06:04Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:36Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-09.xml b/metadata/glsa/glsa-201811-09.xml
new file mode 100644
index 000000000000..c2c62151e471
--- /dev/null
+++ b/metadata/glsa/glsa-201811-09.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-09">
+  <title>Icecast: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Icecast might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">Icecast</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>670148</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/icecast" auto="yes" arch="*">
+      <unaffected range="ge">2.4.4</unaffected>
+      <vulnerable range="lt">2.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Icecast is an open source alternative to SHOUTcast that supports MP3,
+      OGG (Vorbis/Theora) and AAC streaming.
+    </p>
+  </background>
+  <description>
+    <p>Multiple buffer overflows have been discovered in Icecast. Please review
+      the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by sending a specially crafted request using
+      authentication type “url”, could possibly execute arbitrary code with
+      the privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Icecast users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/icecast-2.4.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18820">CVE-2018-18820</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-08T14:07:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-10.xml b/metadata/glsa/glsa-201811-10.xml
new file mode 100644
index 000000000000..6a170b56f670
--- /dev/null
+++ b/metadata/glsa/glsa-201811-10.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-10">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2018-11-23</announced>
+  <revised count="1">2018-11-23</revised>
+  <bug>665340</bug>
+  <bug>666502</bug>
+  <bug>668986</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">70.0.3538.67</unaffected>
+      <vulnerable range="lt">70.0.3538.67</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code, escalate privileges,
+      cause a heap buffer overflow, obtain sensitive information, or spoof a
+      URL.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-70.0.3538.67"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16065">CVE-2018-16065</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16066">CVE-2018-16066</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16067">CVE-2018-16067</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16068">CVE-2018-16068</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16069">CVE-2018-16069</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16070">CVE-2018-16070</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16071">CVE-2018-16071</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16072">CVE-2018-16072</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16073">CVE-2018-16073</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16074">CVE-2018-16074</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16075">CVE-2018-16075</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16076">CVE-2018-16076</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16077">CVE-2018-16077</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16078">CVE-2018-16078</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16079">CVE-2018-16079</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16080">CVE-2018-16080</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16081">CVE-2018-16081</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16082">CVE-2018-16082</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16083">CVE-2018-16083</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16084">CVE-2018-16084</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16085">CVE-2018-16085</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16086">CVE-2018-16086</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16087">CVE-2018-16087</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16088">CVE-2018-16088</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17462">CVE-2018-17462</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17463">CVE-2018-17463</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17464">CVE-2018-17464</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17465">CVE-2018-17465</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17466">CVE-2018-17466</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17467">CVE-2018-17467</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17468">CVE-2018-17468</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17469">CVE-2018-17469</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17470">CVE-2018-17470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17471">CVE-2018-17471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17472">CVE-2018-17472</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17473">CVE-2018-17473</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17474">CVE-2018-17474</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17475">CVE-2018-17475</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17476">CVE-2018-17476</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17477">CVE-2018-17477</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5179">CVE-2018-5179</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-09T23:47:46Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-11-23T17:59:02Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-11.xml b/metadata/glsa/glsa-201811-11.xml
new file mode 100644
index 000000000000..8412907a0271
--- /dev/null
+++ b/metadata/glsa/glsa-201811-11.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-11">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2018-11-24</announced>
+  <revised count="1">2018-11-24</revised>
+  <bug>636972</bug>
+  <bug>645710</bug>
+  <bug>668848</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">13.23.1</unaffected>
+      <vulnerable range="lt">13.23.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A Modular Open Source PBX System.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Asterisk. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition or conduct
+      information gathering.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-13.23.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16671">CVE-2017-16671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16672">CVE-2017-16672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17850">CVE-2017-17850</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12227">CVE-2018-12227</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17281">CVE-2018-17281</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-13T01:09:36Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-11-24T19:44:57Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-12.xml b/metadata/glsa/glsa-201811-12.xml
new file mode 100644
index 000000000000..884021ffa325
--- /dev/null
+++ b/metadata/glsa/glsa-201811-12.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-12">
+  <title>GPL Ghostscript: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
+    worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ghostscript</product>
+  <announced>2018-11-24</announced>
+  <revised count="1">2018-11-24</revised>
+  <bug>618820</bug>
+  <bug>626418</bug>
+  <bug>635426</bug>
+  <bug>655404</bug>
+  <bug>668846</bug>
+  <bug>671732</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">9.26</unaffected>
+      <vulnerable range="lt">9.26</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
+      review the CVE identifiers referenced below for additional information.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A context-dependent attacker could entice a user to open a specially
+      crafted PostScript file or PDF document using GPL Ghostscript possibly
+      resulting in the execution of arbitrary code with the privileges of the
+      process, a Denial of Service condition, or other unspecified impacts,
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-9.26"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11714">CVE-2017-11714</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7948">CVE-2017-7948</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9610">CVE-2017-9610</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9611">CVE-2017-9611</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9612">CVE-2017-9612</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9618">CVE-2017-9618</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9619">CVE-2017-9619</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9620">CVE-2017-9620</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9726">CVE-2017-9726</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9727">CVE-2017-9727</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9739">CVE-2017-9739</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9740">CVE-2017-9740</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9835">CVE-2017-9835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10194">CVE-2018-10194</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15908">CVE-2018-15908</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15909">CVE-2018-15909</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15910">CVE-2018-15910</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15911">CVE-2018-15911</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16509">CVE-2018-16509</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16510">CVE-2018-16510</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16511">CVE-2018-16511</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16513">CVE-2018-16513</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16539">CVE-2018-16539</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16540">CVE-2018-16540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16541">CVE-2018-16541</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16542">CVE-2018-16542</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16543">CVE-2018-16543</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16585">CVE-2018-16585</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16802">CVE-2018-16802</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18284">CVE-2018-18284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19409">CVE-2018-19409</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-23T18:50:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-24T19:47:44Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-13.xml b/metadata/glsa/glsa-201811-13.xml
new file mode 100644
index 000000000000..8878b70ffa3d
--- /dev/null
+++ b/metadata/glsa/glsa-201811-13.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-13">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mozilla,thunderbird</product>
+  <announced>2018-11-24</announced>
+  <revised count="1">2018-11-24</revised>
+  <bug>651862</bug>
+  <bug>656092</bug>
+  <bug>660342</bug>
+  <bug>669960</bug>
+  <bug>670102</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">60.3.0</unaffected>
+      <vulnerable range="lt">60.3.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.3.0</unaffected>
+      <vulnerable range="lt">60.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the referenced Mozilla Foundation Security Advisories and
+      CVE identifiers below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code, cause a Denial
+      of Service condition, obtain sensitive information, or conduct Cross-Site
+      Request Forgery (CSRF).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-60.3.0"
+    </code>
+    
+    <p>All Thunderbird binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-60.3.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16541">CVE-2017-16541</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12359">CVE-2018-12359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12360">CVE-2018-12360</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12361">CVE-2018-12361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12362">CVE-2018-12362</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12363">CVE-2018-12363</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12364">CVE-2018-12364</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12365">CVE-2018-12365</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12366">CVE-2018-12366</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12367">CVE-2018-12367</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12371">CVE-2018-12371</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12372">CVE-2018-12372</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12373">CVE-2018-12373</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12374">CVE-2018-12374</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12376">CVE-2018-12376</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12377">CVE-2018-12377</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12378">CVE-2018-12378</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12379">CVE-2018-12379</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12383">CVE-2018-12383</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12385">CVE-2018-12385</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12389">CVE-2018-12389</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12390">CVE-2018-12390</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12391">CVE-2018-12391</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12392">CVE-2018-12392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12393">CVE-2018-12393</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5125">CVE-2018-5125</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5127">CVE-2018-5127</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5129">CVE-2018-5129</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5144">CVE-2018-5144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5145">CVE-2018-5145</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5146">CVE-2018-5146</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5150">CVE-2018-5150</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5154">CVE-2018-5154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5155">CVE-2018-5155</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5156">CVE-2018-5156</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5159">CVE-2018-5159</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5161">CVE-2018-5161</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5162">CVE-2018-5162</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5168">CVE-2018-5168</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5170">CVE-2018-5170</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5178">CVE-2018-5178</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5183">CVE-2018-5183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5184">CVE-2018-5184</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5185">CVE-2018-5185</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5187">CVE-2018-5187</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5188">CVE-2018-5188</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-16T10:50:04Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-24T19:51:04Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-14.xml b/metadata/glsa/glsa-201811-14.xml
new file mode 100644
index 000000000000..ed1a2af2cfcf
--- /dev/null
+++ b/metadata/glsa/glsa-201811-14.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-14">
+  <title>Exiv2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Exiv2, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">exiv2</product>
+  <announced>2018-11-24</announced>
+  <revised count="1">2018-11-24</revised>
+  <bug>647810</bug>
+  <bug>647812</bug>
+  <bug>647816</bug>
+  <bug>652822</bug>
+  <bug>655842</bug>
+  <bug>655958</bug>
+  <bug>658236</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/exiv2" auto="yes" arch="*">
+      <unaffected range="ge">0.26_p20180811-r3</unaffected>
+      <vulnerable range="lt">0.26_p20180811-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exiv2 is a C++ library and a command line utility to manage image
+      metadata.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Exiv2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition or obtain
+      sensitive information via a specially crafted file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exiv2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-gfx/exiv2-0.26_p20180811-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17723">CVE-2017-17723</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17724">CVE-2017-17724</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10780">CVE-2018-10780</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10958">CVE-2018-10958</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10998">CVE-2018-10998</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10999">CVE-2018-10999</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11037">CVE-2018-11037</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11531">CVE-2018-11531</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12264">CVE-2018-12264</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12265">CVE-2018-12265</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5772">CVE-2018-5772</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8976">CVE-2018-8976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8977">CVE-2018-8977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9144">CVE-2018-9144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9145">CVE-2018-9145</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9146">CVE-2018-9146</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9303">CVE-2018-9303</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9304">CVE-2018-9304</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9305">CVE-2018-9305</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9306">CVE-2018-9306</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-13T06:49:12Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-11-24T21:44:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-15.xml b/metadata/glsa/glsa-201811-15.xml
new file mode 100644
index 000000000000..9bc3a33123f6
--- /dev/null
+++ b/metadata/glsa/glsa-201811-15.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-15">
+  <title>MuPDF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MuPDF, the worst of
+    which could allow the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mupdf</product>
+  <announced>2018-11-26</announced>
+  <revised count="1">2018-11-26</revised>
+  <bug>634678</bug>
+  <bug>646010</bug>
+  <bug>651828</bug>
+  <bug>658618</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/mupdf" auto="yes" arch="*">
+      <unaffected range="ge">1.13.0</unaffected>
+      <vulnerable range="lt">1.13.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A lightweight PDF, XPS, and E-book viewer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MuPDF. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      file, could possibly execute arbitrary code, cause a Denial of Service
+      condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MuPDF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/mupdf-1.13.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15587">CVE-2017-15587</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17858">CVE-2017-17858</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000036">
+      CVE-2018-1000036
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000037">
+      CVE-2018-1000037
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000038">
+      CVE-2018-1000038
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000039">
+      CVE-2018-1000039
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000040">
+      CVE-2018-1000040
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000051">
+      CVE-2018-1000051
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5686">CVE-2018-5686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6187">CVE-2018-6187</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6192">CVE-2018-6192</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6544">CVE-2018-6544</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-24T21:59:01Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-26T18:08:44Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-16.xml b/metadata/glsa/glsa-201811-16.xml
new file mode 100644
index 000000000000..84dd194857e5
--- /dev/null
+++ b/metadata/glsa/glsa-201811-16.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-16">
+  <title>strongSwan: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in strongSwan, the worst
+    of which could lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">strongswan</product>
+  <announced>2018-11-26</announced>
+  <revised count="1">2018-11-26</revised>
+  <bug>648610</bug>
+  <bug>656338</bug>
+  <bug>658230</bug>
+  <bug>668862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-vpn/strongswan" auto="yes" arch="*">
+      <unaffected range="ge">5.7.1</unaffected>
+      <vulnerable range="lt">5.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>strongSwan is an IPSec implementation for Linux.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in strongSwan. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition or
+      impersonate a user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All strongSwan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/strongswan-5.7.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10811">CVE-2018-10811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16151">CVE-2018-16151</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16152">CVE-2018-16152</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17540">CVE-2018-17540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5388">CVE-2018-5388</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6459">CVE-2018-6459</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-15T12:36:55Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-26T18:35:58Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-17.xml b/metadata/glsa/glsa-201811-17.xml
new file mode 100644
index 000000000000..252a12c83dba
--- /dev/null
+++ b/metadata/glsa/glsa-201811-17.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-17">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
+    which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2018-11-27</announced>
+  <revised count="1">2018-11-27</revised>
+  <bug>634196</bug>
+  <bug>637642</bug>
+  <bug>639692</bug>
+  <bug>639768</bug>
+  <bug>647798</bug>
+  <bug>649690</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.30-r2</unaffected>
+      <vulnerable range="lt">2.30-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to compile/execute a specially
+      crafted ELF, object, PE, or binary file, could possibly cause a Denial of
+      Service condition or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.30-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14933">CVE-2017-14933</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16826">CVE-2017-16826</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16827">CVE-2017-16827</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16828">CVE-2017-16828</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16829">CVE-2017-16829</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16830">CVE-2017-16830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16831">CVE-2017-16831</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16832">CVE-2017-16832</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17080">CVE-2017-17080</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17121">CVE-2017-17121</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17122">CVE-2017-17122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17123">CVE-2017-17123</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17124">CVE-2017-17124</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17125">CVE-2017-17125</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17126">CVE-2017-17126</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6543">CVE-2018-6543</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6759">CVE-2018-6759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6872">CVE-2018-6872</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7208">CVE-2018-7208</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7568">CVE-2018-7568</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7569">CVE-2018-7569</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7570">CVE-2018-7570</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7642">CVE-2018-7642</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7643">CVE-2018-7643</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8945">CVE-2018-8945</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-24T22:06:12Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-27T02:00:21Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-18.xml b/metadata/glsa/glsa-201811-18.xml
new file mode 100644
index 000000000000..b69d0f0ebc34
--- /dev/null
+++ b/metadata/glsa/glsa-201811-18.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-18">
+  <title>Tablib: Arbitrary command execution</title>
+  <synopsis>A vulnerability in Tablib might allow remote attackers to execute
+    arbitrary python commands.
+  </synopsis>
+  <product type="ebuild">tablib</product>
+  <announced>2018-11-27</announced>
+  <revised count="1">2018-11-27</revised>
+  <bug>621884</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/tablib" auto="yes" arch="*">
+      <unaffected range="ge">0.12.1</unaffected>
+      <vulnerable range="lt">0.12.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tablib is an MIT Licensed format-agnostic tabular dataset library,
+      written in Python. It allows you to import, export, and manipulate
+      tabular data sets.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Tablib’s Databook loading
+      functionality, due to improper input validation.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      Databook via YAML, could possibly execute arbitrary python commands with
+      the privilege of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tablib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/tablib-0.12.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2810">CVE-2017-2810</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-24T22:46:04Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-27T02:02:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-19.xml b/metadata/glsa/glsa-201811-19.xml
new file mode 100644
index 000000000000..d4a6a1ca3efb
--- /dev/null
+++ b/metadata/glsa/glsa-201811-19.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-19">
+  <title>Libav: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Libav, the worst of
+    which may allow a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libav</product>
+  <announced>2018-11-27</announced>
+  <revised count="1">2018-11-27</revised>
+  <bug>637458</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/libav" auto="yes" arch="*">
+      <unaffected range="ge">12.3</unaffected>
+      <vulnerable range="lt">12.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libav is a complete solution to record, convert and stream audio and
+      video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Libav. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, via a crafted Smacker stream, could cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/libav-12.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16803">CVE-2017-16803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7862">CVE-2017-7862</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-24T23:08:51Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-27T02:04:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-20.xml b/metadata/glsa/glsa-201811-20.xml
new file mode 100644
index 000000000000..ac3e7b0d2894
--- /dev/null
+++ b/metadata/glsa/glsa-201811-20.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-20">
+  <title>spice-gtk: Remote code execution</title>
+  <synopsis>A vulnerability in spice-gtk could allow an attacker to remotely
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">spice-gtk</product>
+  <announced>2018-11-27</announced>
+  <revised count="1">2018-11-27</revised>
+  <bug>650878</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/spice-gtk" auto="yes" arch="*">
+      <unaffected range="ge">0.34</unaffected>
+      <vulnerable range="lt">0.34</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>spice-gtk is a set of GObject and Gtk objects for connecting to Spice
+      servers and a client GUI.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was found in spice-gtk client due to the incorrect use
+      of integer types and missing overflow checks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing the user to join a malicious server, could
+      remotely execute arbitrary code or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All spice-gtk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/spice-gtk-0.34"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12194">CVE-2017-12194</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-24T22:29:36Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-27T02:05:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-21.xml b/metadata/glsa/glsa-201811-21.xml
new file mode 100644
index 000000000000..043d61a724ff
--- /dev/null
+++ b/metadata/glsa/glsa-201811-21.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-21">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which may lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2018-11-28</announced>
+  <revised count="1">2018-11-28</revised>
+  <bug>651730</bug>
+  <bug>653434</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2o</unaffected>
+      <vulnerable range="lt">1.0.2o</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
+      Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition, obtain
+      private keying material, or gain access to sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2o"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0733">CVE-2018-0733</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0737">CVE-2018-0737</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0739">CVE-2018-0739</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-25T03:10:27Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-28T22:43:29Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-22.xml b/metadata/glsa/glsa-201811-22.xml
new file mode 100644
index 000000000000..9095c67e0ca8
--- /dev/null
+++ b/metadata/glsa/glsa-201811-22.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-22">
+  <title>RPM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in RPM, the worst of which
+    could allow a remote attacker to escalate privileges.
+  </synopsis>
+  <product type="ebuild">rpm</product>
+  <announced>2018-11-28</announced>
+  <revised count="1">2018-11-28</revised>
+  <bug>533740</bug>
+  <bug>638636</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/rpm" auto="yes" arch="*">
+      <unaffected range="ge">4.14.1</unaffected>
+      <vulnerable range="lt">4.14.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Red Hat Package Manager (RPM) is a command line driven package
+      management system capable of installing, uninstalling, verifying,
+      querying, and updating computer software packages.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in RPM. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      RPM file, could escalate privileges, execute arbitrary code, or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RPM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/rpm-4.14.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2013-6435">CVE-2013-6435</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-8118">CVE-2014-8118</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7501">CVE-2017-7501</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-25T01:24:35Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-28T22:52:35Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-23.xml b/metadata/glsa/glsa-201811-23.xml
new file mode 100644
index 000000000000..0d34b1b9a6c4
--- /dev/null
+++ b/metadata/glsa/glsa-201811-23.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-23">
+  <title>libsndfile: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libsndfile, the worst
+    of which might allow remote attackers to cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libsndfile</product>
+  <announced>2018-11-30</announced>
+  <revised count="1">2018-11-30</revised>
+  <bug>618016</bug>
+  <bug>624814</bug>
+  <bug>627152</bug>
+  <bug>631634</bug>
+  <bug>660452</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsndfile" auto="yes" arch="*">
+      <unaffected range="ge">1.0.28-r4</unaffected>
+      <vulnerable range="lt">1.0.28-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libsndfile is a C library for reading and writing files containing
+      sampled sound.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libsndfile. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted file,
+      could cause a Denial of Service condition or have other unspecified
+      impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libsndfile users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libsndfile-1.0.28-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12562">CVE-2017-12562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14634">CVE-2017-14634</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-6892">CVE-2017-6892</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8361">CVE-2017-8361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8362">CVE-2017-8362</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8363">CVE-2017-8363</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8365">CVE-2017-8365</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-13139">CVE-2018-13139</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-25T00:29:50Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-30T08:52:15Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-24.xml b/metadata/glsa/glsa-201811-24.xml
new file mode 100644
index 000000000000..212d0afcbe45
--- /dev/null
+++ b/metadata/glsa/glsa-201811-24.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-24">
+  <title>PostgreSQL: SQL injection</title>
+  <synopsis>A SQL injection in PostgreSQL may allow attackers to execute
+    arbitrary SQL statements.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2018-11-30</announced>
+  <revised count="2">2018-12-03</revised>
+  <bug>670724</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.3">9.3.25</unaffected>
+      <unaffected range="ge" slot="9.4">9.4.20</unaffected>
+      <unaffected range="ge" slot="9.5">9.5.15</unaffected>
+      <unaffected range="ge" slot="9.6">9.6.11</unaffected>
+      <unaffected range="ge" slot="10">10.6</unaffected>
+      <unaffected range="ge" slot="11">11.1</unaffected>
+      <vulnerable range="lt" slot="9.3">9.3.25</vulnerable>
+      <vulnerable range="lt" slot="9.4">9.4.20</vulnerable>
+      <vulnerable range="lt" slot="9.5">9.5.15</vulnerable>
+      <vulnerable range="lt" slot="9.6">9.6.11</vulnerable>
+      <vulnerable range="lt" slot="10">10.6</vulnerable>
+      <vulnerable range="lt" slot="11">11.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in PostgreSQL’s pg_upgrade and pg_dump.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing a user to process a specially crafted trigger
+      definition, can execute arbitrary SQL statements with superuser
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.3.25"
+    </code>
+    
+    <p>All PostgreSQL 9.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.4.20"
+    </code>
+    
+    <p>All PostgreSQL 9.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.15"
+    </code>
+    
+    <p>All PostgreSQL 9.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.11"
+    </code>
+    
+    <p>All PostgreSQL 10.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.6"
+    </code>
+    
+    <p>All PostgreSQL 11.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-11.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16850">CVE-2018-16850</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-29T21:19:15Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-03T19:06:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-01.xml b/metadata/glsa/glsa-201812-01.xml
new file mode 100644
index 000000000000..7ad1abf85e77
--- /dev/null
+++ b/metadata/glsa/glsa-201812-01.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-01">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2018-12-02</announced>
+  <revised count="3">2018-12-03</revised>
+  <bug>658092</bug>
+  <bug>666256</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge" slot="5.6">5.6.38</unaffected>
+      <unaffected range="ge" slot="7.0">7.0.32</unaffected>
+      <unaffected range="ge" slot="7.1">7.1.22</unaffected>
+      <unaffected range="ge" slot="7.2">7.2.10</unaffected>
+      <vulnerable range="lt" slot="5.6">5.6.38</vulnerable>
+      <vulnerable range="lt" slot="7.0">7.0.32</vulnerable>
+      <vulnerable range="lt" slot="7.1">7.1.22</vulnerable>
+      <vulnerable range="lt" slot="7.2">7.2.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is an open source general-purpose scripting language that is
+      especially suited for web development.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a Denial of Service condition or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.6.X users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.6.38"
+    </code>
+    
+    <p>All PHP 7.0.X users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.0.32"
+    </code>
+    
+    <p>All PHP 7.1.X users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.1.22"
+    </code>
+    
+    <p>All PHP 7.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.2.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10545">CVE-2018-10545</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10546">CVE-2018-10546</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10548">CVE-2018-10548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10549">CVE-2018-10549</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17082">CVE-2018-17082</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-25T02:00:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-03T19:04:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-02.xml b/metadata/glsa/glsa-201812-02.xml
new file mode 100644
index 000000000000..b4cd500b400d
--- /dev/null
+++ b/metadata/glsa/glsa-201812-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-02">
+  <title>ConnMan: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ConnMan, the worst of
+    which could result in the remote execution of code.
+  </synopsis>
+  <product type="ebuild">connman</product>
+  <announced>2018-12-02</announced>
+  <revised count="1">2018-12-02</revised>
+  <bug>628566</bug>
+  <bug>630028</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/connman" auto="yes" arch="*">
+      <unaffected range="ge">1.35-r1</unaffected>
+      <vulnerable range="lt">1.35-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ConnMan provides a daemon for managing Internet connections.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ConnMan. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, via a crafted DNS packet, could remotely execute code
+      or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ConnMan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/connman-1.35-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12865">CVE-2017-12865</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5716">CVE-2017-5716</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-25T04:29:34Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-02T15:46:16Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-03.xml b/metadata/glsa/glsa-201812-03.xml
new file mode 100644
index 000000000000..859d27b0cf4a
--- /dev/null
+++ b/metadata/glsa/glsa-201812-03.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-03">
+  <title>Nagios: Privilege escalation</title>
+  <synopsis>A vulnerability in Nagios allows local users to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">nagios</product>
+  <announced>2018-12-02</announced>
+  <revised count="1">2018-12-02</revised>
+  <bug>629380</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/nagios-core" auto="yes" arch="*">
+      <unaffected range="ge">4.3.4</unaffected>
+      <vulnerable range="lt">4.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nagios is an open source host, service and network monitoring program.</p>
+  </background>
+  <description>
+    <p>A vulnerability in Nagios was discovered due to the improper handling of
+      configuration files which can be owned by a non-root user.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker can escalate privileges to root by leveraging access to
+      a non-root owned configuration file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nagios users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nagios-core-4.3.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14312">CVE-2017-14312</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-24T23:02:56Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-02T15:48:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-04.xml b/metadata/glsa/glsa-201812-04.xml
new file mode 100644
index 000000000000..11749f2722a8
--- /dev/null
+++ b/metadata/glsa/glsa-201812-04.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-04">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">webkitgtk</product>
+  <announced>2018-12-02</announced>
+  <revised count="1">2018-12-02</revised>
+  <bug>667892</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.22.0</unaffected>
+      <vulnerable range="lt">2.22.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary commands or cause a Denial of
+      Service condition via maliciously crafted web content.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.22.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4191">CVE-2018-4191</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4197">CVE-2018-4197</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4207">CVE-2018-4207</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4208">CVE-2018-4208</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4209">CVE-2018-4209</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4210">CVE-2018-4210</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4212">CVE-2018-4212</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4213">CVE-2018-4213</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4299">CVE-2018-4299</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4306">CVE-2018-4306</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4309">CVE-2018-4309</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4311">CVE-2018-4311</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4312">CVE-2018-4312</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4314">CVE-2018-4314</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4315">CVE-2018-4315</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4316">CVE-2018-4316</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4317">CVE-2018-4317</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4318">CVE-2018-4318</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4319">CVE-2018-4319</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4323">CVE-2018-4323</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4328">CVE-2018-4328</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4358">CVE-2018-4358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4359">CVE-2018-4359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4361">CVE-2018-4361</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-24T23:17:09Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-02T15:50:31Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-05.xml b/metadata/glsa/glsa-201812-05.xml
new file mode 100644
index 000000000000..a40c55455c52
--- /dev/null
+++ b/metadata/glsa/glsa-201812-05.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-05">
+  <title>EDE: Privilege escalation</title>
+  <synopsis>A vulnerability in EDE could result in privilege escalation.</synopsis>
+  <product type="ebuild">ede, emacs</product>
+  <announced>2018-12-06</announced>
+  <revised count="1">2018-12-06</revised>
+  <bug>398241</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-xemacs/ede" auto="yes" arch="*">
+      <unaffected range="ge">1.07</unaffected>
+      <vulnerable range="lt">1.07</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A package that simplifies the task of creating, building, and debugging
+      large programs with Emacs. It provides some of the features of an IDE, or
+      Integrated Development Environment, in Emacs.
+    </p>
+  </background>
+  <description>
+    <p>An untrusted search path vulnerability was discovered in EDE.</p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate his privileges via a specially crafted
+      Lisp expression in a Project.ede file in the directory or a parent
+      directory of an opened file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All EDE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-xemacs/ede-1.07"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-0035">CVE-2012-0035</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-03T22:46:03Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-06T22:01:41Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-06.xml b/metadata/glsa/glsa-201812-06.xml
new file mode 100644
index 000000000000..6cae9b0ffc5e
--- /dev/null
+++ b/metadata/glsa/glsa-201812-06.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-06">
+  <title>CouchDB: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in CouchDB, the worst of
+    which could lead to the remote execution of code.
+  </synopsis>
+  <product type="ebuild">couchdb</product>
+  <announced>2018-12-15</announced>
+  <revised count="1">2018-12-15</revised>
+  <bug>630796</bug>
+  <bug>660908</bug>
+  <bug>663164</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/couchdb" auto="yes" arch="*">
+      <vulnerable range="le">2.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache CouchDB is a distributed, fault-tolerant and schema-free
+      document-oriented database.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in CouchDB. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code or escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for CouchDB and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "dev-db/couchdb"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11769">CVE-2018-11769</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8007">CVE-2018-8007</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-11T17:40:03Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-15T20:07:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-07.xml b/metadata/glsa/glsa-201812-07.xml
new file mode 100644
index 000000000000..85756596a16c
--- /dev/null
+++ b/metadata/glsa/glsa-201812-07.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-07">
+  <title>SpamAssassin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SpamAssassin, the worst
+    of which may lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">spamassassin</product>
+  <announced>2018-12-15</announced>
+  <revised count="1">2018-12-15</revised>
+  <bug>666348</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/spamassassin" auto="yes" arch="*">
+      <unaffected range="ge">3.4.2-r2</unaffected>
+      <vulnerable range="lt">3.4.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SpamAssassin is an extensible email filter used to identify junk email.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SpamAssassin. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code, escalate privileges, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SpamAssassin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-filter/spamassassin-3.4.2-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-1238">CVE-2016-1238</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15705">CVE-2017-15705</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11780">CVE-2018-11780</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11781">CVE-2018-11781</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-12T22:44:21Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-15T20:09:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-08.xml b/metadata/glsa/glsa-201812-08.xml
new file mode 100644
index 000000000000..b7bbb1f774aa
--- /dev/null
+++ b/metadata/glsa/glsa-201812-08.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-08">
+  <title>Scala: Privilege escalation</title>
+  <synopsis>A vulnerability in Scala could result in privilege escalation.</synopsis>
+  <product type="ebuild">scala</product>
+  <announced>2018-12-15</announced>
+  <revised count="1">2018-12-15</revised>
+  <bug>637940</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-lang/scala" auto="yes" arch="*">
+      <unaffected range="ge">2.12.4</unaffected>
+      <vulnerable range="lt">2.12.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Scala combines object-oriented and functional programming in one
+      concise, high-level language.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Scala’s compilation daemon does not properly
+      manage permissions for private files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Scala users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/scala-2.12.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15288">CVE-2017-15288</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-02T21:21:35Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-15T20:11:15Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-09.xml b/metadata/glsa/glsa-201812-09.xml
new file mode 100644
index 000000000000..e8bfec595a2f
--- /dev/null
+++ b/metadata/glsa/glsa-201812-09.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-09">
+  <title>Go: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Go, the worst which
+    could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">go</product>
+  <announced>2018-12-21</announced>
+  <revised count="1">2018-12-21</revised>
+  <bug>673234</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/go" auto="yes" arch="*">
+      <unaffected range="ge">1.10.7</unaffected>
+      <vulnerable range="lt">1.10.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Go is an open source programming language that makes it easy to build
+      simple, reliable, and efficient software.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Go. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause arbitrary code execution by passing
+      specially crafted Go packages the ‘go get -u’ command.
+    </p>
+    
+    <p>The remote attacker could also craft pathological inputs causing a CPU
+      based Denial of Service condition via the crypto/x509 package.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Go users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/go-1.10.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16873">CVE-2018-16873</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16874">CVE-2018-16874</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16875">CVE-2018-16875</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-20T18:21:42Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-12-21T11:58:46Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-10.xml b/metadata/glsa/glsa-201812-10.xml
new file mode 100644
index 000000000000..2216a3293444
--- /dev/null
+++ b/metadata/glsa/glsa-201812-10.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-10">
+  <title>GKSu: Arbitrary command execution</title>
+  <synopsis>A vulnerability in GKSu might allow attackers to execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">gksu</product>
+  <announced>2018-12-30</announced>
+  <revised count="1">2018-12-30</revised>
+  <bug>534540</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gksu" auto="yes" arch="*">
+      <vulnerable range="le">2.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library that provides a Gtk+ frontend to su and sudo.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in GKSu’s gksu-run-helper.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary commands.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for GKSu and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "x11-libs/gksu"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-2886">CVE-2014-2886</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-11T17:31:55Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-30T21:10:46Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-11.xml b/metadata/glsa/glsa-201812-11.xml
new file mode 100644
index 000000000000..0fe3a9ab2fc5
--- /dev/null
+++ b/metadata/glsa/glsa-201812-11.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-11">
+  <title>Rust: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Rust, the worst which
+    may allow local attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rust</product>
+  <announced>2018-12-30</announced>
+  <revised count="1">2018-12-30</revised>
+  <bug>662904</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/rust" auto="yes" arch="*">
+      <unaffected range="ge">1.29.1</unaffected>
+      <vulnerable range="lt">1.29.1</vulnerable>
+    </package>
+    <package name="dev-lang/rust-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.29.1</unaffected>
+      <vulnerable range="lt">1.29.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A systems programming language that runs blazingly fast, prevents
+      segfaults, and guarantees thread safety.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Rust. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker able to control the value passed to Rust’s
+      str::repeat function could possibly cause a Denial of Service condition.
+    </p>
+    
+    <p>In addition, a local attacker could trick another user into executing
+      arbitrary code when using rustdoc.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Rust users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/rust-1.29.1"
+    </code>
+    
+    <p>All Rust binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/rust-bin-1.29.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000622">
+      CVE-2018-1000622
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000810">
+      CVE-2018-1000810
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-02T17:19:53Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-30T21:11:02Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-01.xml b/metadata/glsa/glsa-201903-01.xml
new file mode 100644
index 000000000000..beacb00e0bc4
--- /dev/null
+++ b/metadata/glsa/glsa-201903-01.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-01">
+  <title>Keepalived: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Keepalived, the worst
+    of which could allow an attacker to cause Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">keepalived</product>
+  <announced>2019-03-10</announced>
+  <revised count="1">2019-03-10</revised>
+  <bug>670856</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-cluster/keepalived" auto="yes" arch="*">
+      <unaffected range="ge">2.0.10</unaffected>
+      <vulnerable range="lt">2.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Keepalived is a strong &amp; robust keepalive facility to the Linux
+      Virtual Server project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in keepalived. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request possibly
+      resulting in a Denial of Service condition. A local attacker could
+      perform symlink attacks to overwrite arbitrary files with the privileges
+      of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Keepalived users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/keepalived-2.0.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19044">CVE-2018-19044</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19045">CVE-2018-19045</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19046">CVE-2018-19046</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19115">CVE-2018-19115</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-01-07T16:53:52Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-03-10T02:16:03Z">pinkbyte</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-02.xml b/metadata/glsa/glsa-201903-02.xml
new file mode 100644
index 000000000000..11ae0246fe90
--- /dev/null
+++ b/metadata/glsa/glsa-201903-02.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-02">
+  <title>Zsh: User-assisted execution of arbitrary code</title>
+  <synopsis>Input validation errors in Zsh could result in arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">zsh</product>
+  <announced>2019-03-10</announced>
+  <revised count="1">2019-03-10</revised>
+  <bug>665278</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-shells/zsh" auto="yes" arch="*">
+      <unaffected range="ge">5.6</unaffected>
+      <vulnerable range="lt">5.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A shell designed for interactive use, although it is also a powerful
+      scripting language.
+    </p>
+  </background>
+  <description>
+    <p>Two input validation errors have been discovered in how Zsh parses
+      scripts:
+    </p>
+    
+    <ul>
+      <li>Parsing a malformed shebang line could cause Zsh to call a program
+        listed in the second line (CVE-2018-0502)
+      </li>
+      <li>Shebang lines longer than 64 characters are truncated
+        (CVE-2018-13259)
+      </li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <p>An attacker could entice a user to execute a specially crafted script
+      using Zsh, possibly resulting in execution of arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Zsh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/zsh-5.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0502">CVE-2018-0502</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-13259">CVE-2018-13259</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-31T07:32:39Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2019-03-10T02:21:31Z">ackle</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-03.xml b/metadata/glsa/glsa-201903-03.xml
new file mode 100644
index 000000000000..eb2941f015e4
--- /dev/null
+++ b/metadata/glsa/glsa-201903-03.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-03">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2019-03-10</announced>
+  <revised count="1">2019-03-10</revised>
+  <bug>665292</bug>
+  <bug>670026</bug>
+  <bug>677346</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.64.0</unaffected>
+      <vulnerable range="lt">7.64.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.64.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14618">CVE-2018-14618</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16839">CVE-2018-16839</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16840">CVE-2018-16840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16842">CVE-2018-16842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3822">CVE-2019-3822</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3823">CVE-2019-3823</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T02:44:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-03-10T19:47:40Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-04.xml b/metadata/glsa/glsa-201903-04.xml
new file mode 100644
index 000000000000..14dee74c7b65
--- /dev/null
+++ b/metadata/glsa/glsa-201903-04.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-04">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2019-03-10</announced>
+  <revised count="1">2019-03-10</revised>
+  <bug>672956</bug>
+  <bug>676892</bug>
+  <bug>677856</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.5.1</unaffected>
+      <vulnerable range="lt">60.5.1</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.5.1</unaffected>
+      <vulnerable range="lt">60.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page possibly resulting in the execution of arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla FireFox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.5.1"
+    </code>
+    
+    <p>All Mozilla FireFox bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12405">CVE-2018-12405</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18356">CVE-2018-18356</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18492">CVE-2018-18492</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18493">CVE-2018-18493</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18494">CVE-2018-18494</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18498">CVE-2018-18498</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18500">CVE-2018-18500</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18501">CVE-2018-18501</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18505">CVE-2018-18505</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5785">CVE-2019-5785</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-02-06T14:21:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-03-10T19:49:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-05.xml b/metadata/glsa/glsa-201903-05.xml
new file mode 100644
index 000000000000..6c9b92914889
--- /dev/null
+++ b/metadata/glsa/glsa-201903-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-05">
+  <title>Tar: Denial of service</title>
+  <synopsis>A vulnerability in Tar could led to a Denial of Service condition.</synopsis>
+  <product type="ebuild">tar</product>
+  <announced>2019-03-10</announced>
+  <revised count="1">2019-03-10</revised>
+  <bug>674210</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-arch/tar" auto="yes" arch="*">
+      <unaffected range="ge">1.30-r1</unaffected>
+      <vulnerable range="lt">1.30-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Tar program provides the ability to create and manipulate tar
+      archives.
+    </p>
+  </background>
+  <description>
+    <p>The sparse_dump_region function in sparse.c file in Tar allows an
+      infinite loop using the --sparse option.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause a Denial of Service condition by modifying
+      a file that is supposed to be archived by a different user’s process
+      (e.g., a system backup running as root).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/tar-1.30-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20482">CVE-2018-20482</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T16:20:01Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2019-03-10T20:04:34Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-06.xml b/metadata/glsa/glsa-201903-06.xml
new file mode 100644
index 000000000000..456d05712031
--- /dev/null
+++ b/metadata/glsa/glsa-201903-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-06">
+  <title>rdesktop: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in rdesktop, the
+    worst of which could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">rdesktop</product>
+  <announced>2019-03-10</announced>
+  <revised count="1">2019-03-10</revised>
+  <bug>674558</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rdesktop" auto="yes" arch="*">
+      <unaffected range="ge">1.8.4</unaffected>
+      <vulnerable range="lt">1.8.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>rdesktop is a Remote Desktop Protocol (RDP) Client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in rdesktop. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition, obtain
+      sensitive information, or execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rdesktop users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rdesktop-1.8.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20174">CVE-2018-20174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20175">CVE-2018-20175</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20176">CVE-2018-20176</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20177">CVE-2018-20177</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20178">CVE-2018-20178</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20179">CVE-2018-20179</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20180">CVE-2018-20180</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20181">CVE-2018-20181</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20182">CVE-2018-20182</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8791">CVE-2018-8791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8792">CVE-2018-8792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8793">CVE-2018-8793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8794">CVE-2018-8794</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8795">CVE-2018-8795</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8796">CVE-2018-8796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8797">CVE-2018-8797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8798">CVE-2018-8798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8799">CVE-2018-8799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8800">CVE-2018-8800</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T19:30:37Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-03-10T20:45:00Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-07.xml b/metadata/glsa/glsa-201903-07.xml
new file mode 100644
index 000000000000..5ef41e69dd92
--- /dev/null
+++ b/metadata/glsa/glsa-201903-07.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-07">
+  <title>systemd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in systemd, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">systemd</product>
+  <announced>2019-03-10</announced>
+  <revised count="1">2019-03-10</revised>
+  <bug>674144</bug>
+  <bug>677944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/systemd" auto="yes" arch="*">
+      <unaffected range="ge">239-r4</unaffected>
+      <vulnerable range="lt">239-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A system and service manager.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in systemd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a Denial of Service condition or possibly
+      execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All systemd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/systemd-239-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16864">CVE-2018-16864</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16865">CVE-2018-16865</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16866">CVE-2018-16866</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6454">CVE-2019-6454</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T19:34:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-03-10T20:47:25Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-08.xml b/metadata/glsa/glsa-201903-08.xml
new file mode 100644
index 000000000000..3793a2326d8f
--- /dev/null
+++ b/metadata/glsa/glsa-201903-08.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-08">
+  <title>GNU Wget: Password and metadata leak</title>
+  <synopsis>A vulnerability in GNU Wget which could allow an attacker to obtain
+    sensitive information.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2019-03-10</announced>
+  <revised count="1">2019-03-10</revised>
+  <bug>674170</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.20.1</unaffected>
+      <vulnerable range="lt">1.20.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c.</p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could obtain sensitive information to include
+      credentials.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.20.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20483">CVE-2018-20483</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T06:22:02Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-10T20:49:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-09.xml b/metadata/glsa/glsa-201903-09.xml
new file mode 100644
index 000000000000..036d610ff7a3
--- /dev/null
+++ b/metadata/glsa/glsa-201903-09.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-09">
+  <title>GNU C Library: Arbitrary descriptor allocation</title>
+  <synopsis>A vulnerability in the GNU C Library could result in a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2019-03-14</announced>
+  <revised count="1">2019-03-14</revised>
+  <bug>617938</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.26.0</unaffected>
+      <vulnerable range="lt">2.26.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU C library is the standard C library used by Gentoo Linux
+      systems.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in the GNU C Library functions xdr_bytes
+      and xdr_string.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending a crafted UDP packet, could cause a Denial
+      of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU C Library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.26.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19591">CVE-2018-19591</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-30T15:32:10Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2019-03-14T01:31:55Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-10.xml b/metadata/glsa/glsa-201903-10.xml
new file mode 100644
index 000000000000..afb36ae60d5c
--- /dev/null
+++ b/metadata/glsa/glsa-201903-10.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-10">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple Information Disclosure vulnerabilities in OpenSSL allow
+    attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2019-03-14</announced>
+  <revised count="1">2019-03-14</revised>
+  <bug>673056</bug>
+  <bug>678564</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2r</unaffected>
+      <vulnerable range="lt">1.0.2r</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker to obtain sensitive information, caused by the failure
+      to immediately close the TCP connection after the hosts encounter a
+      zero-length record with valid padding.
+    </p>
+    
+    <p>A local attacker could run a malicious process next to legitimate
+      processes using the architecture’s parallel thread running capabilities
+      to leak encrypted data from the CPU’s internal processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2r"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5407">CVE-2018-5407</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1559">CVE-2019-1559</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-01-07T18:47:40Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-03-14T01:34:24Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-11.xml b/metadata/glsa/glsa-201903-11.xml
new file mode 100644
index 000000000000..7eea14bf14fa
--- /dev/null
+++ b/metadata/glsa/glsa-201903-11.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-11">
+  <title>XRootD: Remote code execution</title>
+  <synopsis>A vulnerability was discovered in XRootD which could lead to the
+    remote execution of code.
+  </synopsis>
+  <product type="ebuild">xrootd</product>
+  <announced>2019-03-14</announced>
+  <revised count="1">2019-03-14</revised>
+  <bug>638420</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/xrootd" auto="yes" arch="*">
+      <unaffected range="ge">4.8.3</unaffected>
+      <vulnerable range="lt">4.8.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A project that aims at giving high performance, scalable, and fault
+      tolerant access to data repositories of many kinds.
+    </p>
+  </background>
+  <description>
+    <p>A shell command injection was discovered in XRootD.</p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All XRootD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/xrootd-4.8.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000215">
+      CVE-2017-1000215
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T02:02:16Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-14T01:35:58Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-12.xml b/metadata/glsa/glsa-201903-12.xml
new file mode 100644
index 000000000000..ddbe0d19b08a
--- /dev/null
+++ b/metadata/glsa/glsa-201903-12.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-12">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2019-03-14</announced>
+  <revised count="1">2019-03-14</revised>
+  <bug>672108</bug>
+  <bug>674702</bug>
+  <bug>678334</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.22.6</unaffected>
+      <vulnerable range="lt">2.22.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary code or conduct cross-site
+      scripting.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.22.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6212">CVE-2019-6212</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6215">CVE-2019-6215</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6216">CVE-2019-6216</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6217">CVE-2019-6217</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6226">CVE-2019-6226</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6227">CVE-2019-6227</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6229">CVE-2019-6229</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6233">CVE-2019-6233</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6234">CVE-2019-6234</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-07T21:59:07Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-14T01:37:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-13.xml b/metadata/glsa/glsa-201903-13.xml
new file mode 100644
index 000000000000..11e3fcfdcde5
--- /dev/null
+++ b/metadata/glsa/glsa-201903-13.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-13">
+  <title>BIND: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2019-03-14</announced>
+  <revised count="1">2019-03-14</revised>
+  <bug>657654</bug>
+  <bug>666946</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.12.1_p2-r1</unaffected>
+      <vulnerable range="lt">9.12.1_p2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>BIND can improperly permit recursive query service to unauthorized
+      clients possibly resulting in a Denial of Service condition or to be used
+      in DNS reflection attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All bind users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.12.1_p2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5738">CVE-2018-5738</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5740">CVE-2018-5740</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5741">CVE-2018-5741</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T00:30:31Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-14T01:41:21Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-14.xml b/metadata/glsa/glsa-201903-14.xml
new file mode 100644
index 000000000000..88f56cdca5e3
--- /dev/null
+++ b/metadata/glsa/glsa-201903-14.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-14">
+  <title>Oracle JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle’s JDK and JRE
+    software suites.
+  </synopsis>
+  <product type="ebuild">oracle-jdk-bin,oracle-jre-bin</product>
+  <announced>2019-03-14</announced>
+  <revised count="1">2019-03-14</revised>
+  <bug>653560</bug>
+  <bug>661456</bug>
+  <bug>676134</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.202</unaffected>
+      <vulnerable range="lt">1.8.0.202</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.8.0.202</unaffected>
+      <vulnerable range="lt">1.8.0.202</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE
+      software suites. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, gain access to information, or cause a Denial
+      of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JDK bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.202"
+    </code>
+    
+    <p>All Oracle JRE bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.202"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2790">CVE-2018-2790</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2794">CVE-2018-2794</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2795">CVE-2018-2795</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2796">CVE-2018-2796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2797">CVE-2018-2797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2798">CVE-2018-2798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2799">CVE-2018-2799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2800">CVE-2018-2800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2811">CVE-2018-2811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2814">CVE-2018-2814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2815">CVE-2018-2815</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2422">CVE-2019-2422</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2426">CVE-2019-2426</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T05:01:22Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-14T01:44:42Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-15.xml b/metadata/glsa/glsa-201903-15.xml
new file mode 100644
index 000000000000..7683138d59b5
--- /dev/null
+++ b/metadata/glsa/glsa-201903-15.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-15">
+  <title>NTP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NTP, the worst of which
+    could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2019-03-19</announced>
+  <revised count="1">2019-03-19</revised>
+  <bug>658576</bug>
+  <bug>679742</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.8_p13</unaffected>
+      <vulnerable range="lt">4.2.8_p13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTP contains software for the Network Time Protocol.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NTP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a Denial of Service condition, escalate
+      privileges, or remotely execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.8_p13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12327">CVE-2018-12327</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8936">CVE-2019-8936</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T05:15:13Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-19T03:13:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-16.xml b/metadata/glsa/glsa-201903-16.xml
new file mode 100644
index 000000000000..7e9889dc2827
--- /dev/null
+++ b/metadata/glsa/glsa-201903-16.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-16">
+  <title>OpenSSH: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of
+    which could allow a remote attacker to gain unauthorized access.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2019-03-20</announced>
+  <revised count="1">2019-03-20</revised>
+  <bug>675520</bug>
+  <bug>675522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">7.9_p1-r4</unaffected>
+      <vulnerable range="lt">7.9_p1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could overwrite arbitrary files, transfer malicious
+      files, or gain unauthorized access.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-7.9_p1-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20685">CVE-2018-20685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6109">CVE-2019-6109</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6110">CVE-2019-6110</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6111">CVE-2019-6111</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T21:55:11Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-20T13:35:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-17.xml b/metadata/glsa/glsa-201903-17.xml
new file mode 100644
index 000000000000..f561605e8c58
--- /dev/null
+++ b/metadata/glsa/glsa-201903-17.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-17">
+  <title>SDL2_Image: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the image loading
+    library
+    for Simple DirectMedia Layer, the worst of which could result in the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">sdl_image</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>655226</bug>
+  <bug>674132</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/sdl2-image" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4</unaffected>
+      <vulnerable range="lt">2.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SDL_image is an image file library that loads images as SDL surfaces,
+      and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM,
+      TGA, TIFF, XCF, XPM, and XV.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SDL2_Image. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      image file, could execute arbitrary code, cause a Denial of Service
+      condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SDL2_Image users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/sdl2-image-2.0.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12122">CVE-2017-12122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14440">CVE-2017-14440</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14441">CVE-2017-14441</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14442">CVE-2017-14442</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14448">CVE-2017-14448</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14449">CVE-2017-14449</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14450">CVE-2017-14450</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3837">CVE-2018-3837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3838">CVE-2018-3838</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3839">CVE-2018-3839</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3977">CVE-2018-3977</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-02T21:13:59Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:06:35Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-18.xml b/metadata/glsa/glsa-201903-18.xml
new file mode 100644
index 000000000000..8a568d6c284b
--- /dev/null
+++ b/metadata/glsa/glsa-201903-18.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-18">
+  <title>GD: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GD, the worst of which
+    could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gd</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>664732</bug>
+  <bug>679702</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/gd" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5-r2</unaffected>
+      <vulnerable range="lt">2.2.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GD is a graphic library for fast image creation.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GD. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      image, possibly resulting in execution of arbitrary code or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/gd-2.2.5-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000222">
+      CVE-2018-1000222
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5711">CVE-2018-5711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6977">CVE-2019-6977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6978">CVE-2019-6978</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T05:25:03Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:09:10Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-19.xml b/metadata/glsa/glsa-201903-19.xml
new file mode 100644
index 000000000000..1594fdca63ff
--- /dev/null
+++ b/metadata/glsa/glsa-201903-19.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-19">
+  <title>NASM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NASM, the worst of
+    which could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nasm</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>635358</bug>
+  <bug>659550</bug>
+  <bug>670884</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/nasm" auto="yes" arch="*">
+      <unaffected range="ge">2.14.02</unaffected>
+      <vulnerable range="lt">2.14.02</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NASM is a 80x86 assembler that has been created for portability and
+      modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It
+      also supports a wide range of objects formats (ELF, a.out, COFF, etc),
+      and has its own disassembler.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NASM. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could cause a Denial of Service condition or execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NASM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/nasm-2.14.02"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10686">CVE-2017-10686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11111">CVE-2017-11111</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14228">CVE-2017-14228</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T04:10:57Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:11:39Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-20.xml b/metadata/glsa/glsa-201903-20.xml
new file mode 100644
index 000000000000..87cc4d4c6744
--- /dev/null
+++ b/metadata/glsa/glsa-201903-20.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-20">
+  <title>cabextract, libmspack: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cabextract and
+    libmspack, the worst of which could result in a Denial of Service.
+  </synopsis>
+  <product type="ebuild">cabextract, libmspack</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>662874</bug>
+  <bug>669280</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/cabextract" auto="yes" arch="*">
+      <unaffected range="ge">1.8</unaffected>
+      <vulnerable range="lt">1.8</vulnerable>
+    </package>
+    <package name="dev-libs/libmspack" auto="yes" arch="*">
+      <unaffected range="ge">0.8_alpha</unaffected>
+      <vulnerable range="lt">0.8_alpha</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cabextract is free software for extracting Microsoft cabinet files.</p>
+    
+    <p>libmspack is a portable library for some loosely related Microsoft
+      compression formats
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cabextract and
+      libmspack. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE’s for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cabextract users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/cabextract-1.8"
+    </code>
+    
+    <p>All libmspack users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libmspack-0.8_alpha"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14679">CVE-2018-14679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14680">CVE-2018-14680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14681">CVE-2018-14681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14682">CVE-2018-14682</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18584">CVE-2018-18584</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18585">CVE-2018-18585</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18586">CVE-2018-18586</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T19:20:01Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:14:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-21.xml b/metadata/glsa/glsa-201903-21.xml
new file mode 100644
index 000000000000..bfbf093933d1
--- /dev/null
+++ b/metadata/glsa/glsa-201903-21.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-21">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache Web Server, the
+    worst of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>676064</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.38-r1</unaffected>
+      <vulnerable range="lt">2.4.38-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can possibly cause a Denial of Service condition or
+      could bypass mod_session_cookie expiration time.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.38-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17189">CVE-2018-17189</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17190">CVE-2018-17190</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17199">CVE-2018-17199</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0190">CVE-2019-0190</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T13:34:22Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:17:53Z">Zlogene</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-22.xml b/metadata/glsa/glsa-201903-22.xml
new file mode 100644
index 000000000000..a4ca5781ef35
--- /dev/null
+++ b/metadata/glsa/glsa-201903-22.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-22">
+  <title>ZeroMQ: Code execution</title>
+  <synopsis>An overflow was discovered in ZeroMQ which could lead to arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">zeromq</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>675376</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/zeromq" auto="yes" arch="*">
+      <unaffected range="ge">4.3.1</unaffected>
+      <vulnerable range="lt">4.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Looks like an embeddable networking library but acts like a concurrency
+      framework
+    </p>
+  </background>
+  <description>
+    <p>Please reference the CVE for details.</p>
+  </description>
+  <impact type="high">
+    <p>Please reference the CVE for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZeroMQ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/zeromq-4.3.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6250">CVE-2019-6250</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T14:21:11Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:20:04Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201903-23.xml b/metadata/glsa/glsa-201903-23.xml
new file mode 100644
index 000000000000..cd7a6ab5f4c2
--- /dev/null
+++ b/metadata/glsa/glsa-201903-23.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-23">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which could result in the remote execution of code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>671550</bug>
+  <bug>677066</bug>
+  <bug>679530</bug>
+  <bug>680242</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">73.0.3683.75</unaffected>
+      <vulnerable range="lt">73.0.3683.75</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers and Google Chrome Releases
+      for details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-73.0.3683.75"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17479">CVE-2018-17479</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5786">CVE-2019-5786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5786">CVE-2019-5786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5787">CVE-2019-5787</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5788">CVE-2019-5788</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5789">CVE-2019-5789</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5790">CVE-2019-5790</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5791">CVE-2019-5791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5792">CVE-2019-5792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5793">CVE-2019-5793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5794">CVE-2019-5794</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5795">CVE-2019-5795</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5796">CVE-2019-5796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5797">CVE-2019-5797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5798">CVE-2019-5798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5799">CVE-2019-5799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5800">CVE-2019-5800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5801">CVE-2019-5801</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5802">CVE-2019-5802</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5803">CVE-2019-5803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5804">CVE-2019-5804</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T22:13:31Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:22:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-01.xml b/metadata/glsa/glsa-201904-01.xml
new file mode 100644
index 000000000000..9ad5f7e37d8c
--- /dev/null
+++ b/metadata/glsa/glsa-201904-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-01">
+  <title>Cairo: Denial of service</title>
+  <synopsis>Multiple vulnerabilities were found in Cairo, the worst of which
+    could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">cairo</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>596756</bug>
+  <bug>625636</bug>
+  <bug>672908</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/cairo" auto="yes" arch="*">
+      <unaffected range="ge">1.16.0-r3</unaffected>
+      <vulnerable range="lt">1.16.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cairo is a 2D vector graphics library with cross-device output support.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cairo. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cairo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/cairo-1.16.0-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-9082">CVE-2016-9082</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9814">CVE-2017-9814</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-27T00:20:40Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:14:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-02.xml b/metadata/glsa/glsa-201904-02.xml
new file mode 100644
index 000000000000..dbf891e06df0
--- /dev/null
+++ b/metadata/glsa/glsa-201904-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-02">
+  <title>Libical: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Libical, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libical</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>587572</bug>
+  <bug>587574</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libical" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0</unaffected>
+      <vulnerable range="lt">3.0.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>An Open Source implementation of the iCalendar protocols and protocol
+      data units.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Libical. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libical users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libical-3.0.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5823">CVE-2016-5823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5824">CVE-2016-5824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-29T18:17:49Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:17:39Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-03.xml b/metadata/glsa/glsa-201904-03.xml
new file mode 100644
index 000000000000..8a5ae4cdfa0e
--- /dev/null
+++ b/metadata/glsa/glsa-201904-03.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-03">
+  <title>Unbound: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Unbound, the worst of
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">unbound</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>641042</bug>
+  <bug>677054</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/unbound" auto="yes" arch="*">
+      <unaffected range="ge">1.8.3</unaffected>
+      <vulnerable range="lt">1.8.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Unbound is a validating, recursive, and caching DNS resolver.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Unbound. Please review
+      the referenced bugs for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced bugs for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Unbound users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/unbound-1.8.3"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T00:48:50Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:20:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-04.xml b/metadata/glsa/glsa-201904-04.xml
new file mode 100644
index 000000000000..4dbd20dd48a5
--- /dev/null
+++ b/metadata/glsa/glsa-201904-04.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-04">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, the worst of
+    which could allow a Denial of Service.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>659828</bug>
+  <bug>670880</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.70.0</unaffected>
+      <vulnerable range="lt">0.70.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.70.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19149">CVE-2018-19149</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-27T05:17:10Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:21:51Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-05.xml b/metadata/glsa/glsa-201904-05.xml
new file mode 100644
index 000000000000..32f4490fde55
--- /dev/null
+++ b/metadata/glsa/glsa-201904-05.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-05">
+  <title>BURP: Root privilege escalation</title>
+  <synopsis>A vulnerability was discovered in Gentoo's ebuild for BURP which
+    could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">burp</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>641842</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-backup/burp" auto="yes" arch="*">
+      <unaffected range="ge">2.1.32-r1</unaffected>
+      <vulnerable range="lt">2.1.32-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A network backup and restore program.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s BURP ebuild does not properly set
+      permissions or place the pid file in a safe directory. Additionally, the
+      first set of patches did not completely address this.  As such, a
+      revision has been made available that addresses all concerns of the
+      initial report.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>Users should ensure the proper permissions are set as discussed in the
+      referenced bugs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All BURP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-backup/burp-2.1.32-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18285">CVE-2017-18285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-27T01:35:48Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:23:38Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-06.xml b/metadata/glsa/glsa-201904-06.xml
new file mode 100644
index 000000000000..e5338d314d68
--- /dev/null
+++ b/metadata/glsa/glsa-201904-06.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-06">
+  <title>GlusterFS: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GlusterFS, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">glusterfs</product>
+  <announced>2019-04-02</announced>
+  <revised count="2">2019-04-02</revised>
+  <bug>653070</bug>
+  <bug>658606</bug>
+  <bug>664336</bug>
+  <bug>670088</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-cluster/glusterfs" auto="yes" arch="*">
+      <unaffected range="ge">4.1.8</unaffected>
+      <vulnerable range="lt">4.1.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A free and open source software scalable network filesystem.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GlusterFS. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GlusterFS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/glusterfs-4.1.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10841">CVE-2018-10841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1088">CVE-2018-1088</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10904">CVE-2018-10904</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10907">CVE-2018-10907</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10911">CVE-2018-10911</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10913">CVE-2018-10913</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10914">CVE-2018-10914</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10923">CVE-2018-10923</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10924">CVE-2018-10924</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10926">CVE-2018-10926</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10927">CVE-2018-10927</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10928">CVE-2018-10928</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10929">CVE-2018-10929</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10930">CVE-2018-10930</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14651">CVE-2018-14651</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14652">CVE-2018-14652</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14653">CVE-2018-14653</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14654">CVE-2018-14654</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14659">CVE-2018-14659</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14660">CVE-2018-14660</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14661">CVE-2018-14661</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T12:37:38Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:26:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-07.xml b/metadata/glsa/glsa-201904-07.xml
new file mode 100644
index 000000000000..0cddfaf2c8dd
--- /dev/null
+++ b/metadata/glsa/glsa-201904-07.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-07">
+  <title>Mozilla Thunderbird and Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird and
+    Firefox, the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">thunderbird,firefox,mozilla</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>676954</bug>
+  <bug>678072</bug>
+  <bug>681834</bug>
+  <bug>681836</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">60.6.1</unaffected>
+      <vulnerable range="lt">60.6.1</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.6.1</unaffected>
+      <vulnerable range="lt">60.6.1</vulnerable>
+    </package>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.6.1</unaffected>
+      <vulnerable range="lt">60.6.1</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.6.1</unaffected>
+      <vulnerable range="lt">60.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+      Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird and
+      Firefox. Please review the referenced Mozilla Foundation Security
+      Advisories and CVE identifiers below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced Mozilla Foundation Security Advisories and
+      CVE identifiers below for details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-60.6.1"
+    </code>
+    
+    <p>All Thunderbird bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-60.6.1"
+    </code>
+    
+    <p>All Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.6.1"
+    </code>
+    
+    <p>All Firefox bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.6.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5824">CVE-2016-5824</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18335">CVE-2018-18335</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18356">CVE-2018-18356</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18500">CVE-2018-18500</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18501">CVE-2018-18501</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18505">CVE-2018-18505</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18506">CVE-2018-18506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18509">CVE-2018-18509</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18512">CVE-2018-18512</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18513">CVE-2018-18513</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5785">CVE-2019-5785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9788">CVE-2019-9788</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9790">CVE-2019-9790</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9791">CVE-2019-9791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9792">CVE-2019-9792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9793">CVE-2019-9793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9795">CVE-2019-9795</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9796">CVE-2019-9796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9810">CVE-2019-9810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9813">CVE-2019-9813</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-27T02:10:22Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:32:51Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-08.xml b/metadata/glsa/glsa-201904-08.xml
new file mode 100644
index 000000000000..8f0c6a0299e7
--- /dev/null
+++ b/metadata/glsa/glsa-201904-08.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-08">
+  <title>Subversion: Denial of service</title>
+  <synopsis>A vulnerability in Subversion could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">subversion</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>676094</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.10.4</unaffected>
+      <vulnerable range="lt">1.10.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Subversion is a version control system intended to eventually replace
+      CVS. Like CVS, it has an optional client-server architecture (where the
+      server can be an Apache server running mod_svn, or an ssh program as in
+      CVS’s :ext: method). In addition to supporting the features found in
+      CVS, Subversion also provides support for moving and copying files and
+      directories.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Subversion’s mod_dav_svn, that could
+      lead to a Denial of Service Condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible enial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Subversion users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/subversion-1.10.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11803">CVE-2018-11803</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-22T00:07:51Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:35:47Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-09.xml b/metadata/glsa/glsa-201904-09.xml
new file mode 100644
index 000000000000..1f133aea4a5e
--- /dev/null
+++ b/metadata/glsa/glsa-201904-09.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-09">
+  <title>Xen: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2019-04-04</announced>
+  <revised count="2">2019-04-04</revised>
+  <bug>679580</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.10.3-r1</unaffected>
+      <vulnerable range="lt">4.10.3-r1</vulnerable>
+    </package>
+    <package name="app-emulation/xen-pvgrub" auto="yes" arch="*">
+      <unaffected range="ge">4.10.3</unaffected>
+      <vulnerable range="lt">4.10.3</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.10.3-r2</unaffected>
+      <vulnerable range="lt">4.10.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      referenced XSA security advisories.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced XSA security advisories for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.10.3-r2"
+    </code>
+    
+    <p>All Xen pvgrub users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-pvgrub-4.10.3-r2"
+    </code>
+    
+    <p>All Xen tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.10.3-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://xenbits.xen.org/xsa/">XSA Security Advisory</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-28T03:48:31Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-04T18:34:06Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-10.xml b/metadata/glsa/glsa-201904-10.xml
new file mode 100644
index 000000000000..52942963da3b
--- /dev/null
+++ b/metadata/glsa/glsa-201904-10.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-10">
+  <title>Mailman: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mailman, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">mailman</product>
+  <announced>2019-04-08</announced>
+  <revised count="1">2019-04-08</revised>
+  <bug>662902</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/mailman" auto="yes" arch="*">
+      <unaffected range="ge">2.1.29</unaffected>
+      <vulnerable range="lt">2.1.29</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mailman is a Python based mailing list server with an extensive web
+      interface.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mailman. Please review
+      the referenced CVE identifier for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mailman users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/mailman-2.1.29"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0618">CVE-2018-0618</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-13796">CVE-2018-13796</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-28T03:31:17Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-08T15:19:06Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-11.xml b/metadata/glsa/glsa-201904-11.xml
new file mode 100644
index 000000000000..f6fd170bf78a
--- /dev/null
+++ b/metadata/glsa/glsa-201904-11.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-11">
+  <title>Portage: Man-in-the-middle</title>
+  <synopsis>A vulnerability in emerge-delta-webrsync and Portage could result
+    in a man-in-the-middle attack.
+  </synopsis>
+  <product type="ebuild">portage</product>
+  <announced>2019-04-08</announced>
+  <revised count="1">2019-04-08</revised>
+  <bug>646212</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-portage/emerge-delta-webrsync" auto="yes" arch="*">
+      <unaffected range="ge">3.7.4</unaffected>
+      <vulnerable range="lt">3.7.4</vulnerable>
+    </package>
+    <package name="sys-apps/portage" auto="yes" arch="*">
+      <unaffected range="ge">2.3.22</unaffected>
+      <vulnerable range="lt">2.3.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Portage is the package management and distribution system for Gentoo.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in emerge-delta-webrsync and Portage that
+      did not properly validate the revocation status of GPG keys.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could conduct a man-in-the-middle attack.  Please
+      review the referenced bug for specific details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All emerge-delta-webrsync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-portage/emerge-delta-webrsync-3.7.4"
+    </code>
+    
+    <p>All Portage users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/portage-2.3.22"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T23:20:15Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-08T15:21:14Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-12.xml b/metadata/glsa/glsa-201904-12.xml
new file mode 100644
index 000000000000..35d006de1ab9
--- /dev/null
+++ b/metadata/glsa/glsa-201904-12.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-12">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ClamAV, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2019-04-08</announced>
+  <revised count="1">2019-04-08</revised>
+  <bug>660820</bug>
+  <bug>667900</bug>
+  <bug>681840</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.101.2</unaffected>
+      <vulnerable range="lt">0.101.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ClamAV is a GPL virus scanner.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ClamAV. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.101.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0360">CVE-2018-0360</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0361">CVE-2018-0361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15378">CVE-2018-15378</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1785">CVE-2019-1785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1786">CVE-2019-1786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1787">CVE-2019-1787</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1788">CVE-2019-1788</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1789">CVE-2019-1789</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1798">CVE-2019-1798</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-29T21:05:49Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-04-08T15:22:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-13.xml b/metadata/glsa/glsa-201904-13.xml
new file mode 100644
index 000000000000..3c6f7e5af643
--- /dev/null
+++ b/metadata/glsa/glsa-201904-13.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-13">
+  <title>Git: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Git, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2019-04-11</announced>
+  <revised count="1">2019-04-11</revised>
+  <bug>671988</bug>
+  <bug>676262</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">2.20.1</unaffected>
+      <vulnerable range="lt">2.20.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Git. Please review the
+      referenced CVE identifiers for details
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifier and bugs for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.19.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19486">CVE-2018-19486</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T06:15:06Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-11T01:14:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-14.xml b/metadata/glsa/glsa-201904-14.xml
new file mode 100644
index 000000000000..a6418b23e658
--- /dev/null
+++ b/metadata/glsa/glsa-201904-14.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-14">
+  <title>GnuTLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GnuTLS, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2019-04-15</announced>
+  <revised count="1">2019-04-15</revised>
+  <bug>681846</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">3.6.7</unaffected>
+      <vulnerable range="lt">3.6.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is a secure communications library implementing the SSL, TLS and
+      DTLS protocols and technologies around them.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GnuTLS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the CVE identifiers referenced below for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-3.6.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3829">CVE-2019-3829</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3836">CVE-2019-3836</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-02T06:51:08Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-15T20:45:09Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-15.xml b/metadata/glsa/glsa-201904-15.xml
new file mode 100644
index 000000000000..d0357f915f4f
--- /dev/null
+++ b/metadata/glsa/glsa-201904-15.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-15">
+  <title>libTIFF: Denial of service</title>
+  <synopsis>A vulnerability in libTIFF could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2019-04-15</announced>
+  <revised count="1">2019-04-15</revised>
+  <bug>669948</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">4.0.10</unaffected>
+      <vulnerable range="lt">4.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The TIFF library contains encoding and decoding routines for the Tag
+      Image File Format. It is called by numerous programs, including GNOME and
+      KDE applications, to interpret TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>Please review the CVE identifier referenced below for details.</p>
+  </description>
+  <impact type="normal">
+    <p>Please review the CVE identifier referenced below for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tiff users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.0.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18557">CVE-2018-18557</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-02T05:33:33Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-15T20:50:36Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-16.xml b/metadata/glsa/glsa-201904-16.xml
new file mode 100644
index 000000000000..16fca23fd62f
--- /dev/null
+++ b/metadata/glsa/glsa-201904-16.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-16">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in phpMyAdmin, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2019-04-15</announced>
+  <revised count="1">2019-04-15</revised>
+  <bug>658742</bug>
+  <bug>672938</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">4.8.4</unaffected>
+      <vulnerable range="lt">4.8.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the CVE identifiers referenced below for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.8.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12613">CVE-2018-12613</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19968">CVE-2018-19968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19969">CVE-2018-19969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19970">CVE-2018-19970</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-30T00:23:53Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-04-15T20:53:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-17.xml b/metadata/glsa/glsa-201904-17.xml
new file mode 100644
index 000000000000..16ee81006487
--- /dev/null
+++ b/metadata/glsa/glsa-201904-17.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-17">
+  <title>Patch: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Patch, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">patch</product>
+  <announced>2019-04-17</announced>
+  <revised count="1">2019-04-17</revised>
+  <bug>647792</bug>
+  <bug>647794</bug>
+  <bug>652710</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-devel/patch" auto="yes" arch="*">
+      <unaffected range="ge">2.7.6-r3</unaffected>
+      <vulnerable range="lt">2.7.6-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Patch takes a patch file containing a difference listing produced by the
+      diff program and applies those differences to one or more original files,
+      producing patched versions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Patch. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Patch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/patch-2.7.6-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000156">
+      CVE-2018-1000156
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6951">CVE-2018-6951</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6952">CVE-2018-6952</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-11T21:19:29Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-04-17T18:28:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-18.xml b/metadata/glsa/glsa-201904-18.xml
new file mode 100644
index 000000000000..3c23d4bace80
--- /dev/null
+++ b/metadata/glsa/glsa-201904-18.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-18">
+  <title>libseccomp: Privilege escalation</title>
+  <synopsis>A vulnerability in libseccomp allows for privilege escalation.</synopsis>
+  <product type="ebuild">libseccomp</product>
+  <announced>2019-04-17</announced>
+  <revised count="1">2019-04-17</revised>
+  <bug>680442</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/libseccomp" auto="yes" arch="*">
+      <unaffected range="ge">2.4.0</unaffected>
+      <vulnerable range="lt">2.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library that provides an easy to use, platform independent, interface
+      to the Linux Kernel’s syscall filtering mechanism.
+    </p>
+  </background>
+  <description>
+    <p>Please review the CVE identifier referenced below for details.</p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifier for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libseccomp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/libseccomp-2.4.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9893">CVE-2019-9893</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T13:22:58Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-17T18:31:42Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-19.xml b/metadata/glsa/glsa-201904-19.xml
new file mode 100644
index 000000000000..71f6cdb43a2e
--- /dev/null
+++ b/metadata/glsa/glsa-201904-19.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-19">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
+    which could result in root privilege escalation.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2019-04-17</announced>
+  <revised count="1">2019-04-17</revised>
+  <bug>677350</bug>
+  <bug>681922</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.3.5.1</unaffected>
+      <vulnerable range="lt">2.3.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dovecot. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3814">CVE-2019-3814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7524">CVE-2019-7524</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-02T07:08:40Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-17T18:33:06Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-20.xml b/metadata/glsa/glsa-201904-20.xml
new file mode 100644
index 000000000000..3600d8fe7704
--- /dev/null
+++ b/metadata/glsa/glsa-201904-20.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-20">
+  <title>Apache: Privilege escalation</title>
+  <synopsis>A vulnerability in Apache might allow an attacker to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2019-04-22</announced>
+  <revised count="1">2019-04-22</revised>
+  <bug>682306</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.39</unaffected>
+      <vulnerable range="lt">2.4.39</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Apache with MPM event, worker, or
+      prefork.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.39"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0211">CVE-2019-0211</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-21T03:09:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-04-22T23:27:43Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-21.xml b/metadata/glsa/glsa-201904-21.xml
new file mode 100644
index 000000000000..c15ae6a5c47c
--- /dev/null
+++ b/metadata/glsa/glsa-201904-21.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-21">
+  <title>SQLite: Remote code execution</title>
+  <synopsis>A vulnerability in SQLite may allow for the remote execution of
+    code.
+  </synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2019-04-22</announced>
+  <revised count="1">2019-04-22</revised>
+  <bug>672942</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.25.3</unaffected>
+      <vulnerable range="lt">3.25.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>An integer overflow was discovered in SQLite’s FTS3 extension.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could, by executing arbitrary SQL statements against a
+      vulnerable host, execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.25.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20346">CVE-2018-20346</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-20T00:53:44Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-04-22T23:31:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-22.xml b/metadata/glsa/glsa-201904-22.xml
new file mode 100644
index 000000000000..0859caae3dd4
--- /dev/null
+++ b/metadata/glsa/glsa-201904-22.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-22">
+  <title>OpenDKIM: Root privilege escalation</title>
+  <synopsis>A vulnerability was discovered in Gentoo's ebuild for OpenDKIM
+    which could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">opendkim</product>
+  <announced>2019-04-22</announced>
+  <revised count="1">2019-04-22</revised>
+  <bug>629914</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/opendkim" auto="yes" arch="*">
+      <unaffected range="ge">2.10.3-r8</unaffected>
+      <vulnerable range="lt">2.10.3-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A community effort to develop and maintain a C library for producing
+      DKIM-aware applications and an open source milter for providing DKIM
+      service.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s OpenDKIM ebuild does not properly set
+      permissions or place the pid file in a safe directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>Users should ensure the proper permissions are set as discussed in the
+      referenced bugs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All OpenDKIM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-filter/opendkim-2.10.3-r8"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-02T07:15:45Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-22T23:34:15Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-23.xml b/metadata/glsa/glsa-201904-23.xml
new file mode 100644
index 000000000000..9dbde006580e
--- /dev/null
+++ b/metadata/glsa/glsa-201904-23.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-23">
+  <title>GLib: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GLib, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">glib</product>
+  <announced>2019-04-22</announced>
+  <revised count="1">2019-04-22</revised>
+  <bug>668474</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/glib" auto="yes" arch="*">
+      <unaffected range="ge">2.56.4</unaffected>
+      <vulnerable range="lt">2.56.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GLib is a library providing a number of GNOME’s core objects and
+      functions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GLib. Please review the
+      referenced bug for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced bugs for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GLib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.56.4"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T06:13:16Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-22T23:36:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-24.xml b/metadata/glsa/glsa-201904-24.xml
new file mode 100644
index 000000000000..95f5370a2b59
--- /dev/null
+++ b/metadata/glsa/glsa-201904-24.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-24">
+  <title>Ming: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Ming, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ming</product>
+  <announced>2019-04-24</announced>
+  <revised count="1">2019-04-24</revised>
+  <bug>624712</bug>
+  <bug>626498</bug>
+  <bug>646770</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/ming" auto="yes" arch="*">
+      <unaffected range="ge">0.20181112</unaffected>
+      <vulnerable range="lt">0.20181112</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library for generating Macromedia Flash files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ming. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ming users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/ming-0.20181112"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11728">CVE-2017-11728</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11729">CVE-2017-11729</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11730">CVE-2017-11730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11731">CVE-2017-11731</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11732">CVE-2017-11732</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11733">CVE-2017-11733</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11734">CVE-2017-11734</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9988">CVE-2017-9988</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9989">CVE-2017-9989</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5251">CVE-2018-5251</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5294">CVE-2018-5294</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6315">CVE-2018-6315</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6358">CVE-2018-6358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6359">CVE-2018-6359</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-19T01:46:20Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-24T23:57:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201904-25.xml b/metadata/glsa/glsa-201904-25.xml
new file mode 100644
index 000000000000..b72443a1d3cb
--- /dev/null
+++ b/metadata/glsa/glsa-201904-25.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-25">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2019-04-24</announced>
+  <revised count="1">2019-04-24</revised>
+  <bug>680834</bug>
+  <bug>681850</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">3.1.0-r4</unaffected>
+      <vulnerable range="lt">3.1.0-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-3.1.0-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20815">CVE-2018-20815</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9824">CVE-2019-9824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T05:49:31Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-24T23:59:19Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201906-01.xml b/metadata/glsa/glsa-201906-01.xml
new file mode 100644
index 000000000000..43586e2bcd8a
--- /dev/null
+++ b/metadata/glsa/glsa-201906-01.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201906-01">
+  <title>Exim: Remote command execution</title>
+  <synopsis>A vulnerability in Exim could allow a remote attacker to execute
+    arbitrary commands.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2019-06-06</announced>
+  <revised count="1">2019-06-06</revised>
+  <bug>687336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.92</unaffected>
+      <vulnerable range="lt">4.92</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in how Exim validates recipient addresses
+      in the deliver_message() function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary commands by sending an email
+      with a specially crafted recipient address to the affected system.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10149">CVE-2019-10149</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-06-05T17:30:31Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-06-06T17:27:59Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-01.xml b/metadata/glsa/glsa-201908-01.xml
new file mode 100644
index 000000000000..e2b90baf12fa
--- /dev/null
+++ b/metadata/glsa/glsa-201908-01.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-01">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
+    which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2019-08-03</announced>
+  <revised count="1">2019-08-03</revised>
+  <bug>672904</bug>
+  <bug>672910</bug>
+  <bug>674668</bug>
+  <bug>682698</bug>
+  <bug>682702</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.32-r1</unaffected>
+      <vulnerable range="lt">2.32-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to compile/execute a specially
+      crafted ELF, object, PE, or binary file, could possibly cause a Denial of
+      Service condition or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.32-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10372">CVE-2018-10372</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10373">CVE-2018-10373</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10534">CVE-2018-10534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10535">CVE-2018-10535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12641">CVE-2018-12641</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12697">CVE-2018-12697</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12698">CVE-2018-12698</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12699">CVE-2018-12699</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12700">CVE-2018-12700</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-13033">CVE-2018-13033</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19931">CVE-2018-19931</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19932">CVE-2018-19932</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20002">CVE-2018-20002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20651">CVE-2018-20651</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-29T23:24:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-03T11:22:15Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-02.xml b/metadata/glsa/glsa-201908-02.xml
new file mode 100644
index 000000000000..0c73ede6a3c9
--- /dev/null
+++ b/metadata/glsa/glsa-201908-02.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-02">
+  <title>libpng: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libpng, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2019-08-03</announced>
+  <revised count="1">2019-08-03</revised>
+  <bug>683366</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge" slot="0">1.6.37</unaffected>
+      <vulnerable range="lt" slot="0">1.6.37</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpng is a standard library used to process PNG (Portable Network
+      Graphics) images. It is used by several programs, including web browsers
+      and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libpng. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted PNG
+      file, could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpng users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.6.37"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14048">CVE-2018-14048</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14550">CVE-2018-14550</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7317">CVE-2019-7317</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-27T06:35:05Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-08-03T11:26:12Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-03.xml b/metadata/glsa/glsa-201908-03.xml
new file mode 100644
index 000000000000..4a5520a3d11c
--- /dev/null
+++ b/metadata/glsa/glsa-201908-03.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-03">
+  <title>JasPer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in JasPer, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">jasper</product>
+  <announced>2019-08-09</announced>
+  <revised count="3">2019-08-28</revised>
+  <bug>614028</bug>
+  <bug>614032</bug>
+  <bug>624988</bug>
+  <bug>629286</bug>
+  <bug>635552</bug>
+  <bug>662160</bug>
+  <bug>674154</bug>
+  <bug>674214</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jasper" auto="yes" arch="*">
+      <vulnerable range="le">2.0.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>JasPer is a software-based implementation of the codec specified in the
+      JPEG-2000 Part-1 standard.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in JasPer. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>JasPer is no longer maintained upstream and contains many
+      vulnerabilities which remain unaddressed. Gentoo users are advised to
+      unmerge this package.
+    </p>
+    
+    <code>
+      # emerge --unmerge media-libs/jasper
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000050">
+      CVE-2017-1000050
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13745">CVE-2017-13745</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13746">CVE-2017-13746</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13747">CVE-2017-13747</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13748">CVE-2017-13748</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13749">CVE-2017-13749</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13750">CVE-2017-13750</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13751">CVE-2017-13751</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13752">CVE-2017-13752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13753">CVE-2017-13753</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14132">CVE-2017-14132</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14229">CVE-2017-14229</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5503">CVE-2017-5503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5504">CVE-2017-5504</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5505">CVE-2017-5505</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-6851">CVE-2017-6851</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-6852">CVE-2017-6852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9782">CVE-2017-9782</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18873">CVE-2018-18873</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20584">CVE-2018-20584</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9055">CVE-2018-9055</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9154">CVE-2018-9154</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-04T18:37:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-28T22:02:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-04.xml b/metadata/glsa/glsa-201908-04.xml
new file mode 100644
index 000000000000..bc5160a9290f
--- /dev/null
+++ b/metadata/glsa/glsa-201908-04.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-04">
+  <title>Redis: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Redis, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2019-08-09</announced>
+  <revised count="1">2019-08-09</revised>
+  <bug>658066</bug>
+  <bug>689700</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">4.0.14</unaffected>
+      <vulnerable range="lt">4.0.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Redis. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-4.0.14"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11218">CVE-2018-11218</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11219">CVE-2018-11219</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10192">CVE-2019-10192</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10193">CVE-2019-10193</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-03T15:15:24Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-09T20:41:48Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-05.xml b/metadata/glsa/glsa-201908-05.xml
new file mode 100644
index 000000000000..42d9037a0887
--- /dev/null
+++ b/metadata/glsa/glsa-201908-05.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-05">
+  <title>LibVNCServer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibVNCServer, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libvncserver</product>
+  <announced>2019-08-09</announced>
+  <revised count="1">2019-08-09</revised>
+  <bug>659560</bug>
+  <bug>673508</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libvncserver" auto="yes" arch="*">
+      <unaffected range="ge">0.9.12</unaffected>
+      <vulnerable range="lt">0.9.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibVNCServer/LibVNCClient are cross-platform C libraries that allow you
+      to easily implement VNC server or client functionality in your program.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibVNCServer. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibVNCServer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libvncserver-0.9.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20019">CVE-2018-20019</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20020">CVE-2018-20020</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20021">CVE-2018-20021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20022">CVE-2018-20022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20023">CVE-2018-20023</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20024">CVE-2018-20024</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7225">CVE-2018-7225</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7226">CVE-2018-7226</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-04T18:16:50Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-09T20:45:14Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-06.xml b/metadata/glsa/glsa-201908-06.xml
new file mode 100644
index 000000000000..03379fb8e90b
--- /dev/null
+++ b/metadata/glsa/glsa-201908-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-06">
+  <title>glibc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in glibc, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>609386</bug>
+  <bug>635012</bug>
+  <bug>672228</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.28-r4</unaffected>
+      <vulnerable range="lt">2.28-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>glibc is a package that contains the GNU C library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in glibc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All glibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.28-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2015-8985">CVE-2015-8985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6263">CVE-2016-6263</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19591">CVE-2018-19591</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-03T12:43:48Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:38:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-07.xml b/metadata/glsa/glsa-201908-07.xml
new file mode 100644
index 000000000000..93df38d655c4
--- /dev/null
+++ b/metadata/glsa/glsa-201908-07.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-07">
+  <title>KDE KConfig: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerablity has been found in KDE KConfig that could allow a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">kconfig</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>691858</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-frameworks/kconfig" auto="yes" arch="*">
+      <unaffected range="ge">5.60.0-r1</unaffected>
+      <vulnerable range="lt">5.60.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Provides an advanced configuration system.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in KDE KConfig’s handling of .desktop
+      and .directory files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could entice a user to execute a specially crafted .desktop
+      or .directory file possibly resulting in execution of arbitrary code with
+      the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KConfig users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=kde-frameworks/kconfig-5.60.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14744">CVE-2019-14744</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-09T20:56:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:41:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-08.xml b/metadata/glsa/glsa-201908-08.xml
new file mode 100644
index 000000000000..29ebf5011b8b
--- /dev/null
+++ b/metadata/glsa/glsa-201908-08.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-08">
+  <title>CUPS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in CUPS, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>660954</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">2.2.8</unaffected>
+      <vulnerable range="lt">2.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CUPS, the Common Unix Printing System, is a full-featured print server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in CUPS. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CUPS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-2.2.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15400">CVE-2017-15400</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4180">CVE-2018-4180</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4181">CVE-2018-4181</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4182">CVE-2018-4182</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4183">CVE-2018-4183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6553">CVE-2018-6553</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-10T20:43:16Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:43:11Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-09.xml b/metadata/glsa/glsa-201908-09.xml
new file mode 100644
index 000000000000..3ac338fad0ae
--- /dev/null
+++ b/metadata/glsa/glsa-201908-09.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-09">
+  <title>SQLite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SQLite, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>684840</bug>
+  <bug>685838</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.28.0</unaffected>
+      <vulnerable range="lt">3.28.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SQLite. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could, by executing arbitrary SQL statements against a
+      vulnerable host, execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.28.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5018">CVE-2019-5018</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9936">CVE-2019-9936</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9937">CVE-2019-9937</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-09T20:49:17Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:45:09Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-10.xml b/metadata/glsa/glsa-201908-10.xml
new file mode 100644
index 000000000000..c5246faff191
--- /dev/null
+++ b/metadata/glsa/glsa-201908-10.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-10">
+  <title>Oracle JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle’s JDK and JRE
+    software suites.
+  </synopsis>
+  <product type="ebuild">oracle,jre,jdk</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>668948</bug>
+  <bug>691336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.8">1.8.0.202</unaffected>
+      <vulnerable range="lt" slot="1.8">1.8.0.202</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.8">1.8.0.202</unaffected>
+      <vulnerable range="lt" slot="1.8">1.8.0.202</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE
+      software suites. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JDK bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.202:1.8"
+    </code>
+    
+    <p>All Oracle JRE bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.202:1.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-13785">CVE-2018-13785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3136">CVE-2018-3136</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3139">CVE-2018-3139</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3149">CVE-2018-3149</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3150">CVE-2018-3150</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3157">CVE-2018-3157</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3169">CVE-2018-3169</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3180">CVE-2018-3180</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3183">CVE-2018-3183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3209">CVE-2018-3209</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3211">CVE-2018-3211</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3214">CVE-2018-3214</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2602">CVE-2019-2602</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2684">CVE-2019-2684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2697">CVE-2019-2697</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2698">CVE-2019-2698</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2699">CVE-2019-2699</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-27T05:36:16Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:48:13Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-11.xml b/metadata/glsa/glsa-201908-11.xml
new file mode 100644
index 000000000000..53a2922c960a
--- /dev/null
+++ b/metadata/glsa/glsa-201908-11.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-11">
+  <title>libarchive: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libarchive, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libarchive</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>631294</bug>
+  <bug>636070</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/libarchive" auto="yes" arch="*">
+      <unaffected range="ge">3.3.3</unaffected>
+      <vulnerable range="lt">3.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libarchive is a library for manipulating different streaming archive
+      formats, including certain tar variants, several cpio formats, and both
+      BSD and GNU ar variants.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libarchive. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libarchive users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/libarchive-3.3.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14166">CVE-2017-14166</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14501">CVE-2017-14501</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14502">CVE-2017-14502</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14503">CVE-2017-14503</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-10T17:06:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:49:48Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-12.xml b/metadata/glsa/glsa-201908-12.xml
new file mode 100644
index 000000000000..83d7758ea716
--- /dev/null
+++ b/metadata/glsa/glsa-201908-12.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-12">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>688332</bug>
+  <bug>690626</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.8.0</unaffected>
+      <vulnerable range="lt">60.8.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.8.0</unaffected>
+      <vulnerable range="lt">60.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.8.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.8.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11707">CVE-2019-11707</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11708">CVE-2019-11708</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11709">CVE-2019-11709</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11710">CVE-2019-11710</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11711">CVE-2019-11711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11712">CVE-2019-11712</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11713">CVE-2019-11713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11714">CVE-2019-11714</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11715">CVE-2019-11715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11716">CVE-2019-11716</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11717">CVE-2019-11717</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11718">CVE-2019-11718</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11719">CVE-2019-11719</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11720">CVE-2019-11720</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11721">CVE-2019-11721</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11723">CVE-2019-11723</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11724">CVE-2019-11724</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11725">CVE-2019-11725</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11727">CVE-2019-11727</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11728">CVE-2019-11728</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11729">CVE-2019-11729</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11730">CVE-2019-11730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9811">CVE-2019-9811</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/">
+      MFSA2019-18
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/">
+      MFSA2019-19
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/">
+      MFSA2019-21
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/">
+      MFSA2019-22
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-06-20T18:12:58Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:52:20Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-13.xml b/metadata/glsa/glsa-201908-13.xml
new file mode 100644
index 000000000000..c709f4ce791d
--- /dev/null
+++ b/metadata/glsa/glsa-201908-13.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-13">
+  <title>LibreOffice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibreOffice, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libreoffice</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>690354</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-office/libreoffice" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5.2</unaffected>
+      <vulnerable range="lt">6.2.5.2</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5.2</unaffected>
+      <vulnerable range="lt">6.2.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibreOffice is a powerful office suite; its clean interface and powerful
+      tools let you unleash your creativity and grow your productivity.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibreOffice. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibreOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-6.2.5.2"
+    </code>
+    
+    <p>All LibreOffice binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-6.2.5.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9848">CVE-2019-9848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9849">CVE-2019-9849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-10T20:59:28Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:53:38Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-14.xml b/metadata/glsa/glsa-201908-14.xml
new file mode 100644
index 000000000000..bdd1c2c60eae
--- /dev/null
+++ b/metadata/glsa/glsa-201908-14.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-14">
+  <title>polkit: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in polkit, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">polkit</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>661470</bug>
+  <bug>672578</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-auth/polkit" auto="yes" arch="*">
+      <unaffected range="ge">0.115-r2</unaffected>
+      <vulnerable range="lt">0.115-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>polkit is a toolkit for managing policies relating to unprivileged
+      processes communicating with privileged processes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in polkit. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All polkit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/polkit-0.115-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1116">CVE-2018-1116</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19788">CVE-2018-19788</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T21:46:16Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:54:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-15.xml b/metadata/glsa/glsa-201908-15.xml
new file mode 100644
index 000000000000..56293af7dc20
--- /dev/null
+++ b/metadata/glsa/glsa-201908-15.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-15">
+  <title>ZNC: Privilege escalation</title>
+  <synopsis>A vulnerability in ZNC allows users to escalate privileges.</synopsis>
+  <product type="ebuild">znc</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>688152</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/znc" auto="yes" arch="*">
+      <unaffected range="ge">1.7.4_rc1</unaffected>
+      <vulnerable range="lt">1.7.4_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ZNC is an advanced IRC bouncer.</p>
+  </background>
+  <description>
+    <p>It was discovered that ZNC’s “Modules.cpp” allows remote
+      authenticated non-admin users to escalate privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker could escalate privileges and
+      subsequently execute arbitrary code or conduct a Denial of Service
+      attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/znc-1.7.4_rc1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12816">CVE-2019-12816</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T22:44:54Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:56:13Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-16.xml b/metadata/glsa/glsa-201908-16.xml
new file mode 100644
index 000000000000..e52f22844927
--- /dev/null
+++ b/metadata/glsa/glsa-201908-16.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-16">
+  <title>ProFTPD: Remote code execution</title>
+  <synopsis>A vulnerability in ProFTPD could result in the arbitrary execution
+    of code.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>690528</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.6-r5</unaffected>
+      <vulnerable range="lt">1.3.6-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ProFTPD is an advanced and very configurable FTP server.</p>
+  </background>
+  <description>
+    <p>It was discovered that ProFTPD’s “mod_copy” module does not
+      properly restrict privileges for anonymous users.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by anonymously uploading a malicious file, could
+      possibly execute arbitrary code with the privileges of the process, cause
+      a Denial of Service condition or disclose information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ProFTPD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.3.6-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12815">CVE-2019-12815</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T22:56:34Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:57:27Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-17.xml b/metadata/glsa/glsa-201908-17.xml
new file mode 100644
index 000000000000..24e15836d90c
--- /dev/null
+++ b/metadata/glsa/glsa-201908-17.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-17">
+  <title>ZeroMQ: Arbitrary code execution</title>
+  <synopsis>A vulnerability in ZeroMQ might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">zeromq</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>689426</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/zeromq" auto="yes" arch="*">
+      <unaffected range="ge">4.3.2</unaffected>
+      <vulnerable range="lt">4.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Looks like an embeddable networking library but acts like a concurrency
+      framework.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in ZeroMQ.</p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZeroMQ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/zeromq-4.3.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13132">CVE-2019-13132</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T22:35:49Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:58:45Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-18.xml b/metadata/glsa/glsa-201908-18.xml
new file mode 100644
index 000000000000..28f8eb0cc599
--- /dev/null
+++ b/metadata/glsa/glsa-201908-18.xml
@@ -0,0 +1,206 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-18">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">chorme,chromium</product>
+  <announced>2019-08-15</announced>
+  <revised count="2">2019-08-16</revised>
+  <bug>672606</bug>
+  <bug>684238</bug>
+  <bug>684272</bug>
+  <bug>687732</bug>
+  <bug>688072</bug>
+  <bug>689944</bug>
+  <bug>691098</bug>
+  <bug>691682</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">76.0.3809.100</unaffected>
+      <vulnerable range="lt">76.0.3809.100</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">76.0.3809.100</unaffected>
+      <vulnerable range="lt">76.0.3809.100</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-76.0.3809.100"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-76.0.3809.100"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5805">CVE-2019-5805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5806">CVE-2019-5806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5807">CVE-2019-5807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5808">CVE-2019-5808</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5809">CVE-2019-5809</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5810">CVE-2019-5810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5811">CVE-2019-5811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5812">CVE-2019-5812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5813">CVE-2019-5813</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5814">CVE-2019-5814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5815">CVE-2019-5815</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5816">CVE-2019-5816</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5817">CVE-2019-5817</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5818">CVE-2019-5818</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5819">CVE-2019-5819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5820">CVE-2019-5820</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5821">CVE-2019-5821</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5822">CVE-2019-5822</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5823">CVE-2019-5823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5828">CVE-2019-5828</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5829">CVE-2019-5829</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5830">CVE-2019-5830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5831">CVE-2019-5831</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5832">CVE-2019-5832</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5833">CVE-2019-5833</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5834">CVE-2019-5834</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5835">CVE-2019-5835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5836">CVE-2019-5836</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5837">CVE-2019-5837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5838">CVE-2019-5838</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5839">CVE-2019-5839</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5840">CVE-2019-5840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5842">CVE-2019-5842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5847">CVE-2019-5847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5848">CVE-2019-5848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5850">CVE-2019-5850</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5851">CVE-2019-5851</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5852">CVE-2019-5852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5853">CVE-2019-5853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5854">CVE-2019-5854</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5855">CVE-2019-5855</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5856">CVE-2019-5856</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5857">CVE-2019-5857</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5858">CVE-2019-5858</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5859">CVE-2019-5859</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5860">CVE-2019-5860</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5861">CVE-2019-5861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5862">CVE-2019-5862</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5863">CVE-2019-5863</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5864">CVE-2019-5864</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5865">CVE-2019-5865</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5867">CVE-2019-5867</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5868">CVE-2019-5868</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17480">CVE-2018-17480</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17481">CVE-2018-17481</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18335">CVE-2018-18335</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18336">CVE-2018-18336</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18337">CVE-2018-18337</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18338">CVE-2018-18338</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18339">CVE-2018-18339</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18340">CVE-2018-18340</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18341">CVE-2018-18341</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18342">CVE-2018-18342</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18343">CVE-2018-18343</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18344">CVE-2018-18344</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18345">CVE-2018-18345</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18346">CVE-2018-18346</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18347">CVE-2018-18347</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18348">CVE-2018-18348</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18349">CVE-2018-18349</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18350">CVE-2018-18350</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18351">CVE-2018-18351</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18352">CVE-2018-18352</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18353">CVE-2018-18353</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18354">CVE-2018-18354</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18355">CVE-2018-18355</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18356">CVE-2018-18356</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18357">CVE-2018-18357</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18358">CVE-2018-18358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18359">CVE-2018-18359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5805">CVE-2019-5805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5806">CVE-2019-5806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5807">CVE-2019-5807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5808">CVE-2019-5808</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5809">CVE-2019-5809</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5810">CVE-2019-5810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5811">CVE-2019-5811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5812">CVE-2019-5812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5813">CVE-2019-5813</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5814">CVE-2019-5814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5815">CVE-2019-5815</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5816">CVE-2019-5816</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5817">CVE-2019-5817</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5818">CVE-2019-5818</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5819">CVE-2019-5819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5820">CVE-2019-5820</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5821">CVE-2019-5821</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5822">CVE-2019-5822</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5823">CVE-2019-5823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5828">CVE-2019-5828</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5829">CVE-2019-5829</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5830">CVE-2019-5830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5831">CVE-2019-5831</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5832">CVE-2019-5832</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5833">CVE-2019-5833</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5834">CVE-2019-5834</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5835">CVE-2019-5835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5836">CVE-2019-5836</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5837">CVE-2019-5837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5838">CVE-2019-5838</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5839">CVE-2019-5839</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5840">CVE-2019-5840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5842">CVE-2019-5842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5847">CVE-2019-5847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5848">CVE-2019-5848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5850">CVE-2019-5850</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5851">CVE-2019-5851</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5852">CVE-2019-5852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5853">CVE-2019-5853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5854">CVE-2019-5854</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5855">CVE-2019-5855</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5856">CVE-2019-5856</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5857">CVE-2019-5857</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5858">CVE-2019-5858</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5859">CVE-2019-5859</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5860">CVE-2019-5860</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5861">CVE-2019-5861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5862">CVE-2019-5862</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5863">CVE-2019-5863</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5864">CVE-2019-5864</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5865">CVE-2019-5865</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5867">CVE-2019-5867</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5868">CVE-2019-5868</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-27T08:00:47Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-08-16T17:41:13Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-19.xml b/metadata/glsa/glsa-201908-19.xml
new file mode 100644
index 000000000000..e6a77881ce70
--- /dev/null
+++ b/metadata/glsa/glsa-201908-19.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-19">
+  <title>GNU Wget: Arbitrary code execution</title>
+  <synopsis>A vulnerability in GNU Wget might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>682994</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.20.3</unaffected>
+      <vulnerable range="lt">1.20.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in GNU’s Wget.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.20.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5953">CVE-2019-5953</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-10T20:46:31Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T17:51:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-20.xml b/metadata/glsa/glsa-201908-20.xml
new file mode 100644
index 000000000000..05b2ac48e805
--- /dev/null
+++ b/metadata/glsa/glsa-201908-20.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-20">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2019-08-16</announced>
+  <revised count="1">2019-08-16</revised>
+  <bug>688032</bug>
+  <bug>690664</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">60.8.0</unaffected>
+      <vulnerable range="lt">60.8.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.8.0</unaffected>
+      <vulnerable range="lt">60.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-60.8.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-60.8.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11703">CVE-2019-11703</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11704">CVE-2019-11704</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11705">CVE-2019-11705</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11706">CVE-2019-11706</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11709">CVE-2019-11709</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11711">CVE-2019-11711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11712">CVE-2019-11712</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11713">CVE-2019-11713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11715">CVE-2019-11715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11717">CVE-2019-11717</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11719">CVE-2019-11719</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11729">CVE-2019-11729</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11730">CVE-2019-11730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9811">CVE-2019-9811</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-12T23:49:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-16T18:20:32Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-21.xml b/metadata/glsa/glsa-201908-21.xml
new file mode 100644
index 000000000000..ec87cbf19c38
--- /dev/null
+++ b/metadata/glsa/glsa-201908-21.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-21">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">flash</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>683006</bug>
+  <bug>687894</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">32.0.0.207</unaffected>
+      <vulnerable range="lt">32.0.0.207</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-32.0.0.207"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7096">CVE-2019-7096</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7108">CVE-2019-7108</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7845">CVE-2019-7845</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-17T15:59:17Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:22:45Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-22.xml b/metadata/glsa/glsa-201908-22.xml
new file mode 100644
index 000000000000..c4264b73b4e5
--- /dev/null
+++ b/metadata/glsa/glsa-201908-22.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-22">
+  <title>Patch: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Patch, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">patch</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>690136</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/patch" auto="yes" arch="*">
+      <unaffected range="ge">2.7.6-r4</unaffected>
+      <vulnerable range="lt">2.7.6-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Patch takes a patch file containing a difference listing produced by the
+      diff program and applies those differences to one or more original files,
+      producing patched versions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Patch. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could pass a specially crafted diff file to Patch,
+      possibly resulting in a Denial of Service condition or arbitrary code
+      execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Patch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/patch-2.7.6-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13636">CVE-2019-13636</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13638">CVE-2019-13638</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-16T21:41:00Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:24:40Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-23.xml b/metadata/glsa/glsa-201908-23.xml
new file mode 100644
index 000000000000..c62336f32cf7
--- /dev/null
+++ b/metadata/glsa/glsa-201908-23.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-23">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VLC, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>688642</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.7</unaffected>
+      <vulnerable range="lt">3.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VLC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to execute a specially crafted
+      media file, could cause a Denial of Service condition or possibly execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12874">CVE-2019-12874</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5439">CVE-2019-5439</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-01T21:30:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:26:26Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-24.xml b/metadata/glsa/glsa-201908-24.xml
new file mode 100644
index 000000000000..f6add259ef8c
--- /dev/null
+++ b/metadata/glsa/glsa-201908-24.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-24">
+  <title>MariaDB, MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MariaDB and MySQL, the
+    worst of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">mariadb,mysql</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>661500</bug>
+  <bug>670388</bug>
+  <bug>679024</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge">10.1.38-r1</unaffected>
+      <unaffected range="ge">10.2.22</unaffected>
+      <vulnerable range="lt">10.1.38-r1</vulnerable>
+      <vulnerable range="lt">10.2.22</vulnerable>
+    </package>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.42</unaffected>
+      <unaffected range="ge">5.7.24</unaffected>
+      <vulnerable range="lt">5.6.42</vulnerable>
+      <vulnerable range="lt">5.7.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MariaDB is an enhanced, drop-in replacement for MySQL. MySQL is a
+      popular multi-threaded, multi-user SQL server. MySQL is a popular
+      multi-threaded, multi-user SQL server
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MariaDB and MySQL.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB 10.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.1.38-r1"
+    </code>
+    
+    <p>All MariaDB 10.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.2.22"
+    </code>
+    
+    <p>All MySQL 5.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.42"
+    </code>
+    
+    <p>All MySQL 5.7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.7.24"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2755">CVE-2018-2755</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2759">CVE-2018-2759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2761">CVE-2018-2761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2766">CVE-2018-2766</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2771">CVE-2018-2771</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2777">CVE-2018-2777</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2781">CVE-2018-2781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2782">CVE-2018-2782</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2784">CVE-2018-2784</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2786">CVE-2018-2786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2787">CVE-2018-2787</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2810">CVE-2018-2810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2813">CVE-2018-2813</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2817">CVE-2018-2817</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2819">CVE-2018-2819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3143">CVE-2018-3143</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3156">CVE-2018-3156</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3162">CVE-2018-3162</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3173">CVE-2018-3173</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3174">CVE-2018-3174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3185">CVE-2018-3185</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3200">CVE-2018-3200</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3251">CVE-2018-3251</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3252">CVE-2018-3252</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3277">CVE-2018-3277</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3282">CVE-2018-3282</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3284">CVE-2018-3284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2510">CVE-2019-2510</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2529">CVE-2019-2529</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2537">CVE-2019-2537</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-12T23:27:01Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:28:58Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-25.xml b/metadata/glsa/glsa-201908-25.xml
new file mode 100644
index 000000000000..700154a2602a
--- /dev/null
+++ b/metadata/glsa/glsa-201908-25.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-25">
+  <title>hostapd and wpa_supplicant: Denial of service</title>
+  <synopsis>A vulnerability in hostapd and wpa_supplicant could lead to a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wpa_supplicant</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>685860</bug>
+  <bug>688588</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/hostapd" auto="yes" arch="*">
+      <unaffected range="ge">2.8</unaffected>
+      <vulnerable range="lt">2.8</vulnerable>
+    </package>
+    <package name="net-wireless/wpa_supplicant" auto="yes" arch="*">
+      <unaffected range="ge">2.8</unaffected>
+      <vulnerable range="lt">2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
+      802.11i / RSN).
+    </p>
+    
+    <p>hostapd is a user space daemon for access point and authentication
+      servers.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in hostapd’s and wpa_supplicant’s
+      eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All hostapd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/hostapd-2.8"
+    </code>
+    
+    <p>All wpa_supplicant users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/wpa_supplicant-2.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11555">CVE-2019-11555</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T00:58:42Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:31:07Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-26.xml b/metadata/glsa/glsa-201908-26.xml
new file mode 100644
index 000000000000..9a757dd8348d
--- /dev/null
+++ b/metadata/glsa/glsa-201908-26.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-26">
+  <title>libofx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libofx, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libofx</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>631304</bug>
+  <bug>636062</bug>
+  <bug>662910</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libofx" auto="yes" arch="*">
+      <unaffected range="ge">0.9.14</unaffected>
+      <vulnerable range="lt">0.9.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library to support the Open Financial eXchange XML format</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libofx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file using an application linked against libofx, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libofx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libofx-0.9.14"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14731">CVE-2017-14731</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2816">CVE-2017-2816</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2920">CVE-2017-2920</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-18T02:20:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T15:00:19Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-27.xml b/metadata/glsa/glsa-201908-27.xml
new file mode 100644
index 000000000000..6f7af7bbed67
--- /dev/null
+++ b/metadata/glsa/glsa-201908-27.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-27">
+  <title>Nautilus: Security bypass</title>
+  <synopsis>A vulnerability in Nautilus may allow attackers to escape the
+    sandbox.
+  </synopsis>
+  <product type="ebuild">nautilus</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>692784</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/nautilus" auto="yes" arch="*">
+      <unaffected range="ge">3.30.5-r1</unaffected>
+      <vulnerable range="lt">3.30.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Default file manager for the GNOME desktop</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Nautilus which allows an attacker to
+      escape the sandbox.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly bypass sandbox protection.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nautilus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=gnome-base/nautilus-3.30.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11461">CVE-2019-11461</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-26T21:48:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T15:00:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-28.xml b/metadata/glsa/glsa-201908-28.xml
new file mode 100644
index 000000000000..19818590fbcb
--- /dev/null
+++ b/metadata/glsa/glsa-201908-28.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-28">
+  <title>GNOME desktop library: Security bypass</title>
+  <synopsis>A vulnerability in the GNOME desktop library may allow attackers to
+    escape the sandbox.
+  </synopsis>
+  <product type="ebuild">gnome-desktop</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>692782</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/gnome-desktop" auto="yes" arch="*">
+      <unaffected range="ge">3.30.2.3</unaffected>
+      <vulnerable range="lt">3.30.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library with common API for various GNOME modules.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in the GNOME desktop library which allows
+      an attacker to escape the sandbox.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly bypass sandbox protection.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNOME desktop library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=gnome-base/gnome-desktop-3.30.2.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11460">CVE-2019-11460</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-31T14:55:07Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T21:05:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-29.xml b/metadata/glsa/glsa-201908-29.xml
new file mode 100644
index 000000000000..4b86c592f6fa
--- /dev/null
+++ b/metadata/glsa/glsa-201908-29.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-29">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>683732</bug>
+  <bug>692572</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.3.7.2</unaffected>
+      <vulnerable range="lt">2.3.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dovecot. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker could send a specially crafted mail
+      or use crafted IMAP commands possibly resulting in the execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.7.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10691">CVE-2019-10691</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11500">CVE-2019-11500</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-31T14:29:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T21:05:29Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-01.xml b/metadata/glsa/glsa-201909-01.xml
new file mode 100644
index 000000000000..d94daf002b35
--- /dev/null
+++ b/metadata/glsa/glsa-201909-01.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-01">
+  <title>Perl: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Perl, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>653432</bug>
+  <bug>670190</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.28.2</unaffected>
+      <vulnerable range="lt">5.28.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Perl is a highly capable, feature-rich programming language.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Perl. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.28.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18311">CVE-2018-18311</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18312">CVE-2018-18312</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18313">CVE-2018-18313</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18314">CVE-2018-18314</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6797">CVE-2018-6797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6798">CVE-2018-6798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6913">CVE-2018-6913</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-01T00:43:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:00:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-02.xml b/metadata/glsa/glsa-201909-02.xml
new file mode 100644
index 000000000000..14e36289adff
--- /dev/null
+++ b/metadata/glsa/glsa-201909-02.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-02">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VLC, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>689974</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.8</unaffected>
+      <vulnerable range="lt">3.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VLC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13602">CVE-2019-13602</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13962">CVE-2019-13962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14437">CVE-2019-14437</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14438">CVE-2019-14438</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14498">CVE-2019-14498</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14533">CVE-2019-14533</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14534">CVE-2019-14534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14535">CVE-2019-14535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14776">CVE-2019-14776</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14777">CVE-2019-14777</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14778">CVE-2019-14778</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14970">CVE-2019-14970</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:22:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-03.xml b/metadata/glsa/glsa-201909-03.xml
new file mode 100644
index 000000000000..70b47802e0c1
--- /dev/null
+++ b/metadata/glsa/glsa-201909-03.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-03">
+  <title>Pango: Buffer overflow</title>
+  <synopsis>A buffer overflow in Pango might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pango</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>692110</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/pango" auto="yes" arch="*">
+      <unaffected range="ge">1.42.4-r2</unaffected>
+      <vulnerable range="lt">1.42.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pango is a library for layout and rendering of internationalized text.</p>
+  </background>
+  <description>
+    <p>A buffer overflow has been discovered in Pango’s
+      pango_log2vis_get_embedding_levels function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      string with functions like pango_itemize, possibly resulting in execution
+      of arbitrary code with the privileges of the process or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pango users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pango-1.42.4-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010238">
+      CVE-2019-1010238
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:32:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-04.xml b/metadata/glsa/glsa-201909-04.xml
new file mode 100644
index 000000000000..0d229fc59291
--- /dev/null
+++ b/metadata/glsa/glsa-201909-04.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-04">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>692172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.41</unaffected>
+      <vulnerable range="lt">2.4.41</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.41"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10081">CVE-2019-10081</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10082">CVE-2019-10082</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10092">CVE-2019-10092</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10097">CVE-2019-10097</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10098">CVE-2019-10098</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9517">CVE-2019-9517</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:39:09Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:34Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-05.xml b/metadata/glsa/glsa-201909-05.xml
new file mode 100644
index 000000000000..dfe043bf6ac4
--- /dev/null
+++ b/metadata/glsa/glsa-201909-05.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-05">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkitgtk+</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>683234</bug>
+  <bug>686216</bug>
+  <bug>693122</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.24.4</unaffected>
+      <vulnerable range="lt">2.24.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing a user to visit maliciously crafted web
+      content, may be able to execute arbitrary code or cause memory
+      corruption.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.24.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11070">CVE-2019-11070</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6201">CVE-2019-6201</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6251">CVE-2019-6251</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7285">CVE-2019-7285</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7292">CVE-2019-7292</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8503">CVE-2019-8503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8506">CVE-2019-8506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8515">CVE-2019-8515</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8518">CVE-2019-8518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8523">CVE-2019-8523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8524">CVE-2019-8524</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8535">CVE-2019-8535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8536">CVE-2019-8536</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8544">CVE-2019-8544</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8551">CVE-2019-8551</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8558">CVE-2019-8558</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8559">CVE-2019-8559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8563">CVE-2019-8563</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8595">CVE-2019-8595</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8607">CVE-2019-8607</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8615">CVE-2019-8615</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2019-0002.html">WSA-2019-0002</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2019-0004.html">WSA-2019-0004</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:15:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-06.xml b/metadata/glsa/glsa-201909-06.xml
new file mode 100644
index 000000000000..b8780c59022a
--- /dev/null
+++ b/metadata/glsa/glsa-201909-06.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-06">
+  <title>Exim: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Exim, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2019-09-07</announced>
+  <revised count="1">2019-09-07</revised>
+  <bug>692394</bug>
+  <bug>693494</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.92.2</unaffected>
+      <vulnerable range="lt">4.92.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Exim. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by connecting to the SMTP listener daemon, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13917">CVE-2019-13917</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15846">CVE-2019-15846</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-06T15:35:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-09-07T00:22:35Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-07.xml b/metadata/glsa/glsa-201909-07.xml
new file mode 100644
index 000000000000..a91111969542
--- /dev/null
+++ b/metadata/glsa/glsa-201909-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-07">
+  <title>Simple DirectMedia Layer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Simple DirectMedia
+    Layer, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libsdl2</product>
+  <announced>2019-09-08</announced>
+  <revised count="1">2019-09-08</revised>
+  <bug>690064</bug>
+  <bug>692392</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsdl2" auto="yes" arch="*">
+      <unaffected range="ge">2.0.10</unaffected>
+      <vulnerable range="lt">2.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Simple DirectMedia Layer is a cross-platform development library
+      designed to provide low level access to audio, keyboard, mouse, joystick,
+      and graphics hardware via OpenGL and Direct3D.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Simple DirectMedia
+      Layer. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      audio or video, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Simple DirectMedia Layer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libsdl2-2.0.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13626">CVE-2019-13626</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7572">CVE-2019-7572</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7573">CVE-2019-7573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7574">CVE-2019-7574</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7575">CVE-2019-7575</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7576">CVE-2019-7576</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7577">CVE-2019-7577</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7578">CVE-2019-7578</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7635">CVE-2019-7635</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7636">CVE-2019-7636</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7638">CVE-2019-7638</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-07T00:08:23Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-08T17:40:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-08.xml b/metadata/glsa/glsa-201909-08.xml
new file mode 100644
index 000000000000..7f2b35906305
--- /dev/null
+++ b/metadata/glsa/glsa-201909-08.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-08">
+  <title>D-Bus: Authentication bypass</title>
+  <synopsis>An authentication bypass was discovered in D-Bus.</synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2019-09-08</announced>
+  <revised count="1">2019-09-08</revised>
+  <bug>687900</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.12.16</unaffected>
+      <vulnerable range="lt">1.12.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system which processes can use to talk to each
+      other.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that a local attacker could manipulate symbolic links
+      in their own home directory to bypass authentication and connect to a
+      DBusServer with elevated privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker can bypass authentication mechanisms and elevate
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.12.16"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12749">CVE-2019-12749</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-07T17:12:55Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-08T17:40:45Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201910-01.xml b/metadata/glsa/glsa-201910-01.xml
new file mode 100644
index 000000000000..4064b16ac59b
--- /dev/null
+++ b/metadata/glsa/glsa-201910-01.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201910-01">
+  <title>PHP: Arbitrary code execution</title>
+  <synopsis>A vulnerability in PHP might allow an attacker to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2019-10-25</announced>
+  <revised count="2">2019-11-19</revised>
+  <bug>698452</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">7.1.33</unaffected>
+      <unaffected range="ge">7.2.24</unaffected>
+      <unaffected range="ge">7.3.11</unaffected>
+      <unaffected range="ge">5.6.40-r7</unaffected>
+      <vulnerable range="lt">7.1.33</vulnerable>
+      <vulnerable range="lt">7.2.24</vulnerable>
+      <vulnerable range="lt">7.3.11</vulnerable>
+      <vulnerable range="lt">5.6.40-r7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is an open source general-purpose scripting language that is
+      especially suited for web development.
+    </p>
+  </background>
+  <description>
+    <p>A underflow in env_path_info in PHP-FPM under certain configurations can
+      be exploited to gain remote code execution.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by sending special crafted HTTP requests, could
+      possibly execute arbitrary code with the privileges of the process, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>If patching is not feasible, the suggested workaround is to include
+      checks to verify whether or not a file exists before passing to PHP.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.6.40-r7"
+    </code>
+    
+    <p>All PHP 7.1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.1.33"
+    </code>
+    
+    <p>All PHP 7.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.2.24"
+    </code>
+    
+    <p>All PHP 7.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.3.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11043">CVE-2019-11043</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-24T23:39:18Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-11-19T10:48:24Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201911-01.xml b/metadata/glsa/glsa-201911-01.xml
new file mode 100644
index 000000000000..e87f7485d76b
--- /dev/null
+++ b/metadata/glsa/glsa-201911-01.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201911-01">
+  <title>OpenSSH: Integer overflow</title>
+  <synopsis>An integer overflow in OpenSSH might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2019-11-07</announced>
+  <revised count="1">2019-11-07</revised>
+  <bug>697046</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">8.0_p1-r4</unaffected>
+      <vulnerable range="ge">8.0_p1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>OpenSSH, when built with “xmss” USE flag enabled, has a
+      pre-authentication integer overflow if a client or server is configured
+      to use a crafted XMSS key.
+    </p>
+    
+    <p>NOTE: This USE flag is disabled by default!</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could connect to a vulnerable OpenSSH server using a
+      special crafted XMSS key possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable XMSS key type.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-misc/openssh/openssh-8.0_p1-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16905">CVE-2019-16905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-26T14:48:28Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-11-07T19:01:23Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201911-02.xml b/metadata/glsa/glsa-201911-02.xml
new file mode 100644
index 000000000000..8d4d4b4254c8
--- /dev/null
+++ b/metadata/glsa/glsa-201911-02.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201911-02">
+  <title>pump: User-assisted execution of arbitrary code</title>
+  <synopsis>A buffer overflow in pump might allow remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pump</product>
+  <announced>2019-11-07</announced>
+  <revised count="1">2019-11-07</revised>
+  <bug>694314</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/pump" auto="yes" arch="*">
+      <vulnerable range="le">0.8.24-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BOOTP and DHCP client for automatic IP configuration.</p>
+  </background>
+  <description>
+    <p>It was discovered that there was an arbitrary code execution
+      vulnerability in the pump DHCP/BOOTP client.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious server,
+      could cause the execution of arbitrary code with the privileges of the
+      user running pump DHCP/BOOTP client.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for pump. We recommend that users
+      unmerge pump:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-misc/pump"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://bugs.debian.org/933674">Debian Bug Report 933674</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-26T18:02:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-11-07T19:05:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201911-03.xml b/metadata/glsa/glsa-201911-03.xml
new file mode 100644
index 000000000000..0d7dff81e1d8
--- /dev/null
+++ b/metadata/glsa/glsa-201911-03.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201911-03">
+  <title>Oniguruma: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oniguruma, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">oniguruma</product>
+  <announced>2019-11-07</announced>
+  <revised count="1">2019-11-07</revised>
+  <bug>691832</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/oniguruma" auto="yes" arch="*">
+      <unaffected range="ge">6.9.3</unaffected>
+      <vulnerable range="lt">6.9.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Oniguruma is a regular expression library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oniguruma. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      string using an application linked against Oniguruma, could possibly
+      execute arbitrary code with the privileges of the process or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oniguruma users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/oniguruma-6.9.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13224">CVE-2019-13224</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13225">CVE-2019-13225</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-12T21:09:00Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-11-07T19:07:37Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201911-04.xml b/metadata/glsa/glsa-201911-04.xml
new file mode 100644
index 000000000000..8793df1008cf
--- /dev/null
+++ b/metadata/glsa/glsa-201911-04.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201911-04">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple information disclosure vulnerabilities in OpenSSL allow
+    attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2019-11-07</announced>
+  <revised count="1">2019-11-07</revised>
+  <bug>694162</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2t</unaffected>
+      <vulnerable range="lt">1.0.2t</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2t"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1547">CVE-2019-1547</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1563">CVE-2019-1563</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-12T14:09:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-11-07T19:09:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201911-05.xml b/metadata/glsa/glsa-201911-05.xml
new file mode 100644
index 000000000000..24d2ac578a52
--- /dev/null
+++ b/metadata/glsa/glsa-201911-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201911-05">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">adobe,flash</product>
+  <announced>2019-11-25</announced>
+  <revised count="1">2019-11-25</revised>
+  <bug>694352</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">32.0.0.255</unaffected>
+      <vulnerable range="lt">32.0.0.255</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-32.0.0.255"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8069">CVE-2019-8069</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8070">CVE-2019-8070</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-26T20:58:44Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-11-25T00:10:47Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201911-06.xml b/metadata/glsa/glsa-201911-06.xml
new file mode 100644
index 000000000000..5a186148231b
--- /dev/null
+++ b/metadata/glsa/glsa-201911-06.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201911-06">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,chrome,google</product>
+  <announced>2019-11-25</announced>
+  <revised count="1">2019-11-25</revised>
+  <bug>692916</bug>
+  <bug>694002</bug>
+  <bug>694954</bug>
+  <bug>697506</bug>
+  <bug>698398</bug>
+  <bug>699068</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">78.0.3904.87</unaffected>
+      <vulnerable range="lt">78.0.3904.87</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">78.0.3904.87</unaffected>
+      <vulnerable range="lt">78.0.3904.87</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-78.0.3904.87"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-78.0.3904.87"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13659">CVE-2019-13659</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13660">CVE-2019-13660</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13661">CVE-2019-13661</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13662">CVE-2019-13662</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13663">CVE-2019-13663</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13664">CVE-2019-13664</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13665">CVE-2019-13665</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13666">CVE-2019-13666</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13667">CVE-2019-13667</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13668">CVE-2019-13668</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13669">CVE-2019-13669</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13670">CVE-2019-13670</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13671">CVE-2019-13671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13673">CVE-2019-13673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13674">CVE-2019-13674</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13675">CVE-2019-13675</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13676">CVE-2019-13676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13677">CVE-2019-13677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13678">CVE-2019-13678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13679">CVE-2019-13679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13680">CVE-2019-13680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13681">CVE-2019-13681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13682">CVE-2019-13682</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13683">CVE-2019-13683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13685">CVE-2019-13685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13686">CVE-2019-13686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13687">CVE-2019-13687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13688">CVE-2019-13688</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13693">CVE-2019-13693</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13694">CVE-2019-13694</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13695">CVE-2019-13695</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13696">CVE-2019-13696</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13697">CVE-2019-13697</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13699">CVE-2019-13699</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13700">CVE-2019-13700</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13701">CVE-2019-13701</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13703">CVE-2019-13703</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13704">CVE-2019-13704</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13705">CVE-2019-13705</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13706">CVE-2019-13706</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13707">CVE-2019-13707</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13708">CVE-2019-13708</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13709">CVE-2019-13709</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13710">CVE-2019-13710</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13711">CVE-2019-13711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13713">CVE-2019-13713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13714">CVE-2019-13714</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13715">CVE-2019-13715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13716">CVE-2019-13716</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13717">CVE-2019-13717</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13718">CVE-2019-13718</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13719">CVE-2019-13719</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13721">CVE-2019-13721</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5869">CVE-2019-5869</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5870">CVE-2019-5870</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5871">CVE-2019-5871</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5872">CVE-2019-5872</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5873">CVE-2019-5873</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5874">CVE-2019-5874</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5875">CVE-2019-5875</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5876">CVE-2019-5876</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5877">CVE-2019-5877</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5878">CVE-2019-5878</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5879">CVE-2019-5879</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5880">CVE-2019-5880</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5881">CVE-2019-5881</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-26T19:59:08Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-11-25T00:13:45Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201911-07.xml b/metadata/glsa/glsa-201911-07.xml
new file mode 100644
index 000000000000..bc524551476f
--- /dev/null
+++ b/metadata/glsa/glsa-201911-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201911-07">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2019-11-25</announced>
+  <revised count="1">2019-11-25</revised>
+  <bug>693442</bug>
+  <bug>698512</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.2.0</unaffected>
+      <vulnerable range="lt">68.2.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.2.0</unaffected>
+      <vulnerable range="lt">68.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.2.0"
+    </code>
+    
+    <p>All Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.2.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11740">CVE-2019-11740</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11742">CVE-2019-11742</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11743">CVE-2019-11743</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11744">CVE-2019-11744</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11746">CVE-2019-11746</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11752">CVE-2019-11752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9812">CVE-2019-9812</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-22T23:21:18Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-11-25T00:16:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201911-08.xml b/metadata/glsa/glsa-201911-08.xml
new file mode 100644
index 000000000000..4a8bad9133b7
--- /dev/null
+++ b/metadata/glsa/glsa-201911-08.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201911-08">
+  <title>Expat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Expat, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">expat</product>
+  <announced>2019-11-25</announced>
+  <revised count="1">2019-11-25</revised>
+  <bug>688734</bug>
+  <bug>694362</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/expat" auto="yes" arch="*">
+      <unaffected range="ge">2.2.8</unaffected>
+      <vulnerable range="lt">2.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Expat is a set of XML parsing libraries.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Expat. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Expat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/expat-2.2.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20843">CVE-2018-20843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15903">CVE-2019-15903</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-24T11:38:45Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-11-25T00:18:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-01.xml b/metadata/glsa/glsa-202003-01.xml
new file mode 100644
index 000000000000..6a4beffcf47b
--- /dev/null
+++ b/metadata/glsa/glsa-202003-01.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-01">
+  <title>Groovy: Arbitrary code execution</title>
+  <synopsis>A vulnerability within serialization might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">groovy</product>
+  <announced>2020-03-07</announced>
+  <revised count="3">2020-03-12</revised>
+  <bug>605690</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/groovy" auto="yes" arch="*">
+      <vulnerable range="le">2.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A multi-faceted language for the Java platform</p>
+  </background>
+  <description>
+    <p>It was discovered that there was a vulnerability within the Java
+      serialization/deserialization process.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by crafting a special serialized object, could execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Groovy. We recommend that users
+      unmerge Groovy:
+    </p>
+    
+    <code>
+      # emerge --unmerge "dev-java/groovy"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6814">CVE-2016-6814</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-15T02:25:56Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-03-12T19:07:51Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-02.xml b/metadata/glsa/glsa-202003-02.xml
new file mode 100644
index 000000000000..38ac4d055367
--- /dev/null
+++ b/metadata/glsa/glsa-202003-02.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-02">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-03-12</announced>
+  <revised count="2">2020-03-12</revised>
+  <bug>702638</bug>
+  <bug>705000</bug>
+  <bug>709346</bug>
+  <bug>712182</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.6.0</unaffected>
+      <vulnerable range="lt">68.6.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.6.0</unaffected>
+      <vulnerable range="lt">68.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition. Furthermore,
+      a remote attacker may be able to perform Man-in-the-Middle attacks,
+      obtain sensitive information, spoof the address bar, conduct clickjacking
+      attacks, bypass security restrictions and protection mechanisms, or have
+      other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.6.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.6.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11745">CVE-2019-11745</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17005">CVE-2019-17005</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17008">CVE-2019-17008</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17010">CVE-2019-17010</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17011">CVE-2019-17011</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17012">CVE-2019-17012</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17016">CVE-2019-17016</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17017">CVE-2019-17017</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17022">CVE-2019-17022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17024">CVE-2019-17024</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17026">CVE-2019-17026</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20503">CVE-2019-20503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6796">CVE-2020-6796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6797">CVE-2020-6797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6798">CVE-2020-6798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6799">CVE-2020-6799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6800">CVE-2020-6800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6805">CVE-2020-6805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6806">CVE-2020-6806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6807">CVE-2020-6807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6811">CVE-2020-6811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6812">CVE-2020-6812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6814">CVE-2020-6814</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/">
+      MFSA-2019-37
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/">
+      MFSA-2020-03
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/">
+      MFSA-2020-06
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/">
+      MFSA-2020-09
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-07T16:47:24Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-03-12T19:17:30Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-03.xml b/metadata/glsa/glsa-202003-03.xml
new file mode 100644
index 000000000000..65df80e511e4
--- /dev/null
+++ b/metadata/glsa/glsa-202003-03.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-03">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2020-03-12</announced>
+  <revised count="2">2020-03-12</revised>
+  <bug>685846</bug>
+  <bug>688420</bug>
+  <bug>709708</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.4">9.4.26</unaffected>
+      <unaffected range="ge" slot="9.5">9.5.21</unaffected>
+      <unaffected range="ge" slot="9.6">9.6.17</unaffected>
+      <unaffected range="ge" slot="10">10.12</unaffected>
+      <unaffected range="ge" slot="11">11.7</unaffected>
+      <unaffected range="ge" slot="12">12.2</unaffected>
+      <vulnerable range="lt" slot="9.4">9.4.26</vulnerable>
+      <vulnerable range="lt" slot="9.5">9.5.21</vulnerable>
+      <vulnerable range="lt" slot="9.6">9.6.17</vulnerable>
+      <vulnerable range="lt" slot="10">10.12</vulnerable>
+      <vulnerable range="lt" slot="11">11.7</vulnerable>
+      <vulnerable range="lt" slot="12">12.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, bypass certain client-side connection security
+      features, read arbitrary server memory, alter certain data or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.4.26:9.4"
+    </code>
+    
+    <p>All PostgreSQL 9.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.21:9.5"
+    </code>
+    
+    <p>All PostgreSQL 9.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.17:9.6"
+    </code>
+    
+    <p>All PostgreSQL 10.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.12:10"
+    </code>
+    
+    <p>All PostgreSQL 11.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-11.7:11"
+    </code>
+    
+    <p>All PostgreSQL 12.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-12.2:12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10129">CVE-2019-10129</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10130">CVE-2019-10130</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10164">CVE-2019-10164</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1720">CVE-2020-1720</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-26T23:59:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-12T20:20:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-04.xml b/metadata/glsa/glsa-202003-04.xml
new file mode 100644
index 000000000000..c822e21abf22
--- /dev/null
+++ b/metadata/glsa/glsa-202003-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-04">
+  <title>Vim, gVim: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in Vim and gVim concerning how
+    certain modeline options are treated.
+  </synopsis>
+  <product type="ebuild">vim,gvim</product>
+  <announced>2020-03-12</announced>
+  <revised count="1">2020-03-12</revised>
+  <bug>687394</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-editors/vim" auto="yes" arch="*">
+      <unaffected range="ge">8.1.1486</unaffected>
+      <vulnerable range="lt">8.1.1486</vulnerable>
+    </package>
+    <package name="app-editors/gvim" auto="yes" arch="*">
+      <unaffected range="ge">8.1.1486</unaffected>
+      <vulnerable range="lt">8.1.1486</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Vim is an efficient, highly configurable improved version of the classic
+      ‘vi’ text editor. gVim is the GUI version of Vim.
+    </p>
+  </background>
+  <description>
+    <p>
+      It was found that the <code>:source!</code> command was not restricted by
+      the sandbox mode. If modeline was explicitly enabled, opening a specially
+      crafted text file in vim could result in arbitrary command execution.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using Vim or gVim, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Vim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/vim-8.1.1486"
+    </code>
+    
+    <p>All gVim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-editors/gvim-8.1.1486"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12735">CVE-2019-12735</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-27T00:04:29Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-12T20:37:36Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-05.xml b/metadata/glsa/glsa-202003-05.xml
new file mode 100644
index 000000000000..ee3c3f3c4499
--- /dev/null
+++ b/metadata/glsa/glsa-202003-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-05">
+  <title>e2fsprogs: Arbitrary code execution</title>
+  <synopsis>A vulnerability in e2fsprogs might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">e2fsprogs</product>
+  <announced>2020-03-13</announced>
+  <revised count="1">2020-03-13</revised>
+  <bug>695522</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-fs/e2fsprogs" auto="yes" arch="*">
+      <unaffected range="ge">1.45.4</unaffected>
+      <vulnerable range="lt">1.45.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4
+      file systems.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that e2fsprogs incorrectly handled certain ext4
+      partitions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      corrupted file system using e2fsck, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All e2fsprogs users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/e2fsprogs-1.45.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5094">CVE-2019-5094</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-29T10:09:38Z">ackle</metadata>
+  <metadata tag="submitter" timestamp="2020-03-13T01:50:25Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-06.xml b/metadata/glsa/glsa-202003-06.xml
new file mode 100644
index 000000000000..8dd5cbb7ee92
--- /dev/null
+++ b/metadata/glsa/glsa-202003-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-06">
+  <title>Ruby: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Ruby, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ruby</product>
+  <announced>2020-03-13</announced>
+  <revised count="1">2020-03-13</revised>
+  <bug>696004</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ruby" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.4">2.4.9</unaffected>
+      <unaffected range="ge" slot="2.5">2.5.7</unaffected>
+      <vulnerable range="lt" slot="2.4">2.4.9</vulnerable>
+      <vulnerable range="lt" slot="2.5">2.5.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ruby is an interpreted object-oriented programming language. The
+      elaborate standard library includes an HTTP server (“WEBRick”) and a
+      class for XML parsing (“REXML”).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ruby. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code, have unauthorized access
+      by bypassing intended path matching or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ruby 2.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-2.4.9:2.4"
+    </code>
+    
+    <p>All Ruby 2.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-2.5.7:2.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15845">CVE-2019-15845</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16201">CVE-2019-16201</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16254">CVE-2019-16254</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16255">CVE-2019-16255</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-10-26T17:40:41Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-13T02:29:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-07.xml b/metadata/glsa/glsa-202003-07.xml
new file mode 100644
index 000000000000..ef7f30132b20
--- /dev/null
+++ b/metadata/glsa/glsa-202003-07.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-07">
+  <title>RabbitMQ C client: Arbitrary code execution</title>
+  <synopsis>A vulnerability in RabbitMQ C client might allow an attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rabbitmq-c</product>
+  <announced>2020-03-13</announced>
+  <revised count="1">2020-03-13</revised>
+  <bug>701810</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/rabbitmq-c" auto="yes" arch="*">
+      <unaffected range="ge">0.10.0</unaffected>
+      <vulnerable range="lt">0.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A C-language AMQP client library for use with v2.0+ of the RabbitMQ
+      broker.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that RabbitMQ C client incorrectly handled certain
+      inputs.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by sending a specially crafted request, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RabbitMQ C client users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/rabbitmq-c-0.10.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18609">CVE-2019-18609</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-12-26T15:20:01Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-13T02:48:45Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-08.xml b/metadata/glsa/glsa-202003-08.xml
new file mode 100644
index 000000000000..2860dda152c1
--- /dev/null
+++ b/metadata/glsa/glsa-202003-08.xml
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-08">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-03-13</announced>
+  <revised count="1">2020-03-13</revised>
+  <bug>699676</bug>
+  <bug>700588</bug>
+  <bug>702498</bug>
+  <bug>703286</bug>
+  <bug>704960</bug>
+  <bug>705638</bug>
+  <bug>708322</bug>
+  <bug>710760</bug>
+  <bug>711570</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">80.0.3987.132</unaffected>
+      <vulnerable range="lt">80.0.3987.132</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">80.0.3987.132</unaffected>
+      <vulnerable range="lt">80.0.3987.132</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code, escalate privileges,
+      obtain sensitive information, spoof an URL or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-80.0.3987.132"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-80.0.3987.132"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13723">CVE-2019-13723</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13724">CVE-2019-13724</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13725">CVE-2019-13725</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13726">CVE-2019-13726</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13727">CVE-2019-13727</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13728">CVE-2019-13728</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13729">CVE-2019-13729</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13730">CVE-2019-13730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13732">CVE-2019-13732</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13734">CVE-2019-13734</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13735">CVE-2019-13735</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13736">CVE-2019-13736</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13737">CVE-2019-13737</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13738">CVE-2019-13738</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13739">CVE-2019-13739</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13740">CVE-2019-13740</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13741">CVE-2019-13741</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13742">CVE-2019-13742</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13743">CVE-2019-13743</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13744">CVE-2019-13744</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13745">CVE-2019-13745</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13746">CVE-2019-13746</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13747">CVE-2019-13747</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13748">CVE-2019-13748</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13749">CVE-2019-13749</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13750">CVE-2019-13750</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13751">CVE-2019-13751</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13752">CVE-2019-13752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13753">CVE-2019-13753</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13754">CVE-2019-13754</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13755">CVE-2019-13755</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13756">CVE-2019-13756</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13757">CVE-2019-13757</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13758">CVE-2019-13758</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13759">CVE-2019-13759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13761">CVE-2019-13761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13762">CVE-2019-13762</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13763">CVE-2019-13763</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13764">CVE-2019-13764</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13767">CVE-2019-13767</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6377">CVE-2020-6377</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6378">CVE-2020-6378</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6379">CVE-2020-6379</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6380">CVE-2020-6380</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6381">CVE-2020-6381</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6382">CVE-2020-6382</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6385">CVE-2020-6385</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6387">CVE-2020-6387</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6388">CVE-2020-6388</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6389">CVE-2020-6389</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6390">CVE-2020-6390</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6391">CVE-2020-6391</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6392">CVE-2020-6392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6393">CVE-2020-6393</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6394">CVE-2020-6394</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6395">CVE-2020-6395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6396">CVE-2020-6396</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6397">CVE-2020-6397</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6398">CVE-2020-6398</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6399">CVE-2020-6399</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6400">CVE-2020-6400</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6401">CVE-2020-6401</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6402">CVE-2020-6402</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6403">CVE-2020-6403</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6404">CVE-2020-6404</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6406">CVE-2020-6406</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6407">CVE-2020-6407</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6408">CVE-2020-6408</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6409">CVE-2020-6409</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6410">CVE-2020-6410</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6411">CVE-2020-6411</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6412">CVE-2020-6412</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6413">CVE-2020-6413</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6414">CVE-2020-6414</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6415">CVE-2020-6415</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6416">CVE-2020-6416</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6418">CVE-2020-6418</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6420">CVE-2020-6420</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-01T17:56:52Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-13T03:16:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-09.xml b/metadata/glsa/glsa-202003-09.xml
new file mode 100644
index 000000000000..60427a9d7ac9
--- /dev/null
+++ b/metadata/glsa/glsa-202003-09.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-09">
+  <title>OpenID library for Ruby: Server-Side Request Forgery</title>
+  <synopsis>A vulnerability in OpenID library for Ruby at worst might allow an
+    attacker to bypass authentication.
+  </synopsis>
+  <product type="ebuild">ruby-openid</product>
+  <announced>2020-03-14</announced>
+  <revised count="2">2020-03-14</revised>
+  <bug>698464</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/ruby-openid" auto="yes" arch="*">
+      <unaffected range="ge">2.9.2</unaffected>
+      <vulnerable range="lt">2.9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A Ruby library for verifying and serving OpenID identities.</p>
+  </background>
+  <description>
+    <p>It was discovered that OpenID library for Ruby performed discovery
+      first, and then verification.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly change the URL used for discovery and
+      trick the server into connecting to the URL. This server in turn could be
+      a private server not
+      publicly accessible.
+    </p>
+    
+    <p>In addition, if the client that uses this library discloses connection
+      errors, this in turn could disclose information from the private server
+      to the attacker.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ruby-openid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/ruby-openid-2.9.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11027">CVE-2019-11027</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-13T02:03:43Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-14T16:10:29Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-10.xml b/metadata/glsa/glsa-202003-10.xml
new file mode 100644
index 000000000000..f14245582c42
--- /dev/null
+++ b/metadata/glsa/glsa-202003-10.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-10">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2020-03-14</announced>
+  <revised count="1">2020-03-14</revised>
+  <bug>698516</bug>
+  <bug>702638</bug>
+  <bug>709350</bug>
+  <bug>712518</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.6.0</unaffected>
+      <vulnerable range="lt">68.6.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.6.0</unaffected>
+      <vulnerable range="lt">68.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to execute arbitrary code, cause a Denial
+      of Service condition, obtain sensitive information, or conduct Cross-Site
+      Request Forgery (CSRF).
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.6.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.6.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/">
+      MFSA-2019-35
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/">
+      MFSA-2019-37
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/">
+      MFSA-2020-07
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/">
+      MFSA-2020-10
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11745">CVE-2019-11745</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11757">CVE-2019-11757</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11759">CVE-2019-11759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11760">CVE-2019-11760</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11761">CVE-2019-11761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11762">CVE-2019-11762</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11763">CVE-2019-11763</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11764">CVE-2019-11764</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17005">CVE-2019-17005</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17008">CVE-2019-17008</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17010">CVE-2019-17010</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17011">CVE-2019-17011</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17012">CVE-2019-17012</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20503">CVE-2019-20503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6792">CVE-2020-6792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6793">CVE-2020-6793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6794">CVE-2020-6794</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6795">CVE-2020-6795</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6798">CVE-2020-6798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6800">CVE-2020-6800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6805">CVE-2020-6805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6806">CVE-2020-6806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6807">CVE-2020-6807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6811">CVE-2020-6811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6812">CVE-2020-6812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6814">CVE-2020-6814</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-02-23T05:31:39Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-03-14T16:01:40Z">BlueKnight</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-11.xml b/metadata/glsa/glsa-202003-11.xml
new file mode 100644
index 000000000000..d8f1f2bd9813
--- /dev/null
+++ b/metadata/glsa/glsa-202003-11.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-11">
+  <title>SVG Salamander: Server-Side Request Forgery</title>
+  <synopsis>A SSRF may allow remote attackers to forge illegitimate requests.</synopsis>
+  <product type="ebuild">svgsalamander</product>
+  <announced>2020-03-14</announced>
+  <revised count="1">2020-03-14</revised>
+  <bug>607720</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/svgsalamander" auto="yes" arch="*">
+      <vulnerable range="le">0.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SVG Salamander is a light weight SVG renderer and animator for Java.</p>
+  </background>
+  <description>
+    <p>A Server-Side Request Forgery was discovered in SVG Salamander.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by sending a specially crafted SVG file, can conduct SSRF.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for SVG Salamander. We recommend that
+      users unmerge SVG Salamander:
+    </p>
+    
+    <code>
+      # emerge --unmerge "dev-java/svgsalamander"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5617">CVE-2017-5617</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-15T02:33:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-03-14T16:07:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-12.xml b/metadata/glsa/glsa-202003-12.xml
new file mode 100644
index 000000000000..4232a5655da1
--- /dev/null
+++ b/metadata/glsa/glsa-202003-12.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-12">
+  <title>sudo: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in sudo, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2020-03-14</announced>
+  <revised count="1">2020-03-14</revised>
+  <bug>697462</bug>
+  <bug>707574</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.31</unaffected>
+      <vulnerable range="lt">1.8.31</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo (su “do”) allows a system administrator to delegate authority
+      to give certain users (or groups of users) the ability to run some (or
+      all) commands as root or another user while providing an audit trail of
+      the commands and their arguments.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in sudo. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could expose or corrupt memory information, inject code
+      to be run as a root user or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.31"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14287">CVE-2019-14287</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18634">CVE-2019-18634</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-02-29T15:42:31Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-14T16:20:57Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-13.xml b/metadata/glsa/glsa-202003-13.xml
new file mode 100644
index 000000000000..4eabdcd70b9b
--- /dev/null
+++ b/metadata/glsa/glsa-202003-13.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-13">
+  <title>musl: x87 floating-point stack adjustment imbalance</title>
+  <synopsis>An x87 stack handling error in musl might allow an attacker to have
+    an application dependent impact.
+  </synopsis>
+  <product type="ebuild">musl</product>
+  <announced>2020-03-14</announced>
+  <revised count="2">2020-03-15</revised>
+  <bug>711276</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/musl" auto="yes" arch="*">
+      <unaffected range="ge">1.1.24</unaffected>
+      <vulnerable range="lt">1.1.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>musl is an implementation of the C standard library built on top of the
+      Linux system call API, including interfaces defined in the base language
+      standard, POSIX, and widely agreed-upon extensions.
+    </p>
+  </background>
+  <description>
+    <p>A flaw in musl libc’s arch-specific math assembly code for i386 was
+      found which can lead to x87 stack overflow in the execution of subsequent
+      math code.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Impact depends on how the application built against musl libc handles
+      the ABI-violating x87 state.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All musl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/musl-1.1.24"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14697">CVE-2019-14697</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-03T20:43:59Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T00:52:05Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-14.xml b/metadata/glsa/glsa-202003-14.xml
new file mode 100644
index 000000000000..a209c716b4b9
--- /dev/null
+++ b/metadata/glsa/glsa-202003-14.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-14">
+  <title>atftp: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in atftp, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">atftp</product>
+  <announced>2020-03-14</announced>
+  <revised count="1">2020-03-14</revised>
+  <bug>711630</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/atftp" auto="yes" arch="*">
+      <unaffected range="ge">0.7.2</unaffected>
+      <vulnerable range="lt">0.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>atftp is a client/server implementation of the TFTP protocol that
+      implements RFCs 1350, 2090, 2347, 2348, and 2349.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in atftp. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted packet to an atftp
+      instance, possibly resulting in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All atftp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/atftp-0.7.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11365">CVE-2019-11365</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11366">CVE-2019-11366</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-08T00:17:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-14T16:48:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-15.xml b/metadata/glsa/glsa-202003-15.xml
new file mode 100644
index 000000000000..6ed03f0156b4
--- /dev/null
+++ b/metadata/glsa/glsa-202003-15.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-15">
+  <title>ICU: Integer overflow</title>
+  <synopsis>An integer overflow flaw in ICU could possibly allow for the
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ICU</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>710758</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">65.1-r1</unaffected>
+      <vulnerable range="lt">65.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ICU is a mature, widely used set of C/C++ and Java libraries providing
+      Unicode and Globalization support for software applications.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that ICU’s UnicodeString::doAppend() function is
+      vulnerable to an integer overflow. Please review the CVE identifiers
+      referenced below for more details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      string in an application linked against ICU, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ICU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-65.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10531">CVE-2020-10531</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T01:07:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T01:36:26Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-16.xml b/metadata/glsa/glsa-202003-16.xml
new file mode 100644
index 000000000000..0e89f97242b7
--- /dev/null
+++ b/metadata/glsa/glsa-202003-16.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-16">
+  <title>SQLite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SQLite, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>697678</bug>
+  <bug>711526</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.31.1</unaffected>
+      <vulnerable range="lt">3.31.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SQLite. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.31.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16168">CVE-2019-16168</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5827">CVE-2019-5827</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9327">CVE-2020-9327</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T01:58:17Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T02:02:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-17.xml b/metadata/glsa/glsa-202003-17.xml
new file mode 100644
index 000000000000..42fa05e08494
--- /dev/null
+++ b/metadata/glsa/glsa-202003-17.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-17">
+  <title>nfdump: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in nfdump, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nfsdump</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>711316</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/nfdump" auto="yes" arch="*">
+      <unaffected range="ge">1.6.19</unaffected>
+      <vulnerable range="lt">1.6.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nfdump is a toolset in order to collect and process netflow and sflow
+      data, sent from netflow/sflow compatible devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in nfdump. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending specially crafted netflow/sflow data,
+      could possibly execute arbitrary code with the privileges of the process
+      or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nfdump users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/nfdump-1.6.19"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010057">
+      CVE-2019-1010057
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14459">CVE-2019-14459</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T02:20:52Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T02:25:05Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-18.xml b/metadata/glsa/glsa-202003-18.xml
new file mode 100644
index 000000000000..26f12a64feb7
--- /dev/null
+++ b/metadata/glsa/glsa-202003-18.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-18">
+  <title>libvirt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst
+    of which may result in the execution of arbitrary commands.
+  </synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>711306</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">5.4.1</unaffected>
+      <vulnerable range="lt">5.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libvirt. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local privileged attacker could execute arbitrary commands, escalate
+      privileges or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-5.4.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10161">CVE-2019-10161</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10166">CVE-2019-10166</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10167">CVE-2019-10167</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10168">CVE-2019-10168</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T02:39:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T02:42:25Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-19.xml b/metadata/glsa/glsa-202003-19.xml
new file mode 100644
index 000000000000..30fa979f684d
--- /dev/null
+++ b/metadata/glsa/glsa-202003-19.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-19">
+  <title>PPP: Buffer overflow</title>
+  <synopsis>A buffer overflow in PPP might allow a remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">PPP</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>710308</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dialup/ppp" auto="yes" arch="*">
+      <unaffected range="ge">2.4.8</unaffected>
+      <vulnerable range="lt">2.4.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PPP is a Unix implementation of the Point-to-Point Protocol.</p>
+  </background>
+  <description>
+    <p>It was discovered that bounds check in PPP for the rhostname was
+      improperly constructed in the EAP request and response functions.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by sending specially crafted authentication data,
+      could possibly execute arbitrary code with the privileges of the process
+      or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PPP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/ppp-2.4.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8597">CVE-2020-8597</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T02:58:39Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T03:04:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-20.xml b/metadata/glsa/glsa-202003-20.xml
new file mode 100644
index 000000000000..696a1298d328
--- /dev/null
+++ b/metadata/glsa/glsa-202003-20.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-20">
+  <title>systemd: Heap use-after-free</title>
+  <synopsis>A heap use-after-free flaw in systemd at worst might allow an
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">systemd</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>708806</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/systemd" auto="yes" arch="*">
+      <unaffected range="ge">244.3</unaffected>
+      <vulnerable range="lt">244.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A system and service manager.</p>
+  </background>
+  <description>
+    <p>It was found that systemd incorrectly handled certain Polkit queries.</p>
+  </description>
+  <impact type="high">
+    <p>A local unprivileged user, by sending a specially crafted Polkit query,
+      could possibly execute arbitrary code with the privileges of the process,
+      escalate privileges or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All systemd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/systemd-244.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1712">CVE-2020-1712</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T03:18:50Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T03:26:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-21.xml b/metadata/glsa/glsa-202003-21.xml
new file mode 100644
index 000000000000..5f5c03bbfac4
--- /dev/null
+++ b/metadata/glsa/glsa-202003-21.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-21">
+  <title>runC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in runC, the worst of
+    which may lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">runC</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>677744</bug>
+  <bug>709456</bug>
+  <bug>711182</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/runc" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0_rc10</unaffected>
+      <vulnerable range="lt">1.0.0_rc10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RunC is a CLI tool for spawning and running containers according to the
+      OCI specification.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in runC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker, by running a malicious Docker image, could escape the
+      container, bypass security restrictions, escalate privileges or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All runC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/runc-1.0.0_rc10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16884">CVE-2019-16884</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19921">CVE-2019-19921</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5736">CVE-2019-5736</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T04:19:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T04:26:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-22.xml b/metadata/glsa/glsa-202003-22.xml
new file mode 100644
index 000000000000..c69d16f0a64e
--- /dev/null
+++ b/metadata/glsa/glsa-202003-22.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-22">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">webkitgtk+</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>699156</bug>
+  <bug>706374</bug>
+  <bug>709612</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.26.4</unaffected>
+      <vulnerable range="lt">2.26.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code, cause a Denial of
+      Service condition, bypass intended memory-read restrictions, conduct a
+      timing side-channel attack to bypass the Same Origin Policy or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.26.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8625">CVE-2019-8625</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8674">CVE-2019-8674</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8707">CVE-2019-8707</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8710">CVE-2019-8710</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8719">CVE-2019-8719</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8720">CVE-2019-8720</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8726">CVE-2019-8726</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8733">CVE-2019-8733</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8735">CVE-2019-8735</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8743">CVE-2019-8743</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8763">CVE-2019-8763</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8764">CVE-2019-8764</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8765">CVE-2019-8765</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8766">CVE-2019-8766</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8768">CVE-2019-8768</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8769">CVE-2019-8769</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8771">CVE-2019-8771</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8782">CVE-2019-8782</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8783">CVE-2019-8783</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8808">CVE-2019-8808</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8811">CVE-2019-8811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8812">CVE-2019-8812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8813">CVE-2019-8813</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8814">CVE-2019-8814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8815">CVE-2019-8815</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8816">CVE-2019-8816</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8819">CVE-2019-8819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8820">CVE-2019-8820</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8821">CVE-2019-8821</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8822">CVE-2019-8822</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8823">CVE-2019-8823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8835">CVE-2019-8835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8844">CVE-2019-8844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8846">CVE-2019-8846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3862">CVE-2020-3862</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3864">CVE-2020-3864</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3865">CVE-2020-3865</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3867">CVE-2020-3867</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3868">CVE-2020-3868</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T04:37:44Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T04:42:48Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-23.xml b/metadata/glsa/glsa-202003-23.xml
new file mode 100644
index 000000000000..0a16d80df9a3
--- /dev/null
+++ b/metadata/glsa/glsa-202003-23.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-23">
+  <title>libjpeg-turbo: User-assisted execution of arbitrary code</title>
+  <synopsis>Several integer overflows in libjpeg-turbo might allow an attacker
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libjpeg-turbo</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>699830</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
+      <unaffected range="ge">2.0.3</unaffected>
+      <vulnerable range="lt">2.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.</p>
+  </background>
+  <description>
+    <p>It was discovered that libjpeg-turbo incorrectly handled certain JPEG
+      images.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted JPEG
+      file in an application linked against libjpeg-turbo, possibly resulting
+      in execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libjpeg-turbo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libjpeg-turbo-2.0.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2201">CVE-2019-2201</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T04:50:57Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T14:25:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-24.xml b/metadata/glsa/glsa-202003-24.xml
new file mode 100644
index 000000000000..dbb042e1771b
--- /dev/null
+++ b/metadata/glsa/glsa-202003-24.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-24">
+  <title>file: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in file might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>698610</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.37-r1</unaffected>
+      <vulnerable range="lt">5.37-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>file is a utility that guesses a file format by scanning binary data for
+      patterns.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that file incorrectly handled certain malformed files.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file via libmagic or file, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.37-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18218">CVE-2019-18218</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T04:56:34Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T14:35:19Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-25.xml b/metadata/glsa/glsa-202003-25.xml
new file mode 100644
index 000000000000..ed368e6fbbd2
--- /dev/null
+++ b/metadata/glsa/glsa-202003-25.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-25">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibTIFF, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tiff</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>639700</bug>
+  <bug>690732</bug>
+  <bug>699868</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">4.1.0</unaffected>
+      <vulnerable range="lt">4.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The TIFF library contains encoding and decoding routines for the Tag
+      Image File Format. It is called by numerous programs, including GNOME and
+      KDE applications, to interpret TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libTIFF. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      TIFF file, could possibly cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libTIFF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.1.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17095">CVE-2017-17095</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19210">CVE-2018-19210</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17546">CVE-2019-17546</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6128">CVE-2019-6128</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7663">CVE-2019-7663</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T14:58:38Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T15:09:13Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-26.xml b/metadata/glsa/glsa-202003-26.xml
new file mode 100644
index 000000000000..570a06748746
--- /dev/null
+++ b/metadata/glsa/glsa-202003-26.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-26">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>676700</bug>
+  <bug>680246</bug>
+  <bug>680298</bug>
+  <bug>684838</bug>
+  <bug>689822</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.17</unaffected>
+      <unaffected range="ge" slot="3.5/3.5m">3.5.7</unaffected>
+      <unaffected range="ge" slot="3.6/3.6m">3.6.9</unaffected>
+      <unaffected range="ge" slot="3.7/3.7m">3.7.4</unaffected>
+      <vulnerable range="lt" slot="2.7">2.7.17</vulnerable>
+      <vulnerable range="lt" slot="3.5/3.5m">3.5.7</vulnerable>
+      <vulnerable range="lt" slot="3.6/3.6m">3.6.9</vulnerable>
+      <vulnerable range="lt" slot="3.7/3.7m">3.7.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly perform a CRLF injection attack, obtain
+      sensitive information, trick Python into sending cookies to the wrong
+      domain or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2.7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.17:2.7"
+    </code>
+    
+    <p>All Python 3.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.5.7:3.5/3.5m"
+    </code>
+    
+    <p>All Python 3.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.6.9:3.6/3.6m"
+    </code>
+    
+    <p>All Python 3.7x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.7.4:3.7/3.7m"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20852">CVE-2018-20852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5010">CVE-2019-5010</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9636">CVE-2019-9636</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9740">CVE-2019-9740</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9947">CVE-2019-9947</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9948">CVE-2019-9948</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T15:47:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T15:56:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-27.xml b/metadata/glsa/glsa-202003-27.xml
new file mode 100644
index 000000000000..d34f8ce9fe80
--- /dev/null
+++ b/metadata/glsa/glsa-202003-27.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-27">
+  <title>libssh: Arbitrary command execution</title>
+  <synopsis>A vulnerability in libssh could allow a remote attacker to execute
+    arbitrary commands.
+  </synopsis>
+  <product type="ebuild">libssh</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>701598</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libssh" auto="yes" arch="*">
+      <unaffected range="ge">0.9.3</unaffected>
+      <vulnerable range="lt">0.9.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libssh is a multiplatform C library implementing the SSHv2 protocol on
+      client and server side.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that libssh incorrectly handled certain scp commands.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could trick a victim into using a specially crafted
+      scp command, possibly resulting in the execution of arbitrary commands on
+      the server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libssh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.9.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14889">CVE-2019-14889</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T16:06:34Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T16:16:36Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-28.xml b/metadata/glsa/glsa-202003-28.xml
new file mode 100644
index 000000000000..19bc271b64a7
--- /dev/null
+++ b/metadata/glsa/glsa-202003-28.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-28">
+  <title>libarchive: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libarchive, the worst
+    of which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">libarchive</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>699222</bug>
+  <bug>710358</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/libarchive" auto="yes" arch="*">
+      <unaffected range="ge">3.4.2</unaffected>
+      <vulnerable range="lt">3.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libarchive is a library for manipulating different streaming archive
+      formats, including certain tar variants, several cpio formats, and both
+      BSD and GNU ar variants.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libarchive. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive file possibly resulting in the execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libarchive users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/libarchive-3.4.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18408">CVE-2019-18408</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9308">CVE-2020-9308</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T16:23:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T16:26:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-29.xml b/metadata/glsa/glsa-202003-29.xml
new file mode 100644
index 000000000000..e075f5d26ae3
--- /dev/null
+++ b/metadata/glsa/glsa-202003-29.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-29">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>686050</bug>
+  <bug>694020</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.66.0</unaffected>
+      <vulnerable range="lt">7.66.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.66.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5435">CVE-2019-5435</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5436">CVE-2019-5436</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5481">CVE-2019-5481</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5482">CVE-2019-5482</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T16:31:33Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T16:37:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-30.xml b/metadata/glsa/glsa-202003-30.xml
new file mode 100644
index 000000000000..894d97beb939
--- /dev/null
+++ b/metadata/glsa/glsa-202003-30.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-30">
+  <title>Git: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Git, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2020-03-15</announced>
+  <revised count="2">2020-03-20</revised>
+  <bug>702296</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="rge">2.21.1</unaffected>
+      <unaffected range="rge">2.23.1-r1</unaffected>
+      <unaffected range="rge">2.24.1</unaffected>
+      <vulnerable range="lt">2.24.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Git. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly overwrite arbitrary paths, execute arbitrary
+      code, and overwrite files in the .git directory.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git 2.21.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.21.1"
+    </code>
+    
+    <p>All Git 2.23.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.23.1-r1"
+    </code>
+    
+    <p>All Git 2.24.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.24.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1348">CVE-2019-1348</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1349">CVE-2019-1349</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1350">CVE-2019-1350</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1351">CVE-2019-1351</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1352">CVE-2019-1352</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1353">CVE-2019-1353</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1354">CVE-2019-1354</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1387">CVE-2019-1387</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19604">CVE-2019-19604</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T16:52:27Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-20T21:00:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-31.xml b/metadata/glsa/glsa-202003-31.xml
new file mode 100644
index 000000000000..4dae6769b5e6
--- /dev/null
+++ b/metadata/glsa/glsa-202003-31.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-31">
+  <title>gdb: Buffer overflow</title>
+  <synopsis>A buffer overflow in gdb might allow a remote attacker to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">gdb</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>690582</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-devel/gdb" auto="yes" arch="*">
+      <unaffected range="ge">9.1</unaffected>
+      <vulnerable range="lt">9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>gdb is the GNU project’s debugger, facilitating the analysis and
+      debugging of applications. The BFD library provides a uniform method of
+      accessing a variety of object file formats.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that gdb didn’t properly validate the ELF section
+      sizes from input file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted ELF
+      binary using gdb, possibly resulting in information disclosure or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gdb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/gdb-9.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010180">
+      CVE-2019-1010180
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T19:07:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T19:13:13Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-32.xml b/metadata/glsa/glsa-202003-32.xml
new file mode 100644
index 000000000000..a4070273bd01
--- /dev/null
+++ b/metadata/glsa/glsa-202003-32.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-32">
+  <title>Libgcrypt: Side-channel attack</title>
+  <synopsis>A vulnerability in Libgcrypt could allow a local attacker to
+    recover sensitive information.
+  </synopsis>
+  <product type="ebuild">libgcrypt</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>693108</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-libs/libgcrypt" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5</unaffected>
+      <vulnerable range="lt">1.8.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libgcrypt is a general purpose cryptographic library derived out of
+      GnuPG.
+    </p>
+  </background>
+  <description>
+    <p>A timing attack was found in the way ECCDSA was implemented in
+      Libgcrypt.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A local man-in-the-middle attacker, during signature generation, could
+      possibly recover the private key.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libgcrypt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libgcrypt-1.8.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13627">CVE-2019-13627</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T19:23:38Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T19:29:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-33.xml b/metadata/glsa/glsa-202003-33.xml
new file mode 100644
index 000000000000..8d028e17b0d1
--- /dev/null
+++ b/metadata/glsa/glsa-202003-33.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-33">
+  <title>GStreamer Base Plugins: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in GStreamer Base Plugins might allow
+    remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gst-plugins-base</product>
+  <announced>2020-03-15</announced>
+  <revised count="1">2020-03-15</revised>
+  <bug>701294</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gst-plugins-base" auto="yes" arch="*">
+      <unaffected range="ge">1.14.5-r1</unaffected>
+      <vulnerable range="lt">1.14.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A well-groomed and well-maintained collection of GStreamer plug-ins and
+      elements, spanning the range of possible types of elements one would want
+      to write for GStreamer.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that GStreamer Base Plugins did not correctly handle
+      certain malformed RTSP streams.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted RTSP
+      stream with a GStreamer application, possibly resulting in the execution
+      of arbitrary code or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GStreamer Base Plugins users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-base-1.14.5-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9928">CVE-2019-9928</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T19:49:56Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-15T19:54:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-34.xml b/metadata/glsa/glsa-202003-34.xml
new file mode 100644
index 000000000000..940fc5edd5db
--- /dev/null
+++ b/metadata/glsa/glsa-202003-34.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-34">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Squid, the worst of
+    which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2020-03-16</announced>
+  <revised count="1">2020-03-16</revised>
+  <bug>699854</bug>
+  <bug>708296</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">4.10</unaffected>
+      <vulnerable range="lt">4.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squid is a full-featured Web proxy cache designed to run on Unix
+      systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+      as well as SSL support, cache hierarchies, transparent caching, access
+      control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Squid. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending a specially crafted request, could
+      possibly execute arbitrary code with the privileges of the process,
+      obtain sensitive information or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Squid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-4.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12526">CVE-2019-12526</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12528">CVE-2019-12528</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18678">CVE-2019-18678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18679">CVE-2019-18679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8449">CVE-2020-8449</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8450">CVE-2020-8450</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8517">CVE-2020-8517</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-11-11T17:42:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-16T11:34:35Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-35.xml b/metadata/glsa/glsa-202003-35.xml
new file mode 100644
index 000000000000..fa72b90a87d1
--- /dev/null
+++ b/metadata/glsa/glsa-202003-35.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-35">
+  <title>ProFTPd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ProFTPd, the worst of
+    which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2020-03-16</announced>
+  <revised count="1">2020-03-16</revised>
+  <bug>699520</bug>
+  <bug>701814</bug>
+  <bug>710730</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.6c</unaffected>
+      <vulnerable range="lt">1.3.6c</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ProFTPD is an advanced and very configurable FTP server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ProFTPd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by interrupting the data transfer channel, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ProFTPd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.3.6c"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18217">CVE-2019-18217</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19269">CVE-2019-19269</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9272">CVE-2020-9272</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9273">CVE-2020-9273</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T06:37:49Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-03-16T21:08:17Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-36.xml b/metadata/glsa/glsa-202003-36.xml
new file mode 100644
index 000000000000..77b24063e94f
--- /dev/null
+++ b/metadata/glsa/glsa-202003-36.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-36">
+  <title>libvorbis: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libvorbis, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libvorbis</product>
+  <announced>2020-03-16</announced>
+  <revised count="1">2020-03-16</revised>
+  <bug>631646</bug>
+  <bug>699862</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libvorbis" auto="yes" arch="*">
+      <unaffected range="ge">1.3.6-r1</unaffected>
+      <vulnerable range="lt">1.3.6-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvorbis is the reference implementation of the Xiph.org Ogg Vorbis
+      audio file format. It is used by many applications for playback of Ogg
+      Vorbis files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libvorbis. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      audio file, could possibly cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvorbis users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libvorbis-1.3.6-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14160">CVE-2017-14160</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10392">CVE-2018-10392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10393">CVE-2018-10393</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T15:16:28Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-16T21:12:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-37.xml b/metadata/glsa/glsa-202003-37.xml
new file mode 100644
index 000000000000..27963a656f92
--- /dev/null
+++ b/metadata/glsa/glsa-202003-37.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-37">
+  <title>Mozilla Network Security Service: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Network
+    Security Service (NSS), the worst of which may lead to arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">nss</product>
+  <announced>2020-03-16</announced>
+  <revised count="2">2020-03-16</revised>
+  <bug>627534</bug>
+  <bug>676868</bug>
+  <bug>701840</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.49</unaffected>
+      <vulnerable range="lt">3.49</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Mozilla Network Security Service (NSS) is a library implementing
+      security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
+      #12, S/MIME and X.509 certificates.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Network
+      Security Service (NSS). Please review the CVE identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary code, cause a Denial of Service
+      condition or have other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Network Security Service (NSS) users should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.49"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11695">CVE-2017-11695</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11696">CVE-2017-11696</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11697">CVE-2017-11697</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11698">CVE-2017-11698</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18508">CVE-2018-18508</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11745">CVE-2019-11745</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T15:34:44Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-16T21:17:42Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-38.xml b/metadata/glsa/glsa-202003-38.xml
new file mode 100644
index 000000000000..0fe1b36c64ea
--- /dev/null
+++ b/metadata/glsa/glsa-202003-38.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-38">
+  <title>PECL Imagick: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Imagick PHP extension might allow an attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">pecl-imagick</product>
+  <announced>2020-03-19</announced>
+  <revised count="1">2020-03-19</revised>
+  <bug>687030</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/pecl-imagick" auto="yes" arch="*">
+      <unaffected range="ge">3.4.4</unaffected>
+      <vulnerable range="lt">3.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Imagick is a PHP extension to create and modify images using the
+      ImageMagick library.
+    </p>
+  </background>
+  <description>
+    <p>An out-of-bounds write vulnerability was discovered in the Imagick PHP
+      extension.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, able to upload specially crafted images which will
+      get processed by Imagick, could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Imagick PHP extension users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/pecl-imagick-3.4.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11037">CVE-2019-11037</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-17T14:27:07Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-19T15:54:46Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-39.xml b/metadata/glsa/glsa-202003-39.xml
new file mode 100644
index 000000000000..3da65eb92d8d
--- /dev/null
+++ b/metadata/glsa/glsa-202003-39.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-39">
+  <title>phpMyAdmin: SQL injection</title>
+  <synopsis>An SQL injection vulnerability in phpMyAdmin may allow attackers to
+    execute arbitrary SQL statements.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2020-03-19</announced>
+  <revised count="1">2020-03-19</revised>
+  <bug>701830</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge">4.9.2</unaffected>
+      <vulnerable range="lt">4.9.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
+  </background>
+  <description>
+    <p>PhpMyAdmin was vulnerable to an SQL injection attack through the
+      designer feature.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An authenticated remote attacker, by specifying a specially crafted
+      database/table name, could trigger an SQL injection attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.9.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18622">CVE-2019-18622</uri>
+    <uri link="https://www.phpmyadmin.net/security/PMASA-2019-5/">PMASA-2019-5</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-19T16:07:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-19T16:19:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-40.xml b/metadata/glsa/glsa-202003-40.xml
new file mode 100644
index 000000000000..75c8ef9418fa
--- /dev/null
+++ b/metadata/glsa/glsa-202003-40.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-40">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2020-03-19</announced>
+  <revised count="1">2020-03-19</revised>
+  <bug>702312</bug>
+  <bug>708938</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">1.2.9</unaffected>
+      <vulnerable range="lt">1.2.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code or bypass intended access
+      restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-1.2.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16723">CVE-2019-16723</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17357">CVE-2019-17357</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17358">CVE-2019-17358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7106">CVE-2020-7106</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7237">CVE-2020-7237</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-19T16:27:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-19T16:29:17Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-41.xml b/metadata/glsa/glsa-202003-41.xml
new file mode 100644
index 000000000000..ac164d157735
--- /dev/null
+++ b/metadata/glsa/glsa-202003-41.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-41">
+  <title>GNU FriBidi: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in GNU FriBidi might allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">fribidi</product>
+  <announced>2020-03-19</announced>
+  <revised count="1">2020-03-19</revised>
+  <bug>699338</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/fribidi" auto="yes" arch="*">
+      <unaffected range="ge">1.0.8</unaffected>
+      <vulnerable range="lt">1.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Free Implementation of the Unicode Bidirectional Algorithm.</p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow vulnerability was found in GNU FriBidi.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a memory corruption, execute
+      arbitrary code with the privileges of the process or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FriBidi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/fribidi-1.0.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18397">CVE-2019-18397</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-19T16:36:42Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-19T16:41:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-42.xml b/metadata/glsa/glsa-202003-42.xml
new file mode 100644
index 000000000000..76a2944ee9c4
--- /dev/null
+++ b/metadata/glsa/glsa-202003-42.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-42">
+  <title>libgit2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libgit2, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libgit2</product>
+  <announced>2020-03-19</announced>
+  <revised count="1">2020-03-19</revised>
+  <bug>702522</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libgit2" auto="yes" arch="*">
+      <unaffected range="ge">0.28.4</unaffected>
+      <vulnerable range="lt">0.28.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libgit2 is a portable, pure C implementation of the Git core methods
+      provided as a re-entrant linkable library with a solid API.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libgit2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly overwrite arbitrary paths, execute arbitrary
+      code, and overwrite files in the .git directory.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libgit2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libgit2-0.28.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1348">CVE-2019-1348</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1350">CVE-2019-1350</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1387">CVE-2019-1387</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-19T16:48:12Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-19T16:50:07Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-43.xml b/metadata/glsa/glsa-202003-43.xml
new file mode 100644
index 000000000000..d07350f36504
--- /dev/null
+++ b/metadata/glsa/glsa-202003-43.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-43">
+  <title>Apache Tomcat: Multiple vulnerabilities</title>
+  <synopsis> Multiple vulnerabilities have been found in Apache Tomcat, the
+    worst of which could lead to arbitrary code execution. 
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2020-03-19</announced>
+  <revised count="3">2020-06-26</revised>
+  <bug>692402</bug>
+  <bug>706208</bug>
+  <bug>710656</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge" slot="8.5">8.5.51</unaffected>
+      <unaffected range="ge" slot="7">7.0.100</unaffected>
+      <vulnerable range="lt" slot="8.5">8.5.51</vulnerable>
+      <vulnerable range="lt" slot="7">7.0.100</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache Tomcat. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly smuggle HTTP requests or execute arbitrary
+      code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Tomcat 7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-7.0.100:7"
+    </code>
+    
+    <p>All Apache Tomcat 8.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-8.5.51:8.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0221">CVE-2019-0221</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12418">CVE-2019-12418</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17563">CVE-2019-17563</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1938">CVE-2020-1938</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-19T17:09:01Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-06-26T19:38:55Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-44.xml b/metadata/glsa/glsa-202003-44.xml
new file mode 100644
index 000000000000..91ebcf2f6aca
--- /dev/null
+++ b/metadata/glsa/glsa-202003-44.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-44">
+  <title>Binary diff: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in Binary diff might allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">bsdiff</product>
+  <announced>2020-03-19</announced>
+  <revised count="1">2020-03-19</revised>
+  <bug>701848</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-util/bsdiff" auto="yes" arch="*">
+      <unaffected range="ge">4.3-r4</unaffected>
+      <vulnerable range="lt">4.3-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>bsdiff and bspatch are tools for building and applying patches to binary
+      files.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that the implementation of bspatch did not check for a
+      negative value on numbers of bytes read from the diff and extra streams.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to apply a specially crafted patch
+      using bspatch, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binary diff users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/bsdiff-4.3-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-9862">CVE-2014-9862</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-19T18:34:43Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-19T18:40:24Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-45.xml b/metadata/glsa/glsa-202003-45.xml
new file mode 100644
index 000000000000..e436236d6878
--- /dev/null
+++ b/metadata/glsa/glsa-202003-45.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-45">
+  <title>PyYAML: Arbitrary code execution</title>
+  <synopsis>A flaw in PyYAML might allow attackers to execute arbitrary code.</synopsis>
+  <product type="ebuild">pyyaml</product>
+  <announced>2020-03-19</announced>
+  <revised count="1">2020-03-19</revised>
+  <bug>659348</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-python/pyyaml" auto="yes" arch="*">
+      <unaffected range="ge">5.1</unaffected>
+      <vulnerable range="lt">5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PyYAML is a YAML parser and emitter for Python.</p>
+  </background>
+  <description>
+    <p>It was found that using yaml.load() API on untrusted input could lead to
+      arbitrary code execution.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to process specially crafted input
+      in an application using yaml.load() from PyYAML, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PyYAML users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pyyaml-5.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18342">CVE-2017-18342</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-19T18:50:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-19T18:55:38Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-46.xml b/metadata/glsa/glsa-202003-46.xml
new file mode 100644
index 000000000000..ae2d48c32026
--- /dev/null
+++ b/metadata/glsa/glsa-202003-46.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-46">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ClamAV, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2020-03-19</announced>
+  <revised count="1">2020-03-19</revised>
+  <bug>702010</bug>
+  <bug>708424</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.102.2</unaffected>
+      <vulnerable range="lt">0.102.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ClamAV is a GPL virus scanner.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ClamAV. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could cause ClamAV to scan a specially crafted file,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.102.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15961">CVE-2019-15961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3123">CVE-2020-3123</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-19T20:43:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-19T20:46:54Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-47.xml b/metadata/glsa/glsa-202003-47.xml
new file mode 100644
index 000000000000..e127121e070f
--- /dev/null
+++ b/metadata/glsa/glsa-202003-47.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-47">
+  <title>Exim: Heap-based buffer overflow</title>
+  <synopsis>A vulnerability in Exim could allow a remote attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>2020-03-20</announced>
+  <revised count="1">2020-03-20</revised>
+  <bug>701282</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.92.3</unaffected>
+      <vulnerable range="lt">4.92.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Exim incorrectly handled certain string
+      operations.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, able to connect to a vulnerable Exim instance, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16928">CVE-2019-16928</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-20T18:44:44Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-20T18:48:39Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-48.xml b/metadata/glsa/glsa-202003-48.xml
new file mode 100644
index 000000000000..94ecb6b4e6ef
--- /dev/null
+++ b/metadata/glsa/glsa-202003-48.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-48">
+  <title>Node.js: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Node.js, worst of which
+    could allow remote attackers to write arbitrary files.
+  </synopsis>
+  <product type="ebuild">nodejs</product>
+  <announced>2020-03-20</announced>
+  <revised count="2">2020-03-20</revised>
+  <bug>658074</bug>
+  <bug>665656</bug>
+  <bug>672136</bug>
+  <bug>679132</bug>
+  <bug>702988</bug>
+  <bug>708458</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/nodejs" auto="yes" arch="*">
+      <unaffected range="rge">10.19.0</unaffected>
+      <unaffected range="rge">12.15.0</unaffected>
+      <vulnerable range="lt">12.15.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript
+      engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Node.js. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly write arbitrary files, cause a Denial
+      of Service condition or can conduct HTTP request splitting attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Node.js &lt;12.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/nodejs-10.19.0"
+    </code>
+    
+    <p>All Node.js 12.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/nodejs-12.15.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12115">CVE-2018-12115</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12116">CVE-2018-12116</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12121">CVE-2018-12121</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12122">CVE-2018-12122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12123">CVE-2018-12123</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7161">CVE-2018-7161</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7162">CVE-2018-7162</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7164">CVE-2018-7164</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7167">CVE-2018-7167</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15604">CVE-2019-15604</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15605">CVE-2019-15605</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15606">CVE-2019-15606</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-16777">CVE-2019-16777</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5737">CVE-2019-5737</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5739">CVE-2019-5739</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-20T04:40:01Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-03-20T20:50:31Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-49.xml b/metadata/glsa/glsa-202003-49.xml
new file mode 100644
index 000000000000..682453c993a0
--- /dev/null
+++ b/metadata/glsa/glsa-202003-49.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-49">
+  <title>BlueZ: Security bypass</title>
+  <synopsis>A vulnerability in BlueZ might allow remote attackers to bypass
+    security restrictions.
+  </synopsis>
+  <product type="ebuild">bluez</product>
+  <announced>2020-03-25</announced>
+  <revised count="1">2020-03-25</revised>
+  <bug>712292</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/bluez" auto="yes" arch="*">
+      <unaffected range="ge">5.54</unaffected>
+      <vulnerable range="lt">5.54</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Set of tools to manage Bluetooth devices for Linux.</p>
+  </background>
+  <description>
+    <p>It was discovered that the HID and HOGP profiles implementations in
+      BlueZ did not specifically require bonding between the device and the
+      host.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker with adjacent access could impersonate an existing HID
+      device, cause a Denial of Service condition or escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BlueZ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/bluez-5.54"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0556">CVE-2020-0556</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-25T15:19:08Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-25T15:33:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-50.xml b/metadata/glsa/glsa-202003-50.xml
new file mode 100644
index 000000000000..36ab084c78c9
--- /dev/null
+++ b/metadata/glsa/glsa-202003-50.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-50">
+  <title>Tor: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in Tor, the worst of which
+    could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2020-03-25</announced>
+  <revised count="1">2020-03-25</revised>
+  <bug>713238</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-vpn/tor" auto="yes" arch="*">
+      <unaffected range="rge">0.4.1.9</unaffected>
+      <unaffected range="rge">0.4.2.7</unaffected>
+      <vulnerable range="lt">0.4.2.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tor is an implementation of second generation Onion Routing, a
+      connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tor, and tor. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tor 0.4.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/tor-0.4.1.9"
+    </code>
+    
+    <p>All Tor 0.4.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/tor-0.4.2.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10592">CVE-2020-10592</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10593">CVE-2020-10593</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-25T15:44:11Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-25T15:54:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-51.xml b/metadata/glsa/glsa-202003-51.xml
new file mode 100644
index 000000000000..f8176070b409
--- /dev/null
+++ b/metadata/glsa/glsa-202003-51.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-51">
+  <title>WeeChat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WeeChat, the worst of
+    which could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">weechat</product>
+  <announced>2020-03-25</announced>
+  <revised count="1">2020-03-25</revised>
+  <bug>709452</bug>
+  <bug>714086</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/weechat" auto="yes" arch="*">
+      <unaffected range="ge">2.7.1</unaffected>
+      <vulnerable range="lt">2.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wee Enhanced Environment for Chat (WeeChat) is a light and extensible
+      console IRC client.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WeeChat. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker, by sending a specially crafted IRC message, could
+      possibly cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WeeChat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/weechat-2.7.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8955">CVE-2020-8955</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9759">CVE-2020-9759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9760">CVE-2020-9760</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-25T16:00:28Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-25T16:04:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-52.xml b/metadata/glsa/glsa-202003-52.xml
new file mode 100644
index 000000000000..aafebaff00af
--- /dev/null
+++ b/metadata/glsa/glsa-202003-52.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-52">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which could lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2020-03-25</announced>
+  <revised count="1">2020-03-25</revised>
+  <bug>664316</bug>
+  <bug>672140</bug>
+  <bug>686036</bug>
+  <bug>693558</bug>
+  <bug>702928</bug>
+  <bug>706144</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="rge">4.9.18</unaffected>
+      <unaffected range="rge">4.10.13</unaffected>
+      <unaffected range="rge">4.11.6</unaffected>
+      <vulnerable range="lt">4.11.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code, cause a Denial
+      of Service condition, conduct a man-in-the-middle attack, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba 4.9.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.9.18"
+    </code>
+    
+    <p>All Samba 4.10.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.10.13"
+    </code>
+    
+    <p>All Samba 4.11.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.11.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10858">CVE-2018-10858</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10918">CVE-2018-10918</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10919">CVE-2018-10919</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1139">CVE-2018-1139</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1140">CVE-2018-1140</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14629">CVE-2018-14629</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16841">CVE-2018-16841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16851">CVE-2018-16851</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16852">CVE-2018-16852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16853">CVE-2018-16853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16857">CVE-2018-16857</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16860">CVE-2018-16860</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10197">CVE-2019-10197</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14861">CVE-2019-14861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14870">CVE-2019-14870</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14902">CVE-2019-14902</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14907">CVE-2019-14907</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19344">CVE-2019-19344</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-25T16:20:13Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-25T16:34:04Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-53.xml b/metadata/glsa/glsa-202003-53.xml
new file mode 100644
index 000000000000..2f1a217d45c1
--- /dev/null
+++ b/metadata/glsa/glsa-202003-53.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-53">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-03-25</announced>
+  <revised count="1">2020-03-25</revised>
+  <bug>713282</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">80.0.3987.149</unaffected>
+      <vulnerable range="lt">80.0.3987.149</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">80.0.3987.149</unaffected>
+      <vulnerable range="lt">80.0.3987.149</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted HTML
+      or multimedia file using Chromium or Google Chrome, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-80.0.3987.149"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-80.0.3987.149"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6422">CVE-2020-6422</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6424">CVE-2020-6424</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6425">CVE-2020-6425</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6426">CVE-2020-6426</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6427">CVE-2020-6427</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6428">CVE-2020-6428</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6429">CVE-2020-6429</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6449">CVE-2020-6449</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-25T18:24:50Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-25T18:31:07Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-54.xml b/metadata/glsa/glsa-202003-54.xml
new file mode 100644
index 000000000000..0e12b029b92b
--- /dev/null
+++ b/metadata/glsa/glsa-202003-54.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-54">
+  <title>Pure-FTPd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Pure-FTPd, the worst of
+    which could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">pure-ftpd</product>
+  <announced>2020-03-25</announced>
+  <revised count="1">2020-03-25</revised>
+  <bug>711124</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/pure-ftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.0.49-r2</unaffected>
+      <vulnerable range="lt">1.0.49-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pure-FTPd is a fast, production-quality and standards-compliant FTP
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pure-FTPd. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could possibly cause a Denial of Service condition or
+      cause an information disclosure.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pure-FTPd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/pure-ftpd-1.0.49-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9274">CVE-2020-9274</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9365">CVE-2020-9365</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-25T18:52:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-25T18:58:54Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-55.xml b/metadata/glsa/glsa-202003-55.xml
new file mode 100644
index 000000000000..681f03815876
--- /dev/null
+++ b/metadata/glsa/glsa-202003-55.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-55">
+  <title>Zsh: Privilege escalation</title>
+  <synopsis>A vulnerability in Zsh might allow an attacker to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">zsh</product>
+  <announced>2020-03-25</announced>
+  <revised count="1">2020-03-25</revised>
+  <bug>711136</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-shells/zsh" auto="yes" arch="*">
+      <unaffected range="ge">5.8</unaffected>
+      <vulnerable range="lt">5.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A shell designed for interactive use, although it is also a powerful
+      scripting language.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Zsh was insecure dropping privileges when
+      unsetting PRIVILEGED option.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Zsh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/zsh-5.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20044">CVE-2019-20044</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-25T20:14:34Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-25T20:22:40Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-56.xml b/metadata/glsa/glsa-202003-56.xml
new file mode 100644
index 000000000000..8f25345155e7
--- /dev/null
+++ b/metadata/glsa/glsa-202003-56.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-56">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could allow for privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2020-03-25</announced>
+  <revised count="1">2020-03-25</revised>
+  <bug>686024</bug>
+  <bug>699048</bug>
+  <bug>699996</bug>
+  <bug>702644</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.12.0-r1</unaffected>
+      <vulnerable range="lt">4.12.0-r1</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.12.0-r1</unaffected>
+      <vulnerable range="lt">4.12.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could potentially gain privileges on the host system or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.12.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12126">CVE-2018-12126</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12127">CVE-2018-12127</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12130">CVE-2018-12130</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12207">CVE-2018-12207</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12207">CVE-2018-12207</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11091">CVE-2019-11091</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11135">CVE-2019-11135</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18420">CVE-2019-18420</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18421">CVE-2019-18421</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18423">CVE-2019-18423</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18424">CVE-2019-18424</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18425">CVE-2019-18425</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19577">CVE-2019-19577</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19578">CVE-2019-19578</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19580">CVE-2019-19580</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19581">CVE-2019-19581</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19582">CVE-2019-19582</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19583">CVE-2019-19583</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-25T20:41:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-25T20:45:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-57.xml b/metadata/glsa/glsa-202003-57.xml
new file mode 100644
index 000000000000..a2f96097945c
--- /dev/null
+++ b/metadata/glsa/glsa-202003-57.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-57">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could result in the execution of arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2020-03-26</announced>
+  <revised count="2">2020-04-23</revised>
+  <bug>671872</bug>
+  <bug>706168</bug>
+  <bug>710304</bug>
+  <bug>713484</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge" slot="7.2">7.2.29</unaffected>
+      <unaffected range="ge" slot="7.3">7.3.16</unaffected>
+      <unaffected range="ge" slot="7.4">7.4.4</unaffected>
+      <vulnerable range="lt" slot="7.2">7.2.29</vulnerable>
+      <vulnerable range="lt" slot="7.3">7.3.16</vulnerable>
+      <vulnerable range="lt" slot="7.4">7.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is an open source general-purpose scripting language that is
+      especially suited for web development.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly execute arbitrary shell commands, cause a
+      Denial of Service condition or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 7.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.2.29:7.2"
+    </code>
+    
+    <p>All PHP 7.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.3.16:7.3"
+    </code>
+    
+    <p>All PHP 7.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.4.4:7.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19518">CVE-2018-19518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7059">CVE-2020-7059</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7060">CVE-2020-7060</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7061">CVE-2020-7061</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7062">CVE-2020-7062</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7063">CVE-2020-7063</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7064">CVE-2020-7064</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7065">CVE-2020-7065</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7066">CVE-2020-7066</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-26T13:24:45Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-23T15:24:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-58.xml b/metadata/glsa/glsa-202003-58.xml
new file mode 100644
index 000000000000..7c15220be493
--- /dev/null
+++ b/metadata/glsa/glsa-202003-58.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-58">
+  <title>UnZip: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in UnZip, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">unzip</product>
+  <announced>2020-03-26</announced>
+  <revised count="1">2020-03-26</revised>
+  <bug>647008</bug>
+  <bug>691566</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/unzip" auto="yes" arch="*">
+      <unaffected range="ge">6.0_p25</unaffected>
+      <vulnerable range="lt">6.0_p25</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP
+      compressed files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in UnZip. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted ZIP
+      archive using UnZip, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All UnZip users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/unzip-6.0_p25"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000035">
+      CVE-2018-1000035
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13232">CVE-2019-13232</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-26T18:14:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-26T18:18:52Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-59.xml b/metadata/glsa/glsa-202003-59.xml
new file mode 100644
index 000000000000..b0f7f3f83180
--- /dev/null
+++ b/metadata/glsa/glsa-202003-59.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-59">
+  <title>libvpx: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in libvpx, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libvpx</product>
+  <announced>2020-03-26</announced>
+  <revised count="1">2020-03-26</revised>
+  <bug>701834</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libvpx" auto="yes" arch="*">
+      <unaffected range="rge">1.7.0-r1</unaffected>
+      <unaffected range="rge">1.8.1</unaffected>
+      <vulnerable range="lt">1.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvpx is the VP8 codec SDK used to encode and decode video streams,
+      typically within a WebM format media file.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libvpx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file, possibly resulting in the execution of arbitrary code with the
+      privileges of the user running the application, or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvpx 1.7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libvpx-1.7.0-r1"
+    </code>
+    
+    <p>All libvpx 1.8.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libvpx-1.8.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9232">CVE-2019-9232</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9325">CVE-2019-9325</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9371">CVE-2019-9371</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9433">CVE-2019-9433</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-26T18:33:42Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-26T18:39:39Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-60.xml b/metadata/glsa/glsa-202003-60.xml
new file mode 100644
index 000000000000..28bde54884a3
--- /dev/null
+++ b/metadata/glsa/glsa-202003-60.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-60">
+  <title>QtCore: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QtCore, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">qtcore</product>
+  <announced>2020-03-26</announced>
+  <revised count="1">2020-03-26</revised>
+  <bug>699226</bug>
+  <bug>707354</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-qt/qtcore" auto="yes" arch="*">
+      <unaffected range="rge">5.12.3-r2</unaffected>
+      <unaffected range="rge">5.13.2-r2</unaffected>
+      <vulnerable range="lt">5.13.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Qt toolkit is a comprehensive C++ application development framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QtCore. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QtCore 5.12.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtcore-5.12.3-r2"
+    </code>
+    
+    <p>All QtCore 5.13.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtcore-5.13.2-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18281">CVE-2019-18281</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0569">CVE-2020-0569</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0570">CVE-2020-0570</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-26T18:45:51Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-26T18:51:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-61.xml b/metadata/glsa/glsa-202003-61.xml
new file mode 100644
index 000000000000..be2b54a87dcf
--- /dev/null
+++ b/metadata/glsa/glsa-202003-61.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-61">
+  <title>Adobe Flash Player: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability in Adobe Flash Player might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2020-03-26</announced>
+  <revised count="1">2020-03-26</revised>
+  <bug>709728</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">32.0.0.330</unaffected>
+      <vulnerable range="lt">32.0.0.330</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>A critical type confusion vulnerability was discovered in Adobe Flash
+      Player.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-32.0.0.330"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3757">CVE-2020-3757</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-26T18:59:40Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-26T19:02:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-62.xml b/metadata/glsa/glsa-202003-62.xml
new file mode 100644
index 000000000000..659c68b6d685
--- /dev/null
+++ b/metadata/glsa/glsa-202003-62.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-62">
+  <title>GNU Screen: Buffer overflow</title>
+  <synopsis>A buffer overflow in GNU Screen might allow remote attackers to
+    corrupt memory.
+  </synopsis>
+  <product type="ebuild">screen</product>
+  <announced>2020-03-30</announced>
+  <revised count="1">2020-03-30</revised>
+  <bug>708460</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/screen" auto="yes" arch="*">
+      <unaffected range="ge">4.8.0</unaffected>
+      <vulnerable range="lt">4.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Screen is a full-screen window manager that multiplexes a physical
+      terminal between several processes, typically interactive shells.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow was found in the way GNU Screen treated the special
+      escape OSC 49.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by writing a specially crafted string of characters
+      to a GNU Screen window, could possibly corrupt memory or have other
+      unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Screen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/screen-4.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9366">CVE-2020-9366</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-30T05:50:23Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-03-30T14:41:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-63.xml b/metadata/glsa/glsa-202003-63.xml
new file mode 100644
index 000000000000..475b97bc2874
--- /dev/null
+++ b/metadata/glsa/glsa-202003-63.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-63">
+  <title>GNU IDN Library 2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GNU IDN Library 2, the
+    worst of which could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libidn2</product>
+  <announced>2020-03-30</announced>
+  <revised count="1">2020-03-30</revised>
+  <bug>697752</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-dns/libidn2" auto="yes" arch="*">
+      <unaffected range="ge">2.2.0</unaffected>
+      <vulnerable range="lt">2.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU IDN Library 2 is an implementation of the IDNA2008 + TR46
+      specifications (RFC 5890, RFC 5891, RFC 5892, RFC 5893, TR 46).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU IDN Library 2.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send specially crafted input, possibly resulting
+      in execution of arbitrary code with the privileges of the process,
+      impersonation of domains or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU IDN Library 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/libidn2-2.2.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12290">CVE-2019-12290</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18224">CVE-2019-18224</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-30T14:23:33Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-30T14:45:26Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-64.xml b/metadata/glsa/glsa-202003-64.xml
new file mode 100644
index 000000000000..1b7c239fd3ba
--- /dev/null
+++ b/metadata/glsa/glsa-202003-64.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-64">
+  <title>libxls: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libxls, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libxls</product>
+  <announced>2020-03-30</announced>
+  <revised count="1">2020-03-30</revised>
+  <bug>638336</bug>
+  <bug>674006</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libxls" auto="yes" arch="*">
+      <unaffected range="ge">1.5.2</unaffected>
+      <vulnerable range="lt">1.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxls is a C library for reading Excel files in the nasty old binary
+      OLE format, plus a command-line tool for converting XLS to CSV.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxls. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      Excel file using libxls, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxls users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxls-1.5.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12110">CVE-2017-12110</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12111">CVE-2017-12111</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2896">CVE-2017-2896</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2897">CVE-2017-2897</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2919">CVE-2017-2919</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20450">CVE-2018-20450</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20452">CVE-2018-20452</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-28T22:19:47Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-03-30T14:52:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-65.xml b/metadata/glsa/glsa-202003-65.xml
new file mode 100644
index 000000000000..2ca8be185357
--- /dev/null
+++ b/metadata/glsa/glsa-202003-65.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-65">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ffmpeg</product>
+  <announced>2020-03-30</announced>
+  <revised count="1">2020-03-30</revised>
+  <bug>660924</bug>
+  <bug>692418</bug>
+  <bug>711144</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0</unaffected>
+      <vulnerable range="ge">4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system using FFmpeg
+      to process a specially crafted file, resulting in the execution of
+      arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg 4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-4.2.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10001">CVE-2018-10001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6912">CVE-2018-6912</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7557">CVE-2018-7557</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7751">CVE-2018-7751</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9841">CVE-2018-9841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12730">CVE-2019-12730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13312">CVE-2019-13312</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13390">CVE-2019-13390</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17539">CVE-2019-17539</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17542">CVE-2019-17542</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-20T05:25:46Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-03-30T15:05:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202003-66.xml b/metadata/glsa/glsa-202003-66.xml
new file mode 100644
index 000000000000..d1f66e504218
--- /dev/null
+++ b/metadata/glsa/glsa-202003-66.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202003-66">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2020-03-30</announced>
+  <revised count="1">2020-03-30</revised>
+  <bug>709490</bug>
+  <bug>711334</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0-r2</unaffected>
+      <vulnerable range="lt">4.2.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-4.2.0-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13164">CVE-2019-13164</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8608">CVE-2020-8608</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-03-15T02:14:50Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-03-30T15:14:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-01.xml b/metadata/glsa/glsa-202004-01.xml
new file mode 100644
index 000000000000..a88cde25a8a9
--- /dev/null
+++ b/metadata/glsa/glsa-202004-01.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-01">
+  <title>HAProxy: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability in HAProxy might lead to remote execution of
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">haproxy</product>
+  <announced>2020-04-01</announced>
+  <revised count="1">2020-04-01</revised>
+  <bug>701842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/haproxy" auto="yes" arch="*">
+      <unaffected range="rge">1.8.23</unaffected>
+      <unaffected range="rge">1.9.13</unaffected>
+      <unaffected range="rge">2.0.10</unaffected>
+      <vulnerable range="lt">2.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>HAProxy is a TCP/HTTP reverse proxy for high availability environments.</p>
+  </background>
+  <description>
+    <p>It was discovered that HAProxy incorrectly handled certain HTTP/2
+      headers.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted HTTP/2 header, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All HAProxy 1.8.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-1.8.23"
+    </code>
+    
+    <p>All HAProxy 1.9.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-1.9.13"
+    </code>
+    
+    <p>All HAProxy 2.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-2.0.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19330">CVE-2019-19330</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-01T19:22:40Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-01T19:28:55Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-02.xml b/metadata/glsa/glsa-202004-02.xml
new file mode 100644
index 000000000000..479c9bbfe1f5
--- /dev/null
+++ b/metadata/glsa/glsa-202004-02.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-02">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
+    of which could allow an attacker to take control of VirtualBox.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2020-04-01</announced>
+  <revised count="2">2020-04-26</revised>
+  <bug>714064</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">5.2.36</unaffected>
+      <vulnerable range="lt">5.2.36</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
+      <unaffected range="ge">5.2.36</unaffected>
+      <vulnerable range="lt">5.2.36</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VirtualBox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could take control of VirtualBox resulting in the execution
+      of arbitrary code with the privileges of the process, a Denial of Service
+      condition, or other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VirtualBox 5.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-5.2.36"
+    </code>
+    
+    <p>All VirtualBox 6.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-6.0.16"
+    </code>
+    
+    <p>All VirtualBox 6.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-6.1.2"
+    </code>
+    
+    <p>All VirtualBox binary 5.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-5.2.36"
+    </code>
+    
+    <p>All VirtualBox binary 6.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-6.0.16"
+    </code>
+    
+    <p>All VirtualBox binary 6.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-6.1.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2926">CVE-2019-2926</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2944">CVE-2019-2944</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2984">CVE-2019-2984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3002">CVE-2019-3002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3005">CVE-2019-3005</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3017">CVE-2019-3017</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3021">CVE-2019-3021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3026">CVE-2019-3026</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3028">CVE-2019-3028</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3031">CVE-2019-3031</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2674">CVE-2020-2674</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2678">CVE-2020-2678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2681">CVE-2020-2681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2682">CVE-2020-2682</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2689">CVE-2020-2689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2690">CVE-2020-2690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2691">CVE-2020-2691</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2692">CVE-2020-2692</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2693">CVE-2020-2693</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2698">CVE-2020-2698</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2702">CVE-2020-2702</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2703">CVE-2020-2703</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2704">CVE-2020-2704</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2705">CVE-2020-2705</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2725">CVE-2020-2725</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2726">CVE-2020-2726</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2727">CVE-2020-2727</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-01T19:35:27Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-26T19:47:03Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-03.xml b/metadata/glsa/glsa-202004-03.xml
new file mode 100644
index 000000000000..66862b17b0e6
--- /dev/null
+++ b/metadata/glsa/glsa-202004-03.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-03">
+  <title>GPL Ghostscript: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
+    worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">ghostscript</product>
+  <announced>2020-04-01</announced>
+  <revised count="1">2020-04-01</revised>
+  <bug>676264</bug>
+  <bug>692106</bug>
+  <bug>693002</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">9.28_rc4</unaffected>
+      <vulnerable range="lt">9.28_rc4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file using GPL Ghostscript, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-text/ghostscript-gpl-9.28_rc4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10216">CVE-2019-10216</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14811">CVE-2019-14811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14812">CVE-2019-14812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14813">CVE-2019-14813</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14817">CVE-2019-14817</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3835">CVE-2019-3835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3838">CVE-2019-3838</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6116">CVE-2019-6116</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-01T19:47:46Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-01T19:50:31Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-04.xml b/metadata/glsa/glsa-202004-04.xml
new file mode 100644
index 000000000000..aae687ae7b93
--- /dev/null
+++ b/metadata/glsa/glsa-202004-04.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-04">
+  <title>Qt WebEngine: Arbitrary code execution</title>
+  <synopsis>A heap use-after-free flaw in Qt WebEngine at worst might allow an
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">qtwebengine</product>
+  <announced>2020-04-01</announced>
+  <revised count="1">2020-04-01</revised>
+  <bug>699328</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-qt/qtwebengine" auto="yes" arch="*">
+      <unaffected range="ge">5.14.1</unaffected>
+      <vulnerable range="lt">5.14.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library for rendering dynamic web content in Qt5 C++ and QML
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>A use-after-free vulnerability has been found in the audio component of
+      Qt WebEngine.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file in an application linked against Qt WebEngine, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Qt WebEngine users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtwebengine-5.14.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13720">CVE-2019-13720</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-01T19:59:12Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-01T20:04:23Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-05.xml b/metadata/glsa/glsa-202004-05.xml
new file mode 100644
index 000000000000..7b9d4af2f95b
--- /dev/null
+++ b/metadata/glsa/glsa-202004-05.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-05">
+  <title>ledger: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ledger, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ledger</product>
+  <announced>2020-04-01</announced>
+  <revised count="1">2020-04-01</revised>
+  <bug>627060</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-office/ledger" auto="yes" arch="*">
+      <unaffected range="ge">3.1.2</unaffected>
+      <vulnerable range="lt">3.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ledger is a powerful, double-entry accounting system that is accessed
+      from the UNIX command-line.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ledger. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file using ledger, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ledger users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/ledger-3.1.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12481">CVE-2017-12481</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12482">CVE-2017-12482</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2807">CVE-2017-2807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2808">CVE-2017-2808</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-01T20:22:30Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-01T20:25:33Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-06.xml b/metadata/glsa/glsa-202004-06.xml
new file mode 100644
index 000000000000..5e8ca1511cbf
--- /dev/null
+++ b/metadata/glsa/glsa-202004-06.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-06">
+  <title>GnuTLS: DTLS protocol regression</title>
+  <synopsis>A regression in GnuTLS breaks the security guarantees of the DTLS
+    protocol.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2020-04-02</announced>
+  <revised count="1">2020-04-02</revised>
+  <bug>715602</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">3.6.13</unaffected>
+      <vulnerable range="lt">3.6.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS and SSL protocols.</p>
+  </background>
+  <description>
+    <p>It was discovered that DTLS client did not contribute any randomness to
+      the DTLS negotiation.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced advisory for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-3.6.13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31">
+      GNUTLS-SA-2020-03-31
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-02T22:03:22Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-02T23:01:11Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-07.xml b/metadata/glsa/glsa-202004-07.xml
new file mode 100644
index 000000000000..bf1eb98a489f
--- /dev/null
+++ b/metadata/glsa/glsa-202004-07.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-07">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-04-04</announced>
+  <revised count="2">2020-04-17</revised>
+  <bug>716098</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.6.1</unaffected>
+      <vulnerable range="lt">68.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.6.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6819">CVE-2020-6819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6820">CVE-2020-6820</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/">
+      MFSA-2020-11
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-04T10:59:17Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-17T23:06:54Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-08.xml b/metadata/glsa/glsa-202004-08.xml
new file mode 100644
index 000000000000..fcb9f3e073ae
--- /dev/null
+++ b/metadata/glsa/glsa-202004-08.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-08">
+  <title>libssh: Denial of service</title>
+  <synopsis>A vulnerability in libssh could allow a remote attacker to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libssh</product>
+  <announced>2020-04-10</announced>
+  <revised count="1">2020-04-10</revised>
+  <bug>716788</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libssh" auto="yes" arch="*">
+      <unaffected range="ge">0.9.4</unaffected>
+      <vulnerable range="lt">0.9.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libssh is a multiplatform C library implementing the SSHv2 protocol on
+      client and server side.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that libssh could crash when AES-CTR ciphers are used.</p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker running a malicious client or server could possibly
+      crash the counterpart implemented with libssh and cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable AES-CTR ciphers. If you implement a server using libssh it is
+      recommended to use a prefork model so each session runs in an own
+      process.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All libssh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.9.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1730">CVE-2020-1730</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-10T21:38:04Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-10T21:45:49Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-09.xml b/metadata/glsa/glsa-202004-09.xml
new file mode 100644
index 000000000000..90297ed5e841
--- /dev/null
+++ b/metadata/glsa/glsa-202004-09.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-09">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">chrome,chromium</product>
+  <announced>2020-04-10</announced>
+  <revised count="1">2020-04-10</revised>
+  <bug>715720</bug>
+  <bug>716612</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">81.0.4044.92</unaffected>
+      <vulnerable range="lt">81.0.4044.92</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">81.0.4044.92</unaffected>
+      <vulnerable range="lt">81.0.4044.92</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted HTML
+      or multimedia file using Chromium or Google Chrome, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-81.0.4044.92"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-81.0.4044.92"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6423">CVE-2020-6423</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6430">CVE-2020-6430</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6431">CVE-2020-6431</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6432">CVE-2020-6432</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6433">CVE-2020-6433</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6434">CVE-2020-6434</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6435">CVE-2020-6435</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6436">CVE-2020-6436</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6437">CVE-2020-6437</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6438">CVE-2020-6438</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6439">CVE-2020-6439</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6440">CVE-2020-6440</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6441">CVE-2020-6441</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6442">CVE-2020-6442</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6443">CVE-2020-6443</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6444">CVE-2020-6444</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6445">CVE-2020-6445</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6446">CVE-2020-6446</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6447">CVE-2020-6447</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6448">CVE-2020-6448</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6450">CVE-2020-6450</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6451">CVE-2020-6451</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6452">CVE-2020-6452</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6454">CVE-2020-6454</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6455">CVE-2020-6455</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6456">CVE-2020-6456</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-10T21:58:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-10T22:01:27Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-10.xml b/metadata/glsa/glsa-202004-10.xml
new file mode 100644
index 000000000000..0ba5c017fafd
--- /dev/null
+++ b/metadata/glsa/glsa-202004-10.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-10">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in OpenSSL, the worst of which
+    could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2020-04-23</announced>
+  <revised count="1">2020-04-23</revised>
+  <bug>702176</bug>
+  <bug>717442</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1g</unaffected>
+      <vulnerable range="lt">1.1.1g</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well
+      as a general purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could perform a malicious crafted TLS 1.3 handshake
+      against an application using OpenSSL, possibly resulting in a Denial of
+      Service condition.
+    </p>
+    
+    <p>In addition, it’s feasible that an attacker might attack DH512.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.1.1g"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1551">CVE-2019-1551</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1967">CVE-2020-1967</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-23T14:05:13Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-23T14:18:55Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-11.xml b/metadata/glsa/glsa-202004-11.xml
new file mode 100644
index 000000000000..93f4d50ba835
--- /dev/null
+++ b/metadata/glsa/glsa-202004-11.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-11">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-04-23</announced>
+  <revised count="1">2020-04-23</revised>
+  <bug>716644</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.7.0</unaffected>
+      <vulnerable range="lt">68.7.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.7.0</unaffected>
+      <vulnerable range="lt">68.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process, an information leak or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.7.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.7.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6821">CVE-2020-6821</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6822">CVE-2020-6822</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6823">CVE-2020-6823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6824">CVE-2020-6824</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6825">CVE-2020-6825</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6826">CVE-2020-6826</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-16T06:32:49Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-04-23T14:28:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-12.xml b/metadata/glsa/glsa-202004-12.xml
new file mode 100644
index 000000000000..62bf7158b755
--- /dev/null
+++ b/metadata/glsa/glsa-202004-12.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-12">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-04-23</announced>
+  <revised count="1">2020-04-23</revised>
+  <bug>717652</bug>
+  <bug>718826</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">81.0.4044.122</unaffected>
+      <vulnerable range="lt">81.0.4044.122</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">81.0.4044.122</unaffected>
+      <vulnerable range="lt">81.0.4044.122</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted HTML
+      or multimedia file using Chromium or Google Chrome, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-81.0.4044.122"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-81.0.4044.122"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6457">CVE-2020-6457</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6458">CVE-2020-6458</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6459">CVE-2020-6459</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6460">CVE-2020-6460</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-23T14:33:31Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-23T14:36:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-13.xml b/metadata/glsa/glsa-202004-13.xml
new file mode 100644
index 000000000000..35827af3016e
--- /dev/null
+++ b/metadata/glsa/glsa-202004-13.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-13">
+  <title>Git: Information disclosure</title>
+  <synopsis>Multiple vulnerabilities have been found in Git which might all
+    allow attackers to access sensitive information.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2020-04-23</announced>
+  <revised count="1">2020-04-23</revised>
+  <bug>717156</bug>
+  <bug>718710</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="rge">2.23.3</unaffected>
+      <unaffected range="rge">2.24.3</unaffected>
+      <unaffected range="rge">2.25.4</unaffected>
+      <unaffected range="rge">2.26.2</unaffected>
+      <vulnerable range="lt">2.26.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Git. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker, by providing a specially crafted URL, could possibly
+      trick Git into returning credential information for a wrong host.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disabling credential helpers will prevent this vulnerability.</p>
+  </workaround>
+  <resolution>
+    <p>All Git 2.23.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.23.3"
+    </code>
+    
+    <p>All Git 2.24.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.24.3"
+    </code>
+    
+    <p>All Git 2.25.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.25.4"
+    </code>
+    
+    <p>All Git 2.26.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.26.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11008">CVE-2020-11008</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5260">CVE-2020-5260</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-23T14:48:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-23T15:16:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-14.xml b/metadata/glsa/glsa-202004-14.xml
new file mode 100644
index 000000000000..31b09f10f695
--- /dev/null
+++ b/metadata/glsa/glsa-202004-14.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-14">
+  <title>FontForge: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FontForge, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">fontforge</product>
+  <announced>2020-04-30</announced>
+  <revised count="1">2020-04-30</revised>
+  <bug>706778</bug>
+  <bug>715808</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-gfx/fontforge" auto="yes" arch="*">
+      <unaffected range="ge">20200314</unaffected>
+      <vulnerable range="lt">20200314</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FontForge is a PostScript font editor and converter.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FontForge. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted font
+      using FontForge, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FontForge users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/fontforge-20200314"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15785">CVE-2019-15785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5395">CVE-2020-5395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5496">CVE-2020-5496</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-01T20:32:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-30T23:00:58Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-15.xml b/metadata/glsa/glsa-202004-15.xml
new file mode 100644
index 000000000000..29b4a35af54b
--- /dev/null
+++ b/metadata/glsa/glsa-202004-15.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-15">
+  <title>libu2f-host: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libu2f-host, the worst
+    of which could result in the execution of code.
+  </synopsis>
+  <product type="ebuild">libu2f-host</product>
+  <announced>2020-04-30</announced>
+  <revised count="1">2020-04-30</revised>
+  <bug>678580</bug>
+  <bug>679724</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-crypt/libu2f-host" auto="yes" arch="*">
+      <unaffected range="ge">1.1.10</unaffected>
+      <vulnerable range="lt">1.1.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Yubico Universal 2nd Factor (U2F) Host C Library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libu2f-host. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to plug-in a malicious USB device,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libu2f-host users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/libu2f-host-1.1.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20340">CVE-2018-20340</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9578">CVE-2019-9578</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-16T07:16:39Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-04-30T23:12:17Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-16.xml b/metadata/glsa/glsa-202004-16.xml
new file mode 100644
index 000000000000..247dbbc2c38b
--- /dev/null
+++ b/metadata/glsa/glsa-202004-16.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-16">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2020-04-30</announced>
+  <revised count="1">2020-04-30</revised>
+  <bug>715166</bug>
+  <bug>716406</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">1.2.11</unaffected>
+      <vulnerable range="lt">1.2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-1.2.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8813">CVE-2020-8813</uri>
+    <uri link="https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11">
+      Cacti 1.2.11 Release Notes
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-08T05:48:28Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-04-30T23:18:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-17.xml b/metadata/glsa/glsa-202004-17.xml
new file mode 100644
index 000000000000..48d400b6927f
--- /dev/null
+++ b/metadata/glsa/glsa-202004-17.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-17">
+  <title>Django: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Django, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">django</product>
+  <announced>2020-04-30</announced>
+  <revised count="1">2020-04-30</revised>
+  <bug>692384</bug>
+  <bug>701744</bug>
+  <bug>706204</bug>
+  <bug>707998</bug>
+  <bug>711522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/django" auto="yes" arch="*">
+      <unaffected range="ge">2.2.11</unaffected>
+      <vulnerable range="lt">2.2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Django is a Python-based web framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Django. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending specially crafted input, could possibly
+      cause a Denial of Service condition, or alter the database.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Django users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-2.2.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12308">CVE-2019-12308</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14232">CVE-2019-14232</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14233">CVE-2019-14233</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14234">CVE-2019-14234</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14235">CVE-2019-14235</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19118">CVE-2019-19118</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19844">CVE-2019-19844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7471">CVE-2020-7471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9402">CVE-2020-9402</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-08T04:55:21Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-04-30T23:30:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-01.xml b/metadata/glsa/glsa-202005-01.xml
new file mode 100644
index 000000000000..3aab94ef2438
--- /dev/null
+++ b/metadata/glsa/glsa-202005-01.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-01">
+  <title>Long Range ZIP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Long Range ZIP, the
+    worst of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">lrzip</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>617930</bug>
+  <bug>624462</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/lrzip" auto="yes" arch="*">
+      <unaffected range="ge">0.631_p20190619</unaffected>
+      <vulnerable range="lt">0.631_p20190619</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Optimized for compressing large files</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Long Range ZIP. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive file possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Long Range ZIP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/lrzip-0.631_p20190619"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8842">CVE-2017-8842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8843">CVE-2017-8843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8844">CVE-2017-8844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8845">CVE-2017-8845</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8846">CVE-2017-8846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8847">CVE-2017-8847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9928">CVE-2017-9928</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9929">CVE-2017-9929</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-05T23:09:43Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:29:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-02.xml b/metadata/glsa/glsa-202005-02.xml
new file mode 100644
index 000000000000..10428dc5ea6c
--- /dev/null
+++ b/metadata/glsa/glsa-202005-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-02">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>716518</bug>
+  <bug>717154</bug>
+  <bug>717770</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0-r5</unaffected>
+      <vulnerable range="lt">4.2.0-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-4.2.0-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11102">CVE-2020-11102</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1711">CVE-2020-1711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7039">CVE-2020-7039</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-04T02:29:17Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:31:56Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-03.xml b/metadata/glsa/glsa-202005-03.xml
new file mode 100644
index 000000000000..0311ac6901f8
--- /dev/null
+++ b/metadata/glsa/glsa-202005-03.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-03">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>721324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.8.0</unaffected>
+      <vulnerable range="lt">68.8.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.8.0</unaffected>
+      <vulnerable range="lt">68.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code, cause a Denial
+      of Service condition or spoof sender email address.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.8.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12397">CVE-2020-12397</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/">
+      MFSA-2020-18
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-06T20:22:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:34:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-04.xml b/metadata/glsa/glsa-202005-04.xml
new file mode 100644
index 000000000000..d5c267fdd883
--- /dev/null
+++ b/metadata/glsa/glsa-202005-04.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-04">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>721090</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.8.0</unaffected>
+      <vulnerable range="lt">68.8.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.8.0</unaffected>
+      <vulnerable range="lt">68.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process, an information leak or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.8.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12394">CVE-2020-12394</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12396">CVE-2020-12396</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/">
+      MFSA-2020-17
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-06T14:48:10Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:36:01Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-05.xml b/metadata/glsa/glsa-202005-05.xml
new file mode 100644
index 000000000000..3e3855c771f2
--- /dev/null
+++ b/metadata/glsa/glsa-202005-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-05">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Squid, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>719046</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">4.11</unaffected>
+      <vulnerable range="lt">4.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squid is a full-featured Web proxy cache designed to run on Unix
+      systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+      as well as SSL support, cache hierarchies, transparent caching, access
+      control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Squid. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Squid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-4.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12519">CVE-2019-12519</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12521">CVE-2019-12521</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11945">CVE-2020-11945</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-04T11:10:13Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:40:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-06.xml b/metadata/glsa/glsa-202005-06.xml
new file mode 100644
index 000000000000..47af68376869
--- /dev/null
+++ b/metadata/glsa/glsa-202005-06.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-06">
+  <title>LIVE555 Media Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LIVE555 Media Server,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">live555</product>
+  <announced>2020-05-14</announced>
+  <revised count="1">2020-05-14</revised>
+  <bug>669276</bug>
+  <bug>677276</bug>
+  <bug>717722</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-plugins/live" auto="yes" arch="*">
+      <unaffected range="ge">2020.03.06</unaffected>
+      <vulnerable range="lt">2020.03.06</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LIVE555 Media Server is a set of libraries for multimedia streaming.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LIVE555 Media Server.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LIVE555 Media Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-plugins/live-2020.03.06"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4013">CVE-2018-4013</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15232">CVE-2019-15232</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6256">CVE-2019-6256</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7314">CVE-2019-7314</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7733">CVE-2019-7733</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9215">CVE-2019-9215</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-04T11:34:40Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-14T22:04:59Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-07.xml b/metadata/glsa/glsa-202005-07.xml
new file mode 100644
index 000000000000..e62478b0c37c
--- /dev/null
+++ b/metadata/glsa/glsa-202005-07.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-07">
+  <title>FreeRDP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeRDP, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">freerdp</product>
+  <announced>2020-05-14</announced>
+  <revised count="1">2020-05-14</revised>
+  <bug>716830</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/freerdp" auto="yes" arch="*">
+      <unaffected range="ge">2.1.0</unaffected>
+      <vulnerable range="lt">2.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeRDP is a free implementation of the Remote Desktop Protocol.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeRDP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeRDP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/freerdp-2.1.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17177">CVE-2019-17177</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11521">CVE-2020-11521</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11522">CVE-2020-11522</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11523">CVE-2020-11523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11524">CVE-2020-11524</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11525">CVE-2020-11525</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11526">CVE-2020-11526</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-04T02:51:48Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-14T22:10:55Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-08.xml b/metadata/glsa/glsa-202005-08.xml
new file mode 100644
index 000000000000..3e9aa4a0b5cf
--- /dev/null
+++ b/metadata/glsa/glsa-202005-08.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-08">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could allow privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2020-05-14</announced>
+  <revised count="2">2020-05-15</revised>
+  <bug>717446</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.12.2-r2</unaffected>
+      <vulnerable range="lt">4.12.2-r2</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.12.2-r1</unaffected>
+      <vulnerable range="lt">4.12.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.12.2-r2"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.12.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11739">CVE-2020-11739</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11740">CVE-2020-11740</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11741">CVE-2020-11741</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11742">CVE-2020-11742</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11743">CVE-2020-11743</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-04T11:20:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-15T12:42:31Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-09.xml b/metadata/glsa/glsa-202005-09.xml
new file mode 100644
index 000000000000..7b7322c0b6f5
--- /dev/null
+++ b/metadata/glsa/glsa-202005-09.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-09">
+  <title>Python: Denial of service</title>
+  <synopsis>A vulnerability in Python could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2020-05-14</announced>
+  <revised count="2">2020-10-18</revised>
+  <bug>707822</bug>
+  <bug>741502</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.18-r2</unaffected>
+      <unaffected range="ge" slot="3.6">3.6.10-r2</unaffected>
+      <unaffected range="ge" slot="3.7">3.7.7-r2</unaffected>
+      <unaffected range="ge" slot="3.8">3.8.2-r2</unaffected>
+      <vulnerable range="lt" slot="2.7">2.7.18-r2</vulnerable>
+      <vulnerable range="lt" slot="3.6">3.6.10-r2</vulnerable>
+      <vulnerable range="lt" slot="3.7">3.7.7-r2</vulnerable>
+      <vulnerable range="lt" slot="3.8">3.8.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>An issue was discovered in urllib.request.AbstractBasicAuthHandler which
+      allowed a remote attacker to send malicious data causing extensive
+      regular expression backtracking.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18-r2:2.7"
+    </code>
+    
+    <p>All Python 3.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.6.10-r2:3.6"
+    </code>
+    
+    <p>All Python 3.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.7.7-r2:3.7"
+    </code>
+    
+    <p>All Python 3.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.8.2-r2:3.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8492">CVE-2020-8492</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-07T23:04:03Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-18T00:59:06Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-10.xml b/metadata/glsa/glsa-202005-10.xml
new file mode 100644
index 000000000000..67732b5149b0
--- /dev/null
+++ b/metadata/glsa/glsa-202005-10.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-10">
+  <title>libmicrodns: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libmicrodns, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libmicrodns</product>
+  <announced>2020-05-14</announced>
+  <revised count="1">2020-05-14</revised>
+  <bug>714606</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libmicrodns" auto="yes" arch="*">
+      <unaffected range="ge">0.1.2</unaffected>
+      <vulnerable range="lt">0.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libmicrodns is an mDNS library, focused on being simple and
+      cross-platform.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libmicrodns. Please
+      review the CVE identifiers and the upstream advisory referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libmicrodns users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libmicrodns-0.1.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6071">CVE-2020-6071</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6072">CVE-2020-6072</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6073">CVE-2020-6073</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6077">CVE-2020-6077</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6078">CVE-2020-6078</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6079">CVE-2020-6079</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6080">CVE-2020-6080</uri>
+    <uri link="https://www.videolan.org/security/sb-vlc309.html">
+      VideoLAN-SB-VLC-309
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-13T00:35:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-14T22:21:44Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-11.xml b/metadata/glsa/glsa-202005-11.xml
new file mode 100644
index 000000000000..226bfcdfbd19
--- /dev/null
+++ b/metadata/glsa/glsa-202005-11.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-11">
+  <title>VLC: Buffer overflow</title>
+  <synopsis>A buffer overflow in VLC might allow local or remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2020-05-14</announced>
+  <revised count="1">2020-05-14</revised>
+  <bug>721940</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.10</unaffected>
+      <vulnerable range="lt">3.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>A buffer overflow in DecodeBlock in sdl_image.c was discovered.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote user could craft a specifically crafted image file that could
+      execute arbitrary code or cause denial of service.
+    </p>
+  </impact>
+  <workaround>
+    <p>The user should refrain from opening files from untrusted third parties
+      or accessing untrusted remote sites (or disable the VLC browser plugins),
+      until they upgrade.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19721">CVE-2019-19721</uri>
+    <uri link="https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b">
+      Upstream patch
+    </uri>
+    <uri link="https://www.videolan.org/security/sb-vlc309.html">
+      VideoLAN-SB-VLC-309
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-12T16:12:42Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-14T22:24:24Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-12.xml b/metadata/glsa/glsa-202005-12.xml
new file mode 100644
index 000000000000..d13126864e2d
--- /dev/null
+++ b/metadata/glsa/glsa-202005-12.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-12">
+  <title>OpenSLP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSLP, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openslp</product>
+  <announced>2020-05-14</announced>
+  <revised count="2">2020-05-14</revised>
+  <bug>662878</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openslp" auto="yes" arch="*">
+      <vulnerable range="le">2.0.0-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSLP is an open-source implementation of Service Location Protocol
+      (SLP).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSLP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for OpenSLP. We recommend that users
+      unmerge OpenSLP:
+      <code>
+        # emerge --unmerge "net-libs/openslp"
+      </code>
+      
+      <p>NOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued
+        support at this time. It may be possible that a new Gentoo developer
+        will update OpenSLP at a later date. No known alternatives to OpenSLP
+        are in the tree at this time.
+      </p>
+    </p>
+    </resolution>
+    <references>
+      <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17833">
+        CVE-2017-17833
+      </uri>
+      <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5544">CVE-2019-5544</uri>
+    </references>
+    <metadata tag="requester" timestamp="2020-05-13T01:13:11Z">sam_c</metadata>
+    <metadata tag="submitter" timestamp="2020-05-14T22:31:01Z">sam_c</metadata>
+  </glsa>
diff --git a/metadata/glsa/glsa-202005-13.xml b/metadata/glsa/glsa-202005-13.xml
new file mode 100644
index 000000000000..bbaac528c32a
--- /dev/null
+++ b/metadata/glsa/glsa-202005-13.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-13">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>2020-05-14</announced>
+  <revised count="1">2020-05-14</revised>
+  <bug>719902</bug>
+  <bug>721310</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">81.0.4044.138</unaffected>
+      <vulnerable range="lt">81.0.4044.138</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">81.0.4044.138</unaffected>
+      <vulnerable range="lt">81.0.4044.138</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-81.0.4044.138"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-81.0.4044.138"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6461">CVE-2020-6461</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6462">CVE-2020-6462</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6464">CVE-2020-6464</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html">
+      Release notes (81.0.4044.129)
+    </uri>
+    <uri link="https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html">
+      Release notes (81.0.4044.138)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-13T00:58:25Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-14T22:35:22Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-01.xml b/metadata/glsa/glsa-202006-01.xml
new file mode 100644
index 000000000000..e8768cba05db
--- /dev/null
+++ b/metadata/glsa/glsa-202006-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-01">
+  <title>GnuTLS: Information disclosure</title>
+  <synopsis>An information disclosure vulnerability in GnuTLS allow remote
+    attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2020-06-09</announced>
+  <revised count="1">2020-06-09</revised>
+  <bug>727108</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">3.6.14</unaffected>
+      <vulnerable range="lt">3.6.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS and SSL protocols.</p>
+  </background>
+  <description>
+    <p>A flaw was reported in the TLS session ticket key construction in
+      GnuTLS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could recover previous conversations in TLS 1.2 and
+      obtain sensitive information or conduct a man-in-the-middle attack to
+      bypass authentication in TLS 1.3.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS user should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-3.6.14"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13777">CVE-2020-13777</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-05T15:47:41Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-09T14:41:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-02.xml b/metadata/glsa/glsa-202006-02.xml
new file mode 100644
index 000000000000..663d9d9029ec
--- /dev/null
+++ b/metadata/glsa/glsa-202006-02.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-02">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-06-10</announced>
+  <revised count="3">2020-06-13</revised>
+  <bug>724008</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">83.0.4103.97</unaffected>
+      <vulnerable range="lt">83.0.4103.97</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">83.0.4103.97</unaffected>
+      <vulnerable range="lt">83.0.4103.97</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-83.0.4103.97"
+    </code>
+    
+    <p>All google-chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-83.0.4103.97"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6465">CVE-2020-6465</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6466">CVE-2020-6466</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6467">CVE-2020-6467</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6468">CVE-2020-6468</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6469">CVE-2020-6469</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6470">CVE-2020-6470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6471">CVE-2020-6471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6472">CVE-2020-6472</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6473">CVE-2020-6473</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6474">CVE-2020-6474</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6475">CVE-2020-6475</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6476">CVE-2020-6476</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6477">CVE-2020-6477</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6478">CVE-2020-6478</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6479">CVE-2020-6479</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6480">CVE-2020-6480</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6481">CVE-2020-6481</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6482">CVE-2020-6482</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6483">CVE-2020-6483</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6484">CVE-2020-6484</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6485">CVE-2020-6485</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6486">CVE-2020-6486</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6487">CVE-2020-6487</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6488">CVE-2020-6488</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6489">CVE-2020-6489</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6490">CVE-2020-6490</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6491">CVE-2020-6491</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6493">CVE-2020-6493</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6494">CVE-2020-6494</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6495">CVE-2020-6495</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6496">CVE-2020-6496</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-04T09:55:12Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T00:59:41Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-03.xml b/metadata/glsa/glsa-202006-03.xml
new file mode 100644
index 000000000000..06c72762cc9c
--- /dev/null
+++ b/metadata/glsa/glsa-202006-03.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-03">
+  <title>Perl: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Perl, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2020-06-12</announced>
+  <revised count="1">2020-06-12</revised>
+  <bug>723792</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.30.3</unaffected>
+      <vulnerable range="lt">5.30.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Perl is a highly capable, feature-rich programming language.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Perl. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.30.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10543">CVE-2020-10543</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10878">CVE-2020-10878</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12723">CVE-2020-12723</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-09T02:23:58Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-12T04:18:23Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-04.xml b/metadata/glsa/glsa-202006-04.xml
new file mode 100644
index 000000000000..39cb805aee7a
--- /dev/null
+++ b/metadata/glsa/glsa-202006-04.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-04">
+  <title>glibc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in glibc, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2020-06-13</announced>
+  <revised count="1">2020-06-13</revised>
+  <bug>677272</bug>
+  <bug>679044</bug>
+  <bug>711558</bug>
+  <bug>717938</bug>
+  <bug>719472</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.30-r8</unaffected>
+      <vulnerable range="lt">2.30-r8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>glibc is a package that contains the GNU C library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in glibc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All glibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.30-r8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6488">CVE-2019-6488</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7309">CVE-2019-7309</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9169">CVE-2019-9169</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10029">CVE-2020-10029</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1751">CVE-2020-1751</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T01:05:58Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:03:27Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-05.xml b/metadata/glsa/glsa-202006-05.xml
new file mode 100644
index 000000000000..8e2d321a301c
--- /dev/null
+++ b/metadata/glsa/glsa-202006-05.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-05">
+  <title>Nokogiri: Command injection</title>
+  <synopsis>Nokogiri has a vulnerability allowing arbitrary execution of code
+    if a certain function is used.
+  </synopsis>
+  <product type="ebuild">Nokogiri</product>
+  <announced>2020-06-13</announced>
+  <revised count="1">2020-06-13</revised>
+  <bug>691974</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/nokogiri" auto="yes" arch="*">
+      <unaffected range="ge">1.10.4</unaffected>
+      <vulnerable range="lt">1.10.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nokogiri is an HTML, XML, SAX, and Reader parser.</p>
+  </background>
+  <description>
+    <p>A command injection vulnerability in Nokogiri allows commands to be
+      executed in a subprocess by Ruby’s Kernel.open method. Processes are
+      vulnerable only if the undocumented method
+      Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>Avoid calling the undocumented method Nokogiri::CSS::Tokenizer#load_file
+      with untrusted user input.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Nokogiri users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/nokogiri-1.10.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5477">CVE-2019-5477</uri>
+    <uri link="https://github.com/sparklemotion/nokogiri/issues/1915">Upstream
+      bug
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T01:52:12Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:06:32Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-06.xml b/metadata/glsa/glsa-202006-06.xml
new file mode 100644
index 000000000000..132e827b53ec
--- /dev/null
+++ b/metadata/glsa/glsa-202006-06.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-06">
+  <title>ssvnc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ssvnc, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ssvnc</product>
+  <announced>2020-06-13</announced>
+  <revised count="1">2020-06-13</revised>
+  <bug>701820</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ssvnc" auto="yes" arch="*">
+      <vulnerable range="le">1.0.29-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC
+      connections.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ssvnc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for ssvnc. We recommend that users
+      unmerge ssvnc:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-misc/ssvnc"
+    </code>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining ssvnc have discontinued
+      support at this time. It may be possible that a new Gentoo developer will
+      update ssvnc at a later date. An alternative may be a manual SSH tunnel.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20020">CVE-2018-20020</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20021">CVE-2018-20021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20022">CVE-2018-20022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20024">CVE-2018-20024</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-24T17:26:39Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:09:16Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-07.xml b/metadata/glsa/glsa-202006-07.xml
new file mode 100644
index 000000000000..9d5ea5d25600
--- /dev/null
+++ b/metadata/glsa/glsa-202006-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-07">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-06-13</announced>
+  <revised count="2">2020-06-13</revised>
+  <bug>726844</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.9.0</unaffected>
+      <vulnerable range="lt">68.9.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.9.0</unaffected>
+      <vulnerable range="lt">68.9.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.9.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.9.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12405">CVE-2020-12405</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12406">CVE-2020-12406</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12407">CVE-2020-12407</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12408">CVE-2020-12408</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12409">CVE-2020-12409</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12410">CVE-2020-12410</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12411">CVE-2020-12411</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-04T09:53:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:14:36Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-08.xml b/metadata/glsa/glsa-202006-08.xml
new file mode 100644
index 000000000000..e6a391fc9c30
--- /dev/null
+++ b/metadata/glsa/glsa-202006-08.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-08">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkitgtk+</product>
+  <announced>2020-06-13</announced>
+  <revised count="1">2020-06-13</revised>
+  <bug>712260</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.28.2</unaffected>
+      <vulnerable range="lt">2.28.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.28.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10018">CVE-2020-10018</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10018">CVE-2020-10018</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11793">CVE-2020-11793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11793">CVE-2020-11793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3885">CVE-2020-3885</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3894">CVE-2020-3894</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3895">CVE-2020-3895</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3897">CVE-2020-3897</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3899">CVE-2020-3899</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3900">CVE-2020-3900</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3901">CVE-2020-3901</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3902">CVE-2020-3902</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-14T21:48:07Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:41:16Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-09.xml b/metadata/glsa/glsa-202006-09.xml
new file mode 100644
index 000000000000..8943a422203f
--- /dev/null
+++ b/metadata/glsa/glsa-202006-09.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-09">
+  <title>Adobe Flash Player: Arbitrary code execution</title>
+  <synopsis>A flaw in Adobe Flash Player may allow local or remote attacker(s)
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2020-06-13</announced>
+  <revised count="1">2020-06-13</revised>
+  <bug>727812</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">32.0.0.387</unaffected>
+      <vulnerable range="lt">32.0.0.387</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>An unspecified flaw has been discovered in Adobe Flash Player.</p>
+  </description>
+  <impact type="normal">
+    <p>This flaw can be exploited by attackers for remote code execution.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-32.0.0.387"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9633">CVE-2020-9633</uri>
+    <uri link="https://helpx.adobe.com/security/products/flash-player/apsb20-30.html">
+      Upstream advisory (APSB20-30)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-11T00:59:03Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:44:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-10.xml b/metadata/glsa/glsa-202006-10.xml
new file mode 100644
index 000000000000..0291e53cf3e5
--- /dev/null
+++ b/metadata/glsa/glsa-202006-10.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-10">
+  <title>GNU Readline: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GNU Readline, the worst
+    of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">readline</product>
+  <announced>2020-06-13</announced>
+  <revised count="1">2020-06-13</revised>
+  <bug>717924</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/readline" auto="yes" arch="*">
+      <unaffected range="ge">8.0</unaffected>
+      <vulnerable range="lt">8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Readline library provides a set of functions for use by
+      applications that allow users to edit command lines as they are typed in.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GNU Readline. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Readline users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/readline-8.0"
+    </code>
+    
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-21T23:21:08Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:47:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-11.xml b/metadata/glsa/glsa-202006-11.xml
new file mode 100644
index 000000000000..39a9974e3ffd
--- /dev/null
+++ b/metadata/glsa/glsa-202006-11.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-11">
+  <title>Ansible: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Ansible, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ansible</product>
+  <announced>2020-06-13</announced>
+  <revised count="1">2020-06-13</revised>
+  <bug>711974</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/ansible" auto="yes" arch="*">
+      <unaffected range="ge">2.9.7</unaffected>
+      <vulnerable range="lt">2.9.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ansible is a radically simple IT automation platform.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ansible. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ansible users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/ansible-2.9.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10684">CVE-2020-10684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10685">CVE-2020-10685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1733">CVE-2020-1733</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1735">CVE-2020-1735</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1736">CVE-2020-1736</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1737">CVE-2020-1737</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1738">CVE-2020-1738</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1740">CVE-2020-1740</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1753">CVE-2020-1753</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-15T14:41:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:49:30Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-12.xml b/metadata/glsa/glsa-202006-12.xml
new file mode 100644
index 000000000000..d55a1902c21c
--- /dev/null
+++ b/metadata/glsa/glsa-202006-12.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-12">
+  <title>GNU Mailutils: Privilege escalation</title>
+  <synopsis>A vulnerability has been found in GNU Mailutils allowing privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">mailutils</product>
+  <announced>2020-06-13</announced>
+  <revised count="1">2020-06-13</revised>
+  <bug>700806</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-mail/mailutils" auto="yes" arch="*">
+      <unaffected range="ge">3.8</unaffected>
+      <vulnerable range="lt">3.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Mailutils are a collection of mail-related utilities, including
+      an IMAP4 server (imap4d).
+    </p>
+  </background>
+  <description>
+    <p>GNU Mailutils runs maidag by default with setuid root permissions.</p>
+  </description>
+  <impact type="high">
+    <p>An attacker can use this to write to arbitrary files as root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Mailutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/mailutils-3.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18862">CVE-2019-18862</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-12T21:52:25Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-13T01:51:38Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-13.xml b/metadata/glsa/glsa-202006-13.xml
new file mode 100644
index 000000000000..42eeba52e22f
--- /dev/null
+++ b/metadata/glsa/glsa-202006-13.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-13">
+  <title>json-c: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in json-c, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">json-c</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>722150</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/json-c" auto="yes" arch="*">
+      <unaffected range="ge">0.14-r3</unaffected>
+      <vulnerable range="lt">0.14-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>json-c is a JSON implementation in C.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in json-c. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote/local attacker could send a specially crafted file possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All json-c users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/json-c-0.14-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12762">CVE-2020-12762</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-20T15:54:46Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:44:00Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-14.xml b/metadata/glsa/glsa-202006-14.xml
new file mode 100644
index 000000000000..46fb4e114549
--- /dev/null
+++ b/metadata/glsa/glsa-202006-14.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-14">
+  <title>PEAR Archive_Tar: Remote code execution vulnerability</title>
+  <synopsis>A buffer overflow in the PEAR module Archive_Tar might allow local
+    or remote attacker(s) to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">archive_tar</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>675576</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-php/PEAR-Archive_Tar" auto="yes" arch="*">
+      <unaffected range="ge">1.4.5</unaffected>
+      <vulnerable range="lt">1.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>This class provides handling of tar files in PHP.</p>
+  </background>
+  <description>
+    <p>An issue was discovered in the PEAR module Archive_Tar’s handling of
+      file paths within Tar achives.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local or remote attacker could possibly execute arbitrary code with
+      the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>Avoid handling untrusted Tar files with this package until you have
+      upgraded to a non-vulnerable version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All PEAR-Archive_Tar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-Archive_Tar-1.4.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000888">
+      CVE-2018-1000888
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T00:11:26Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:46:02Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-15.xml b/metadata/glsa/glsa-202006-15.xml
new file mode 100644
index 000000000000..9fbb52de8eb4
--- /dev/null
+++ b/metadata/glsa/glsa-202006-15.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-15">
+  <title>OpenConnect: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenConnect, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openconnect</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>719108</bug>
+  <bug>722740</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-vpn/openconnect" auto="yes" arch="*">
+      <unaffected range="ge">8.09-r1</unaffected>
+      <vulnerable range="lt">8.09-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenConnect is a free client for Cisco AnyConnect SSL VPN software.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenConnect. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenConnect users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/openconnect-8.09-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12105">CVE-2020-12105</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12823">CVE-2020-12823</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-23T13:25:13Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:47:01Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-16.xml b/metadata/glsa/glsa-202006-16.xml
new file mode 100644
index 000000000000..a652c18c2802
--- /dev/null
+++ b/metadata/glsa/glsa-202006-16.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-16">
+  <title>PCRE2: Denial of service</title>
+  <synopsis>A vulnerability in PCRE2 could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">pcre2</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>717800</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/pcre2" auto="yes" arch="*">
+      <unaffected range="ge">10.34</unaffected>
+      <vulnerable range="lt">10.34</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PCRE2 is a project based on PCRE (Perl Compatible Regular Expressions)
+      which has a new and revised API.
+    </p>
+  </background>
+  <description>
+    <p>PCRE2 has a flaw when handling JIT-compiled regex using the \X pattern.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCRE2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/pcre2-10.34"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20454">CVE-2019-20454</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-12T14:41:37Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:48:59Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-17.xml b/metadata/glsa/glsa-202006-17.xml
new file mode 100644
index 000000000000..95c9c6dd1af0
--- /dev/null
+++ b/metadata/glsa/glsa-202006-17.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-17">
+  <title>FAAD2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FAAD2, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">faad2</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>695540</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/faad2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.0</unaffected>
+      <vulnerable range="lt">2.9.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FAAD2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FAAD2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/faad2-2.9.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19502">CVE-2018-19502</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19503">CVE-2018-19503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19504">CVE-2018-19504</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20194">CVE-2018-20194</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20195">CVE-2018-20195</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20196">CVE-2018-20196</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20197">CVE-2018-20197</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20198">CVE-2018-20198</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20199">CVE-2018-20199</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20357">CVE-2018-20357</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20358">CVE-2018-20358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20359">CVE-2018-20359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20360">CVE-2018-20360</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20361">CVE-2018-20361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20362">CVE-2018-20362</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15296">CVE-2019-15296</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6956">CVE-2019-6956</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T01:42:00Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:50:03Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-18.xml b/metadata/glsa/glsa-202006-18.xml
new file mode 100644
index 000000000000..ad77d145a25c
--- /dev/null
+++ b/metadata/glsa/glsa-202006-18.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-18">
+  <title>Bubblewrap: Arbitrary code execution</title>
+  <synopsis>Bubblewrap misuses temporary directories allowing local code
+    execution.
+  </synopsis>
+  <product type="ebuild">bubblerwrap</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>686114</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/bubblewrap" auto="yes" arch="*">
+      <unaffected range="ge">0.4.1</unaffected>
+      <vulnerable range="lt">0.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bubblewrap is an unprivileged sandboxing tool namespaces-powered
+      chroot-like solution.
+    </p>
+  </background>
+  <description>
+    <p>Bubblewrap misuses temporary directories in /tmp as a mount point.</p>
+  </description>
+  <impact type="normal">
+    <p>This flaw may allow possible execution of code or prevention of running
+      Bubblewrap.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bubblewrap users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/bubblewrap-0.4.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12439">CVE-2019-12439</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-25T21:13:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:51:19Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-19.xml b/metadata/glsa/glsa-202006-19.xml
new file mode 100644
index 000000000000..4f2140b8c1a2
--- /dev/null
+++ b/metadata/glsa/glsa-202006-19.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-19">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>727118</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.9.0</unaffected>
+      <vulnerable range="lt">68.9.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.9.0</unaffected>
+      <vulnerable range="lt">68.9.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.9.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.9.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12398">CVE-2020-12398</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12405">CVE-2020-12405</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12406">CVE-2020-12406</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12410">CVE-2020-12410</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/">
+      MFSA-2020-22
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-04T22:44:05Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:52:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-20.xml b/metadata/glsa/glsa-202006-20.xml
new file mode 100644
index 000000000000..690bfee258f4
--- /dev/null
+++ b/metadata/glsa/glsa-202006-20.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-20">
+  <title>Asterisk: Root privilege escalation</title>
+  <synopsis>A vulnerability was discovered in Asterisk which may allow local
+    attackers to gain root privileges. 
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>602722</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">13.32.0-r1</unaffected>
+      <vulnerable range="lt">13.32.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A Modular Open Source PBX System.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s Asterisk ebuild does not properly set
+      permissions on its data directories. This only affects OpenRC systems, as
+      the flaw was exploitable via the init script.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>Users should ensure the proper permissions are set as discussed in the
+      referenced bugs. Do not run /etc/init.d/asterisk checkperms.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-13.32.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-15T11:13:35Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:53:36Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-21.xml b/metadata/glsa/glsa-202006-21.xml
new file mode 100644
index 000000000000..ac2c137808f1
--- /dev/null
+++ b/metadata/glsa/glsa-202006-21.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-21">
+  <title>Apache Tomcat: Remote code execution</title>
+  <synopsis>A vulnerability has been discovered in Apache Tomcat which could
+    result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>724344</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge" slot="7">7.0.104</unaffected>
+      <unaffected range="ge" slot="8.5">8.5.55</unaffected>
+      <vulnerable range="lt" slot="7">7.0.104</vulnerable>
+      <vulnerable range="lt" slot="8.5">8.5.55</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+  </background>
+  <description>
+    <p>Apache Tomcat improperly handles deserialization of files under specific
+      circumstances.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Tomcat 7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-7.0.104"
+    </code>
+    
+    <p>All Apache Tomcat 8.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-8.5.55"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9484">CVE-2020-9484</uri>
+    <uri link="https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104">
+      Upstream advisory (7)
+    </uri>
+    <uri link="https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55">
+      Upstream advisory (8.5)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-25T12:42:10Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:55:34Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-22.xml b/metadata/glsa/glsa-202006-22.xml
new file mode 100644
index 000000000000..82046e4ece12
--- /dev/null
+++ b/metadata/glsa/glsa-202006-22.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-22">
+  <title>OpenJDK, IcedTea: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJDK and IcedTea,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">icedtea</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>718720</bug>
+  <bug>720690</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/openjdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">8.252_p09</unaffected>
+      <vulnerable range="lt">8.252_p09</vulnerable>
+    </package>
+    <package name="dev-java/openjdk-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">8.252_p09</unaffected>
+      <vulnerable range="lt">8.252_p09</vulnerable>
+    </package>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge">3.16.0</unaffected>
+      <vulnerable range="lt">3.16.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJDK is a free and open-source implementation of the Java Platform,
+      Standard Edition.
+    </p>
+    
+    <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy
+      configuration, compilation and distribution with the primary goal of
+      allowing inclusion in GNU/Linux distributions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJDK and IcedTea.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJDK binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-bin-8.252_p09"
+    </code>
+    
+    <p>All OpenJDK JRE binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/openjdk-jre-bin-8.252_p09"
+    </code>
+    
+    <p>All IcedTea binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-3.16.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2585">CVE-2020-2585</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2585">CVE-2020-2585</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2755">CVE-2020-2755</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2755">CVE-2020-2755</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2756">CVE-2020-2756</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2756">CVE-2020-2756</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2757">CVE-2020-2757</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2757">CVE-2020-2757</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2773">CVE-2020-2773</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2773">CVE-2020-2773</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2781">CVE-2020-2781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2781">CVE-2020-2781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2800">CVE-2020-2800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2800">CVE-2020-2800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2803">CVE-2020-2803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2803">CVE-2020-2803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2805">CVE-2020-2805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2805">CVE-2020-2805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2830">CVE-2020-2830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2830">CVE-2020-2830</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-14T21:46:41Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:56:40Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-23.xml b/metadata/glsa/glsa-202006-23.xml
new file mode 100644
index 000000000000..7fb7e375cbc8
--- /dev/null
+++ b/metadata/glsa/glsa-202006-23.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-23">
+  <title>Cyrus IMAP Server: Access restriction bypass</title>
+  <synopsis>An error in Cyrus IMAP Server allows mailboxes to be created with
+    administrative privileges.
+  </synopsis>
+  <product type="ebuild">cyrusimap</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>703630</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/cyrus-imapd" auto="yes" arch="*">
+      <unaffected range="ge">3.0.13</unaffected>
+      <vulnerable range="lt">3.0.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail
+      server.
+    </p>
+  </background>
+  <description>
+    <p>An issue was discovered in Cyrus IMAP Server where sieve script
+      uploading is excessively trusted.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A user can use a sieve script to create any mailbox with administrator
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable sieve script uploading until the upgrade is complete.</p>
+  </workaround>
+  <resolution>
+    <p>All Cyrus IMAP Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/cyrus-imapd-3.0.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19783">CVE-2019-19783</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T07:13:03Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:58:17Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-01.xml b/metadata/glsa/glsa-202007-01.xml
new file mode 100644
index 000000000000..56c6b1c3013b
--- /dev/null
+++ b/metadata/glsa/glsa-202007-01.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-01">
+  <title>netqmail: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in netqmail, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">netqmail</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>721566</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-mta/netqmail" auto="yes" arch="*">
+      <unaffected range="ge">1.06-r13</unaffected>
+      <vulnerable range="lt">1.06-r13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>qmail is a secure, reliable, efficient, simple message transfer agent.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in netqmail. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>In the default configuration, these vulnerabilities are only local.
+      Please review the referenced CVE identifiers for details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All netqmail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/netqmail-1.06-r13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2005-1513">CVE-2005-1513</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2005-1514">CVE-2005-1514</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2005-1515">CVE-2005-1515</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-11T02:55:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T22:08:48Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-02.xml b/metadata/glsa/glsa-202007-02.xml
new file mode 100644
index 000000000000..7cc7db21c7aa
--- /dev/null
+++ b/metadata/glsa/glsa-202007-02.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-02">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>731658</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.12.3-r2</unaffected>
+      <vulnerable range="lt">4.12.3-r2</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.12.3-r2</unaffected>
+      <vulnerable range="lt">4.12.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.12.3-r2"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.12.3-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15563">CVE-2020-15563</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15564">CVE-2020-15564</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15565">CVE-2020-15565</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15566">CVE-2020-15566</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15567">CVE-2020-15567</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-17T21:12:47Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T22:28:47Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-03.xml b/metadata/glsa/glsa-202007-03.xml
new file mode 100644
index 000000000000..93079b9e24c7
--- /dev/null
+++ b/metadata/glsa/glsa-202007-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-03">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>728678</bug>
+  <bug>732522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">1.2.13</unaffected>
+      <vulnerable range="lt">1.2.13</vulnerable>
+    </package>
+    <package name="net-analyzer/cacti-spine" auto="yes" arch="*">
+      <unaffected range="ge">1.2.13</unaffected>
+      <vulnerable range="lt">1.2.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-1.2.13"
+    </code>
+    
+    <p>All Cacti Spine users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-spine-1.2.13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11022">CVE-2020-11022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11023">CVE-2020-11023</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14295">CVE-2020-14295</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-19T01:50:59Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T22:31:38Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-04.xml b/metadata/glsa/glsa-202007-04.xml
new file mode 100644
index 000000000000..b04ea7893e90
--- /dev/null
+++ b/metadata/glsa/glsa-202007-04.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-04">
+  <title>fwupd, libjcat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in fwupd and libjcat, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">fwupd,libjfcat</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>727656</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/fwupd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.10</unaffected>
+      <vulnerable range="lt">1.3.10</vulnerable>
+    </package>
+    <package name="dev-libs/libjcat" auto="yes" arch="*">
+      <unaffected range="ge">0.1.3</unaffected>
+      <vulnerable range="lt">0.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>fwupd aims to make updating firmware on Linux automatic, safe and
+      reliable. libjcat is a library and tool for reading and writing Jcat
+      files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in fwupd and libjcat.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All fwupd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/fwupd-1.3.10"
+    </code>
+    
+    <p>All libjcat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libjcat-0.1.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10759">CVE-2020-10759</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-29T00:15:07Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T22:34:10Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-05.xml b/metadata/glsa/glsa-202007-05.xml
new file mode 100644
index 000000000000..75ae7ba35b88
--- /dev/null
+++ b/metadata/glsa/glsa-202007-05.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-05">
+  <title>libexif: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libexif, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libexif</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>708728</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libexif" auto="yes" arch="*">
+      <unaffected range="ge">0.6.22</unaffected>
+      <vulnerable range="lt">0.6.22</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libexif is a library for parsing, editing and saving Exif metadata from
+      images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libexif. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libexif users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libexif-0.6.22"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6328">CVE-2016-6328</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9278">CVE-2019-9278</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0093">CVE-2020-0093</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12767">CVE-2020-12767</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13112">CVE-2020-13112</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13113">CVE-2020-13113</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13114">CVE-2020-13114</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-16T01:09:55Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T22:40:47Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-06.xml b/metadata/glsa/glsa-202007-06.xml
new file mode 100644
index 000000000000..e8f7cd438d97
--- /dev/null
+++ b/metadata/glsa/glsa-202007-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-06">
+  <title>HylaFAX: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in HylaFAX, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">hylafax</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>730290</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/hylafaxplus" auto="yes" arch="*">
+      <unaffected range="ge">7.0.2</unaffected>
+      <vulnerable range="lt">7.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>HylaFAX is an enterprise-class system for sending and receiving
+      facsimile messages and for sending alpha-numeric pages.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in HylaFAX. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All HylaFAX users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/hylafaxplus-7.0.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15396">CVE-2020-15396</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15397">CVE-2020-15397</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-18T14:34:58Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T22:44:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-07.xml b/metadata/glsa/glsa-202007-07.xml
new file mode 100644
index 000000000000..3093043f627d
--- /dev/null
+++ b/metadata/glsa/glsa-202007-07.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-07">
+  <title>Transmission: Remote code execution</title>
+  <synopsis>A use-after-free possibly allowing remote execution of code was
+    discovered in Transmission.
+  </synopsis>
+  <product type="ebuild">transmission</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>723258</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/transmission" auto="yes" arch="*">
+      <unaffected range="ge">3.00</unaffected>
+      <vulnerable range="lt">3.00</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Transmission is a cross-platform BitTorrent client.</p>
+  </background>
+  <description>
+    <p>Transmission mishandles some memory management which may allow
+      manipulation of the heap.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      torrent file using Transmission, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Transmission users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-p2p/transmission-3.00"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10756">CVE-2018-10756</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-20T02:12:52Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:30:38Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-08.xml b/metadata/glsa/glsa-202007-08.xml
new file mode 100644
index 000000000000..a4f230e66bb5
--- /dev/null
+++ b/metadata/glsa/glsa-202007-08.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-08">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>728418</bug>
+  <bug>729310</bug>
+  <bug>732588</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.89</unaffected>
+      <vulnerable range="lt">84.0.4147.89</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.89</unaffected>
+      <vulnerable range="lt">84.0.4147.89</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-84.0.4147.89"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-84.0.4147.89"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6505">CVE-2020-6505</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6506">CVE-2020-6506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6507">CVE-2020-6507</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6509">CVE-2020-6509</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6510">CVE-2020-6510</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6511">CVE-2020-6511</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6512">CVE-2020-6512</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6513">CVE-2020-6513</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6514">CVE-2020-6514</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6515">CVE-2020-6515</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6516">CVE-2020-6516</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6517">CVE-2020-6517</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6518">CVE-2020-6518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6519">CVE-2020-6519</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6520">CVE-2020-6520</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6521">CVE-2020-6521</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6522">CVE-2020-6522</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6523">CVE-2020-6523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6524">CVE-2020-6524</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6525">CVE-2020-6525</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6526">CVE-2020-6526</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6527">CVE-2020-6527</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6528">CVE-2020-6528</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6529">CVE-2020-6529</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6530">CVE-2020-6530</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6531">CVE-2020-6531</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6533">CVE-2020-6533</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6534">CVE-2020-6534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6535">CVE-2020-6535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6536">CVE-2020-6536</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-18T02:31:59Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:33:44Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-09.xml b/metadata/glsa/glsa-202007-09.xml
new file mode 100644
index 000000000000..eafd82da1347
--- /dev/null
+++ b/metadata/glsa/glsa-202007-09.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-09">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>730628</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.10.0</unaffected>
+      <vulnerable range="lt">68.10.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.10.0</unaffected>
+      <vulnerable range="lt">68.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.10.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.10.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12417">CVE-2020-12417</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12418">CVE-2020-12418</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12419">CVE-2020-12419</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12420">CVE-2020-12420</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12421">CVE-2020-12421</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-16T04:28:14Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:36:14Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-10.xml b/metadata/glsa/glsa-202007-10.xml
new file mode 100644
index 000000000000..ba5545fd961d
--- /dev/null
+++ b/metadata/glsa/glsa-202007-10.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-10">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>730418</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.10.0</unaffected>
+      <vulnerable range="lt">68.10.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.10.0</unaffected>
+      <vulnerable range="lt">68.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.10.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.10.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12402">CVE-2020-12402</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12415">CVE-2020-12415</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12416">CVE-2020-12416</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12417">CVE-2020-12417</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12418">CVE-2020-12418</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12419">CVE-2020-12419</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12420">CVE-2020-12420</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12421">CVE-2020-12421</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12422">CVE-2020-12422</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12424">CVE-2020-12424</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12425">CVE-2020-12425</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12426">CVE-2020-12426</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-07T16:00:55Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:38:24Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-11.xml b/metadata/glsa/glsa-202007-11.xml
new file mode 100644
index 000000000000..914221d8593e
--- /dev/null
+++ b/metadata/glsa/glsa-202007-11.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-11">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkitgtk+</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>732104</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.28.3</unaffected>
+      <vulnerable range="lt">2.28.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.28.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13753">CVE-2020-13753</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9802">CVE-2020-9802</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9803">CVE-2020-9803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9805">CVE-2020-9805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9806">CVE-2020-9806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9807">CVE-2020-9807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9843">CVE-2020-9843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9850">CVE-2020-9850</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-19T11:27:13Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:40:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-12.xml b/metadata/glsa/glsa-202007-12.xml
new file mode 100644
index 000000000000..15f5cd20ec8f
--- /dev/null
+++ b/metadata/glsa/glsa-202007-12.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-12">
+  <title>NTP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NTP, the worst of which
+    could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>717798</bug>
+  <bug>729458</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.8_p15</unaffected>
+      <vulnerable range="lt">4.2.8_p15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTP contains software for the Network Time Protocol.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NTP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.8_p15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11868">CVE-2020-11868</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13817">CVE-2020-13817</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15025">CVE-2020-15025</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-20T02:14:32Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:43:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-13.xml b/metadata/glsa/glsa-202007-13.xml
new file mode 100644
index 000000000000..5c0c85cff0ec
--- /dev/null
+++ b/metadata/glsa/glsa-202007-13.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-13">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>711012</bug>
+  <bug>716756</bug>
+  <bug>724132</bug>
+  <bug>730414</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">3.2.5</unaffected>
+      <vulnerable range="lt">3.2.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-3.2.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11647">CVE-2020-11647</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13164">CVE-2020-13164</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15466">CVE-2020-15466</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9428">CVE-2020-9428</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9429">CVE-2020-9429</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9430">CVE-2020-9430</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9431">CVE-2020-9431</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T16:22:12Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:47:31Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-14.xml b/metadata/glsa/glsa-202007-14.xml
new file mode 100644
index 000000000000..6fe7f34940eb
--- /dev/null
+++ b/metadata/glsa/glsa-202007-14.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-14">
+  <title>yaml-cpp: Denial of service</title>
+  <synopsis>A vulnerability in yaml-cpp could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">yaml-cpp</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>626662</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-cpp/yaml-cpp" auto="yes" arch="*">
+      <unaffected range="ge">0.6.3-r2</unaffected>
+      <vulnerable range="lt">0.6.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>yaml-cpp is a YAML parser and emitter in C++.</p>
+  </background>
+  <description>
+    <p>The function Scanner::peek in scanner.cpp may have an assertion failure.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All yaml-cpp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-cpp/yaml-cpp-0.6.3-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11692">CVE-2017-11692</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T16:16:28Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:48:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-15.xml b/metadata/glsa/glsa-202007-15.xml
new file mode 100644
index 000000000000..f45efd336712
--- /dev/null
+++ b/metadata/glsa/glsa-202007-15.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-15">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>719120</bug>
+  <bug>730472</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">4.11.11</unaffected>
+      <vulnerable range="lt">4.11.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.11.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10700">CVE-2020-10700</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10704">CVE-2020-10704</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10730">CVE-2020-10730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10745">CVE-2020-10745</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10760">CVE-2020-10760</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14303">CVE-2020-14303</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T05:09:50Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:52:18Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-16.xml b/metadata/glsa/glsa-202007-16.xml
new file mode 100644
index 000000000000..393e5994ccf0
--- /dev/null
+++ b/metadata/glsa/glsa-202007-16.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-16">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which could result in information disclosure or data loss.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>729374</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.71.0</unaffected>
+      <vulnerable range="lt">7.71.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.71.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8169">CVE-2020-8169</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8177">CVE-2020-8177</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T16:01:11Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:52:30Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-17.xml b/metadata/glsa/glsa-202007-17.xml
new file mode 100644
index 000000000000..1234ccc4b9f0
--- /dev/null
+++ b/metadata/glsa/glsa-202007-17.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-17">
+  <title>JHead: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in JHead, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">jhead</product>
+  <announced>2020-07-26</announced>
+  <revised count="2">2020-07-27</revised>
+  <bug>701826</bug>
+  <bug>711220</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/jhead" auto="yes" arch="*">
+      <unaffected range="ge">3.04</unaffected>
+      <vulnerable range="lt">3.04</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>JHead is an exif jpeg header manipulation tool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in JHead. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All JHead users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/jhead-3.04"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010301">
+      CVE-2019-1010301
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010302">
+      CVE-2019-1010302
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19035">CVE-2019-19035</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6624">CVE-2020-6624</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6625">CVE-2020-6625</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:53:15Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T12:29:49Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-18.xml b/metadata/glsa/glsa-202007-18.xml
new file mode 100644
index 000000000000..01b58a0aaddf
--- /dev/null
+++ b/metadata/glsa/glsa-202007-18.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-18">
+  <title>QtNetwork: Denial of service</title>
+  <synopsis>A vulnerability in QtNetwork could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">qtnetwork</product>
+  <announced>2020-07-26</announced>
+  <revised count="1">2020-07-26</revised>
+  <bug>727604</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-qt/qtnetwork" auto="yes" arch="*">
+      <unaffected range="ge">5.14.2-r1</unaffected>
+      <vulnerable range="lt">5.14.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QtNetwork provides a set of APIs for programming applications that use
+      TCP/IP. It is part of the Qt framework.
+    </p>
+  </background>
+  <description>
+    <p>A flaw was discovered in QtNetwork’s handling of OpenSSL protocol
+      errors.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QtNetwork users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtnetwork-5.14.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13962">CVE-2020-13962</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-17T14:27:39Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-26T23:59:22Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-19.xml b/metadata/glsa/glsa-202007-19.xml
new file mode 100644
index 000000000000..2155cd008014
--- /dev/null
+++ b/metadata/glsa/glsa-202007-19.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-19">
+  <title>WavPack: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WavPack, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wavpack</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>672638</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/wavpack" auto="yes" arch="*">
+      <unaffected range="ge">5.3.2</unaffected>
+      <vulnerable range="lt">5.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WavPack is a set of hybrid lossless audio compression tools.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WavPack. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted audio file possibly
+      resulting in a Denial of Service condition. Please review the referenced
+      CVE identifiers for details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WavPack users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/wavpack-5.3.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19840">CVE-2018-19840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19841">CVE-2018-19841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11498">CVE-2019-11498</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:21:17Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:03:02Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-20.xml b/metadata/glsa/glsa-202007-20.xml
new file mode 100644
index 000000000000..b05df4b8156e
--- /dev/null
+++ b/metadata/glsa/glsa-202007-20.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-20">
+  <title>fuseiso: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in fuseiso, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">fuseiso</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>713328</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-fs/fuseiso" auto="yes" arch="*">
+      <unaffected range="ge">20070708-r3</unaffected>
+      <vulnerable range="lt">20070708-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FuseISO is a FUSE module to mount ISO filesystem images (.iso, .nrg,
+      .bin, .mdf and .img files).
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in fuseiso. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted ISO
+      file using fuseiso, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All fuseiso users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/fuseiso-20070708-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2015-8837">CVE-2015-8837</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:37:48Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:05:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-21.xml b/metadata/glsa/glsa-202007-21.xml
new file mode 100644
index 000000000000..41a83f01f91e
--- /dev/null
+++ b/metadata/glsa/glsa-202007-21.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-21">
+  <title>Libreswan: Denial of service</title>
+  <synopsis>A vulnerability in Libreswan could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libreswan</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>722696</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-vpn/libreswan" auto="yes" arch="*">
+      <unaffected range="ge">3.32</unaffected>
+      <vulnerable range="lt">3.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libreswan is a free software implementation of the most widely supported
+      and standarized VPN protocol based on (“IPsec”) and the Internet Key
+      Exchange (“IKE”).
+    </p>
+  </background>
+  <description>
+    <p>As a result of a bug in handling certain bogus encrypted IKEv1, while
+      building a log message that the packet has been dropped, a NULL pointer
+      dereference causes Libreswan to crash and restart when it attempts to log
+      the state name involved.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libreswan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/libreswan-3.32"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1763">CVE-2020-1763</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:11:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:05:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-22.xml b/metadata/glsa/glsa-202007-22.xml
new file mode 100644
index 000000000000..fce9e1a3bb57
--- /dev/null
+++ b/metadata/glsa/glsa-202007-22.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-22">
+  <title>sysstat: Arbitrary code execution</title>
+  <synopsis>A use-after-free in sysstat was discovered which may allow
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">sysstat</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>706206</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sysstat" auto="yes" arch="*">
+      <unaffected range="ge">12.2.1</unaffected>
+      <vulnerable range="lt">12.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sysstat is a package containing a number of performance monitoring
+      utilities for Linux, including sar, mpstat, iostat and sa tools.
+    </p>
+  </background>
+  <description>
+    <p>A double-free in sysstat’s check_file_actlst() function was
+      discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sysstat users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sysstat-12.2.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19725">CVE-2019-19725</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:01:59Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:08:31Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-23.xml b/metadata/glsa/glsa-202007-23.xml
new file mode 100644
index 000000000000..49b3737c3075
--- /dev/null
+++ b/metadata/glsa/glsa-202007-23.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-23">
+  <title>ClamAV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ClamAV, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>732944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.102.4</unaffected>
+      <vulnerable range="lt">0.102.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ClamAV is a GPL virus scanner.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ClamAV. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.102.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3327">CVE-2020-3327</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3350">CVE-2020-3350</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3481">CVE-2020-3481</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T05:37:47Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:09:14Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-24.xml b/metadata/glsa/glsa-202007-24.xml
new file mode 100644
index 000000000000..1ee579b1f66c
--- /dev/null
+++ b/metadata/glsa/glsa-202007-24.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-24">
+  <title>Twisted: Access restriction bypasses</title>
+  <synopsis>Multiple vulnerabilities have been found in Twisted, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">twisted</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>712240</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/twisted" auto="yes" arch="*">
+      <unaffected range="ge">20.3.0</unaffected>
+      <vulnerable range="lt">20.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Twisted is an asynchronous networking framework written in Python.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Twisted. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Twisted users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/twisted-20.3.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10108">CVE-2020-10108</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10109">CVE-2020-10109</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T05:19:42Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:12:37Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-25.xml b/metadata/glsa/glsa-202007-25.xml
new file mode 100644
index 000000000000..95c3536dcf7b
--- /dev/null
+++ b/metadata/glsa/glsa-202007-25.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-25">
+  <title>arpwatch: Root privilege escalation</title>
+  <synopsis>A vulnerability was discovered in arpwatch which may allow local
+    attackers to gain root privileges.
+  </synopsis>
+  <product type="ebuild">arpwatch</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>602552</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/arpwatch" auto="yes" arch="*">
+      <unaffected range="ge">2.1.15-r11</unaffected>
+      <vulnerable range="lt">2.1.15-r11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The ethernet monitor program; for keeping track of ethernet/ip address
+      pairings.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s arpwatch ebuild made excessive
+      permission operations on its data directories, possibly changing
+      ownership of unintended files. This only affects OpenRC systems, as the
+      flaw was exploitable via the init script.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All arpwatch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/arpwatch-2.1.15-r11"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-20T01:06:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:14:49Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-26.xml b/metadata/glsa/glsa-202007-26.xml
new file mode 100644
index 000000000000..9d1a1dbc8f36
--- /dev/null
+++ b/metadata/glsa/glsa-202007-26.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-26">
+  <title>SQLite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SQLite, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>716748</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.32.3</unaffected>
+      <vulnerable range="lt">3.32.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SQLite. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.32.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20218">CVE-2019-20218</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11655">CVE-2020-11655</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11656">CVE-2020-11656</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13434">CVE-2020-13434</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13435">CVE-2020-13435</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13630">CVE-2020-13630</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13631">CVE-2020-13631</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13632">CVE-2020-13632</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13871">CVE-2020-13871</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15358">CVE-2020-15358</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T05:02:39Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:15:30Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-27.xml b/metadata/glsa/glsa-202007-27.xml
new file mode 100644
index 000000000000..cc568e2427e0
--- /dev/null
+++ b/metadata/glsa/glsa-202007-27.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-27">
+  <title>Haml: Arbitrary code execution</title>
+  <synopsis>A flaw in Haml allows arbitrary code execution as a result of
+    improper filtering.
+  </synopsis>
+  <product type="ebuild">haml</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>699840</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/haml" auto="yes" arch="*">
+      <unaffected range="ge">5.1.2</unaffected>
+      <vulnerable range="lt">5.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Haml is a templating engine for HTML.</p>
+  </background>
+  <description>
+    <p>It was discovered that Haml was not correctly filtering out special
+      characters which may be used for attributes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Haml users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/haml-5.1.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1002201">
+      CVE-2017-1002201
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T01:38:59Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:18:18Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-28.xml b/metadata/glsa/glsa-202007-28.xml
new file mode 100644
index 000000000000..9f2b781ea0eb
--- /dev/null
+++ b/metadata/glsa/glsa-202007-28.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-28">
+  <title>re2c: Buffer overflow</title>
+  <synopsis>A vulnerability in re2c could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">re2c</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>718350</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/re2c" auto="yes" arch="*">
+      <unaffected range="ge">1.3-r1</unaffected>
+      <vulnerable range="lt">1.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>re2c is a tool for generating C-based recognizers from regular
+      expressions.
+    </p>
+  </background>
+  <description>
+    <p>A heap buffer overflow vulnerability was discovered in re2c.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All re2c users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/re2c-1.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11958">CVE-2020-11958</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-13T17:20:09Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:20:01Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-29.xml b/metadata/glsa/glsa-202007-29.xml
new file mode 100644
index 000000000000..07c32a1b7c2f
--- /dev/null
+++ b/metadata/glsa/glsa-202007-29.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-29">
+  <title>rssh: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in rssh, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">rssh</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>699842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-shells/rssh" auto="yes" arch="*">
+      <vulnerable range="le">2.3.4_p3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>rssh is a restricted shell, allowing only a few commands like scp or
+      sftp. It is often used as a complement to OpenSSH to provide limited
+      access to users.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in rssh. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for rssh. We recommend that users
+      unmerge rssh:
+    </p>
+    
+    <code>
+      # emerge --unmerge "app-shells/rssh"
+    </code>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining rssh have discontinued support
+      at this time. It may be possible that a new Gentoo developer will update
+      rssh at a later date. OpenSSH (net-misc/openssh) may be able to provide
+      similar functionality using its extensive configuration.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1000018">
+      CVE-2019-1000018
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3463">CVE-2019-3463</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3464">CVE-2019-3464</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-20T04:47:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:22:59Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-30.xml b/metadata/glsa/glsa-202007-30.xml
new file mode 100644
index 000000000000..7a093aa57c5a
--- /dev/null
+++ b/metadata/glsa/glsa-202007-30.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-30">
+  <title>spice: Arbitrary code execution</title>
+  <synopsis>A buffer overread has been discovered in spice possibly allowing
+    remote execution of code.
+  </synopsis>
+  <product type="ebuild">spice</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>717776</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/spice" auto="yes" arch="*">
+      <unaffected range="ge">0.14.2</unaffected>
+      <vulnerable range="lt">0.14.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Provides a complete open source solution for remote access to virtual
+      machines in a seamless way so you can play videos, record audio, share
+      USB devices, and share folders without complications.
+    </p>
+  </background>
+  <description>
+    <p>A flaw in spice’s memory handling code has been discovered, allowing
+      an out of bounds read.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to send malicious packets causing remote
+      code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All spice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/spice-0.14.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3813">CVE-2019-3813</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-13T16:22:04Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:23:35Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-31.xml b/metadata/glsa/glsa-202007-31.xml
new file mode 100644
index 000000000000..add1030a6800
--- /dev/null
+++ b/metadata/glsa/glsa-202007-31.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-31">
+  <title>Icinga: Root privilege escalation</title>
+  <synopsis>Icinga installs files with insecure permissions allowing root
+    privilege escalation.
+  </synopsis>
+  <product type="ebuild">icinga</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>638186</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/icinga" auto="yes" arch="*">
+      <vulnerable range="lt">1.14.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Icinga is an open source computer system and network monitoring
+      application. It was originally created as a fork of the Nagios system
+      monitoring application in 2009.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Icinga’s installed files have insecure
+      permissions, possibly allowing root privilege escalation.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could escalate privileges to root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Icinga. We recommend that users
+      unmerge Icinga:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-analyzer/icinga"
+    </code>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining Icinga have discontinued
+      support at this time. It may be possible that a new Gentoo developer will
+      update Icinga at a later date. The natural replacement is Icinga 2
+      (net-analyzer/icinga2).
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16882">CVE-2017-16882</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-20T02:07:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:26:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-32.xml b/metadata/glsa/glsa-202007-32.xml
new file mode 100644
index 000000000000..4d7d455e0ba0
--- /dev/null
+++ b/metadata/glsa/glsa-202007-32.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-32">
+  <title>Sarg: Local privilege escalation</title>
+  <synopsis>A flaw in Sarg may allow local privilege escalation.</synopsis>
+  <product type="ebuild">sarg</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>706748</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/sarg" auto="yes" arch="*">
+      <unaffected range="ge">2.4.0</unaffected>
+      <vulnerable range="lt">2.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Sarg (Squid Analysis Report Generator) is a tool that provides many
+      informations about the Squid web proxy server users activities: time,
+      sites, traffic, etc.
+    </p>
+  </background>
+  <description>
+    <p>A flaw in Sarg’s handling of temporary directories was discovered.</p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Sarg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/sarg-2.4.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18932">CVE-2019-18932</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-20T01:21:28Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:26:55Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-33.xml b/metadata/glsa/glsa-202007-33.xml
new file mode 100644
index 000000000000..4a0344ccad06
--- /dev/null
+++ b/metadata/glsa/glsa-202007-33.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-33">
+  <title>OSSEC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OSSEC, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ossec-hids</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>707826</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/ossec-hids" auto="yes" arch="*">
+      <unaffected range="ge">3.6.0</unaffected>
+      <vulnerable range="lt">3.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OSSEC is a full platform to monitor and control your system(s).</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OSSEC. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OSSEC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/ossec-hids-3.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8442">CVE-2020-8442</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8443">CVE-2020-8443</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8444">CVE-2020-8444</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8445">CVE-2020-8445</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8446">CVE-2020-8446</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8447">CVE-2020-8447</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8448">CVE-2020-8448</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-17T21:09:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:29:16Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-34.xml b/metadata/glsa/glsa-202007-34.xml
new file mode 100644
index 000000000000..dc1ab39bcc13
--- /dev/null
+++ b/metadata/glsa/glsa-202007-34.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-34">
+  <title>Apache Ant: Multiple vulnerabilities</title>
+  <synopsis>Apache Ant uses various insecure temporary files possibly allowing
+    local code execution.
+  </synopsis>
+  <product type="ebuild">ant</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>723086</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-java/ant" auto="yes" arch="*">
+      <unaffected range="ge">1.10.8</unaffected>
+      <vulnerable range="lt">1.10.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ant is a Java-based build tool similar to ‘make’ that uses XML
+      configuration files.
+    </p>
+  </background>
+  <description>
+    <p>Apache Ant was found to be using multiple insecure temporary files which
+      may disclose sensitive information or execute code from an unsafe local
+      location.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Ant users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/ant-1.10.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1945">CVE-2020-1945</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-19T21:36:39Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:29:36Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-35.xml b/metadata/glsa/glsa-202007-35.xml
new file mode 100644
index 000000000000..0e50ed083b7f
--- /dev/null
+++ b/metadata/glsa/glsa-202007-35.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-35">
+  <title>ReportLab: Arbitrary code execution</title>
+  <synopsis>A vulnerability allowing arbitrary code execution was found in
+    ReportLab.
+  </synopsis>
+  <product type="ebuild">reportlab</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>710738</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/reportlab" auto="yes" arch="*">
+      <unaffected range="ge">3.5.42</unaffected>
+      <vulnerable range="lt">3.5.42</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ReportLab is an Open Source Python library for generating PDFs and
+      graphics.
+    </p>
+  </background>
+  <description>
+    <p>ReportLab was found to be mishandling XML documents and may evaluate the
+      contents without checking for their safety.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ReportLab users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/reportlab-3.5.42"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17626">CVE-2019-17626</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-20T01:26:21Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:33:03Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-36.xml b/metadata/glsa/glsa-202007-36.xml
new file mode 100644
index 000000000000..d02db4bdd62c
--- /dev/null
+++ b/metadata/glsa/glsa-202007-36.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-36">
+  <title>DjVu: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in DjVu, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">djvu</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>536720</bug>
+  <bug>718552</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-text/djvu" auto="yes" arch="*">
+      <unaffected range="ge">3.5.27-r2</unaffected>
+      <vulnerable range="lt">3.5.27-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>DjVu is a web-centric format and software platform for distributing
+      documents and images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in DjVu. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All DjVu users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/djvu-3.5.27-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15142">CVE-2019-15142</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15143">CVE-2019-15143</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15144">CVE-2019-15144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15145">CVE-2019-15145</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-28T20:55:25Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:33:13Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-37.xml b/metadata/glsa/glsa-202007-37.xml
new file mode 100644
index 000000000000..939c72834665
--- /dev/null
+++ b/metadata/glsa/glsa-202007-37.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-37">
+  <title>AWStats: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in AWStats, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">awstats</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>646786</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-misc/awstats" auto="yes" arch="*">
+      <unaffected range="ge">7.8</unaffected>
+      <vulnerable range="lt">7.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>AWStats is an advanced log file analyzer and statistics generator.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in AWStats. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All AWStats users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-misc/awstats-7.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000501">
+      CVE-2017-1000501
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-18T00:02:30Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:37:10Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-38.xml b/metadata/glsa/glsa-202007-38.xml
new file mode 100644
index 000000000000..7af45ddf4b6d
--- /dev/null
+++ b/metadata/glsa/glsa-202007-38.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-38">
+  <title>QtGui: Arbitrary code execution</title>
+  <synopsis>A use-after-free was discovered in QtGui's Markdown handling code
+    possibly allowing a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">qtgui</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>719732</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-qt/qtgui" auto="yes" arch="*">
+      <unaffected range="ge">5.14.2</unaffected>
+      <vulnerable range="lt">5.14.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QtGui is a module for the Qt toolkit.</p>
+  </background>
+  <description>
+    <p>QtGui’s setMarkdown has a use-after-free related to
+      QTextMarkdownImporter::insertBlock.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QtGui users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtgui-5.14.2"
+    </code>
+    
+    <p>Note that the Qt suite is best kept in sync, so a world upgrade may be
+      advisable to keep your system in a good state.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12267">CVE-2020-12267</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-06T21:54:28Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:37:49Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-39.xml b/metadata/glsa/glsa-202007-39.xml
new file mode 100644
index 000000000000..58f929084ad3
--- /dev/null
+++ b/metadata/glsa/glsa-202007-39.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-39">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>688836</bug>
+  <bug>690590</bug>
+  <bug>711324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.33.1</unaffected>
+      <vulnerable range="lt">2.33.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.33.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12972">CVE-2019-12972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14250">CVE-2019-14250</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14444">CVE-2019-14444</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17450">CVE-2019-17450</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17451">CVE-2019-17451</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12972">CVE-2019-12972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14250">CVE-2019-14250</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14444">CVE-2019-14444</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17450">CVE-2019-17450</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17451">CVE-2019-17451</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-20T01:35:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:47:26Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-40.xml b/metadata/glsa/glsa-202007-40.xml
new file mode 100644
index 000000000000..e9df7724c5a4
--- /dev/null
+++ b/metadata/glsa/glsa-202007-40.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-40">
+  <title>Thin: Privilege escalation</title>
+  <synopsis>A vulnerability was discovered in Thin which may allow local
+    attackers to kill arbitrary processes (denial of service).
+  </synopsis>
+  <product type="ebuild">thin</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>642200</bug>
+  <access>local</access>
+  <affected>
+    <package name="www-servers/thin" auto="yes" arch="*">
+      <vulnerable range="le">1.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Thin is a small and fast Ruby web server.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s Thin ebuild does not properly handle
+      its temporary runtime directories. This only affects OpenRC systems, as
+      the flaw was exploitable via the init script.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause denial of service by killing arbitrary
+      processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Thin. We recommend that users
+      unmerge Thin:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-servers/thin"
+    </code>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining Thin have discontinued support
+      at this time. It may be possible that a new Gentoo developer will update
+      Thin at a later date. There are many other web servers available in the
+      tree in the www-servers category.
+    </p>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-14T00:47:13Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:48:08Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-41.xml b/metadata/glsa/glsa-202007-41.xml
new file mode 100644
index 000000000000..bf2f0ca2363b
--- /dev/null
+++ b/metadata/glsa/glsa-202007-41.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-41">
+  <title>Roundcube: Multiple vulnerabilities</title>
+  <synopsis>A flaw in Roundcube's handling of configuration files may allow
+    arbitrary code execution, amongst other vulnerabilities.
+  </synopsis>
+  <product type="ebuild">Roundcube</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>720876</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/roundcube" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.4.4">1.4.4</unaffected>
+      <unaffected range="ge" slot="1.3.11">1.3.11</unaffected>
+      <vulnerable range="lt" slot="1.4.4">1.4.4</vulnerable>
+      <vulnerable range="lt" slot="1.3.11">1.3.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Free and open source webmail software for the masses, written in PHP.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Roundcube. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Roundcube 1.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/roundcube-1.4.4"
+    </code>
+    
+    <p>All Roundcube 1.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/roundcube-1.3.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12625">CVE-2020-12625</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12626">CVE-2020-12626</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12640">CVE-2020-12640</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12641">CVE-2020-12641</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-17T23:26:23Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:48:35Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-42.xml b/metadata/glsa/glsa-202007-42.xml
new file mode 100644
index 000000000000..ec32f06457cf
--- /dev/null
+++ b/metadata/glsa/glsa-202007-42.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-42">
+  <title>LHa: Buffer overflow</title>
+  <synopsis>LHa has a buffer overflow in its compression utility with
+    unspecified impact.
+  </synopsis>
+  <product type="ebuild">lha</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>572418</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/lha" auto="yes" arch="*">
+      <unaffected range="ge">114i_p20201004</unaffected>
+      <vulnerable range="lt">114i_p20201004</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LHa is a console-based program for packing and unpacking LHarc archives.</p>
+  </background>
+  <description>
+    <p>A buffer overflow in LHa’s compression code was discovered which can
+      be triggered by a crafted input file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted file possibly resulting
+      in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LHa users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/lha-114i_p20201004"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-1925">CVE-2016-1925</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-22T20:49:12Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:53:34Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-43.xml b/metadata/glsa/glsa-202007-43.xml
new file mode 100644
index 000000000000..ea037b2c0230
--- /dev/null
+++ b/metadata/glsa/glsa-202007-43.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-43">
+  <title>TRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in TRE, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">tre</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>597616</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/tre" auto="yes" arch="*">
+      <unaffected range="ge">0.8.0-r2</unaffected>
+      <vulnerable range="lt">0.8.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TRE is the free and portable approximate regex matching library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in TRE. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All TRE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/tre-0.8.0-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-8859">CVE-2016-8859</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-17T00:41:18Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:53:51Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-44.xml b/metadata/glsa/glsa-202007-44.xml
new file mode 100644
index 000000000000..faf4a14f3b73
--- /dev/null
+++ b/metadata/glsa/glsa-202007-44.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-44">
+  <title>FreeXL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeXL, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">freexl</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>648700</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/freexl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeXL is an open source library to extract valid data from within an
+      Excel (.xls) spreadsheet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeXL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeXL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/freexl-1.0.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7435">CVE-2018-7435</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7436">CVE-2018-7436</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7437">CVE-2018-7437</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7438">CVE-2018-7438</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7439">CVE-2018-7439</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-18T00:12:02Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:53:54Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-45.xml b/metadata/glsa/glsa-202007-45.xml
new file mode 100644
index 000000000000..0e64d8ef9f33
--- /dev/null
+++ b/metadata/glsa/glsa-202007-45.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-45">
+  <title>NTFS-3G: Remote code execution, possible privilege escalation</title>
+  <synopsis>A buffer overflow in NTFS-3g might allow local or remote
+    attacker(s) to execute arbitrary code, or escalate privileges.
+  </synopsis>
+  <product type="ebuild">ntfs-3g</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>717640</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-fs/ntfs3g" auto="yes" arch="*">
+      <unaffected range="ge">2017.3.23-r3</unaffected>
+      <vulnerable range="lt">2017.3.23-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTFS-3G is a stable, full-featured, read-write NTFS driver for various
+      operating systems.
+    </p>
+  </background>
+  <description>
+    <p>An integer underflow issue exists in NTFS-3G which may cause a heap
+      buffer overflow with crafted input.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to execute arbitrary code while a local
+      attacker may be able to escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NTFS-3G users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/ntfs3g-2017.3.23-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9755">CVE-2019-9755</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-13T16:28:32Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:59:29Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-46.xml b/metadata/glsa/glsa-202007-46.xml
new file mode 100644
index 000000000000..f4248489fd19
--- /dev/null
+++ b/metadata/glsa/glsa-202007-46.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-46">
+  <title>D-Bus: Denial of service</title>
+  <synopsis>A local Denial of Service vulnerability was discovered in D-Bus.</synopsis>
+  <product type="ebuild">d-bus</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>727104</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.12.18</unaffected>
+      <vulnerable range="lt">1.12.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system which processes can use to talk to each
+      other.
+    </p>
+  </background>
+  <description>
+    <p>D-Bus does not correctly dispose of old connections meaning that it is
+      possible for D-Bus to hit a connection limit.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.12.18"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12049">CVE-2020-12049</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-17T14:28:04Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:59:39Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-47.xml b/metadata/glsa/glsa-202007-47.xml
new file mode 100644
index 000000000000..17e4f2257369
--- /dev/null
+++ b/metadata/glsa/glsa-202007-47.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-47">
+  <title>Okular: Local restricted command execution</title>
+  <synopsis>A logic error in Okular might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">okular</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>712490</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="kde-apps/okular" auto="yes" arch="*">
+      <unaffected range="ge">19.12.3-r1</unaffected>
+      <vulnerable range="lt">19.12.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Okular is a universal document viewer based on KPDF.</p>
+  </background>
+  <description>
+    <p>A logic error was discovered in Okular, which results in trusting action
+      links within a PDF, possibly allowing execution of a binary.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      using Okular, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Avoid opening PDFs from an untrusted source.</p>
+  </workaround>
+  <resolution>
+    <p>All Okular users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/okular-19.12.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9359">CVE-2020-9359</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-13T16:20:40Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T00:59:53Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-48.xml b/metadata/glsa/glsa-202007-48.xml
new file mode 100644
index 000000000000..d89382e831b1
--- /dev/null
+++ b/metadata/glsa/glsa-202007-48.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-48">
+  <title>OCaml: Arbitrary code execution</title>
+  <synopsis>An integer overflow was discovered in OCaml's standard library,
+    possibly allowing arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ocaml</product>
+  <announced>2020-07-27</announced>
+  <revised count="2">2020-07-27</revised>
+  <bug>719134</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ocaml" auto="yes" arch="*">
+      <unaffected range="ge">4.09.0</unaffected>
+      <vulnerable range="lt">4.09.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OCaml is a high-level, strongly-typed, functional, and object-oriented
+      programming language from the ML family of languages
+    </p>
+  </background>
+  <description>
+    <p>The caml_ba_deserialize function in byterun/bigarray.c in the standard
+      library of OCaml has an integer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OCaml users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ocaml-4.09.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9838">CVE-2018-9838</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:40:49Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T01:25:07Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-49.xml b/metadata/glsa/glsa-202007-49.xml
new file mode 100644
index 000000000000..b49d290f49ff
--- /dev/null
+++ b/metadata/glsa/glsa-202007-49.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-49">
+  <title>Mozilla Network Security Service (NSS): Information disclosure</title>
+  <synopsis>NSS has an information disclosure vulnerability when handling DSA
+    keys.
+  </synopsis>
+  <product type="ebuild">nss</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>726842</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.52.1</unaffected>
+      <vulnerable range="lt">3.52.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Mozilla Network Security Service (NSS) is a library implementing
+      security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
+      #12, S/MIME and X.509 certificates.
+    </p>
+  </background>
+  <description>
+    <p>NSS was found to not always perform constant-time operations when
+      working with DSA key material.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An attacker may be able to obtain information about a DSA private key.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NSS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.52.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12399">CVE-2020-12399</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T16:09:23Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T01:25:27Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-50.xml b/metadata/glsa/glsa-202007-50.xml
new file mode 100644
index 000000000000..850b4d3f9307
--- /dev/null
+++ b/metadata/glsa/glsa-202007-50.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-50">
+  <title>GLib Networking: Improper certificate validation</title>
+  <synopsis>GLib Networking was not properly verifying TLS certificates in all
+    circumstances, possibly allowing an integrity/confidentiality compromise.
+  </synopsis>
+  <product type="ebuild">glib-networking</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>725880</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/glib-networking" auto="yes" arch="*">
+      <unaffected range="ge">2.62.4</unaffected>
+      <vulnerable range="lt">2.62.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Network-related giomodules for glib</p>
+  </background>
+  <description>
+    <p>GTlsClientConnection skips hostname verification of the server’s TLS
+      certificate if the application fails to specify the expected server
+      identity.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>There may be a breach of integrity or confidentiality in connections
+      made using GLib Networking.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GLib Networking users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/glib-networking-2.62.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13645">CVE-2020-13645</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T05:58:10Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T01:34:12Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-51.xml b/metadata/glsa/glsa-202007-51.xml
new file mode 100644
index 000000000000..c31beb155884
--- /dev/null
+++ b/metadata/glsa/glsa-202007-51.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-51">
+  <title>FileZilla: Untrusted search path</title>
+  <synopsis>A vulnerability was found in FileZilla which might allow privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">filezilla</product>
+  <announced>2020-07-27</announced>
+  <revised count="1">2020-07-27</revised>
+  <bug>717726</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/filezilla" auto="yes" arch="*">
+      <unaffected range="ge">3.47.2.1</unaffected>
+      <vulnerable range="lt">3.47.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FileZilla is an open source FTP client.</p>
+  </background>
+  <description>
+    <p>It was discovered that FileZilla uses an untrusted search path.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could use a malicious binary to escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FileZilla users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/filezilla-3.47.2.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5429">CVE-2019-5429</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T05:27:52Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-27T01:36:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-52.xml b/metadata/glsa/glsa-202007-52.xml
new file mode 100644
index 000000000000..ca15b4d4aab7
--- /dev/null
+++ b/metadata/glsa/glsa-202007-52.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-52">
+  <title>mujs: Multiple vulnerabilities
+  </title>
+  <synopsis>Multiple vulnerabilities have been found in mujs, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">mujs</product>
+  <announced>2020-07-28</announced>
+  <revised count="1">2020-07-28</revised>
+  <bug>719248</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/mujs" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6</unaffected>
+      <vulnerable range="lt">1.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mujs is an embeddable Javascript interpreter in C.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mujs. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mujs users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/mujs-"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11411">CVE-2019-11411</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11412">CVE-2019-11412</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11413">CVE-2019-11413</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-27T23:02:41Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-28T19:28:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-53.xml b/metadata/glsa/glsa-202007-53.xml
new file mode 100644
index 000000000000..4a0f3ad7e39f
--- /dev/null
+++ b/metadata/glsa/glsa-202007-53.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-53">
+  <title>Dropbear: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dropbear, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">dropbear</product>
+  <announced>2020-07-28</announced>
+  <revised count="1">2020-07-28</revised>
+  <bug>723848</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dropbear" auto="yes" arch="*">
+      <unaffected range="ge">2020.80</unaffected>
+      <vulnerable range="lt">2020.80</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dropbear is an SSH server and client designed with a small memory
+      footprint.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dropbear. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dropbear users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dropbear-2020.80"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0739">CVE-2018-0739</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12437">CVE-2018-12437</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20685">CVE-2018-20685</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-27T22:58:27Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-28T19:29:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-54.xml b/metadata/glsa/glsa-202007-54.xml
new file mode 100644
index 000000000000..72209c22213f
--- /dev/null
+++ b/metadata/glsa/glsa-202007-54.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-54">
+  <title>rsync: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in rsync, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2020-07-28</announced>
+  <revised count="1">2020-07-28</revised>
+  <bug>728852</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">3.2.0</unaffected>
+      <vulnerable range="lt">3.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>File transfer program to keep remote files into sync.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in rsync (within bundled
+      zlib). Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rsync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-3.2.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-9840">CVE-2016-9840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-9841">CVE-2016-9841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-9842">CVE-2016-9842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-9843">CVE-2016-9843</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-27T22:51:51Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-28T19:29:58Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-55.xml b/metadata/glsa/glsa-202007-55.xml
new file mode 100644
index 000000000000..cb2f337bffdb
--- /dev/null
+++ b/metadata/glsa/glsa-202007-55.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-55">
+  <title>libetpan: Improper STARTTLS handling</title>
+  <synopsis>A vulnerability was discovered in libetpan's STARTTLS handling,
+    possibly allowing an integrity/confidentiality compromise.
+  </synopsis>
+  <product type="ebuild">libetpan</product>
+  <announced>2020-07-28</announced>
+  <revised count="1">2020-07-28</revised>
+  <bug>734130</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libetpan" auto="yes" arch="*">
+      <unaffected range="ge">1.9.4-r1</unaffected>
+      <vulnerable range="lt">1.9.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libetpan is a portable, efficient middleware for different kinds of mail
+      access.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that libetpan was not properly handling state within
+      the STARTTLS protocol handshake.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>There may be a breach of integrity or confidentiality in connections
+      made using libetpan with STARTTLS.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libetpan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libetpan-1.9.4-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15953">CVE-2020-15953</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-27T22:44:41Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-28T19:35:55Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-56.xml b/metadata/glsa/glsa-202007-56.xml
new file mode 100644
index 000000000000..f71973e186f1
--- /dev/null
+++ b/metadata/glsa/glsa-202007-56.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-56">
+  <title>Claws Mail: Improper STARTTLS handling</title>
+  <synopsis>A vulnerability was discovered in Claws Mail's STARTTLS handling,
+    possibly allowing an integrity/confidentiality compromise.
+  </synopsis>
+  <product type="ebuild">claws-mail</product>
+  <announced>2020-07-28</announced>
+  <revised count="1">2020-07-28</revised>
+  <bug>733684</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/claws-mail" auto="yes" arch="*">
+      <unaffected range="ge">3.17.6</unaffected>
+      <vulnerable range="lt">3.17.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Claws Mail is a GTK based e-mail client.</p>
+  </background>
+  <description>
+    <p>It was discovered that Claws Mail was not properly handling state within
+      the STARTTLS protocol handshake.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>There may be a breach of integrity or confidentiality in connections
+      made using Claws Mail with STARTTLS.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Claws Mail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/claws-mail-3.17.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15917">CVE-2020-15917</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-27T16:52:43Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-28T19:36:02Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-57.xml b/metadata/glsa/glsa-202007-57.xml
new file mode 100644
index 000000000000..3c2e72d851ec
--- /dev/null
+++ b/metadata/glsa/glsa-202007-57.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-57">
+  <title>Mutt, Neomutt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mutt and Neomutt, the
+    worst of which could result in an access restriction bypass.
+  </synopsis>
+  <product type="ebuild">mutt,neomutt</product>
+  <announced>2020-07-28</announced>
+  <revised count="1">2020-07-28</revised>
+  <bug>728294</bug>
+  <bug>728302</bug>
+  <bug>728708</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">1.14.4</unaffected>
+      <vulnerable range="lt">1.14.4</vulnerable>
+    </package>
+    <package name="mail-client/neomutt" auto="yes" arch="*">
+      <unaffected range="ge">20200619</unaffected>
+      <vulnerable range="lt">20200619</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+    
+    <p>NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt
+      with added features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mutt and Neomutt.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-1.14.4"
+    </code>
+    
+    <p>All Neomutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/neomutt-20200619"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14093">CVE-2020-14093</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14154">CVE-2020-14154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14954">CVE-2020-14954</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:29:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-28T19:36:11Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-58.xml b/metadata/glsa/glsa-202007-58.xml
new file mode 100644
index 000000000000..5e62fba956d3
--- /dev/null
+++ b/metadata/glsa/glsa-202007-58.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-58">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ffmpeg</product>
+  <announced>2020-07-28</announced>
+  <revised count="1">2020-07-28</revised>
+  <bug>718012</bug>
+  <bug>719940</bug>
+  <bug>727450</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">4.2.4</unaffected>
+      <vulnerable range="lt">4.2.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-4.2.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13312">CVE-2019-13312</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15942">CVE-2019-15942</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12284">CVE-2020-12284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13904">CVE-2020-13904</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14212">CVE-2020-14212</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-27T16:48:41Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-28T19:36:18Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-59.xml b/metadata/glsa/glsa-202007-59.xml
new file mode 100644
index 000000000000..affe1e42944e
--- /dev/null
+++ b/metadata/glsa/glsa-202007-59.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-59">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-07-29</announced>
+  <revised count="1">2020-07-29</revised>
+  <bug>734150</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.105</unaffected>
+      <vulnerable range="lt">84.0.4147.105</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.105</unaffected>
+      <vulnerable range="lt">84.0.4147.105</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-84.0.4147.105"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-84.0.4147.105"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6532">CVE-2020-6532</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6537">CVE-2020-6537</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6538">CVE-2020-6538</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6539">CVE-2020-6539</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6540">CVE-2020-6540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6541">CVE-2020-6541</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-28T20:50:18Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-29T17:23:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-60.xml b/metadata/glsa/glsa-202007-60.xml
new file mode 100644
index 000000000000..5edcdfccdf53
--- /dev/null
+++ b/metadata/glsa/glsa-202007-60.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-60">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-07-30</announced>
+  <revised count="1">2020-07-30</revised>
+  <bug>734324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.11.0</unaffected>
+      <vulnerable range="lt">68.11.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.11.0</unaffected>
+      <vulnerable range="lt">68.11.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.11.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.11.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15652">CVE-2020-15652</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15659">CVE-2020-15659</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6463">CVE-2020-6463</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-28T20:49:41Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-30T03:20:17Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-61.xml b/metadata/glsa/glsa-202007-61.xml
new file mode 100644
index 000000000000..1b54bb27dfc9
--- /dev/null
+++ b/metadata/glsa/glsa-202007-61.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-61">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkitgtk+</product>
+  <announced>2020-07-31</announced>
+  <revised count="1">2020-07-31</revised>
+  <bug>734584</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.28.4</unaffected>
+      <vulnerable range="lt">2.28.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.28.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9862">CVE-2020-9862</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9893">CVE-2020-9893</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9894">CVE-2020-9894</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9895">CVE-2020-9895</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9915">CVE-2020-9915</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9925">CVE-2020-9925</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-29T18:52:03Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-31T17:08:46Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-62.xml b/metadata/glsa/glsa-202007-62.xml
new file mode 100644
index 000000000000..6186762c7c92
--- /dev/null
+++ b/metadata/glsa/glsa-202007-62.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-62">
+  <title>PyCrypto: Weak key generation</title>
+  <synopsis>A flaw in PyCrypto allow remote attackers to obtain sensitive
+    information.
+  </synopsis>
+  <product type="ebuild">pycrypto</product>
+  <announced>2020-07-31</announced>
+  <revised count="1">2020-07-31</revised>
+  <bug>703682</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pycrypto" auto="yes" arch="*">
+      <vulnerable range="le">2.6.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PyCrypto is the Python Cryptography Toolkit.</p>
+  </background>
+  <description>
+    <p>It was discovered that PyCrypto incorrectly generated ElGamal key
+      parameters.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Attackers may be able to obtain sensitive information by reading
+      ciphertext data.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for PyCrypto. We recommend that users
+      unmerge PyCrypto:
+    </p>
+    
+    <p># emerge --unmerge “dev-python/pycrypto”</p>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining PyCrypto have discontinued
+      support at this time. PyCryptodome is the canonical successor to
+      PyCrypto.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6594">CVE-2018-6594</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-30T01:21:33Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-31T17:10:46Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-63.xml b/metadata/glsa/glsa-202007-63.xml
new file mode 100644
index 000000000000..b9966a5a0bfb
--- /dev/null
+++ b/metadata/glsa/glsa-202007-63.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-63">
+  <title>SNMP Trap Translator: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SNMP Trap Translator,
+    the worst of which could allow attackers to execute arbitrary shell code.
+  </synopsis>
+  <product type="ebuild">snmptt</product>
+  <announced>2020-07-31</announced>
+  <revised count="2">2020-08-16</revised>
+  <bug>733478</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/snmptt" auto="yes" arch="*">
+      <unaffected range="ge">1.4.1</unaffected>
+      <vulnerable range="lt">1.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SNMP Trap Translator (SNMPTT) is an SNMP trap handler written in Perl.</p>
+  </background>
+  <description>
+    <p>It was found that SNMP Trap Translator does not drop privileges as
+      configured and does not properly escape shell commands in certain
+      functions.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending a malicious crafted SNMP trap, could
+      possibly execute arbitrary shell code with the privileges of the process
+      or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SNMP Trap Translator users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/snmptt-1.4.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://sourceforge.net/p/snmptt/git/ci/snmptt_1-4-1/tree/snmptt/ChangeLog">
+      SNMPTT 1.4.1 ChangeLog
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24361">CVE-2020-24361</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:27:28Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-16T05:36:38Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-64.xml b/metadata/glsa/glsa-202007-64.xml
new file mode 100644
index 000000000000..1267eab96bc4
--- /dev/null
+++ b/metadata/glsa/glsa-202007-64.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-64">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2020-07-31</announced>
+  <revised count="2">2020-07-31</revised>
+  <bug>734978</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.11.0</unaffected>
+      <vulnerable range="lt">68.11.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.11.0</unaffected>
+      <vulnerable range="lt">68.11.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.11.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.11.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15652">CVE-2020-15652</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15659">CVE-2020-15659</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6463">CVE-2020-6463</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6514">CVE-2020-6514</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/">
+      MFSA-2020-35
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-31T17:27:15Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-31T19:04:30Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202007-65.xml b/metadata/glsa/glsa-202007-65.xml
new file mode 100644
index 000000000000..afb2aede7b0c
--- /dev/null
+++ b/metadata/glsa/glsa-202007-65.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202007-65">
+  <title>libsndfile: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libsndfile, the worst
+    of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libsndfile</product>
+  <announced>2020-07-31</announced>
+  <revised count="1">2020-07-31</revised>
+  <bug>631674</bug>
+  <bug>671834</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsndfile" auto="yes" arch="*">
+      <unaffected range="ge">1.0.29_pre2_p20191024</unaffected>
+      <vulnerable range="lt">1.0.29_pre2_p20191024</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libsndfile is a C library for reading and writing files containing
+      sampled sound.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libsndfile. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libsndfile users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/libsndfile-1.0.29_pre2_p20191024"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14245">CVE-2017-14245</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14246">CVE-2017-14246</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3832">CVE-2019-3832</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-16T01:07:57Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-07-31T19:55:37Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-01.xml b/metadata/glsa/glsa-202008-01.xml
new file mode 100644
index 000000000000..3027067a0ec7
--- /dev/null
+++ b/metadata/glsa/glsa-202008-01.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-01">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2020-08-02</announced>
+  <revised count="1">2020-08-02</revised>
+  <bug>728668</bug>
+  <bug>732498</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.18-r1</unaffected>
+      <unaffected range="ge" slot="3.6">3.6.11-r2</unaffected>
+      <unaffected range="ge" slot="3.7">3.7.8-r2</unaffected>
+      <unaffected range="ge" slot="3.8">3.8.4-r1</unaffected>
+      <vulnerable range="lt" slot="2.7">2.7.18-r1</vulnerable>
+      <vulnerable range="lt" slot="3.6">3.6.11-r2</vulnerable>
+      <vulnerable range="lt" slot="3.7">3.7.8-r2</vulnerable>
+      <vulnerable range="lt" slot="3.8">3.8.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18-r1"
+    </code>
+    
+    <p>All Python 3.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.6.11-r2"
+    </code>
+    
+    <p>All Python 3.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.7.8-r2"
+    </code>
+    
+    <p>All Python 3.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.8.4-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20907">CVE-2019-20907</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14422">CVE-2020-14422</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-31T17:34:38Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-02T03:19:15Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-02.xml b/metadata/glsa/glsa-202008-02.xml
new file mode 100644
index 000000000000..fb25e051732c
--- /dev/null
+++ b/metadata/glsa/glsa-202008-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-02">
+  <title>GNU GLOBAL: Arbitrary code execution</title>
+  <synopsis>A vulnerability in GNU GLOBAL was discovered, possibly allowing
+    remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">global</product>
+  <announced>2020-08-08</announced>
+  <revised count="1">2020-08-08</revised>
+  <bug>646348</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/global" auto="yes" arch="*">
+      <unaffected range="ge">6.6.4</unaffected>
+      <vulnerable range="lt">6.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU GLOBAL is a source code tagging system that works the same way
+      across diverse environments, such as Emacs editor, Vi editor, Less
+      viewer, Bash shell, various web browsers, etc.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was found in an undocumented function of gozilla.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted URL
+      using GNU GLOBAL, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU GLOBAL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-util/global-6.6.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17531">CVE-2017-17531</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-08T02:37:03Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-08T04:17:26Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-03.xml b/metadata/glsa/glsa-202008-03.xml
new file mode 100644
index 000000000000..3aac543e24c9
--- /dev/null
+++ b/metadata/glsa/glsa-202008-03.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-03">
+  <title>Ark: Arbitrary code execution</title>
+  <synopsis>Ark was found to allow arbitrary file overwrite, possibly allowing
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">ark</product>
+  <announced>2020-08-08</announced>
+  <revised count="1">2020-08-08</revised>
+  <bug>734622</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-apps/ark" auto="yes" arch="*">
+      <unaffected range="ge">20.04.3-r1</unaffected>
+      <vulnerable range="lt">20.04.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ark is a graphical file compression/decompression utility with support
+      for multiple formats.
+    </p>
+  </background>
+  <description>
+    <p>A maliciously crafted archive with “../” in the file path(s) could
+      install files anywhere in the user’s home directory upon extraction.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive using Ark, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Avoid opening untrusted archives.</p>
+  </workaround>
+  <resolution>
+    <p>All Ark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/ark-20.04.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16116">CVE-2020-16116</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-08T02:42:50Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-08T04:18:09Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-04.xml b/metadata/glsa/glsa-202008-04.xml
new file mode 100644
index 000000000000..cfae51c02fa5
--- /dev/null
+++ b/metadata/glsa/glsa-202008-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-04">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2020-08-08</announced>
+  <revised count="1">2020-08-08</revised>
+  <bug>736282</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.46</unaffected>
+      <vulnerable range="lt">2.4.46</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.46"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11984">CVE-2020-11984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11985">CVE-2020-11985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11993">CVE-2020-11993</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9490">CVE-2020-9490</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-08T03:51:27Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-08T04:18:18Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-05.xml b/metadata/glsa/glsa-202008-05.xml
new file mode 100644
index 000000000000..bf2114ea11b5
--- /dev/null
+++ b/metadata/glsa/glsa-202008-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-05">
+  <title>gThumb: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in gThumb might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gthumb</product>
+  <announced>2020-08-08</announced>
+  <revised count="1">2020-08-08</revised>
+  <bug>712932</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/gthumb" auto="yes" arch="*">
+      <unaffected range="ge">3.10.0</unaffected>
+      <vulnerable range="lt">3.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>gThumb is an image viewer and browser for GNOME.</p>
+  </background>
+  <description>
+    <p>A heap-based buffer overflow in gThumb’s
+      _cairo_image_surface_create_from_jpeg() function, located in
+      extensions/cairo_io/cairo-image-surface-jpeg.c was discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using gThumb, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gThumb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/gthumb-3.10.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20326">CVE-2019-20326</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-08T01:58:55Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-08T04:18:29Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-06.xml b/metadata/glsa/glsa-202008-06.xml
new file mode 100644
index 000000000000..56806d91c751
--- /dev/null
+++ b/metadata/glsa/glsa-202008-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-06">
+  <title>iproute2: Denial of service</title>
+  <synopsis>A use-after-free was found in iproute2, possibly allowing a Denial
+    of Service condition. 
+  </synopsis>
+  <product type="ebuild">iproute2</product>
+  <announced>2020-08-08</announced>
+  <revised count="1">2020-08-08</revised>
+  <bug>722144</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/iproute2" auto="yes" arch="*">
+      <unaffected range="ge">5.1.0</unaffected>
+      <vulnerable range="lt">5.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>iproute2 is a set of tools for managing Linux network routing and
+      advanced features.
+    </p>
+  </background>
+  <description>
+    <p>iproute2 was found to contain a use-after-free in get_netnsid_from_name
+      in ip/ipnetns.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to feed iproute2 crafted data, may be able to
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All iproute2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/iproute2-5.1.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20795">CVE-2019-20795</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-03T07:01:06Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-08T04:18:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-07.xml b/metadata/glsa/glsa-202008-07.xml
new file mode 100644
index 000000000000..9105017da983
--- /dev/null
+++ b/metadata/glsa/glsa-202008-07.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-07">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-08-12</announced>
+  <revised count="1">2020-08-12</revised>
+  <bug>736659</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.125</unaffected>
+      <vulnerable range="lt">84.0.4147.125</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.125</unaffected>
+      <vulnerable range="lt">84.0.4147.125</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-84.0.4147.125"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-84.0.4147.125"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6542">CVE-2020-6542</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6543">CVE-2020-6543</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6544">CVE-2020-6544</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6545">CVE-2020-6545</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6547">CVE-2020-6547</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6548">CVE-2020-6548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6549">CVE-2020-6549</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6550">CVE-2020-6550</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6551">CVE-2020-6551</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6552">CVE-2020-6552</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6553">CVE-2020-6553</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6554">CVE-2020-6554</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6555">CVE-2020-6555</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-11T22:31:50Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-12T06:05:51Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-08.xml b/metadata/glsa/glsa-202008-08.xml
new file mode 100644
index 000000000000..52d74e694184
--- /dev/null
+++ b/metadata/glsa/glsa-202008-08.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-08">
+  <title>Mozilla Network Security Service (NSS): Multiple vulnerabilities</title>
+  <synopsis>NSS has multiple information disclosure vulnerabilities when
+    handling secret key material.
+  </synopsis>
+  <product type="ebuild">nss</product>
+  <announced>2020-08-19</announced>
+  <revised count="1">2020-08-19</revised>
+  <bug>734986</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.55</unaffected>
+      <vulnerable range="lt">3.55</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Mozilla Network Security Service (NSS) is a library implementing
+      security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
+      #12, S/MIME and X.509 certificates.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NSS. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker may be able to obtain information about secret key material.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NSS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.55"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12400">CVE-2020-12400</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12401">CVE-2020-12401</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12403">CVE-2020-12403</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-15T02:24:22Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-19T11:08:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-09.xml b/metadata/glsa/glsa-202008-09.xml
new file mode 100644
index 000000000000..b70ae35ee79f
--- /dev/null
+++ b/metadata/glsa/glsa-202008-09.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-09">
+  <title>Shadow: Privilege escalation</title>
+  <synopsis>Multiple Shadow utilities were installed with setuid permissions,
+    allowing possible root privilege escalation.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2020-08-25</announced>
+  <revised count="1">2020-08-25</revised>
+  <bug>702252</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.8-r3</unaffected>
+      <vulnerable range="lt">4.8-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Shadow is a set of tools to deal with user accounts.</p>
+  </background>
+  <description>
+    <p>When Shadow was installed with the PAM use flag, setuid binaries
+      provided by Shadow were not properly restricted.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could escalate privileges to root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Shadow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.8-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19882">CVE-2019-19882</uri>
+    <uri link="https://github.com/shadow-maint/shadow/pull/199">Upstream
+      mitigation
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-24T00:55:20Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-25T12:51:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-10.xml b/metadata/glsa/glsa-202008-10.xml
new file mode 100644
index 000000000000..4dd751b4bc8b
--- /dev/null
+++ b/metadata/glsa/glsa-202008-10.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-10">
+  <title>Chromium, Google Chrome: Heap buffer overflow</title>
+  <synopsis>
+    A vulnerablity has been found in Chromium and Google Chrome that could
+    allow a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-08-25</announced>
+  <revised count="1">2020-08-25</revised>
+  <bug>737942</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.135</unaffected>
+      <vulnerable range="lt">84.0.4147.135</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.135</unaffected>
+      <vulnerable range="lt">84.0.4147.135</vulnerable>
+    </package>
+  </affected>
+  <background>
+    
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow has been discovered in Chromium and Google Chrome’s
+      SwiftShader component.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to visit a specially crafted
+      website, could execute arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-84.0.4147.135"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-84.0.4147.135"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6556">CVE-2020-6556</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-24T00:46:35Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-25T12:53:21Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-11.xml b/metadata/glsa/glsa-202008-11.xml
new file mode 100644
index 000000000000..41360a2feaa9
--- /dev/null
+++ b/metadata/glsa/glsa-202008-11.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-11">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>738998</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">85.0.4183.83</unaffected>
+      <vulnerable range="lt">85.0.4183.83</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">85.0.4183.83</unaffected>
+      <vulnerable range="lt">85.0.4183.83</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-85.0.4183.83"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-85.0.4183.83"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6559">CVE-2020-6559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6560">CVE-2020-6560</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6561">CVE-2020-6561</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6562">CVE-2020-6562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6563">CVE-2020-6563</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6564">CVE-2020-6564</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6565">CVE-2020-6565</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6566">CVE-2020-6566</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6567">CVE-2020-6567</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6568">CVE-2020-6568</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6569">CVE-2020-6569</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6570">CVE-2020-6570</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6571">CVE-2020-6571</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T22:23:14Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:30:54Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-12.xml b/metadata/glsa/glsa-202008-12.xml
new file mode 100644
index 000000000000..cdcf07b1438c
--- /dev/null
+++ b/metadata/glsa/glsa-202008-12.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-12">
+  <title>Net-SNMP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Net-SNMP, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">Net-SNMP</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>729610</bug>
+  <bug>734994</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.8.1_pre1</unaffected>
+      <vulnerable range="lt">5.8.1_pre1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Net-SNMP bundles software for generating and retrieving SNMP data.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Net-SNMP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Net-SNMP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/net-snmp-5.8.1_pre1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20892">CVE-2019-20892</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15861">CVE-2020-15861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15862">CVE-2020-15862</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-24T01:05:52Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:31:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-13.xml b/metadata/glsa/glsa-202008-13.xml
new file mode 100644
index 000000000000..a55d62208320
--- /dev/null
+++ b/metadata/glsa/glsa-202008-13.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-13">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>737032</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.5">9.5.23</unaffected>
+      <unaffected range="ge" slot="9.6">9.6.19</unaffected>
+      <unaffected range="ge" slot="10">10.14</unaffected>
+      <unaffected range="ge" slot="11">11.9</unaffected>
+      <unaffected range="ge" slot="12">12.4</unaffected>
+      <vulnerable range="lt" slot="9.5">9.5.23</vulnerable>
+      <vulnerable range="lt" slot="9.6">9.6.19</vulnerable>
+      <vulnerable range="lt" slot="10">10.14</vulnerable>
+      <vulnerable range="lt" slot="11">11.9</vulnerable>
+      <vulnerable range="lt" slot="12">12.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.23:9.5"
+    </code>
+    
+    <p>All PostgreSQL 9.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.19:9.6"
+    </code>
+    
+    <p>All PostgreSQL 10 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.14:10"
+    </code>
+    
+    <p>All PostgreSQL 11 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-11.9:11"
+    </code>
+    
+    <p>All PostgreSQL 12 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-12.4:12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14349">CVE-2020-14349</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14350">CVE-2020-14350</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-24T15:56:48Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:32:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-14.xml b/metadata/glsa/glsa-202008-14.xml
new file mode 100644
index 000000000000..e7a8b15cd1c8
--- /dev/null
+++ b/metadata/glsa/glsa-202008-14.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-14">
+  <title>Wireshark: Denial of service</title>
+  <synopsis>A vulnerability in Wireshark could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>736914</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">3.2.6</unaffected>
+      <vulnerable range="lt">3.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>A double free error was discovered in Wireshark’s Kafka dissector.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit these vulnerabilities by sending a
+      malformed packet or enticing a user to read a malformed packet trace
+      file, causing a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-3.2.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17498">CVE-2020-17498</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-26T14:35:43Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:33:02Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-15.xml b/metadata/glsa/glsa-202008-15.xml
new file mode 100644
index 000000000000..20e4c75b7c10
--- /dev/null
+++ b/metadata/glsa/glsa-202008-15.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-15">
+  <title>Docker: Information disclosure</title>
+  <synopsis>A flaw in Docker allowed possible information leakage.</synopsis>
+  <product type="ebuild">docker</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>729208</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/docker" auto="yes" arch="*">
+      <unaffected range="ge">19.03.12</unaffected>
+      <vulnerable range="lt">19.03.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Docker is the world’s leading software containerization platform.</p>
+  </background>
+  <description>
+    <p>It was found that Docker created network bridges which by default accept
+      IPv6 router advertisements.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker who gained access to a container with CAP_NET_RAW capability
+      may be able to to spoof router advertisements, resulting in information
+      disclosure or denial of service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Docker users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/docker-19.03.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13401">CVE-2020-13401</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-26T14:40:16Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:33:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-16.xml b/metadata/glsa/glsa-202008-16.xml
new file mode 100644
index 000000000000..7ffbf3730c6c
--- /dev/null
+++ b/metadata/glsa/glsa-202008-16.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-16">
+  <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Mozilla Thunderbird, the worst of which could result in the arbitrary
+    execution of code.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird</product>
+  <announced>2020-08-27</announced>
+  <revised count="1">2020-08-27</revised>
+  <bug>739006</bug>
+  <bug>739164</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.12.0</unaffected>
+      <vulnerable range="lt">68.12.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.12.0</unaffected>
+      <vulnerable range="lt">68.12.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.12.0</unaffected>
+      <vulnerable range="lt">68.12.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.12.0</unaffected>
+      <vulnerable range="lt">68.12.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+    
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Mozilla Thunderbird. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.12.0"
+    </code>
+    
+    <p>All Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.12.0"
+    </code>
+    
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.12.0"
+    </code>
+    
+    <p>All Thunderbird binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.12.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15664">CVE-2020-15664</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15669">CVE-2020-15669</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/">
+      Upstream advisory (MFSA-2020-37)
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/">
+      Upstream advisory (MFSA-2020-38)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T22:21:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-27T00:54:51Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-17.xml b/metadata/glsa/glsa-202008-17.xml
new file mode 100644
index 000000000000..dc913a9dec8d
--- /dev/null
+++ b/metadata/glsa/glsa-202008-17.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-17">
+  <title>Redis: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Redis, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2020-08-27</announced>
+  <revised count="1">2020-08-27</revised>
+  <bug>633824</bug>
+  <bug>724776</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">5.0.9</unaffected>
+      <vulnerable range="lt">5.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Redis. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-5.0.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15047">CVE-2017-15047</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14147">CVE-2020-14147</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:46:59Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-27T23:54:53Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-18.xml b/metadata/glsa/glsa-202008-18.xml
new file mode 100644
index 000000000000..5989b06e8b6e
--- /dev/null
+++ b/metadata/glsa/glsa-202008-18.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-18">
+  <title>X.Org X11 library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.org X11 library, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">xorg x11 library</product>
+  <announced>2020-08-27</announced>
+  <revised count="1">2020-08-27</revised>
+  <bug>734974</bug>
+  <bug>738984</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-libs/libX11" auto="yes" arch="*">
+      <unaffected range="ge">1.6.12</unaffected>
+      <vulnerable range="lt">1.6.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org is an implementation of the X Window System. The X.Org X11 library
+      provides the X11 protocol library files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.org X11 library.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.org X11 library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libX11-1.6.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14344">CVE-2020-14344</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14363">CVE-2020-14363</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T22:22:34Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-27T23:55:44Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-19.xml b/metadata/glsa/glsa-202008-19.xml
new file mode 100644
index 000000000000..c19d5d126c5e
--- /dev/null
+++ b/metadata/glsa/glsa-202008-19.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-19">
+  <title>BIND: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2020-08-29</announced>
+  <revised count="1">2020-08-29</revised>
+  <bug>738250</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.16.6</unaffected>
+      <vulnerable range="lt">9.16.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BIND users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.16.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8620">CVE-2020-8620</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8621">CVE-2020-8621</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8622">CVE-2020-8622</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8623">CVE-2020-8623</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8624">CVE-2020-8624</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-29T20:46:51Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-29T22:10:45Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-20.xml b/metadata/glsa/glsa-202008-20.xml
new file mode 100644
index 000000000000..58f28b0be441
--- /dev/null
+++ b/metadata/glsa/glsa-202008-20.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-20">
+  <title>GPL Ghostscript: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ghostscript</product>
+  <announced>2020-08-29</announced>
+  <revised count="1">2020-08-29</revised>
+  <bug>734322</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">9.52</unaffected>
+      <vulnerable range="lt">9.52</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-9.52"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15900">CVE-2020-15900</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16287">CVE-2020-16287</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16288">CVE-2020-16288</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16289">CVE-2020-16289</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16290">CVE-2020-16290</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16291">CVE-2020-16291</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16292">CVE-2020-16292</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16293">CVE-2020-16293</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16294">CVE-2020-16294</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16295">CVE-2020-16295</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16296">CVE-2020-16296</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16297">CVE-2020-16297</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16298">CVE-2020-16298</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16299">CVE-2020-16299</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16300">CVE-2020-16300</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16301">CVE-2020-16301</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16302">CVE-2020-16302</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16303">CVE-2020-16303</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16304">CVE-2020-16304</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16305">CVE-2020-16305</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16306">CVE-2020-16306</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16307">CVE-2020-16307</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16308">CVE-2020-16308</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16309">CVE-2020-16309</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16310">CVE-2020-16310</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17538">CVE-2020-17538</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-29T18:24:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-29T22:11:16Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-21.xml b/metadata/glsa/glsa-202008-21.xml
new file mode 100644
index 000000000000..95b86052c097
--- /dev/null
+++ b/metadata/glsa/glsa-202008-21.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-21">
+  <title>Kleopatra: Remote code execution</title>
+  <synopsis>A vulnerability in Kleopatra allows arbitrary execution of code.</synopsis>
+  <product type="ebuild">kleopatra</product>
+  <announced>2020-08-30</announced>
+  <revised count="1">2020-08-30</revised>
+  <bug>739556</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="kde-apps/kleopatra" auto="yes" arch="*">
+      <unaffected range="ge">20.04.3-r1</unaffected>
+      <vulnerable range="lt">20.04.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Kleopatra is a certificate manager and a universal crypto GUI. It
+      supports managing X.509 and OpenPGP certificates in the GpgSM keybox and
+      retrieving certificates from LDAP servers.
+    </p>
+  </background>
+  <description>
+    <p>Kleopatra did not safely escape command line parameters provided by
+      URLs, which it configures itself to handle.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted URL
+      via openpgp4fpr handler, possibly resulting in execution of arbitrary
+      code with the privileges of the process, or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Kleopatra users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/kleopatra-20.04.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24972">CVE-2020-24972</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-30T18:54:35Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-30T21:04:03Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-22.xml b/metadata/glsa/glsa-202008-22.xml
new file mode 100644
index 000000000000..acef962fdfde
--- /dev/null
+++ b/metadata/glsa/glsa-202008-22.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-22">
+  <title>targetcli-fb: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in targetcli-fb, the worst
+    of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">targetcli-fb</product>
+  <announced>2020-08-30</announced>
+  <revised count="1">2020-08-30</revised>
+  <bug>736086</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-block/targetcli-fb" auto="yes" arch="*">
+      <unaffected range="ge">2.1.53</unaffected>
+      <vulnerable range="lt">2.1.53</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tool for managing the Linux LIO kernel target.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in targetcli-fb. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All targetcli-fb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-block/targetcli-fb-2.1.53"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10699">CVE-2020-10699</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13867">CVE-2020-13867</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-29T02:17:40Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-30T21:08:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-23.xml b/metadata/glsa/glsa-202008-23.xml
new file mode 100644
index 000000000000..c4ea9bb57133
--- /dev/null
+++ b/metadata/glsa/glsa-202008-23.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-23">
+  <title>chrony: Symlink vulnerability</title>
+  <synopsis>A vulnerability in chrony may allow a privileged attacker to cause
+    data loss via a symlink.
+  </synopsis>
+  <product type="ebuild">chrony</product>
+  <announced>2020-08-30</announced>
+  <revised count="1">2020-08-30</revised>
+  <bug>738154</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/chrony" auto="yes" arch="*">
+      <unaffected range="ge">3.5.1</unaffected>
+      <vulnerable range="lt">3.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>chrony is a versatile implementation of the Network Time Protocol (NTP).</p>
+  </background>
+  <description>
+    <p>It was found that chrony did not check whether its PID file was a
+      symlink.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attack(s) to overwrite arbitrary
+      files with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All chrony users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/chrony-3.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14367">CVE-2020-14367</uri>
+    <uri link="https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html">
+      chrony-3.5.1 release announcement
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T23:32:37Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-30T21:09:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-24.xml b/metadata/glsa/glsa-202008-24.xml
new file mode 100644
index 000000000000..a8c11cd49f78
--- /dev/null
+++ b/metadata/glsa/glsa-202008-24.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-24">
+  <title>OpenJDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJDK, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openjdk</product>
+  <announced>2020-08-30</announced>
+  <revised count="1">2020-08-30</revised>
+  <bug>732624</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/openjdk" auto="yes" arch="*">
+      <unaffected range="ge" slot="8">8.262_p01</unaffected>
+      <vulnerable range="lt" slot="8">8.262_p01</vulnerable>
+    </package>
+    <package name="dev-java/openjdk-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="8">8.262_p01</unaffected>
+      <vulnerable range="lt" slot="8">8.262_p01</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJDK is a free and open-source implementation of the Java Platform,
+      Standard Edition.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJDK. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-8.262_p01"
+    </code>
+    
+    <p>All OpenJDK binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-bin-8.262_p01"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14556">CVE-2020-14556</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14562">CVE-2020-14562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14573">CVE-2020-14573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14578">CVE-2020-14578</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14579">CVE-2020-14579</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14583">CVE-2020-14583</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14593">CVE-2020-14593</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14621">CVE-2020-14621</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-26T14:46:09Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-30T21:12:11Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-01.xml b/metadata/glsa/glsa-202009-01.xml
new file mode 100644
index 000000000000..0bb5e7ea2a7c
--- /dev/null
+++ b/metadata/glsa/glsa-202009-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-01">
+  <title>GnuTLS: Denial of service</title>
+  <synopsis>A flaw was found in GnuTLS, possibly allowing a Denial of Service
+    condition. 
+  </synopsis>
+  <product type="ebuild">gnutls</product>
+  <announced>2020-09-06</announced>
+  <revised count="1">2020-09-06</revised>
+  <bug>740390</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/gnutls" auto="yes" arch="*">
+      <unaffected range="ge">3.6.15</unaffected>
+      <vulnerable range="lt">3.6.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GnuTLS is an Open Source implementation of the TLS and SSL protocols.</p>
+  </background>
+  <description>
+    <p>It was found that GnuTLS didn’t handle “no_renegotiation” alert
+      properly.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to connect to a malicious TLS
+      endpoint using an application linked against GnuTLS, possibly resulting
+      in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuTLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-3.6.15"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24659">CVE-2020-24659</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-05T22:09:30Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-09-06T00:19:19Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-02.xml b/metadata/glsa/glsa-202009-02.xml
new file mode 100644
index 000000000000..72f3601248a3
--- /dev/null
+++ b/metadata/glsa/glsa-202009-02.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-02">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
+    which could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2020-09-06</announced>
+  <revised count="1">2020-09-06</revised>
+  <bug>736617</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.3.11.3</unaffected>
+      <vulnerable range="lt">2.3.11.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>It was discovered that Dovecot incorrectly handled deeply nested MIME
+      parts, incorrectly handled memory when using NTLM, and incorrectly
+      handled zero-length messages.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted mail or send specially
+      crafted authentication requests possibly resulting in a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.11.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12100">CVE-2020-12100</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12673">CVE-2020-12673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12674">CVE-2020-12674</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-06T00:07:17Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-06T00:20:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-03.xml b/metadata/glsa/glsa-202009-03.xml
new file mode 100644
index 000000000000..fe967a8a1eb8
--- /dev/null
+++ b/metadata/glsa/glsa-202009-03.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-03">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-09-10</announced>
+  <revised count="1">2020-09-10</revised>
+  <bug>741312</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">85.0.4183.102</unaffected>
+      <vulnerable range="lt">85.0.4183.102</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">85.0.4183.102</unaffected>
+      <vulnerable range="lt">85.0.4183.102</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-85.0.4183.102"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-85.0.4183.102"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15959">CVE-2020-15959</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6573">CVE-2020-6573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6575">CVE-2020-6575</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6576">CVE-2020-6576</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-08T19:09:18Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-09-10T00:02:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-04.xml b/metadata/glsa/glsa-202009-04.xml
new file mode 100644
index 000000000000..c3a3e40d2dba
--- /dev/null
+++ b/metadata/glsa/glsa-202009-04.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-04">
+  <title>Qt GUI: Buffer overflow</title>
+  <synopsis>Qt GUI has a buffer overflow with unspecified impact.</synopsis>
+  <product type="ebuild">qtgui</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>736924</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-qt/qtgui" auto="yes" arch="*">
+      <unaffected range="ge">5.14.2-r1</unaffected>
+      <vulnerable range="lt">5.14.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GUI module and platform plugins for the Qt5 framework.</p>
+  </background>
+  <description>
+    <p>It was discovered that Qt GUI’s XBM parser did not properly handle X
+      BitMap files.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Qt GUI users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtgui-5.14.2-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17507">CVE-2020-17507</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-13T22:36:51Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:24:26Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-05.xml b/metadata/glsa/glsa-202009-05.xml
new file mode 100644
index 000000000000..6ae334f3e7dd
--- /dev/null
+++ b/metadata/glsa/glsa-202009-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-05">
+  <title>GStreamer RTSP Server: Denial of service</title>
+  <synopsis>A vulnerability in GStreamer RTSP Server could lead to a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">gst-rtsp-server</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>715100</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/gst-rtsp-server" auto="yes" arch="*">
+      <unaffected range="ge">1.16.2</unaffected>
+      <vulnerable range="lt">1.16.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RTSP server library based on GStreamer.</p>
+  </background>
+  <description>
+    <p>It was discovered that GStreamer RTSP Server did not properly handle
+      authentication.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending specially crafted authentication requests,
+      could possibly cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GStreamer RTSP Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-rtsp-server-1.16.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6095">CVE-2020-6095</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-13T22:27:11Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:24:44Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-06.xml b/metadata/glsa/glsa-202009-06.xml
new file mode 100644
index 000000000000..4b5a2bdb6342
--- /dev/null
+++ b/metadata/glsa/glsa-202009-06.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-06">
+  <title>GNOME File Roller: Directory traversal</title>
+  <synopsis>A vulnerability in GNOME File Roller could lead to a directory
+    traversal attack.
+  </synopsis>
+  <product type="ebuild">file-roller</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>717362</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/file-roller" auto="yes" arch="*">
+      <unaffected range="ge">3.36.3</unaffected>
+      <vulnerable range="lt">3.36.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>File Roller is an archive manager for the GNOME desktop environment.</p>
+  </background>
+  <description>
+    <p>It was discovered that GNOME File Roller incorrectly handled symlinks.</p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNOME File Roller users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/file-roller-3.36.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11736">CVE-2020-11736</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-13T22:21:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:25:31Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-07.xml b/metadata/glsa/glsa-202009-07.xml
new file mode 100644
index 000000000000..7722f7890932
--- /dev/null
+++ b/metadata/glsa/glsa-202009-07.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-07">
+  <title>Perl DBI: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Perl module DBI,
+    the worst of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">dbi</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>732636</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-perl/DBI" auto="yes" arch="*">
+      <unaffected range="ge">1.643.0</unaffected>
+      <vulnerable range="lt">1.643.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A database access module for the Perl programming language.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Perl module DBI.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl DBI module users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-perl/DBI-1.643.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14392">CVE-2020-14392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14393">CVE-2020-14393</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-13T21:54:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:26:05Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-08.xml b/metadata/glsa/glsa-202009-08.xml
new file mode 100644
index 000000000000..f95557751113
--- /dev/null
+++ b/metadata/glsa/glsa-202009-08.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-08">
+  <title>GNOME Shell: Information disclosure</title>
+  <synopsis>An information disclosure vulnerability in GNOME Shell might allow
+    local attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">gnome-shell</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>736802</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/gnome-shell" auto="yes" arch="*">
+      <unaffected range="ge">3.34.5-r1</unaffected>
+      <vulnerable range="lt">3.34.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNOME Shell provides core user interface functions for the GNOME 3
+      desktop, like switching to windows and launching applications.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that GNOME Shell incorrectly handled the login screen
+      password dialog.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNOME Shell users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=gnome-base/gnome-shell-3.34.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17489">CVE-2020-17489</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-13T22:02:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:26:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-09.xml b/metadata/glsa/glsa-202009-09.xml
new file mode 100644
index 000000000000..4716f54af843
--- /dev/null
+++ b/metadata/glsa/glsa-202009-09.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-09">
+  <title>Nextcloud Desktop Sync client: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Nextcloud Desktop Sync
+    client, the worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nextcloud-client</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>736649</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/nextcloud-client" auto="yes" arch="*">
+      <unaffected range="ge">2.6.5</unaffected>
+      <vulnerable range="lt">2.6.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nextcloud Desktop Sync client can synchronize one or more directories to
+      Nextcloud server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync
+      client. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nextcloud Desktop Sync client users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/nextcloud-client-2.6.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8189">CVE-2020-8189</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8224">CVE-2020-8224</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8227">CVE-2020-8227</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-12T20:28:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:26:38Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-10.xml b/metadata/glsa/glsa-202009-10.xml
new file mode 100644
index 000000000000..3ff0e04b3374
--- /dev/null
+++ b/metadata/glsa/glsa-202009-10.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-10">
+  <title>PHP: Denial of service</title>
+  <synopsis>A vulnerabilities in PHP could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">PHP</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>736158</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge" slot="7.2">7.2.33</unaffected>
+      <unaffected range="ge" slot="7.3">7.3.21</unaffected>
+      <unaffected range="ge" slot="7.4">7.4.9</unaffected>
+      <vulnerable range="lt" slot="7.2">7.2.33</vulnerable>
+      <vulnerable range="lt" slot="7.3">7.3.21</vulnerable>
+      <vulnerable range="lt" slot="7.4">7.4.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is an open source general-purpose scripting language that is
+      especially suited for web development.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that PHP did not properly handle PHAR files.</p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted PHAR
+      file using PHP, possibly allowing attacker to obtain sensitive
+      information or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 7.2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.2.33"
+    </code>
+    
+    <p>All PHP 7.3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.3.21"
+    </code>
+    
+    <p>All PHP 7.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.4.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7068">CVE-2020-7068</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-12T20:12:49Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:26:59Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-11.xml b/metadata/glsa/glsa-202009-11.xml
new file mode 100644
index 000000000000..0db2968196ad
--- /dev/null
+++ b/metadata/glsa/glsa-202009-11.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-11">
+  <title>ProFTPD: Denial of service</title>
+  <synopsis>A vulnerability in ProFTPD could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>733376</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.7a</unaffected>
+      <vulnerable range="lt">1.3.7a</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ProFTPD is an advanced and very configurable FTP server.</p>
+  </background>
+  <description>
+    <p>It was found that ProFTPD did not properly handle invalid SCP commands.</p>
+  </description>
+  <impact type="low">
+    <p>An authenticated remote attacker could issue invalid SCP commands,
+      possibly resulting in  a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ProFTPD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.3.7a"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://github.com/proftpd/proftpd/issues/1043">Invalid SCP
+      command leads to null pointer dereference
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-12T20:04:18Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:27:17Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-12.xml b/metadata/glsa/glsa-202009-12.xml
new file mode 100644
index 000000000000..a29860260437
--- /dev/null
+++ b/metadata/glsa/glsa-202009-12.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-12">
+  <title>ZeroMQ: Denial of service</title>
+  <synopsis>A vulnerability in ZeroMQ could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">zeromq</product>
+  <announced>2020-09-13</announced>
+  <revised count="1">2020-09-13</revised>
+  <bug>740574</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/zeromq" auto="yes" arch="*">
+      <unaffected range="ge">4.3.3</unaffected>
+      <vulnerable range="lt">4.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Looks like an embeddable networking library but acts like a concurrency
+      framework.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that ZeroMQ does not properly handle connecting peers
+      before a handshake is completed.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker able to connect to a ZeroMQ endpoint,
+      even with CURVE encryption/authentication enabled, can cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZeroMQ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/zeromq-4.3.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15166">CVE-2020-15166</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-12T19:44:05Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-09-13T23:27:38Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-13.xml b/metadata/glsa/glsa-202009-13.xml
new file mode 100644
index 000000000000..163c6c7718e7
--- /dev/null
+++ b/metadata/glsa/glsa-202009-13.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-13">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromiun and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-09-29</announced>
+  <revised count="1">2020-09-29</revised>
+  <bug>744007</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">85.0.4183.121</unaffected>
+      <vulnerable range="lt">85.0.4183.121</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">85.0.4183.121</unaffected>
+      <vulnerable range="lt">85.0.4183.121</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-85.0.4183.121"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-85.0.4183.121"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15960">CVE-2020-15960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15961">CVE-2020-15961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15962">CVE-2020-15962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15963">CVE-2020-15963</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15964">CVE-2020-15964</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15965">CVE-2020-15965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15966">CVE-2020-15966</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-23T03:40:44Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-09-29T18:05:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-14.xml b/metadata/glsa/glsa-202009-14.xml
new file mode 100644
index 000000000000..e7f29aeae16a
--- /dev/null
+++ b/metadata/glsa/glsa-202009-14.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-14">
+  <title>Xen: Buffer overflow</title>
+  <synopsis>A buffer overflow in Xen might allow remote attacker(s) to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2020-09-29</announced>
+  <revised count="1">2020-09-29</revised>
+  <bug>738040</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.13.1-r3</unaffected>
+      <vulnerable range="lt">4.13.1-r3</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.13.1-r3</unaffected>
+      <vulnerable range="lt">4.13.1-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>An out-of-bounds read/write access issue was found in the USB emulator
+      when using QEMU.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.13.1-r3"
+    </code>
+    
+    <p>All Xen tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.13.1-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14364">CVE-2020-14364</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-335.html">XSA-335</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-23T03:24:25Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-09-29T18:05:39Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-15.xml b/metadata/glsa/glsa-202009-15.xml
new file mode 100644
index 000000000000..8fb1616dfeff
--- /dev/null
+++ b/metadata/glsa/glsa-202009-15.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-15">
+  <title>libuv: Buffer overflow</title>
+  <synopsis>A buffer overflow in libuv might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libuv</product>
+  <announced>2020-09-29</announced>
+  <revised count="1">2020-09-29</revised>
+  <bug>742890</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libuv" auto="yes" arch="*">
+      <unaffected range="ge">1.39.0</unaffected>
+      <vulnerable range="lt">1.39.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libuv is a multi-platform support library with a focus on asynchronous
+      I/O.
+    </p>
+  </background>
+  <description>
+    <p>libuv used an incorrect buffer size for paths, causing a buffer
+      overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libuv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libuv-1.39.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8252">CVE-2020-8252</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-23T13:49:20Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-09-29T18:05:50Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-16.xml b/metadata/glsa/glsa-202009-16.xml
new file mode 100644
index 000000000000..f58afe91c747
--- /dev/null
+++ b/metadata/glsa/glsa-202009-16.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-16">
+  <title>LinuxCIFS: Shell injection</title>
+  <synopsis>A vulnerability in LinuxCIFS may allow a remote code execution via
+    a command line option.
+  </synopsis>
+  <product type="ebuild">LinuxCIFS</product>
+  <announced>2020-09-29</announced>
+  <revised count="1">2020-09-29</revised>
+  <bug>743211</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/cifs-utils" auto="yes" arch="*">
+      <unaffected range="ge">6.11</unaffected>
+      <vulnerable range="lt">6.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The LinuxCIFS utils are a collection of tools for managing Linux CIFS
+      Client Filesystems.
+    </p>
+  </background>
+  <description>
+    <p>The mount.cifs utility had a shell injection issue where one can embed
+      shell commands via the username mount option. Those commands will be run
+      via popen() in the context of the user calling mount.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to use a specially crafted
+      argument using mount.cifs, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LinuxCIFS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/cifs-utils-6.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14342">CVE-2020-14342</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-20T13:02:21Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-09-29T18:06:06Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-17.xml b/metadata/glsa/glsa-202009-17.xml
new file mode 100644
index 000000000000..408f401fbb95
--- /dev/null
+++ b/metadata/glsa/glsa-202009-17.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-17">
+  <title>gpsd: Arbitrary code execution</title>
+  <synopsis>A vulnerability in gpsd could allow remote code execution.</synopsis>
+  <product type="ebuild">gpsd</product>
+  <announced>2020-09-29</announced>
+  <revised count="1">2020-09-29</revised>
+  <bug>743766</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sci-geosciences/gpsd" auto="yes" arch="*">
+      <unaffected range="ge">3.18</unaffected>
+      <vulnerable range="lt">3.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>gpsd is a GPS daemon and library for USB/serial GPS devices and
+      GPS/mapping clients.
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow was discovered in gpsd on port 2947/TCP or
+      crafted JSON inputs.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gpsd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sci-geosciences/gpsd-3.18"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17937">CVE-2018-17937</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-25T20:46:53Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-09-29T18:06:31Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202009-18.xml b/metadata/glsa/glsa-202009-18.xml
new file mode 100644
index 000000000000..024a1e62ea62
--- /dev/null
+++ b/metadata/glsa/glsa-202009-18.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202009-18">
+  <title>Bitcoin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Bitcoin, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">bitcoin</product>
+  <announced>2020-09-30</announced>
+  <revised count="1">2020-09-30</revised>
+  <bug>711198</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-p2p/bitcoind" auto="yes" arch="*">
+      <unaffected range="ge">0.20.1</unaffected>
+      <vulnerable range="lt">0.20.1</vulnerable>
+    </package>
+    <package name="net-p2p/bitcoin-qt" auto="yes" arch="*">
+      <unaffected range="ge">0.20.1</unaffected>
+      <vulnerable range="lt">0.20.1</vulnerable>
+    </package>
+    <package name="net-p2p/bitcoin-cli" auto="yes" arch="*">
+      <unaffected range="ge">0.20.1</unaffected>
+      <vulnerable range="lt">0.20.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bitcoin Core consists of both “full-node” software for fully
+      validating the blockchain as well as a bitcoin wallet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Bitcoin. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All bitcoind users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-p2p/bitcoind-0.20.1"
+    </code>
+    
+    <p>All bitcoin-qt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-p2p/bitcoin-qt-0.20.1"
+    </code>
+    
+    <p>All bitcoin-cli users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-p2p/bitcoin-cli-0.20.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15947">CVE-2019-15947</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14198">CVE-2020-14198</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-09-18T00:17:00Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-09-30T00:20:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-01.xml b/metadata/glsa/glsa-202010-01.xml
new file mode 100644
index 000000000000..855bac0279af
--- /dev/null
+++ b/metadata/glsa/glsa-202010-01.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-01">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium, google-chrome</product>
+  <announced>2020-10-17</announced>
+  <revised count="1">2020-10-17</revised>
+  <bug>747013</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.75</unaffected>
+      <vulnerable range="lt">86.0.4240.75</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.75</unaffected>
+      <vulnerable range="lt">86.0.4240.75</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-86.0.4240.75"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-86.0.4240.75"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15967">CVE-2020-15967</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15968">CVE-2020-15968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15969">CVE-2020-15969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15970">CVE-2020-15970</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15971">CVE-2020-15971</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15972">CVE-2020-15972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15973">CVE-2020-15973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15974">CVE-2020-15974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15975">CVE-2020-15975</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15976">CVE-2020-15976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15977">CVE-2020-15977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15978">CVE-2020-15978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15979">CVE-2020-15979</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15980">CVE-2020-15980</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15981">CVE-2020-15981</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15982">CVE-2020-15982</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15983">CVE-2020-15983</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15984">CVE-2020-15984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15985">CVE-2020-15985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15986">CVE-2020-15986</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15987">CVE-2020-15987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15988">CVE-2020-15988</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15989">CVE-2020-15989</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15990">CVE-2020-15990</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15991">CVE-2020-15991</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15992">CVE-2020-15992</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6557">CVE-2020-6557</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-08T02:31:49Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-17T09:03:37Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-02.xml b/metadata/glsa/glsa-202010-02.xml
new file mode 100644
index 000000000000..e67ad5cb8917
--- /dev/null
+++ b/metadata/glsa/glsa-202010-02.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-02">
+  <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Mozilla Thunderbird, the worst of which could result in the arbitrary
+    execution of code.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird</product>
+  <announced>2020-10-17</announced>
+  <revised count="1">2020-10-17</revised>
+  <bug>744208</bug>
+  <bug>745432</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">81.0</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.3.0</unaffected>
+      <vulnerable range="lt">81.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">81.0</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.3.0</unaffected>
+      <vulnerable range="lt">81.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.3.1</unaffected>
+      <vulnerable range="lt">78.3.1</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.3.1</unaffected>
+      <vulnerable range="lt">78.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+    
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Mozilla Thunderbird. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-81.0"
+    </code>
+    
+    <p>All Mozilla Firefox (bin) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-81.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.3.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.3.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.3.1"
+    </code>
+    
+    <p>All Mozilla Thunderbird (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15673">CVE-2020-15673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15676">CVE-2020-15676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15677">CVE-2020-15677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15678">CVE-2020-15678</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/">
+      Mozilla Foundation Security Advisory 2020-43
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/">
+      Mozilla Foundation Security Advisory 2020-44
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-03T20:27:12Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-17T09:03:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-03.xml b/metadata/glsa/glsa-202010-03.xml
new file mode 100644
index 000000000000..192d449c539a
--- /dev/null
+++ b/metadata/glsa/glsa-202010-03.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-03">
+  <title>libjpeg-turbo: Information disclosure</title>
+  <synopsis>An information disclosure vulnerability in libjpeg-turbo allow
+    remote attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">libjpeg-turbo</product>
+  <announced>2020-10-20</announced>
+  <revised count="1">2020-10-20</revised>
+  <bug>727010</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/0.1">1.5.3-r3</unaffected>
+      <unaffected range="ge" slot="0/0.2">2.0.4-r1</unaffected>
+      <vulnerable range="lt">2.0.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.</p>
+  </background>
+  <description>
+    <p>It was discovered that libjpeg-turbo incorrectly handled certain PPM
+      files.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted PPM
+      file using an application linked against libjpeg-turbo, possibly allowing
+      attacker to obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libjpeg-turbo 1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/libjpeg-turbo-1.5.3-r3:0/0.1"
+    </code>
+    
+    <p>All libjpeg-turbo 2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/libjpeg-turbo-2.0.4-r1:0/0.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13790">CVE-2020-13790</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-08T04:33:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-20T10:43:26Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-04.xml b/metadata/glsa/glsa-202010-04.xml
new file mode 100644
index 000000000000..78c3523463bb
--- /dev/null
+++ b/metadata/glsa/glsa-202010-04.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-04">
+  <title>libxml2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libxml2, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2020-10-20</announced>
+  <revised count="1">2020-10-20</revised>
+  <bug>710748</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.10</unaffected>
+      <vulnerable range="lt">2.9.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML (eXtended Markup Language) C parser and toolkit
+      initially developed for the Gnome project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxml2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20388">CVE-2019-20388</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7595">CVE-2020-7595</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-02T01:04:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-20T10:44:05Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-05.xml b/metadata/glsa/glsa-202010-05.xml
new file mode 100644
index 000000000000..06ea01608cb7
--- /dev/null
+++ b/metadata/glsa/glsa-202010-05.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-05">
+  <title>LibRaw: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibRaw, the worst of
+    which may allow attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libraw</product>
+  <announced>2020-10-20</announced>
+  <revised count="1">2020-10-20</revised>
+  <bug>744190</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libraw" auto="yes" arch="*">
+      <unaffected range="ge">0.20.0</unaffected>
+      <vulnerable range="lt">0.20.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibRaw is a library for reading RAW files obtained from digital photo
+      cameras.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibRaw. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using an application linked against LibRaw, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibRaw users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libraw-0.20.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24889">CVE-2020-24889</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24890">CVE-2020-24890</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-03T15:57:15Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-20T10:44:44Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-06.xml b/metadata/glsa/glsa-202010-06.xml
new file mode 100644
index 000000000000..6996a19ab11a
--- /dev/null
+++ b/metadata/glsa/glsa-202010-06.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-06">
+  <title>Ark: Arbitrary code execution</title>
+  <synopsis>Ark was found to allow arbitrary file overwrite, possibly allowing
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">ark</product>
+  <announced>2020-10-20</announced>
+  <revised count="1">2020-10-20</revised>
+  <bug>743959</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="kde-apps/ark" auto="yes" arch="*">
+      <unaffected range="ge">20.04.3-r2</unaffected>
+      <vulnerable range="lt">20.04.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ark is a graphical file compression/decompression utility with support
+      for multiple formats.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Ark incorrectly handled symbolic links in tar
+      archive files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive using Ark, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KDE Ark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/ark-20.04.3-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24654">CVE-2020-24654</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-02T23:33:15Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-20T10:45:10Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-07.xml b/metadata/glsa/glsa-202010-07.xml
new file mode 100644
index 000000000000..8e52bf4fa560
--- /dev/null
+++ b/metadata/glsa/glsa-202010-07.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-07">
+  <title>FreeType: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in FreeType might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2020-10-23</announced>
+  <revised count="1">2020-10-23</revised>
+  <bug>750275</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.10.3-r1</unaffected>
+      <vulnerable range="lt">2.10.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeType is a high-quality and portable font engine.</p>
+  </background>
+  <description>
+    <p>A flaw in FreeType’s handling of embedded PNG bitmaps was discovered
+      where the image height and width was not checked to be within bounds.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted font
+      file using FreeType possibly resulting in the execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeType users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.10.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15999">CVE-2020-15999</uri>
+    <uri link="https://savannah.nongnu.org/bugs/?59308">Upstream bug</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-20T09:45:14Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-23T03:42:18Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-08.xml b/metadata/glsa/glsa-202010-08.xml
new file mode 100644
index 000000000000..f206b1a07441
--- /dev/null
+++ b/metadata/glsa/glsa-202010-08.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-08">
+  <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Mozilla Thunderbird, the worst of which could result in the arbitrary
+    execution of code.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird</product>
+  <announced>2020-10-28</announced>
+  <revised count="1">2020-10-28</revised>
+  <bug>750446</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">82.0</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.4.0</unaffected>
+      <vulnerable range="lt">82.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">82.0</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.4.0</unaffected>
+      <vulnerable range="lt">82.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.4.0</unaffected>
+      <vulnerable range="lt">78.4.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.4.0</unaffected>
+      <vulnerable range="lt">78.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+    
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Mozilla Thunderbird. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-82.0"
+    </code>
+    
+    <p>All Mozilla Firefox (bin) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-82.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-78.4.0:0/esr78"
+    </code>
+    
+    <p>All Mozilla Firefox ESR (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.4.0:0/esr78"
+    </code>
+    
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.4.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.4.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15683">CVE-2020-15683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15969">CVE-2020-15969</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/">
+      MFSA-2020-45
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/">
+      MFSA-2020-46
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/">
+      MFSA-2020-47
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-22T14:24:38Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-28T00:27:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-01.xml b/metadata/glsa/glsa-202011-01.xml
new file mode 100644
index 000000000000..8050a84cb56f
--- /dev/null
+++ b/metadata/glsa/glsa-202011-01.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-01">
+  <title>BlueZ: Arbitrary code execution</title>
+  <synopsis>A vulnerability in BlueZ might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">bluez</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>749285</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/bluez" auto="yes" arch="*">
+      <unaffected range="ge">5.55</unaffected>
+      <vulnerable range="lt">5.55</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Set of tools to manage Bluetooth devices for Linux.</p>
+  </background>
+  <description>
+    <p>It was discovered that there was a double-free vulnerability in Bluez
+      after the service discovery which occurs after a Bluetoth Low Energy
+      (BLE) connection has been established to a device.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious GATT
+      server or device, could cause the execution of arbitrary code with the
+      privileges of the user running gatttool client or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BlueZ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/bluez-5.55"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27153">CVE-2020-27153</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-20T10:51:04Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:32:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-02.xml b/metadata/glsa/glsa-202011-02.xml
new file mode 100644
index 000000000000..b718c8d628dc
--- /dev/null
+++ b/metadata/glsa/glsa-202011-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-02">
+  <title>OpenDMARC: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in OpenDMARC might allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">opendmarc</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>734158</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-filter/opendmarc" auto="yes" arch="*">
+      <unaffected range="ge">1.3.3</unaffected>
+      <vulnerable range="lt">1.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenDMARC is an open source DMARC implementation.</p>
+  </background>
+  <description>
+    <p>It was found that OpenDMARC did not properly handle DMARC aggregate
+      reports.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending a specially crafted DMARC aggregate
+      report, could possibly cause a Denial of Service condition and depending
+      on how OpenDMARC library is used in linked application execute arbitrary
+      code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenDMARC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-filter/opendmarc-1.3.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12460">CVE-2020-12460</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-15T18:55:45Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:33:08Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-03.xml b/metadata/glsa/glsa-202011-03.xml
new file mode 100644
index 000000000000..e1b77427335f
--- /dev/null
+++ b/metadata/glsa/glsa-202011-03.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-03">
+  <title>KPMCore: Root privilege escalation</title>
+  <synopsis>A vulnerability in kpmcore could result in privilege escalation.</synopsis>
+  <product type="ebuild">kpmcore</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>749822</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/kpmcore" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0</unaffected>
+      <vulnerable range="lt">4.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KPMcore, the KDE Partition Manager core, is a library for examining and
+      modifying partitions, disk devices, and filesystems on a Linux system. It
+      provides a unified programming interface over top of (external)
+      system-manipulation tools.
+    </p>
+  </background>
+  <description>
+    <p>Improper checks on the D-Bus request received resulted in improper
+      protection for /etc/fstab.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could esclate privileges to root by exploiting this
+      vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KPMCore users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/kpmcore-4.2.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27187">CVE-2020-27187</uri>
+    <uri link="https://mail.kde.org/pipermail/kde-announce/2020-October/000124.html">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-23T04:10:26Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:33:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-04.xml b/metadata/glsa/glsa-202011-04.xml
new file mode 100644
index 000000000000..6cef70d8b7af
--- /dev/null
+++ b/metadata/glsa/glsa-202011-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-04">
+  <title>Fossil: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Fossil, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">fossil</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>738220</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/fossil" auto="yes" arch="*">
+      <unaffected range="ge">2.12.1</unaffected>
+      <vulnerable range="lt">2.12.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Fossil is a simple, high-reliability, distributed software configuration
+      management system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Fossil. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      repository using Fossil, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Fossil users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/fossil-2.12.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24614">CVE-2020-24614</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-04T13:56:09Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:34:02Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-05.xml b/metadata/glsa/glsa-202011-05.xml
new file mode 100644
index 000000000000..e33d8909d045
--- /dev/null
+++ b/metadata/glsa/glsa-202011-05.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-05">
+  <title>libssh: Denial of service</title>
+  <synopsis>A vulnerability in libssh could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libssh</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>734624</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libssh" auto="yes" arch="*">
+      <unaffected range="ge">0.9.5</unaffected>
+      <vulnerable range="lt">0.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libssh is a multiplatform C library implementing the SSHv2 protocol on
+      client and server side.
+    </p>
+  </background>
+  <description>
+    <p>libssh was found to have a NULL pointer dereference in tftpserver.c if
+      the function ssh_buffer_new returns NULL.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libssh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.9.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16135">CVE-2020-16135</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-15T18:56:19Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:34:45Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-06.xml b/metadata/glsa/glsa-202011-06.xml
new file mode 100644
index 000000000000..f3f187929c41
--- /dev/null
+++ b/metadata/glsa/glsa-202011-06.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-06">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2020-11-11</announced>
+  <revised count="3">2020-11-11</revised>
+  <bug>744202</bug>
+  <bug>750779</bug>
+  <bug>753692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.13.2</unaffected>
+      <vulnerable range="lt">4.13.2</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.13.2</unaffected>
+      <vulnerable range="lt">4.13.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.13.1-r5"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.13.1-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25595">CVE-2020-25595</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25596">CVE-2020-25596</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25597">CVE-2020-25597</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25598">CVE-2020-25598</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25599">CVE-2020-25599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25600">CVE-2020-25600</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25601">CVE-2020-25601</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25602">CVE-2020-25602</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25603">CVE-2020-25603</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25604">CVE-2020-25604</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27670">CVE-2020-27670</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27671">CVE-2020-27671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27672">CVE-2020-27672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27673">CVE-2020-27673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27674">CVE-2020-27674</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27675">CVE-2020-27675</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-345.html">XSA-345</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-346.html">XSA-346</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-347.html">XSA-347</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-23T04:14:51Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:40:50Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-07.xml b/metadata/glsa/glsa-202011-07.xml
new file mode 100644
index 000000000000..19e8efe6d69a
--- /dev/null
+++ b/metadata/glsa/glsa-202011-07.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-07">
+  <title>Mozilla Firefox: Remote code execution</title>
+  <synopsis>A use-after-free in Mozilla Firefox might allow remote attacker(s)
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>753773</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">82.0.3</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.4.1</unaffected>
+      <vulnerable range="lt">82.0.3</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">82.0.3</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.4.1</unaffected>
+      <vulnerable range="lt">78.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>Invalid assumptions when emitting the the MCallGetProperty opcode in the
+      JavaScript JIT may result in a use-after-free condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-82.0.3"
+    </code>
+    
+    <p>All Mozilla Firefox (bin) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.4.1:0/esr78"
+    </code>
+    
+    <p>All Mozilla Firefox (ESR) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-82.0.3"
+    </code>
+    
+    <p>All Mozilla Firefox (ESR) bin users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.4.1:0/esr78"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26950">CVE-2020-26950</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/">
+      MFSA-2020-49
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-09T20:03:19Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:36:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-08.xml b/metadata/glsa/glsa-202011-08.xml
new file mode 100644
index 000000000000..c91c014dc588
--- /dev/null
+++ b/metadata/glsa/glsa-202011-08.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-08">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>750692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">3.4.0</unaffected>
+      <vulnerable range="lt">3.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-3.4.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26575">CVE-2020-26575</uri>
+    <uri link="https://www.wireshark.org/security/wnpa-sec-2020-14">
+      wnpa-sec-2020-14
+    </uri>
+    <uri link="https://www.wireshark.org/security/wnpa-sec-2020-15">
+      wnpa-sec-2020-15
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-08T10:31:07Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:36:48Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-09.xml b/metadata/glsa/glsa-202011-09.xml
new file mode 100644
index 000000000000..fba58488bdff
--- /dev/null
+++ b/metadata/glsa/glsa-202011-09.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-09">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>720896</bug>
+  <bug>725634</bug>
+  <bug>743649</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">5.1.0-r1</unaffected>
+      <vulnerable range="lt">5.1.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-5.1.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10717">CVE-2020-10717</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10761">CVE-2020-10761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13253">CVE-2020-13253</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13361">CVE-2020-13361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13362">CVE-2020-13362</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13659">CVE-2020-13659</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13754">CVE-2020-13754</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13791">CVE-2020-13791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13800">CVE-2020-13800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14364">CVE-2020-14364</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-07T02:00:43Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:36:56Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-10.xml b/metadata/glsa/glsa-202011-10.xml
new file mode 100644
index 000000000000..3126f1b174d5
--- /dev/null
+++ b/metadata/glsa/glsa-202011-10.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-10">
+  <title>tmux: Buffer overflow</title>
+  <synopsis>A buffer overflow in tmux might allow remote attacker(s) to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">tmux</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>753206</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/tmux" auto="yes" arch="*">
+      <unaffected range="ge">3.1c</unaffected>
+      <vulnerable range="lt">3.1c</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tmux is a terminal multiplexer.</p>
+  </background>
+  <description>
+    <p>A flaw in tmux’s handling of escape characters was discovered which
+      may allow a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tmux users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/tmux-3.1c"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27347">CVE-2020-27347</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-09T23:15:04Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:36:59Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-11.xml b/metadata/glsa/glsa-202011-11.xml
new file mode 100644
index 000000000000..ee062a506924
--- /dev/null
+++ b/metadata/glsa/glsa-202011-11.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-11">
+  <title>Blueman: Local privilege escalation</title>
+  <synopsis>A privilege escalation vulnerability has been discovered in
+    Blueman.
+  </synopsis>
+  <product type="ebuild">blueman</product>
+  <announced>2020-11-11</announced>
+  <revised count="2">2020-11-11</revised>
+  <bug>751556</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-wireless/blueman" auto="yes" arch="*">
+      <unaffected range="ge">2.1.4</unaffected>
+      <vulnerable range="lt">2.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Blueman is a simple and intuitive GTK+ Bluetooth Manager.</p>
+  </background>
+  <description>
+    <p>Where Polkit is not used and the default permissions have been changed
+      on a specific rule file, control of a local DHCP daemon may be possible.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to achieve root privilege escalation.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Blueman users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/blueman-2.1.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15238">CVE-2020-15238</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-01T02:23:14Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:43:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-12.xml b/metadata/glsa/glsa-202011-12.xml
new file mode 100644
index 000000000000..03f1f501dfbc
--- /dev/null
+++ b/metadata/glsa/glsa-202011-12.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-12">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>750854</bug>
+  <bug>752375</bug>
+  <bug>753848</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.193</unaffected>
+      <vulnerable range="lt">86.0.4240.193</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.193</unaffected>
+      <vulnerable range="lt">86.0.4240.193</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-86.0.4240.193"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-86.0.4240.193"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15999">CVE-2020-15999</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16004">CVE-2020-16004</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16005">CVE-2020-16005</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16006">CVE-2020-16006</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16008">CVE-2020-16008</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16009">CVE-2020-16009</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16016">CVE-2020-16016</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-10T22:00:45Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:37:14Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-13.xml b/metadata/glsa/glsa-202011-13.xml
new file mode 100644
index 000000000000..b5f28160775e
--- /dev/null
+++ b/metadata/glsa/glsa-202011-13.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-13">
+  <title>Salt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Salt, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">salt</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>753266</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/salt" auto="yes" arch="*">
+      <unaffected range="ge">3000.5</unaffected>
+      <vulnerable range="lt">3000.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Salt is a remote execution and configuration manager.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Salt. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Salt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/salt-3000.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16846">CVE-2020-16846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17490">CVE-2020-17490</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25592">CVE-2020-25592</uri>
+    <uri link="https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-09T23:14:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:38:41Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-14.xml b/metadata/glsa/glsa-202011-14.xml
new file mode 100644
index 000000000000..2ae7a8c2ec92
--- /dev/null
+++ b/metadata/glsa/glsa-202011-14.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-14">
+  <title>MariaDB: Remote code execution</title>
+  <synopsis>A vulnerability has been discovered in MariaDB which could result
+    in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">mariadb</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>747166</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge" slot="10.5">10.5.6</unaffected>
+      <unaffected range="ge" slot="10.4">10.4.13-r3</unaffected>
+      <unaffected range="ge" slot="10.3">10.3.23-r3</unaffected>
+      <unaffected range="ge" slot="10.2">10.2.22-r3</unaffected>
+      <vulnerable range="lt">10.5.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MariaDB is an enhanced, drop-in replacement for MySQL.</p>
+  </background>
+  <description>
+    <p>It was discovered that MariaDB did not properly validate the content of
+      a packet received from a server.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted packet to WSREP
+      service, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB 10.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.5.6:10.5"
+    </code>
+    
+    <p>All MariaDB 10.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.4.13-r3:10.4"
+    </code>
+    
+    <p>All MariaDB 10.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.3.23-r3:10.3"
+    </code>
+    
+    <p>All MariaDB 10.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.2.22-r3:10.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15180">CVE-2020-15180</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-08T21:17:21Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:38:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-15.xml b/metadata/glsa/glsa-202011-15.xml
new file mode 100644
index 000000000000..91f3acadcd3b
--- /dev/null
+++ b/metadata/glsa/glsa-202011-15.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-15">
+  <title>libmaxminddb: Denial of service</title>
+  <synopsis>A vulnerability in libmaxminddb could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libmaxminddb</product>
+  <announced>2020-11-14</announced>
+  <revised count="1">2020-11-14</revised>
+  <bug>753275</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libmaxminddb" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3</unaffected>
+      <vulnerable range="lt">1.4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The libmaxminddb library provides a C library for reading MaxMind DB
+      files, including the GeoIP2 databases from MaxMind.
+    </p>
+  </background>
+  <description>
+    <p>libmaxminddb used uninitialised memory when reading from a corrupt
+      database file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to use a specially crafted
+      database with libmaxminddb, possibly resulting in a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libmaxminddb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libmaxminddb-1.4.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28241">CVE-2020-28241</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-12T15:42:40Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-14T18:14:48Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-16.xml b/metadata/glsa/glsa-202011-16.xml
new file mode 100644
index 000000000000..1ffe1738d62b
--- /dev/null
+++ b/metadata/glsa/glsa-202011-16.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-16">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-11-16</announced>
+  <revised count="1">2020-11-16</revised>
+  <bug>754093</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.198</unaffected>
+      <vulnerable range="lt">86.0.4240.198</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.198</unaffected>
+      <vulnerable range="lt">86.0.4240.198</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-86.0.4240.198"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-86.0.4240.198"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16013">CVE-2020-16013</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16017">CVE-2020-16017</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html">
+      Google Chrome 86.0.4240.198 release announcement
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-12T12:59:44Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-16T02:34:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-17.xml b/metadata/glsa/glsa-202011-17.xml
new file mode 100644
index 000000000000..8de429e1f0a3
--- /dev/null
+++ b/metadata/glsa/glsa-202011-17.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-17">
+  <title>MIT Kerberos 5: Denial of service</title>
+  <synopsis>A vulnerability in MIT Kerberos 5 could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2020-11-16</announced>
+  <revised count="1">2020-11-16</revised>
+  <bug>753281</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.18.2-r2</unaffected>
+      <vulnerable range="lt">1.18.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The MIT Kerberos 5 implementation provides a command line telnet client
+      which is used for remote login via the telnet protocol.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that MIT Kerberos network authentication system, krb5,
+      did not properly handle ASN.1-encoded Kerberos messages.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send a specially crafted Kerberos message,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MIT Kerberos 5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.18.2-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28196">CVE-2020-28196</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-13T18:08:33Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-16T02:42:29Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-18.xml b/metadata/glsa/glsa-202011-18.xml
new file mode 100644
index 000000000000..5e570091d36a
--- /dev/null
+++ b/metadata/glsa/glsa-202011-18.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-18">
+  <title>Apache Ant: Insecure temporary file</title>
+  <synopsis>Apache Ant uses various insecure temporary files possibly allowing
+    local code execution. 
+  </synopsis>
+  <product type="ebuild">ant</product>
+  <announced>2020-11-16</announced>
+  <revised count="1">2020-11-16</revised>
+  <bug>745768</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-java/ant" auto="yes" arch="*">
+      <unaffected range="ge">1.10.9</unaffected>
+      <vulnerable range="lt">1.10.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ant is a Java-based build tool similar to ‘make’ that uses XML
+      configuration files.
+    </p>
+  </background>
+  <description>
+    <p>A previous fix for a security vulnerability involving insecure temporary
+      files has been found to be incomplete.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Ant users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/ant-1.10.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11979">CVE-2020-11979</uri>
+    <uri link="https://security.gentoo.org/glsa/202007-34">GLSA-202007-34</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-15T12:30:53Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-16T02:44:41Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-19.xml b/metadata/glsa/glsa-202011-19.xml
new file mode 100644
index 000000000000..3f0a5cc981f9
--- /dev/null
+++ b/metadata/glsa/glsa-202011-19.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-19">
+  <title>libexif: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libexif, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libexif</product>
+  <announced>2020-11-16</announced>
+  <revised count="1">2020-11-16</revised>
+  <bug>754681</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libexif" auto="yes" arch="*">
+      <unaffected range="ge">0.6.22_p20201105</unaffected>
+      <vulnerable range="lt">0.6.22_p20201105</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libexif is a library for parsing, editing and saving Exif metadata from
+      images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libexif. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libexif users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/libexif-0.6.22_p20201105"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0181">CVE-2020-0181</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0198">CVE-2020-0198</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0452">CVE-2020-0452</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-16T19:18:32Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-16T20:51:51Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-01.xml b/metadata/glsa/glsa-202012-01.xml
new file mode 100644
index 000000000000..eade9bb0a6aa
--- /dev/null
+++ b/metadata/glsa/glsa-202012-01.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-01">
+  <title>X.Org X Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.org X Server, the
+    worst of which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">xorg x server</product>
+  <announced>2020-12-07</announced>
+  <revised count="1">2020-12-07</revised>
+  <bug>734976</bug>
+  <bug>757882</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.20.10</unaffected>
+      <vulnerable range="lt">1.20.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.org X Server. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>A local attacker could escalate privileges.</p>
+  </workaround>
+  <resolution>
+    <p>All X.org X Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=11-base/xorg-server-1.20.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14345">CVE-2020-14345</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14346">CVE-2020-14346</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14347">CVE-2020-14347</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14360">CVE-2020-14360</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14361">CVE-2020-14361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14362">CVE-2020-14362</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25712">CVE-2020-25712</uri>
+    <uri link="https://lists.x.org/archives/xorg-announce/2020-July/003051.html">
+      Upstream advisory (2020-07-31)
+    </uri>
+    <uri link="https://lists.x.org/archives/xorg-announce/2020-August/003058.html">
+      Upstream advisory (2020-08-25)
+    </uri>
+    <uri link="https://lists.x.org/archives/xorg-announce/2020-December/003066.html">
+      Upstream advisory (2020-12-01)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T22:22:49Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-12-07T00:18:30Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-02.xml b/metadata/glsa/glsa-202012-02.xml
new file mode 100644
index 000000000000..7ad33f8171e4
--- /dev/null
+++ b/metadata/glsa/glsa-202012-02.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-02">
+  <title>SeaMonkey: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SeaMonkey, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">seamonkey</product>
+  <announced>2020-12-07</announced>
+  <revised count="1">2020-12-07</revised>
+  <bug>718738</bug>
+  <bug>718746</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/seamonkey" auto="yes" arch="*">
+      <unaffected range="ge">2.53.5</unaffected>
+      <vulnerable range="lt">2.53.5.1</vulnerable>
+    </package>
+    <package name="www-client/seamonkey-bin" auto="yes" arch="*">
+      <vulnerable range="le">2.49.1_rc2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The SeaMonkey project is a community effort to deliver
+      production-quality releases of code derived from the application formerly
+      known as “Mozilla Application Suite”.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SeaMonkey. Please
+      review referenced release notes for more details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced release notes for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SeaMonkey users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-2.53.5.1"
+    </code>
+    
+    <p>Gentoo has discontinued support for the SeaMonkey binary package. We
+      recommend that users unmerge the SeaMonkey binary package:
+    </p>
+    
+    <p># emerge --unmerge “www-client/seamonkey-bin”</p>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining the SeaMonkey binary package
+      have discontinued support at this time. It may be possible that a new
+      Gentoo developer will update it at a later date. The alternative is using
+      the standard SeaMonkey package.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://www.seamonkey-project.org/releases/seamonkey2.53.2/">
+      SeaMonkey 2.53.2 Release Notes
+    </uri>
+    <uri link="https://www.seamonkey-project.org/releases/seamonkey2.53.3/">
+      SeaMonkey 2.53.3 Release Notes
+    </uri>
+    <uri link="https://www.seamonkey-project.org/releases/seamonkey2.53.4/">
+      SeaMonkey 2.53.4 Release Notes
+    </uri>
+    <uri link="https://www.seamonkey-project.org/releases/seamonkey2.53.5/">
+      SeaMonkey 2.53.5 Release Notes
+    </uri>
+    <uri link="https://www.seamonkey-project.org/releases/seamonkey2.53.5.1/">
+      SeaMonkey 2.53.5.1 Release Notes
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-13T16:26:44Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-12-07T00:18:47Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-03.xml b/metadata/glsa/glsa-202012-03.xml
new file mode 100644
index 000000000000..b44b423513d1
--- /dev/null
+++ b/metadata/glsa/glsa-202012-03.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-03">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-12-07</announced>
+  <revised count="1">2020-12-07</revised>
+  <bug>755170</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">83</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.5.0</unaffected>
+      <vulnerable range="lt">83</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">83</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.5.0</unaffected>
+      <vulnerable range="lt">83</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-83"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-83"
+    </code>
+    
+    <p>All Mozilla Firefox (ESR) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-78.5.0:0/esr78"
+    </code>
+    
+    <p>All Mozilla Firefox (ESR) binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.5.0:0/esr78"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/">
+      Mozilla Foundation Security Advisory 2020-51
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16012">CVE-2020-16012</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26951">CVE-2020-26951</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26953">CVE-2020-26953</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26956">CVE-2020-26956</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26958">CVE-2020-26958</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26959">CVE-2020-26959</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26960">CVE-2020-26960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26961">CVE-2020-26961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26965">CVE-2020-26965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26968">CVE-2020-26968</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/">
+      Mozilla Foundation Security Advisory 2020-50
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-17T23:17:23Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-12-07T00:18:57Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-04.xml b/metadata/glsa/glsa-202012-04.xml
new file mode 100644
index 000000000000..e0bf6a7a5f55
--- /dev/null
+++ b/metadata/glsa/glsa-202012-04.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-04">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2020-12-07</announced>
+  <revised count="1">2020-12-07</revised>
+  <bug>758857</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.5.1</unaffected>
+      <vulnerable range="lt">78.5.1</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.5.1</unaffected>
+      <vulnerable range="lt">78.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the referenced Mozilla Foundation Security Advisories and
+      CVE identifiers below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.5.1"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.5.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/">
+      Mozilla Foundation Security Advisory 2020-52
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970">
+      Mozilla Foundation Security Advisory 2020-53
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15999">CVE-2020-15999</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16012">CVE-2020-16012</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26951">CVE-2020-26951</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26953">CVE-2020-26953</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26956">CVE-2020-26956</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26958">CVE-2020-26958</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26959">CVE-2020-26959</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26960">CVE-2020-26960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26961">CVE-2020-26961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26965">CVE-2020-26965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26968">CVE-2020-26968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26970">CVE-2020-26970</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-06T23:15:02Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-07T00:19:10Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-05.xml b/metadata/glsa/glsa-202012-05.xml
new file mode 100644
index 000000000000..4d9179db4f6a
--- /dev/null
+++ b/metadata/glsa/glsa-202012-05.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-05">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-12-07</announced>
+  <revised count="1">2020-12-07</revised>
+  <bug>755227</bug>
+  <bug>758368</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">87.0.4280.88</unaffected>
+      <vulnerable range="lt">87.0.4280.88</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">87.0.4280.88</unaffected>
+      <vulnerable range="lt">87.0.4280.88</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-87.0.4280.88"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-87.0.4280.88"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16014">CVE-2020-16014</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16015">CVE-2020-16015</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16018">CVE-2020-16018</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16019">CVE-2020-16019</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16020">CVE-2020-16020</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16021">CVE-2020-16021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16022">CVE-2020-16022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16023">CVE-2020-16023</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16024">CVE-2020-16024</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16025">CVE-2020-16025</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16026">CVE-2020-16026</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16027">CVE-2020-16027</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16028">CVE-2020-16028</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16029">CVE-2020-16029</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16030">CVE-2020-16030</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16031">CVE-2020-16031</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16032">CVE-2020-16032</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16033">CVE-2020-16033</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16034">CVE-2020-16034</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16036">CVE-2020-16036</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16037">CVE-2020-16037</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16038">CVE-2020-16038</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16039">CVE-2020-16039</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16040">CVE-2020-16040</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16041">CVE-2020-16041</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16042">CVE-2020-16042</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-22T03:12:48Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-12-07T00:19:23Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-06.xml b/metadata/glsa/glsa-202012-06.xml
new file mode 100644
index 000000000000..daa51d141144
--- /dev/null
+++ b/metadata/glsa/glsa-202012-06.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-06">
+  <title>Linux-PAM: Authentication bypass</title>
+  <synopsis>A vulnerability has been found in Linux-PAM, allowing attackers to
+    bypass the authentication process.
+  </synopsis>
+  <product type="ebuild">pam</product>
+  <announced>2020-12-07</announced>
+  <revised count="1">2020-12-07</revised>
+  <bug>756361</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/pam" auto="yes" arch="*">
+      <unaffected range="ge">1.5.1</unaffected>
+      <vulnerable range="lt">1.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
+      the separation of the development of privilege granting software from the
+      development of secure and appropriate authentication schemes.
+    </p>
+  </background>
+  <description>
+    <p>A flaw was found in Linux-Pam in the way it handle empty passwords for
+      non-existing users.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, who only needs to know a non-existing username, could
+      bypass security restrictions and authenticate as root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>Ensure that root account is protected by a non-empty password.</p>
+  </workaround>
+  <resolution>
+    <p>All Linux-PAM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/pam-1.5.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27780">CVE-2020-27780</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-26T02:08:08Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-12-07T00:19:35Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-07.xml b/metadata/glsa/glsa-202012-07.xml
new file mode 100644
index 000000000000..3ce91200d184
--- /dev/null
+++ b/metadata/glsa/glsa-202012-07.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-07">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2020-12-07</announced>
+  <revised count="1">2020-12-07</revised>
+  <bug>754363</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.5">9.5.24</unaffected>
+      <unaffected range="ge" slot="9.6">9.6.20</unaffected>
+      <unaffected range="ge" slot="10">10.15</unaffected>
+      <unaffected range="ge" slot="11">11.10</unaffected>
+      <unaffected range="ge" slot="12">12.5</unaffected>
+      <unaffected range="ge" slot="13">13.1</unaffected>
+      <vulnerable range="lt">13.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly obtain sensitive information, alter SQL
+      commands, escape PostgreSQL sandbox or execute arbitrary code with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.24:9.5"
+    </code>
+    
+    <p>All PostgreSQL 9.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.20:9.6"
+    </code>
+    
+    <p>All PostgreSQL 10.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.15:10"
+    </code>
+    
+    <p>All PostgreSQL 11.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-11.10:11"
+    </code>
+    
+    <p>All PostgreSQL 12.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-12.5:12"
+    </code>
+    
+    <p>All PostgreSQL 13.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-13.1:13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25694">CVE-2020-25694</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25695">CVE-2020-25695</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25696">CVE-2020-25696</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-19T19:52:44Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-07T00:19:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-08.xml b/metadata/glsa/glsa-202012-08.xml
new file mode 100644
index 000000000000..468beb7d8a9a
--- /dev/null
+++ b/metadata/glsa/glsa-202012-08.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-08">
+  <title>MariaDB: Multiple vulnerabilities</title>
+  <synopsis> Multiple vulnerabilities have been found in MariaDB, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">mariadb</product>
+  <announced>2020-12-07</announced>
+  <revised count="1">2020-12-07</revised>
+  <bug>722782</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge" slot="10.2">10.2.36</unaffected>
+      <unaffected range="ge" slot="10.3">10.3.27</unaffected>
+      <unaffected range="ge" slot="10.4">10.4.17</unaffected>
+      <unaffected range="ge" slot="10.5">10.5.8</unaffected>
+      <vulnerable range="lt">10.5.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MariaDB is an enhanced, drop-in replacement for MySQL.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MariaDB. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB 10.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.2.36:10.2"
+    </code>
+    
+    <p>All MariaDB 10.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.3.27:10.3"
+    </code>
+    
+    <p>All MariaDB 10.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.4.17:10.4"
+    </code>
+    
+    <p>All MariaDB 10.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.5.8:10.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2752">CVE-2020-2752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2760">CVE-2020-2760</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2812">CVE-2020-2812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2814">CVE-2020-2814</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-08T02:32:04Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-12-07T00:20:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-09.xml b/metadata/glsa/glsa-202012-09.xml
new file mode 100644
index 000000000000..98367ceec438
--- /dev/null
+++ b/metadata/glsa/glsa-202012-09.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-09">
+  <title>Cherokee: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cherokee, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">cherokee</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>715204</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/cherokee" auto="yes" arch="*">
+      <vulnerable range="le">1.2.104-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cherokee is an extra-light web server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cherokee. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Cherokee. We recommend that users
+      unmerge package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-servers/cherokee"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2006-1681">CVE-2006-1681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20798">CVE-2019-20798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20799">CVE-2019-20799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20800">CVE-2019-20800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12845">CVE-2020-12845</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-23T16:51:00Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:47:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-10.xml b/metadata/glsa/glsa-202012-10.xml
new file mode 100644
index 000000000000..d3fcad05f767
--- /dev/null
+++ b/metadata/glsa/glsa-202012-10.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-10">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>755947</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.30.3</unaffected>
+      <vulnerable range="lt">2.30.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing a user to visit maliciously crafted web
+      content, may be able to execute arbitrary code or cause memory
+      corruption.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.30.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13543">CVE-2020-13543</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13584">CVE-2020-13584</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9948">CVE-2020-9948</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9951">CVE-2020-9951</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9952">CVE-2020-9952</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9983">CVE-2020-9983</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2020-0008.html">WSA-2020-0008</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2020-0009.html">WSA-2020-0009</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T22:19:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:48:49Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-11.xml b/metadata/glsa/glsa-202012-11.xml
new file mode 100644
index 000000000000..f3d69f2db485
--- /dev/null
+++ b/metadata/glsa/glsa-202012-11.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-11">
+  <title>c-ares: Denial of service</title>
+  <synopsis>A Denial of Service vulnerability was discovered in c-ares.</synopsis>
+  <product type="ebuild">c-ares</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>754939</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-dns/c-ares" auto="yes" arch="*">
+      <unaffected range="ge">1.17.1</unaffected>
+      <vulnerable range="lt">1.17.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>c-ares is an asynchronous resolver library.</p>
+  </background>
+  <description>
+    <p>It was discovered that c-ares incorrectly handled certain DNS requests.</p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker, able to trigger a DNS request for a host of their
+      choice by an application linked against c-ares, could possibly cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All c-ares users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/c-ares-1.17.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8277">CVE-2020-8277</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T22:25:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:49:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-12.xml b/metadata/glsa/glsa-202012-12.xml
new file mode 100644
index 000000000000..ea229f22c983
--- /dev/null
+++ b/metadata/glsa/glsa-202012-12.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-12">
+  <title>libass: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in libass that could allow a remote
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libass</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>746413</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libass" auto="yes" arch="*">
+      <unaffected range="ge">0.15.0</unaffected>
+      <vulnerable range="lt">0.15.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libass is a portable subtitle renderer for the ASS/SSA (Advanced
+      Substation Alpha/Substation Alpha) subtitle format.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that libass did not properly handle Advanced
+      Substation Alpha/Substation Alpha subtitle format files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process an a specially crafted
+      subtitle format file using an application linked against libass, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libass users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libass-0.15.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26682">CVE-2020-26682</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T22:35:27Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:52:17Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-13.xml b/metadata/glsa/glsa-202012-13.xml
new file mode 100644
index 000000000000..5bd290db05f7
--- /dev/null
+++ b/metadata/glsa/glsa-202012-13.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-13">
+  <title>OpenSSL: Denial of service</title>
+  <synopsis>A vulnerability in OpenSSL might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>759079</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1i</unaffected>
+      <vulnerable range="lt">1.1.1i</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well
+      as a general purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>A null pointer dereference flaw was found in OpenSSL.</p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker, able to control the arguments of the GENERAL_NAME_cmp
+      function in an application linked against OpenSSL, could possibly cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.1.1i"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1971">CVE-2020-1971</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T22:47:12Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:52:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-14.xml b/metadata/glsa/glsa-202012-14.xml
new file mode 100644
index 000000000000..6d7c215154f7
--- /dev/null
+++ b/metadata/glsa/glsa-202012-14.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-14">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which could result in information disclosure or data loss.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>737990</bug>
+  <bug>759259</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.74.0</unaffected>
+      <vulnerable range="lt">7.74.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.74.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8231">CVE-2020-8231</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8284">CVE-2020-8284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8285">CVE-2020-8285</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8286">CVE-2020-8286</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T22:55:43Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:52:57Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-15.xml b/metadata/glsa/glsa-202012-15.xml
new file mode 100644
index 000000000000..771f8956fd74
--- /dev/null
+++ b/metadata/glsa/glsa-202012-15.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-15">
+  <title>GDK-PixBuf: Denial of service</title>
+  <synopsis>A vulnerability in GDK-PixBuf library could lead to a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">gdk-pixbuf</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>759094</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-libs/gdk-pixbuf" auto="yes" arch="*">
+      <unaffected range="ge">2.42.2</unaffected>
+      <vulnerable range="lt">2.42.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GDK-PixBuf is an image loading library for GTK+.</p>
+  </background>
+  <description>
+    <p>It was discovered that the GDK-PixBuf library did not properly handle
+      certain GIF images.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted GIF
+      image in an application linked against GDK-PixBuf library, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GDK-PixBuf library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/gdk-pixbuf-2.42.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29385">CVE-2020-29385</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T23:01:46Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:53:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-16.xml b/metadata/glsa/glsa-202012-16.xml
new file mode 100644
index 000000000000..30556bb56e1f
--- /dev/null
+++ b/metadata/glsa/glsa-202012-16.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-16">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>711140</bug>
+  <bug>745993</bug>
+  <bug>756775</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge" slot="7.2">7.2.34-r1</unaffected>
+      <unaffected range="ge" slot="7.3">7.3.25</unaffected>
+      <unaffected range="ge" slot="7.4">7.4.13</unaffected>
+      <vulnerable range="lt">8.0.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is an open source general-purpose scripting language that is
+      especially suited for web development.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers and change log referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An attacker could cause a Denial of Service condition or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 7.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.2.34-r1:7.2"
+    </code>
+    
+    <p>All PHP 7.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.3.25:7.3"
+    </code>
+    
+    <p>All PHP 7.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.4.13:7.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7069">CVE-2020-7069</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7070">CVE-2020-7070</uri>
+    <uri link="https://www.php.net/ChangeLog-7.php#7.4.13">PHP 7.4.13 Change
+      Log
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T23:21:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:53:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-17.xml b/metadata/glsa/glsa-202012-17.xml
new file mode 100644
index 000000000000..80b1db8fc462
--- /dev/null
+++ b/metadata/glsa/glsa-202012-17.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-17">
+  <title>D-Bus: Denial of service</title>
+  <synopsis>A local Denial of Service vulnerability was discovered in D-Bus.</synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>755392</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.12.20</unaffected>
+      <vulnerable range="lt">1.12.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system which processes can use to talk to each
+      other.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that D-Bus did not properly handle the situation when
+      two usernames have the same numeric UID.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An attacker could possibly cause a Denial of Service condition or
+      trigger other undefined behavior, possibly including incorrect
+      authorization decisions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.12.20"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://lists.freedesktop.org/archives/ftp-release/2020-July/000758.html">
+      dbus 1.12.20 security update announcement
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-23T00:47:59Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:54:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-18.xml b/metadata/glsa/glsa-202012-18.xml
new file mode 100644
index 000000000000..f7fbf13a6da1
--- /dev/null
+++ b/metadata/glsa/glsa-202012-18.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-18">
+  <title>PowerDNS: information disclosure</title>
+  <synopsis>An information disclosure vulnerability in PowerDNS allow remote
+    attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">pdns</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>744160</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdns" auto="yes" arch="*">
+      <unaffected range="ge">4.3.1</unaffected>
+      <vulnerable range="lt">4.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The PowerDNS nameserver is an authoritative-only nameserver which uses a
+      flexible backend architecture.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that PowerDNS did not properly handle certain unknown
+      records.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An authorized attacker with the ability to insert crafted records into a
+      zone might be able to leak the content of uninitialized memory. Crafted
+      records cannot be inserted via AXFR.
+    </p>
+  </impact>
+  <workaround>
+    <p>Do not take zone data from untrusted users.</p>
+  </workaround>
+  <resolution>
+    <p>All PowerDNS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-4.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17482">CVE-2020-17482</uri>
+    <uri link="https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html">
+      PowerDNS Security Advisory 2020-05
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-23T16:32:50Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:54:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-19.xml b/metadata/glsa/glsa-202012-19.xml
new file mode 100644
index 000000000000..939cc25c34e8
--- /dev/null
+++ b/metadata/glsa/glsa-202012-19.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-19">
+  <title>PowerDNS Recursor: Denial of service</title>
+  <synopsis>A vulnerability in PowerDNS Recursor could lead to a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">pdns-recursor</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>746923</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/pdns-recursor" auto="yes" arch="*">
+      <unaffected range="ge">4.3.5</unaffected>
+      <vulnerable range="lt">4.3.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PowerDNS Recursor is a high-end, high-performance resolving name server.</p>
+  </background>
+  <description>
+    <p>It was discovered that it was possible to update the DNSSEC validation
+      state to a bogus state for a cached record via DNS ANY query.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send specially crafted DNS queries to deny
+      DNSSEC validation.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PowerDNS Recursor users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-recursor-4.3.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25829">CVE-2020-25829</uri>
+    <uri link="https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html">
+      PowerDNS Security Advisory 2020-07
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-23T17:00:31Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:54:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-20.xml b/metadata/glsa/glsa-202012-20.xml
new file mode 100644
index 000000000000..883bfb84112a
--- /dev/null
+++ b/metadata/glsa/glsa-202012-20.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-20">
+  <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Mozilla Thunderbird, the worst of which could result in the arbitrary
+    execution of code.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>759097</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.6.0</unaffected>
+      <unaffected range="ge">84.0</unaffected>
+      <vulnerable range="lt">84.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.6.0</unaffected>
+      <unaffected range="ge">84.0</unaffected>
+      <vulnerable range="lt">84.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.6.0</unaffected>
+      <vulnerable range="lt">78.6.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.6.0</unaffected>
+      <vulnerable range="lt">78.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+    
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Mozilla Thunderbird. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-84.0"
+    </code>
+    
+    <p>All Mozilla Firefox (bin) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-84.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-78.6.0:0/esr78"
+    </code>
+    
+    <p>All Mozilla Firefox ESR (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.6.0:0/esr78"
+    </code>
+    
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.6.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16042">CVE-2020-16042</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26971">CVE-2020-26971</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26973">CVE-2020-26973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26974">CVE-2020-26974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26978">CVE-2020-26978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35111">CVE-2020-35111</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35113">CVE-2020-35113</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/">
+      MFSA-2020-55
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/">
+      MFSA-2020-56
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T22:07:43Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:56:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-21.xml b/metadata/glsa/glsa-202012-21.xml
new file mode 100644
index 000000000000..3baa8cb1d47d
--- /dev/null
+++ b/metadata/glsa/glsa-202012-21.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-21">
+  <title>Mozilla Network Security Service (NSS): Denial of service</title>
+  <synopsis>A vulnerability in NSS might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">nss</product>
+  <announced>2020-12-23</announced>
+  <revised count="1">2020-12-23</revised>
+  <bug>750254</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.58</unaffected>
+      <vulnerable range="lt">3.58</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Mozilla Network Security Service (NSS) is a library implementing
+      security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
+      #12, S/MIME and X.509 certificates.
+    </p>
+  </background>
+  <description>
+    <p>A flaw was found in the way Mozilla Network Security Service (NSS)
+      handled CCS (ChangeCipherSpec) messages in TLS 1.3.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send multiple crafted CSS messages in row after
+      ClientHello message to a server application linked against NSS library,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable TLS 1.3 protocol.</p>
+  </workaround>
+  <resolution>
+    <p>All NSS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.58"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25648">CVE-2020-25648</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-22T23:13:35Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-23T19:58:04Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-22.xml b/metadata/glsa/glsa-202012-22.xml
new file mode 100644
index 000000000000..083b6e2777cd
--- /dev/null
+++ b/metadata/glsa/glsa-202012-22.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-22">
+  <title>HAProxy: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in HAProxy might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">haproxy</product>
+  <announced>2020-12-24</announced>
+  <revised count="1">2020-12-24</revised>
+  <bug>715944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/haproxy" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/2.0">2.0.13</unaffected>
+      <unaffected range="ge">2.1.4</unaffected>
+      <vulnerable range="lt">2.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>HAProxy is a TCP/HTTP reverse proxy for high availability environments.</p>
+  </background>
+  <description>
+    <p>It was discovered that HAProxy incorrectly handled certain HTTP/2
+      headers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending a specially crafted HTTP/2 request, could
+      possibly execute arbitrary code with the privileges of the process, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable HTTP/2 support.</p>
+  </workaround>
+  <resolution>
+    <p>All HAProxy 2.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-2.0.13:0/2.0"
+    </code>
+    
+    <p>All other HAProxy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-2.1.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11100">CVE-2020-11100</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-20T16:01:15Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-12-24T14:09:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-23.xml b/metadata/glsa/glsa-202012-23.xml
new file mode 100644
index 000000000000..15ee7d69256d
--- /dev/null
+++ b/metadata/glsa/glsa-202012-23.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-23">
+  <title>Apache Tomcat: Information disclosure</title>
+  <synopsis>A vulnerability has been discovered in Apache Tomcat that allows
+    for the disclosure of sensitive information.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2020-12-24</announced>
+  <revised count="1">2020-12-24</revised>
+  <bug>758338</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge" slot="8.5">8.5.60</unaffected>
+      <unaffected range="ge" slot="9">9.0.40</unaffected>
+      <vulnerable range="lt" slot="8.5">8.5.60</vulnerable>
+      <vulnerable range="lt" slot="9">9.0.40</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+  </background>
+  <description>
+    <p>It was discovered that Apache Tomcat could re-use an HTTP request header
+      value from the previous stream received on an HTTP/2 connection for the
+      request associated with the subsequent stream.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker, by sending well-timed HTTP/2 requests, could possibly
+      obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable HTTP/2 support.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Tomcat 8.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-8.5.60:8.5"
+    </code>
+    
+    <p>All Apache Tomcat 9.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-9.0.40:9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17527">CVE-2020-17527</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-23T01:20:53Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-24T14:11:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-24.xml b/metadata/glsa/glsa-202012-24.xml
new file mode 100644
index 000000000000..b0f388729a48
--- /dev/null
+++ b/metadata/glsa/glsa-202012-24.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-24">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2020-12-24</announced>
+  <revised count="1">2020-12-24</revised>
+  <bug>743433</bug>
+  <bug>751724</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">4.12.9</unaffected>
+      <vulnerable range="lt">4.12.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.12.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14318">CVE-2020-14318</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14323">CVE-2020-14323</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14383">CVE-2020-14383</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1472">CVE-2020-1472</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-23T17:13:10Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-12-24T14:11:44Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-01.xml b/metadata/glsa/glsa-202101-01.xml
new file mode 100644
index 000000000000..c5890e4772fa
--- /dev/null
+++ b/metadata/glsa/glsa-202101-01.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-01">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
+    which could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2021-01-10</announced>
+  <revised count="1">2021-01-10</revised>
+  <bug>763525</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.3.13</unaffected>
+      <vulnerable range="lt">2.3.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dovecot. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted mail or send a
+      specially crafted IMAP command possibly resulting in a Denial of Service
+      condition or an authenticated remote attacker might be able to discover
+      the file system directory structure and access other users’ emails.
+    </p>
+  </impact>
+  <workaround>
+    <p>The information disclosure vulnerability can be mitigated by disabling
+      IMAP hibernation feature which isn’t enabled by default.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24386">CVE-2020-24386</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25275">CVE-2020-25275</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-06T15:39:45Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-01-10T09:16:29Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-02.xml b/metadata/glsa/glsa-202101-02.xml
new file mode 100644
index 000000000000..3f021e488b95
--- /dev/null
+++ b/metadata/glsa/glsa-202101-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-02">
+  <title>Firejail: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Firejail, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firejail</product>
+  <announced>2021-01-10</announced>
+  <revised count="1">2021-01-10</revised>
+  <bug>736816</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/firejail" auto="yes" arch="*">
+      <unaffected range="ge">0.9.64</unaffected>
+      <vulnerable range="lt">0.9.64</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A SUID program that reduces the risk of security breaches by restricting
+      the running environment of untrusted applications using Linux namespaces
+      and seccomp-bpf.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Firejail. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firejail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-0.9.64"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17367">CVE-2020-17367</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17368">CVE-2020-17368</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-16T19:22:48Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-10T09:18:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-03.xml b/metadata/glsa/glsa-202101-03.xml
new file mode 100644
index 000000000000..1202c1ba25c3
--- /dev/null
+++ b/metadata/glsa/glsa-202101-03.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-03">
+  <title>ipmitool: Multiple vulnerabilities</title>
+  <synopsis>A buffer overflow in ipmitool might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ipmitool</product>
+  <announced>2021-01-10</announced>
+  <revised count="1">2021-01-10</revised>
+  <bug>708436</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/ipmitool" auto="yes" arch="*">
+      <unaffected range="ge">1.8.18_p20201004-r1</unaffected>
+      <vulnerable range="lt">1.8.18_p20201004-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Utility for controlling IPMI enabled devices.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ipmiool. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ipmitool users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=sys-apps/ipmitool-1.8.18_p20201004-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5208">CVE-2020-5208</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-16T19:23:11Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-10T09:19:54Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-04.xml b/metadata/glsa/glsa-202101-04.xml
new file mode 100644
index 000000000000..c2d23f52d15c
--- /dev/null
+++ b/metadata/glsa/glsa-202101-04.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-04">
+  <title>Mozilla Firefox: Remote code execution</title>
+  <synopsis>A use-after-free in Mozilla Firefox's SCTP handling may allow
+    remote code execution.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird</product>
+  <announced>2021-01-10</announced>
+  <revised count="1">2021-01-10</revised>
+  <bug>764161</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.6.1</unaffected>
+      <unaffected range="ge">84.0.2</unaffected>
+      <vulnerable range="lt">84.0.2</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.6.1</unaffected>
+      <unaffected range="ge">84.0.2</unaffected>
+      <vulnerable range="lt">84.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>A use-after-free bug was discovered in Mozilla Firefox’s handling of
+      SCTP.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-78.6.1:0/esr78"
+    </code>
+    
+    <p>All Firefox ESR binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.6.1:0/esr78"
+    </code>
+    
+    <p>All Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-84.0.2"
+    </code>
+    
+    <p>All Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-84.0.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16044">CVE-2020-16044</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/">
+      MFSA-2021-01
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-09T16:49:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-10T09:20:31Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-05.xml b/metadata/glsa/glsa-202101-05.xml
new file mode 100644
index 000000000000..ced5846cab6d
--- /dev/null
+++ b/metadata/glsa/glsa-202101-05.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-05">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">google-chrome,chromium</product>
+  <announced>2021-01-10</announced>
+  <revised count="1">2021-01-10</revised>
+  <bug>764251</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">87.0.4280.141</unaffected>
+      <vulnerable range="lt">87.0.4280.141</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">87.0.4280.141</unaffected>
+      <vulnerable range="lt">87.0.4280.141</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-87.0.4280.141"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-87.0.4280.141"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15995">CVE-2020-15995</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16043">CVE-2020-16043</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21106">CVE-2021-21106</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21107">CVE-2021-21107</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21108">CVE-2021-21108</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21109">CVE-2021-21109</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21110">CVE-2021-21110</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21111">CVE-2021-21111</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21112">CVE-2021-21112</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21113">CVE-2021-21113</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21114">CVE-2021-21114</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21115">CVE-2021-21115</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21116">CVE-2021-21116</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-09T16:48:49Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-10T09:21:08Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-06.xml b/metadata/glsa/glsa-202101-06.xml
new file mode 100644
index 000000000000..efa0c4ddc2f8
--- /dev/null
+++ b/metadata/glsa/glsa-202101-06.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-06">
+  <title>Ark: Symlink vulnerability</title>
+  <synopsis>Ark was found to allow arbitrary file overwrite, possibly allowing
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">ark</product>
+  <announced>2021-01-11</announced>
+  <revised count="1">2021-01-11</revised>
+  <bug>743959</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-apps/ark" auto="yes" arch="*">
+      <unaffected range="ge">20.04.3-r2</unaffected>
+      <vulnerable range="lt">20.04.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ark is a graphical file compression/decompression utility with support
+      for multiple formats.
+    </p>
+  </background>
+  <description>
+    <p>KDE Ark did not fully verify symlinks contained within tar archives.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted tar
+      archive using KDE Ark, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KDE Ark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/ark-20.04.3-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24654">CVE-2020-24654</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-10T20:45:32Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-11T09:13:16Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-07.xml b/metadata/glsa/glsa-202101-07.xml
new file mode 100644
index 000000000000..14b6b1ae8c7b
--- /dev/null
+++ b/metadata/glsa/glsa-202101-07.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-07">
+  <title>NodeJS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NodeJS, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">nodejs</product>
+  <announced>2021-01-11</announced>
+  <revised count="1">2021-01-11</revised>
+  <bug>726836</bug>
+  <bug>731654</bug>
+  <bug>742893</bug>
+  <bug>754942</bug>
+  <bug>763588</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/nodejs" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/15">15.5.1</unaffected>
+      <unaffected range="ge" slot="0/14">14.15.1</unaffected>
+      <unaffected range="ge" slot="0/12">12.20.1</unaffected>
+      <vulnerable range="lt">15.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript
+      engine.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NodeJS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NodeJS 15 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/nodejs-15.5.1"
+    </code>
+    
+    <p>All NodeJS 14 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/nodejs-14.15.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15095">CVE-2020-15095</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8172">CVE-2020-8172</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8174">CVE-2020-8174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8201">CVE-2020-8201</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8251">CVE-2020-8251</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8265">CVE-2020-8265</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8277">CVE-2020-8277</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8287">CVE-2020-8287</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-10T19:55:45Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-11T09:13:22Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-08.xml b/metadata/glsa/glsa-202101-08.xml
new file mode 100644
index 000000000000..64adcec9d255
--- /dev/null
+++ b/metadata/glsa/glsa-202101-08.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-08">
+  <title>Pillow: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Pillow, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">pillow</product>
+  <announced>2021-01-11</announced>
+  <revised count="1">2021-01-11</revised>
+  <bug>763210</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pillow" auto="yes" arch="*">
+      <unaffected range="ge">8.1.0</unaffected>
+      <vulnerable range="lt">8.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python Imaging Library (fork)</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pillow. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pillow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pillow-8.1.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35653">CVE-2020-35653</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35654">CVE-2020-35654</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35655">CVE-2020-35655</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-04T00:06:19Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-11T09:13:26Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-09.xml b/metadata/glsa/glsa-202101-09.xml
new file mode 100644
index 000000000000..a5a9f5605e0e
--- /dev/null
+++ b/metadata/glsa/glsa-202101-09.xml
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-09">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
+    of which could allow an attacker to take control of VirtualBox.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2021-01-12</announced>
+  <revised count="1">2021-01-12</revised>
+  <bug>714064</bug>
+  <bug>717626</bug>
+  <bug>717782</bug>
+  <bug>733924</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/6.1">6.1.12</unaffected>
+      <unaffected range="ge" slot="0/6.0">6.0.24</unaffected>
+      <vulnerable range="lt">6.1.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VirtualBox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could take control of VirtualBox resulting in the execution
+      of arbitrary code with the privileges of the process, a Denial of Service
+      condition, or other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Virtualbox 6.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-6.0.24:0/6.0"
+    </code>
+    
+    <p>All Virtualbox 6.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-6.1.12:0/6.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2848">CVE-2019-2848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2850">CVE-2019-2850</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2859">CVE-2019-2859</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2863">CVE-2019-2863</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2864">CVE-2019-2864</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2865">CVE-2019-2865</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2866">CVE-2019-2866</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2867">CVE-2019-2867</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2873">CVE-2019-2873</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2874">CVE-2019-2874</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2875">CVE-2019-2875</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2876">CVE-2019-2876</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2877">CVE-2019-2877</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2926">CVE-2019-2926</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2944">CVE-2019-2944</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2984">CVE-2019-2984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3002">CVE-2019-3002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3005">CVE-2019-3005</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3017">CVE-2019-3017</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3021">CVE-2019-3021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3026">CVE-2019-3026</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3028">CVE-2019-3028</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3031">CVE-2019-3031</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14628">CVE-2020-14628</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14629">CVE-2020-14629</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14646">CVE-2020-14646</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14647">CVE-2020-14647</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14648">CVE-2020-14648</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14649">CVE-2020-14649</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14650">CVE-2020-14650</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14673">CVE-2020-14673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14674">CVE-2020-14674</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14675">CVE-2020-14675</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14676">CVE-2020-14676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14677">CVE-2020-14677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14694">CVE-2020-14694</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14695">CVE-2020-14695</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14698">CVE-2020-14698</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14699">CVE-2020-14699</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14700">CVE-2020-14700</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14703">CVE-2020-14703</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14704">CVE-2020-14704</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14707">CVE-2020-14707</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14711">CVE-2020-14711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14712">CVE-2020-14712</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14713">CVE-2020-14713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14714">CVE-2020-14714</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14715">CVE-2020-14715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2575">CVE-2020-2575</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2674">CVE-2020-2674</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2678">CVE-2020-2678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2681">CVE-2020-2681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2682">CVE-2020-2682</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2689">CVE-2020-2689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2690">CVE-2020-2690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2691">CVE-2020-2691</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2692">CVE-2020-2692</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2693">CVE-2020-2693</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2698">CVE-2020-2698</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2701">CVE-2020-2701</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2702">CVE-2020-2702</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2703">CVE-2020-2703</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2704">CVE-2020-2704</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2705">CVE-2020-2705</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2725">CVE-2020-2725</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2726">CVE-2020-2726</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2727">CVE-2020-2727</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2741">CVE-2020-2741</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2742">CVE-2020-2742</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2743">CVE-2020-2743</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2748">CVE-2020-2748</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2758">CVE-2020-2758</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2894">CVE-2020-2894</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2902">CVE-2020-2902</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2905">CVE-2020-2905</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2907">CVE-2020-2907</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2908">CVE-2020-2908</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2909">CVE-2020-2909</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2910">CVE-2020-2910</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2911">CVE-2020-2911</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2913">CVE-2020-2913</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2914">CVE-2020-2914</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2929">CVE-2020-2929</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2951">CVE-2020-2951</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2958">CVE-2020-2958</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2959">CVE-2020-2959</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-17T04:23:43Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2021-01-12T17:56:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-10.xml b/metadata/glsa/glsa-202101-10.xml
new file mode 100644
index 000000000000..8abb71de9859
--- /dev/null
+++ b/metadata/glsa/glsa-202101-10.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-10">
+  <title>Asterisk: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2021-01-12</announced>
+  <revised count="1">2021-01-12</revised>
+  <bug>753269</bug>
+  <bug>761313</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">13.38.1</unaffected>
+      <vulnerable range="lt">13.38.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A Modular Open Source PBX System.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Asterisk. Please review
+      the security advisories referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-13.38.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2020-001.html">
+      AST-2020-001
+    </uri>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2020-002.html">
+      AST-2020-002
+    </uri>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2020-003.html">
+      AST-2020-003
+    </uri>
+    <uri link="https://downloads.asterisk.org/pub/security/AST-2020-004.html">
+      AST-2020-004
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-04T16:30:21Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-12T17:58:27Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-11.xml b/metadata/glsa/glsa-202101-11.xml
new file mode 100644
index 000000000000..317df24d34d7
--- /dev/null
+++ b/metadata/glsa/glsa-202101-11.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-11">
+  <title>Zabbix: Root privilege escalation</title>
+  <synopsis>Multiple vulnerabilities were discovered in Gentoo's ebuild for
+    Zabbix which could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">zabbix</product>
+  <announced>2021-01-21</announced>
+  <revised count="1">2021-01-21</revised>
+  <bug>629882</bug>
+  <bug>629884</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/zabbix" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/3.0">3.0.30</unaffected>
+      <unaffected range="ge" slot="0/4.0">4.0.18</unaffected>
+      <vulnerable range="lt">4.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Zabbix is software for monitoring applications, networks, and servers.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s Zabbix ebuild did not properly set
+      permissions or placed the pid file in an unsafe directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Zabbix 3.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/zabbix-3.0.30:0/3.0"
+    </code>
+    
+    <p>All Zabbix  4.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/zabbix-4.0.18:0/4.0"
+    </code>
+    
+    <p>All other Zabbix users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/zabbix-4.4.6"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-16T06:25:12Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2021-01-21T19:18:35Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-12.xml b/metadata/glsa/glsa-202101-12.xml
new file mode 100644
index 000000000000..10de65bdd4a6
--- /dev/null
+++ b/metadata/glsa/glsa-202101-12.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-12">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2021-01-22</announced>
+  <revised count="1">2021-01-22</revised>
+  <bug>759541</bug>
+  <bug>760800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">3.4.2</unaffected>
+      <vulnerable range="lt">3.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-3.4.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26418">CVE-2020-26418</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26419">CVE-2020-26419</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26420">CVE-2020-26420</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26421">CVE-2020-26421</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26422">CVE-2020-26422</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-22T00:09:25Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-22T16:10:45Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-13.xml b/metadata/glsa/glsa-202101-13.xml
new file mode 100644
index 000000000000..e5c9507b0d3a
--- /dev/null
+++ b/metadata/glsa/glsa-202101-13.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-13">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">google-chrome,chromium</product>
+  <announced>2021-01-22</announced>
+  <revised count="1">2021-01-22</revised>
+  <bug>766207</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">88.0.4324.96</unaffected>
+      <vulnerable range="lt">88.0.4324.96</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">88.0.4324.96</unaffected>
+      <vulnerable range="lt">88.0.4324.96</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-88.0.4324.96"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-88.0.4324.96"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16044">CVE-2020-16044</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21117">CVE-2021-21117</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21118">CVE-2021-21118</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21119">CVE-2021-21119</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21120">CVE-2021-21120</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21121">CVE-2021-21121</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21122">CVE-2021-21122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21123">CVE-2021-21123</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21124">CVE-2021-21124</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21125">CVE-2021-21125</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21126">CVE-2021-21126</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21127">CVE-2021-21127</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21128">CVE-2021-21128</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21129">CVE-2021-21129</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21130">CVE-2021-21130</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21131">CVE-2021-21131</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21132">CVE-2021-21132</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21133">CVE-2021-21133</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21134">CVE-2021-21134</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21135">CVE-2021-21135</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21136">CVE-2021-21136</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21137">CVE-2021-21137</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21138">CVE-2021-21138</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21139">CVE-2021-21139</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21140">CVE-2021-21140</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21141">CVE-2021-21141</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-22T00:15:06Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-22T16:11:56Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-14.xml b/metadata/glsa/glsa-202101-14.xml
new file mode 100644
index 000000000000..f8ce93e509b1
--- /dev/null
+++ b/metadata/glsa/glsa-202101-14.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-14">
+  <title>Mozilla Thunderbird: Remote code execution</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2021-01-22</announced>
+  <revised count="1">2021-01-22</revised>
+  <bug>765088</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.6.1</unaffected>
+      <vulnerable range="lt">78.6.1</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.6.1</unaffected>
+      <vulnerable range="lt">78.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>A use-after-free bug was discovered in Mozilla Thunderbird handling of
+      SCTP.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.6.1"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.6.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16044">CVE-2020-16044</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/">
+      MFSA-2021-02
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-22T00:15:52Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-22T16:13:18Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-15.xml b/metadata/glsa/glsa-202101-15.xml
new file mode 100644
index 000000000000..3762d3444f79
--- /dev/null
+++ b/metadata/glsa/glsa-202101-15.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-15">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
+    of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2021-01-22</announced>
+  <revised count="1">2021-01-22</revised>
+  <bug>750782</bug>
+  <bug>766348</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">6.1.18</unaffected>
+      <vulnerable range="lt">6.1.18</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VirtualBox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VirtualBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-6.1.18"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14872">CVE-2020-14872</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14881">CVE-2020-14881</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14884">CVE-2020-14884</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14885">CVE-2020-14885</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14886">CVE-2020-14886</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14889">CVE-2020-14889</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14892">CVE-2020-14892</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2073">CVE-2021-2073</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2074">CVE-2021-2074</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2086">CVE-2021-2086</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2111">CVE-2021-2111</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2112">CVE-2021-2112</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2119">CVE-2021-2119</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2120">CVE-2021-2120</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2121">CVE-2021-2121</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2123">CVE-2021-2123</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2124">CVE-2021-2124</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2125">CVE-2021-2125</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2126">CVE-2021-2126</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2127">CVE-2021-2127</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2128">CVE-2021-2128</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2129">CVE-2021-2129</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2130">CVE-2021-2130</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2131">CVE-2021-2131</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-18T03:00:34Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-22T16:14:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-16.xml b/metadata/glsa/glsa-202101-16.xml
new file mode 100644
index 000000000000..2f7ed9ee6712
--- /dev/null
+++ b/metadata/glsa/glsa-202101-16.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-16">
+  <title>KDE Connect: Denial of service</title>
+  <synopsis>A vulnerability in KDE Connect could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">kde-connect</product>
+  <announced>2021-01-22</announced>
+  <revised count="1">2021-01-22</revised>
+  <bug>746401</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-misc/kdeconnect" auto="yes" arch="*">
+      <unaffected range="ge">20.04.3-r1</unaffected>
+      <vulnerable range="lt">20.04.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KDE Connect is a project that enables all your devices to communicate
+      with each other.
+    </p>
+  </background>
+  <description>
+    <p>Multiple issues causing excessive resource consumption were found in KDE
+      Connect.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KDE Connect users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-misc/kdeconnect-20.04.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26164">CVE-2020-26164</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-22T00:28:04Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-22T16:16:11Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-17.xml b/metadata/glsa/glsa-202101-17.xml
new file mode 100644
index 000000000000..9fd515383c4c
--- /dev/null
+++ b/metadata/glsa/glsa-202101-17.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-17">
+  <title>Dnsmasq: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dnsmasq, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">dnsmasq</product>
+  <announced>2021-01-22</announced>
+  <revised count="1">2021-01-22</revised>
+  <bug>766126</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.83</unaffected>
+      <vulnerable range="lt">2.83</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dnsmasq. Please review
+      the references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by sending specially crafted DNS replies, could possibly
+      execute arbitrary code with the privileges of the process, perform a
+      cache poisoning attack or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dnsmasq users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.83"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25681">CVE-2020-25681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25682">CVE-2020-25682</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25683">CVE-2020-25683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25684">CVE-2020-25684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25685">CVE-2020-25685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25686">CVE-2020-25686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25687">CVE-2020-25687</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-21T20:58:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-01-22T17:55:39Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-18.xml b/metadata/glsa/glsa-202101-18.xml
new file mode 100644
index 000000000000..03d6e27b19ce
--- /dev/null
+++ b/metadata/glsa/glsa-202101-18.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-18">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2021-01-24</announced>
+  <revised count="1">2021-01-24</revised>
+  <bug>749339</bug>
+  <bug>759928</bug>
+  <bug>766189</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.18-r6</unaffected>
+      <unaffected range="ge" slot="3.6">3.6.12-r2</unaffected>
+      <unaffected range="ge" slot="3.7">3.7.9-r2</unaffected>
+      <unaffected range="ge" slot="3.8">3.8.7-r1</unaffected>
+      <unaffected range="ge" slot="3.9">3.9.1-r1</unaffected>
+      <vulnerable range="lt" slot="2.7">2.7.18-r6</vulnerable>
+      <vulnerable range="lt" slot="3.6">3.6.12-r2</vulnerable>
+      <vulnerable range="lt" slot="3.7">3.7.9-r2</vulnerable>
+      <vulnerable range="lt" slot="3.8">3.8.7-r1</vulnerable>
+      <vulnerable range="lt" slot="3.9">3.9.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the bugs referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18-r5"
+    </code>
+    
+    <p>All Python 3.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.6.12-r1"
+    </code>
+    
+    <p>All Python 3.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.7.9-r1"
+    </code>
+    
+    <p>All Python 3.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.8.6-r1"
+    </code>
+    
+    <p>All Python 3.9 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.9.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26116">CVE-2020-26116</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3177">CVE-2021-3177</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-04T03:36:56Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-24T23:58:22Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-19.xml b/metadata/glsa/glsa-202101-19.xml
new file mode 100644
index 000000000000..866c37dcdf8a
--- /dev/null
+++ b/metadata/glsa/glsa-202101-19.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-19">
+  <title>OpenJDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJDK, the worst of
+    which could result in the arbitrary execution of code. 
+  </synopsis>
+  <product type="ebuild">openjdk</product>
+  <announced>2021-01-25</announced>
+  <revised count="1">2021-01-25</revised>
+  <bug>705992</bug>
+  <bug>750833</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/openjdk" auto="yes" arch="*">
+      <unaffected range="ge">8.272_p10</unaffected>
+      <vulnerable range="lt">8.272_p10</vulnerable>
+    </package>
+    <package name="dev-java/openjdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">8.272_p10</unaffected>
+      <vulnerable range="lt">8.272_p10</vulnerable>
+    </package>
+    <package name="dev-java/openjdk-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">8.272_p10</unaffected>
+      <vulnerable range="lt">8.272_p10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJDK is a free and open-source implementation of the Java Platform,
+      Standard Edition.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJDK. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-8.272_p10"
+    </code>
+    
+    <p>All OpenJDK (binary) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-bin-8.272_p10"
+    </code>
+    
+    <p>All OpenJDK JRE (binary) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/openjdk-jre-bin-8.272_p10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14779">CVE-2020-14779</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14781">CVE-2020-14781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14782">CVE-2020-14782</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14792">CVE-2020-14792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14796">CVE-2020-14796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14797">CVE-2020-14797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14798">CVE-2020-14798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14803">CVE-2020-14803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2583">CVE-2020-2583</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2590">CVE-2020-2590</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2593">CVE-2020-2593</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2601">CVE-2020-2601</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2604">CVE-2020-2604</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2654">CVE-2020-2654</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2659">CVE-2020-2659</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-01T10:46:07Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-25T00:02:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-20.xml b/metadata/glsa/glsa-202101-20.xml
new file mode 100644
index 000000000000..c4fc0f6dd37c
--- /dev/null
+++ b/metadata/glsa/glsa-202101-20.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-20">
+  <title>glibc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in glibc, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2021-01-25</announced>
+  <revised count="1">2021-01-25</revised>
+  <bug>611344</bug>
+  <bug>717058</bug>
+  <bug>720730</bug>
+  <bug>758359</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.32-r5</unaffected>
+      <vulnerable range="lt">2.32-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>glibc is a package that contains the GNU C library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in glibc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All glibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.32-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10228">CVE-2016-10228</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1752">CVE-2020-1752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29562">CVE-2020-29562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29573">CVE-2020-29573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6096">CVE-2020-6096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-27T17:59:30Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-25T00:05:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-21.xml b/metadata/glsa/glsa-202101-21.xml
new file mode 100644
index 000000000000..38c63fc9f4d1
--- /dev/null
+++ b/metadata/glsa/glsa-202101-21.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-21">
+  <title>Flatpak: Sandbox escape</title>
+  <synopsis>A vulnerability was discovered in Flatpak which could allow a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">flatpak</product>
+  <announced>2021-01-25</announced>
+  <revised count="1">2021-01-25</revised>
+  <bug>765457</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/flatpak" auto="yes" arch="*">
+      <unaffected range="ge">1.10.0</unaffected>
+      <vulnerable range="lt">1.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Flatpak is a Linux application sandboxing and distribution framework.</p>
+  </background>
+  <description>
+    <p>A bug was discovered in the flatpak-portal service that can allow
+      sandboxed applications to execute arbitrary code on the host system (a
+      sandbox escape).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      Flatpak app possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>As a workaround, this vulnerability can be mitigated by preventing the
+      flatpak-portal service from starting, but that mitigation will prevent
+      many Flatpak apps from working correctly. It is highly recommended to
+      upgrade.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Flatpak users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/flatpak-1.10.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21261">CVE-2021-21261</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-22T00:26:55Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-25T00:07:24Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-22.xml b/metadata/glsa/glsa-202101-22.xml
new file mode 100644
index 000000000000..36a94ff168ac
--- /dev/null
+++ b/metadata/glsa/glsa-202101-22.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-22">
+  <title>libvirt: Unintended access to /dev/mapper/control</title>
+  <synopsis>A vulnerability in libvirt may allow root privilege escalation.</synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>739948</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">6.7.0</unaffected>
+      <vulnerable range="lt">6.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>A file descriptor for /dev/mapper/control was insufficiently protected.</p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to escalate to root privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-6.7.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14339">CVE-2020-14339</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-05T23:25:12Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:10:19Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-23.xml b/metadata/glsa/glsa-202101-23.xml
new file mode 100644
index 000000000000..d3ba7f305498
--- /dev/null
+++ b/metadata/glsa/glsa-202101-23.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-23">
+  <title>PEAR Archive_Tar: Directory traversal</title>
+  <synopsis>Multiple vulnerabilities have been found in PEAR Archive_Tar, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">PEAR-Archive_Tar</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>755653</bug>
+  <bug>766036</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/PEAR-Archive_Tar" auto="yes" arch="*">
+      <unaffected range="ge">1.4.12</unaffected>
+      <vulnerable range="lt">1.4.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>This class provides handling of tar files in PHP.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PEAR Archive_Tar.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PEAR-Archive_Tar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-Archive_Tar-1.4.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28948">CVE-2020-28948</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28949">CVE-2020-28949</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36193">CVE-2020-36193</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T23:43:27Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:10:53Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-24.xml b/metadata/glsa/glsa-202101-24.xml
new file mode 100644
index 000000000000..3e9fb3f77765
--- /dev/null
+++ b/metadata/glsa/glsa-202101-24.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-24">
+  <title>cfitsio: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cfitsio, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">cfitsio</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>673944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sci-libs/cfitsio" auto="yes" arch="*">
+      <unaffected range="ge">3.490</unaffected>
+      <vulnerable range="lt">3.490</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A C and Fortran library for manipulating FITS files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cfitsio. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cfitsio users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sci-libs/cfitsio-3.490"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3846">CVE-2018-3846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3847">CVE-2018-3847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3848">CVE-2018-3848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3849">CVE-2018-3849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T23:40:35Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:12:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-25.xml b/metadata/glsa/glsa-202101-25.xml
new file mode 100644
index 000000000000..6914662437b5
--- /dev/null
+++ b/metadata/glsa/glsa-202101-25.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-25">
+  <title>Mutt: Denial of service</title>
+  <synopsis>A vulnerability in Mutt could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">mutt</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>765790</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4-r1</unaffected>
+      <vulnerable range="lt">2.0.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+  </background>
+  <description>
+    <p>A memory leak could occur when a crafted email message is received.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-2.0.4-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3181">CVE-2021-3181</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T23:33:22Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:13:00Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-26.xml b/metadata/glsa/glsa-202101-26.xml
new file mode 100644
index 000000000000..64fbf2c1b631
--- /dev/null
+++ b/metadata/glsa/glsa-202101-26.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-26">
+  <title>f2fs-tools: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in f2fs-tools, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">f2fs-tools</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>749318</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-fs/f2fs-tools" auto="yes" arch="*">
+      <unaffected range="ge">1.14.0</unaffected>
+      <vulnerable range="lt">1.14.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tools for Flash-Friendly File System (F2FS).</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in f2fs-tools. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All f2fs-tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/f2fs-tools-1.14.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6104">CVE-2020-6104</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6105">CVE-2020-6105</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6106">CVE-2020-6106</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6107">CVE-2020-6107</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6108">CVE-2020-6108</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-01T10:45:37Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:13:26Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-27.xml b/metadata/glsa/glsa-202101-27.xml
new file mode 100644
index 000000000000..776a91822460
--- /dev/null
+++ b/metadata/glsa/glsa-202101-27.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-27">
+  <title>FreeRADIUS: Root privilege escalation</title>
+  <synopsis>Multiple vulnerabilities were discovered in Gentoo's systemd unit
+    for FreeRADIUS which could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">freeradius</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>630910</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">3.0.20-r1</unaffected>
+      <vulnerable range="lt">3.0.20-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeRADIUS is a modular, high performance free RADIUS suite.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s FreeRADIUS systemd unit set
+      permissions on an unsafe directory on start.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeRADIUS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/freeradius-3.0.20-r1"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T21:55:08Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:13:46Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-28.xml b/metadata/glsa/glsa-202101-28.xml
new file mode 100644
index 000000000000..8ba014862bfd
--- /dev/null
+++ b/metadata/glsa/glsa-202101-28.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-28">
+  <title>ncurses: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ncurses, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ncurses</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>698210</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/ncurses" auto="yes" arch="*">
+      <unaffected range="ge">6.2</unaffected>
+      <vulnerable range="lt">6.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A console display library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ncurses. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ncurses users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/ncurses-6.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17594">CVE-2019-17594</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17595">CVE-2019-17595</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T17:12:09Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:14:57Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-29.xml b/metadata/glsa/glsa-202101-29.xml
new file mode 100644
index 000000000000..5f2c0b02b104
--- /dev/null
+++ b/metadata/glsa/glsa-202101-29.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-29">
+  <title>OpenJPEG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJPEG, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openjpeg</product>
+  <announced>2021-01-26</announced>
+  <revised count="2">2021-01-26</revised>
+  <bug>711260</bug>
+  <bug>718918</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openjpeg" auto="yes" arch="*">
+      <unaffected range="ge" slot="2">2.4.0</unaffected>
+      <vulnerable range="lt" slot="2">2.4.0</vulnerable>
+      <vulnerable range="lt" slot="1">1.5.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJPEG is an open-source JPEG 2000 library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJPEG 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-2.4.0:2"
+    </code>
+    
+    <p>Gentoo has discontinued support OpenJPEG 1.x and any dependent packages
+      should now be using OpenJPEG 2 or have dropped support for the library.
+      We recommend that users unmerge OpenJPEG 1.x:
+    </p>
+    
+    <code>
+      # emerge --unmerge "media-libs/openjpeg:1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-21010">CVE-2018-21010</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12973">CVE-2019-12973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15389">CVE-2020-15389</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27814">CVE-2020-27814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27841">CVE-2020-27841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27842">CVE-2020-27842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27843">CVE-2020-27843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27844">CVE-2020-27844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27845">CVE-2020-27845</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T20:17:39Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T02:54:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-30.xml b/metadata/glsa/glsa-202101-30.xml
new file mode 100644
index 000000000000..0c4e07eeaaa7
--- /dev/null
+++ b/metadata/glsa/glsa-202101-30.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-30">
+  <title>Qt WebEngine: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Qt WebEngine, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qtwebengine</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>734600</bug>
+  <bug>754852</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-qt/qtwebengine" auto="yes" arch="*">
+      <unaffected range="ge">5.15.2</unaffected>
+      <vulnerable range="lt">5.15.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library for rendering dynamic web content in Qt5 C++ and QML
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Qt WebEngine. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Qt WebEngine users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtwebengine-5.15.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15959">CVE-2020-15959</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15959">CVE-2020-15959</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15960">CVE-2020-15960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15960">CVE-2020-15960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15961">CVE-2020-15961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15961">CVE-2020-15961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15962">CVE-2020-15962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15962">CVE-2020-15962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15963">CVE-2020-15963</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15963">CVE-2020-15963</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15964">CVE-2020-15964</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15964">CVE-2020-15964</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15965">CVE-2020-15965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15965">CVE-2020-15965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15966">CVE-2020-15966</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15966">CVE-2020-15966</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15968">CVE-2020-15968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15968">CVE-2020-15968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15969">CVE-2020-15969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15969">CVE-2020-15969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15972">CVE-2020-15972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15972">CVE-2020-15972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15974">CVE-2020-15974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15974">CVE-2020-15974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15976">CVE-2020-15976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15976">CVE-2020-15976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15977">CVE-2020-15977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15977">CVE-2020-15977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15978">CVE-2020-15978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15978">CVE-2020-15978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15979">CVE-2020-15979</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15979">CVE-2020-15979</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15985">CVE-2020-15985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15985">CVE-2020-15985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15987">CVE-2020-15987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15987">CVE-2020-15987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15989">CVE-2020-15989</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15989">CVE-2020-15989</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15992">CVE-2020-15992</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15992">CVE-2020-15992</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16001">CVE-2020-16001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16001">CVE-2020-16001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16002">CVE-2020-16002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16002">CVE-2020-16002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16003">CVE-2020-16003</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16003">CVE-2020-16003</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6467">CVE-2020-6467</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6467">CVE-2020-6467</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6470">CVE-2020-6470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6470">CVE-2020-6470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6471">CVE-2020-6471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6471">CVE-2020-6471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6472">CVE-2020-6472</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6473">CVE-2020-6473</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6474">CVE-2020-6474</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6475">CVE-2020-6475</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6476">CVE-2020-6476</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6480">CVE-2020-6480</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6481">CVE-2020-6481</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6482">CVE-2020-6482</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6483">CVE-2020-6483</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6486">CVE-2020-6486</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6487">CVE-2020-6487</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6489">CVE-2020-6489</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6490">CVE-2020-6490</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6506">CVE-2020-6506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6510">CVE-2020-6510</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6511">CVE-2020-6511</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6512">CVE-2020-6512</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6513">CVE-2020-6513</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6514">CVE-2020-6514</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6518">CVE-2020-6518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6523">CVE-2020-6523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6524">CVE-2020-6524</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6526">CVE-2020-6526</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6529">CVE-2020-6529</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6530">CVE-2020-6530</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6531">CVE-2020-6531</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6532">CVE-2020-6532</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6533">CVE-2020-6533</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6534">CVE-2020-6534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6535">CVE-2020-6535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6540">CVE-2020-6540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6541">CVE-2020-6541</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6542">CVE-2020-6542</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6543">CVE-2020-6543</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6544">CVE-2020-6544</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6545">CVE-2020-6545</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6548">CVE-2020-6548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6549">CVE-2020-6549</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6550">CVE-2020-6550</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6551">CVE-2020-6551</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6555">CVE-2020-6555</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6557">CVE-2020-6557</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6559">CVE-2020-6559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6561">CVE-2020-6561</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6562">CVE-2020-6562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6569">CVE-2020-6569</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6570">CVE-2020-6570</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6571">CVE-2020-6571</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6573">CVE-2020-6573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6575">CVE-2020-6575</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6576">CVE-2020-6576</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T23:03:36Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:15:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-31.xml b/metadata/glsa/glsa-202101-31.xml
new file mode 100644
index 000000000000..3d7dcd82f908
--- /dev/null
+++ b/metadata/glsa/glsa-202101-31.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-31">
+  <title>Cacti: Remote code execution</title>
+  <synopsis>A vulnerability in Cacti could lead to remote code execution.</synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>765019</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">1.2.16-r1</unaffected>
+      <vulnerable range="lt">1.2.16-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>The side_id parameter in data_debug.php does not properly verify input
+      allowing SQL injection.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-1.2.16-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35701">CVE-2020-35701</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-26T00:34:29Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T23:38:21Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-32.xml b/metadata/glsa/glsa-202101-32.xml
new file mode 100644
index 000000000000..2c1a6dd3ef52
--- /dev/null
+++ b/metadata/glsa/glsa-202101-32.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-32">
+  <title>Mutt, NeoMutt: Information disclosure</title>
+  <synopsis>A weakness was discovered in Mutt and NeoMutt's TLS handshake
+    handling
+  </synopsis>
+  <product type="ebuild">NeoMutt</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>755833</bug>
+  <bug>755866</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2</unaffected>
+      <vulnerable range="lt">2.0.2</vulnerable>
+    </package>
+    <package name="mail-client/neomutt" auto="yes" arch="*">
+      <unaffected range="ge">20201120</unaffected>
+      <vulnerable range="lt">20201120</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+    
+    <p>NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt
+      with added features.
+    </p>
+  </background>
+  <description>
+    <p>A weakness in TLS handshake handling was found which may allow
+      information disclosure.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause information disclosure.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-2.0.2"
+    </code>
+    
+    <p>All NeoMutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/neomutt-20201120"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28896">CVE-2020-28896</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-26T00:28:06Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T23:39:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-33.xml b/metadata/glsa/glsa-202101-33.xml
new file mode 100644
index 000000000000..a53bfabd5cd9
--- /dev/null
+++ b/metadata/glsa/glsa-202101-33.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-33">
+  <title>sudo: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in sudo, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>764986</bug>
+  <bug>767364</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.9.5_p2</unaffected>
+      <vulnerable range="lt">1.9.5_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo (su “do”) allows a system administrator to delegate authority
+      to give certain users (or groups of users) the ability to run some (or
+      all) commands as root or another user while providing an audit trail of
+      the commands and their arguments.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in sudo. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Local users are able to gain unauthorized privileges on the system or
+      determine the existence of files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.9.5_p2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23239">CVE-2021-23239</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23240">CVE-2021-23240</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3156">CVE-2021-3156</uri>
+    <uri link="https://www.sudo.ws/alerts/sudoedit_selinux.html">Upstream
+      advisory (CVE-2020-23240)
+    </uri>
+    <uri link="https://www.sudo.ws/alerts/unescape_overflow.html">Upstream
+      advisory (CVE-2021-3156)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-26T22:52:21Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T23:40:46Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-34.xml b/metadata/glsa/glsa-202101-34.xml
new file mode 100644
index 000000000000..bedeea759a1d
--- /dev/null
+++ b/metadata/glsa/glsa-202101-34.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-34">
+  <title>Telegram Desktop: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Telegram, the worst of
+    which could result in information disclosure.
+  </synopsis>
+  <product type="ebuild">telegram</product>
+  <announced>2021-01-27</announced>
+  <revised count="1">2021-01-27</revised>
+  <bug>736774</bug>
+  <bug>749288</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/telegram-desktop" auto="yes" arch="*">
+      <unaffected range="ge">2.4.4</unaffected>
+      <vulnerable range="lt">2.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Telegram is a messaging app with a focus on speed and security.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Telegram Desktop.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Telegram Desktop users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/telegram-desktop-2.4.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17448">CVE-2020-17448</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25824">CVE-2020-25824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-27T04:40:13Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-27T16:13:13Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-35.xml b/metadata/glsa/glsa-202101-35.xml
new file mode 100644
index 000000000000..974a6a240ef5
--- /dev/null
+++ b/metadata/glsa/glsa-202101-35.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-35">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in phpMyAdmin, allowing
+    remote attackers to conduct XSS.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2021-01-27</announced>
+  <revised count="1">2021-01-27</revised>
+  <bug>747805</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge" slot="4.9.6">4.9.6</unaffected>
+      <vulnerable range="lt" slot="4.9.6">4.9.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.9.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26934">CVE-2020-26934</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26935">CVE-2020-26935</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-19T19:31:06Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-01-27T16:14:41Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-36.xml b/metadata/glsa/glsa-202101-36.xml
new file mode 100644
index 000000000000..7b5b52d6a17b
--- /dev/null
+++ b/metadata/glsa/glsa-202101-36.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-36">
+  <title>ImageMagick: Command injection</title>
+  <synopsis>A vulnerability in ImageMagick's handling of PDF was discovered
+    possibly allowing code execution.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2021-01-29</announced>
+  <revised count="1">2021-01-29</revised>
+  <bug>756829</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">7.0.10.41-r1</unaffected>
+      <unaffected range="ge">6.9.11.41-r1</unaffected>
+      <vulnerable range="lt">7.0.10.41-r1</vulnerable>
+      <vulnerable range="lt">6.9.11.41-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A collection of tools and libraries for many image formats.</p>
+  </background>
+  <description>
+    <p>A flaw in ImageMagick’s handling of password protected PDFs was
+      discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      using ImageMagick possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Do not open untrusted PDFs.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick 7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-gfx/imagemagick-7.0.10.41-r1"
+    </code>
+    
+    <p>All ImageMagick 6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-gfx/imagemagick-6.9.11.41-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29599">CVE-2020-29599</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-28T02:24:26Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-29T00:02:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-37.xml b/metadata/glsa/glsa-202101-37.xml
new file mode 100644
index 000000000000..52b09f41e0a2
--- /dev/null
+++ b/metadata/glsa/glsa-202101-37.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-37">
+  <title>VLC: Buffer overflow</title>
+  <synopsis>A buffer overflow in VLC might allow remote attacker(s) to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2021-01-29</announced>
+  <revised count="1">2021-01-29</revised>
+  <bug>765040</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.12.1</unaffected>
+      <vulnerable range="lt">3.0.12.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>VLC was found to have a buffer overflow when handling crafted MKV files.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted MKV
+      file using VLC possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.12.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26664">CVE-2020-26664</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-28T02:32:59Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-29T00:04:09Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-38.xml b/metadata/glsa/glsa-202101-38.xml
new file mode 100644
index 000000000000..11ca507fa1e1
--- /dev/null
+++ b/metadata/glsa/glsa-202101-38.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-38">
+  <title>NSD: Symbolic link traversal</title>
+  <synopsis>A vulnerability was discovered in NSD which could allow a local
+    attacker to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">nsd</product>
+  <announced>2021-01-29</announced>
+  <revised count="1">2021-01-29</revised>
+  <bug>758977</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dns/nsd" auto="yes" arch="*">
+      <unaffected range="ge">4.3.4</unaffected>
+      <vulnerable range="lt">4.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>An authoritative only, high performance, open source name server</p>
+  </background>
+  <description>
+    <p>A local vulnerability was discovered that would allow for a local
+      symlink attack due to how NSD handles PID files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NSD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/nsd-4.3.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28935">CVE-2020-28935</uri>
+    <uri link="https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-22T15:47:22Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-01-29T00:05:16Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202102-01.xml b/metadata/glsa/glsa-202102-01.xml
new file mode 100644
index 000000000000..c448adf3cd6c
--- /dev/null
+++ b/metadata/glsa/glsa-202102-01.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202102-01">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2021-02-01</announced>
+  <revised count="1">2021-02-01</revised>
+  <bug>767334</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.7.0</unaffected>
+      <unaffected range="ge">85.0</unaffected>
+      <vulnerable range="lt">85.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.7.0</unaffected>
+      <unaffected range="ge">85.0</unaffected>
+      <vulnerable range="lt">85.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.7.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.7.0"
+    </code>
+    
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-85.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-85.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23953">CVE-2021-23953</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23954">CVE-2021-23954</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23955">CVE-2021-23955</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23956">CVE-2021-23956</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23958">CVE-2021-23958</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23960">CVE-2021-23960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23962">CVE-2021-23962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23963">CVE-2021-23963</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23964">CVE-2021-23964</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23965">CVE-2021-23965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26976">CVE-2021-26976</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/">
+      Upstream advisory (MFSA-2021-03)
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/">
+      Upstream advisory (MFSA-2021-04)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-27T04:40:38Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-02-01T01:39:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202102-02.xml b/metadata/glsa/glsa-202102-02.xml
new file mode 100644
index 000000000000..69f0cc482a4d
--- /dev/null
+++ b/metadata/glsa/glsa-202102-02.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202102-02">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2021-02-01</announced>
+  <revised count="1">2021-02-01</revised>
+  <bug>767394</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.7.0</unaffected>
+      <vulnerable range="lt">78.7.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.7.0</unaffected>
+      <vulnerable range="lt">78.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.7.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.7.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15685">CVE-2020-15685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26976">CVE-2020-26976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23953">CVE-2021-23953</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23954">CVE-2021-23954</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23960">CVE-2021-23960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23964">CVE-2021-23964</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/">
+      Upstream advisory (MFSA-2021-05)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-27T04:56:17Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-02-01T01:42:49Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202103-01.xml b/metadata/glsa/glsa-202103-01.xml
new file mode 100644
index 000000000000..ff3d8ebd9e83
--- /dev/null
+++ b/metadata/glsa/glsa-202103-01.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202103-01">
+  <title>Salt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Salt, the worst of
+    which could allow remote attacker to execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">salt</product>
+  <announced>2021-03-31</announced>
+  <revised count="1">2021-03-31</revised>
+  <bug>767919</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-admin/salt" auto="yes" arch="*">
+      <unaffected range="ge">3000.8</unaffected>
+      <vulnerable range="lt">3000.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Salt is a fast, intelligent and scalable automation engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Salt. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary commands via
+      salt-api, cause a Denial of Service condition, bypass access restrictions
+      or disclose sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Salt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/salt-3000.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28243">CVE-2020-28243</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28972">CVE-2020-28972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35662">CVE-2020-35662</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25281">CVE-2021-25281</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25282">CVE-2021-25282</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25283">CVE-2021-25283</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25284">CVE-2021-25284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3144">CVE-2021-3144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3148">CVE-2021-3148</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3197">CVE-2021-3197</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-03-31T11:41:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-03-31T12:14:53Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202103-02.xml b/metadata/glsa/glsa-202103-02.xml
new file mode 100644
index 000000000000..0dc5e402d914
--- /dev/null
+++ b/metadata/glsa/glsa-202103-02.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202103-02">
+  <title>Redis: Remote code execution</title>
+  <synopsis>A vulnerability in Redis could lead to remote code execution.</synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2021-03-31</announced>
+  <revised count="1">2021-03-31</revised>
+  <bug>773328</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">5.0.12</unaffected>
+      <unaffected range="ge">6.0.12</unaffected>
+      <vulnerable range="lt">6.0.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that there were a number of integer overflow issues in
+      Redis.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to connect to a Redis instance, could send a
+      malicious crafted large request possibly resulting in the execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis 5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-5.0.12"
+    </code>
+    
+    <p>All Redis 6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-6.0.12"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21309">CVE-2021-21309</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-03-31T11:56:33Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-03-31T12:15:15Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202103-03.xml b/metadata/glsa/glsa-202103-03.xml
new file mode 100644
index 000000000000..2fc78d7a7bc3
--- /dev/null
+++ b/metadata/glsa/glsa-202103-03.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202103-03">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2021-03-31</announced>
+  <revised count="1">2021-03-31</revised>
+  <bug>769785</bug>
+  <bug>777681</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1k</unaffected>
+      <vulnerable range="lt">1.1.1k</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well
+      as a general purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.1.1k"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23840">CVE-2021-23840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23841">CVE-2021-23841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3449">CVE-2021-3449</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3450">CVE-2021-3450</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-03-31T11:28:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-03-31T12:15:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202103-04.xml b/metadata/glsa/glsa-202103-04.xml
new file mode 100644
index 000000000000..35516875df4c
--- /dev/null
+++ b/metadata/glsa/glsa-202103-04.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202103-04">
+  <title>SQLite: Remote code execution</title>
+  <synopsis>A vulnerability in SQLite could lead to remote code execution.</synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2021-03-31</announced>
+  <revised count="1">2021-03-31</revised>
+  <bug>777990</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.34.1</unaffected>
+      <vulnerable range="lt">3.34.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>It was discovered that SQLite incorrectly handled certain sub-queries.</p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.34.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20227">CVE-2021-20227</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-03-31T12:07:59Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-03-31T12:15:38Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-01.xml b/metadata/glsa/glsa-202104-01.xml
new file mode 100644
index 000000000000..74237596f227
--- /dev/null
+++ b/metadata/glsa/glsa-202104-01.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-01">
+  <title>Git: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in Git that could allow a remote
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>774678</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">2.26.3</unaffected>
+      <vulnerable range="lt">2.26.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a distributed version control system designed.</p>
+  </background>
+  <description>
+    <p>It was discovered that Git could be fooled into running remote code
+      during a clone on case-insensitive file systems with support for symbolic
+      links, if Git is configured globally to apply delay-capable clean/smudge
+      filters (such as Git LFS).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to clone a specially crafted
+      repository, possibly resulting in the remote execution of arbitrary code
+      with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.26.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21300">CVE-2021-21300</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T22:21:04Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:44:55Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-02.xml b/metadata/glsa/glsa-202104-02.xml
new file mode 100644
index 000000000000..fc7805e8fe2d
--- /dev/null
+++ b/metadata/glsa/glsa-202104-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-02">
+  <title>X.Org X Server: Privilege escalation</title>
+  <synopsis>A vulnerability in X.Org X Server may allow users to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>782679</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.20.11</unaffected>
+      <vulnerable range="lt">1.20.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that X.Org X Server did not sufficiently check the
+      length of the XInput extension’s ChangeFeedbackControl request.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An authorized attacker could possibly escalate privileges, or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.20.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3472">CVE-2021-3472</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T21:51:09Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:45:08Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-03.xml b/metadata/glsa/glsa-202104-03.xml
new file mode 100644
index 000000000000..1486ced0fbaf
--- /dev/null
+++ b/metadata/glsa/glsa-202104-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-03">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>770793</bug>
+  <bug>773193</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.30.6</unaffected>
+      <vulnerable range="lt">2.30.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing a user to visit maliciously crafted web
+      content, may be able to execute arbitrary code, violate iframe sandboxing
+      policy, access restricted ports on arbitrary servers, cause memory
+      corruption, or could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.30.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13558">CVE-2020-13558</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27918">CVE-2020-27918</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29623">CVE-2020-29623</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9947">CVE-2020-9947</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1765">CVE-2021-1765</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1789">CVE-2021-1789</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1799">CVE-2021-1799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1801">CVE-2021-1801</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1870">CVE-2021-1870</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2021-0001.html">WSA-2021-0001</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2021-0002.html">WSA-2021-0002</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T22:10:11Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:45:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-04.xml b/metadata/glsa/glsa-202104-04.xml
new file mode 100644
index 000000000000..09f39c7237d8
--- /dev/null
+++ b/metadata/glsa/glsa-202104-04.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-04">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which might allow attackers to access sensitive information.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>770853</bug>
+  <bug>779841</bug>
+  <bug>779844</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.18_p8</unaffected>
+      <unaffected range="ge" slot="3.6">3.6.13_p1</unaffected>
+      <unaffected range="ge" slot="3.7">3.7.10_p1</unaffected>
+      <unaffected range="ge" slot="3.8">3.8.8_p1</unaffected>
+      <unaffected range="ge" slot="3.9">3.9.2_p1</unaffected>
+      <vulnerable range="lt">3.9.2_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18_p8"
+    </code>
+    
+    <p>All Python 3.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.6.13_p1"
+    </code>
+    
+    <p>All Python 3.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.7.10_p1"
+    </code>
+    
+    <p>All Python 3.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.8.8_p1"
+    </code>
+    
+    <p>All Python 3.9 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.9.2_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23336">CVE-2021-23336</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3426">CVE-2021-3426</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:29:13Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:45:38Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-05.xml b/metadata/glsa/glsa-202104-05.xml
new file mode 100644
index 000000000000..9f9c0ce72f3e
--- /dev/null
+++ b/metadata/glsa/glsa-202104-05.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-05">
+  <title>GRUB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GRUB, the worst might
+    allow for circumvention of UEFI Secure Boot.
+  </synopsis>
+  <product type="ebuild">grub</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>734654</bug>
+  <bug>773991</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/grub" auto="yes" arch="*">
+      <unaffected range="ge">2.06_rc1</unaffected>
+      <vulnerable range="lt">2.06_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU GRUB is a multiboot boot loader used by most Linux systems.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GRUB. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GRUB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/grub-2.06_rc1"
+    </code>
+    
+    <p>After upgrading, make sure to run the grub-install command with options
+      appropriate for your system. See the GRUB Quick Start guide in the
+      references below for examples. Your system will be vulnerable until this
+      action is performed.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10713">CVE-2020-10713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14308">CVE-2020-14308</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14309">CVE-2020-14309</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14310">CVE-2020-14310</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14311">CVE-2020-14311</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14372">CVE-2020-14372</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15705">CVE-2020-15705</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15706">CVE-2020-15706</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15707">CVE-2020-15707</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25632">CVE-2020-25632</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25647">CVE-2020-25647</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27749">CVE-2020-27749</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27779">CVE-2020-27779</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20225">CVE-2021-20225</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20233">CVE-2021-20233</uri>
+    <uri link="https://wiki.gentoo.org/wiki/GRUB2_Quick_Start">GRUB Quick Start
+      guide 
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:17:40Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:45:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-06.xml b/metadata/glsa/glsa-202104-06.xml
new file mode 100644
index 000000000000..ec8e0eaa696c
--- /dev/null
+++ b/metadata/glsa/glsa-202104-06.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-06">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibTIFF, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libtiff</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>775125</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0</unaffected>
+      <vulnerable range="lt">4.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The TIFF library contains encoding and decoding routines for the Tag
+      Image File Format. It is called by numerous programs, including GNOME and
+      KDE applications, to interpret TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibTIFF. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      TIFF file, could possibly execute arbitrary code with the privileges of
+      the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibTIFF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.2.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35521">CVE-2020-35521</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35522">CVE-2020-35522</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35523">CVE-2020-35523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35524">CVE-2020-35524</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:10:58Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:46:04Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-07.xml b/metadata/glsa/glsa-202104-07.xml
new file mode 100644
index 000000000000..31900cf33c40
--- /dev/null
+++ b/metadata/glsa/glsa-202104-07.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-07">
+  <title>ClamAV: Denial of service</title>
+  <synopsis>A vulnerability in ClamAV could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>780894</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.103.2</unaffected>
+      <vulnerable range="lt">0.103.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ClamAV is a GPL virus scanner.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in ClamAV. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could cause ClamAV to scan a specially crafted file,
+      possibly resulting a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.103.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1405">CVE-2021-1405</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:40:37Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:46:17Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-08.xml b/metadata/glsa/glsa-202104-08.xml
new file mode 100644
index 000000000000..8fca53ce6b6a
--- /dev/null
+++ b/metadata/glsa/glsa-202104-08.xml
@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-08">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>768459</bug>
+  <bug>768831</bug>
+  <bug>771012</bug>
+  <bug>774015</bug>
+  <bug>776181</bug>
+  <bug>779493</bug>
+  <bug>782802</bug>
+  <bug>782970</bug>
+  <bug>784554</bug>
+  <bug>785889</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">90.0.4430.93</unaffected>
+      <vulnerable range="lt">90.0.4430.93</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">90.0.4430.93</unaffected>
+      <vulnerable range="lt">90.0.4430.93</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-90.0.4430.93"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-90.0.4430.93"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21142">CVE-2021-21142</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21143">CVE-2021-21143</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21144">CVE-2021-21144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21145">CVE-2021-21145</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21146">CVE-2021-21146</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21147">CVE-2021-21147</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21148">CVE-2021-21148</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21149">CVE-2021-21149</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21150">CVE-2021-21150</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21151">CVE-2021-21151</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21152">CVE-2021-21152</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21153">CVE-2021-21153</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21154">CVE-2021-21154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21155">CVE-2021-21155</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21156">CVE-2021-21156</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21157">CVE-2021-21157</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21159">CVE-2021-21159</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21160">CVE-2021-21160</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21161">CVE-2021-21161</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21162">CVE-2021-21162</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21163">CVE-2021-21163</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21165">CVE-2021-21165</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21166">CVE-2021-21166</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21167">CVE-2021-21167</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21168">CVE-2021-21168</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21169">CVE-2021-21169</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21170">CVE-2021-21170</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21171">CVE-2021-21171</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21172">CVE-2021-21172</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21173">CVE-2021-21173</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21174">CVE-2021-21174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21175">CVE-2021-21175</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21176">CVE-2021-21176</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21177">CVE-2021-21177</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21178">CVE-2021-21178</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21179">CVE-2021-21179</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21180">CVE-2021-21180</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21181">CVE-2021-21181</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21182">CVE-2021-21182</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21183">CVE-2021-21183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21184">CVE-2021-21184</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21185">CVE-2021-21185</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21186">CVE-2021-21186</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21187">CVE-2021-21187</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21188">CVE-2021-21188</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21189">CVE-2021-21189</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2119">CVE-2021-2119</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21191">CVE-2021-21191</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21192">CVE-2021-21192</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21193">CVE-2021-21193</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21194">CVE-2021-21194</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21195">CVE-2021-21195</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21196">CVE-2021-21196</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21197">CVE-2021-21197</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21198">CVE-2021-21198</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21199">CVE-2021-21199</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21201">CVE-2021-21201</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21202">CVE-2021-21202</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21203">CVE-2021-21203</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21204">CVE-2021-21204</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21205">CVE-2021-21205</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21206">CVE-2021-21206</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21207">CVE-2021-21207</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21208">CVE-2021-21208</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21209">CVE-2021-21209</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21210">CVE-2021-21210</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21211">CVE-2021-21211</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21212">CVE-2021-21212</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21213">CVE-2021-21213</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21214">CVE-2021-21214</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21215">CVE-2021-21215</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21216">CVE-2021-21216</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21217">CVE-2021-21217</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21218">CVE-2021-21218</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21219">CVE-2021-21219</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21220">CVE-2021-21220</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21221">CVE-2021-21221</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21222">CVE-2021-21222</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21223">CVE-2021-21223</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21224">CVE-2021-21224</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21225">CVE-2021-21225</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21226">CVE-2021-21226</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21227">CVE-2021-21227</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21228">CVE-2021-21228</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21229">CVE-2021-21229</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21230">CVE-2021-21230</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21231">CVE-2021-21231</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21232">CVE-2021-21232</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21233">CVE-2021-21233</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:06:01Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:46:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-09.xml b/metadata/glsa/glsa-202104-09.xml
new file mode 100644
index 000000000000..079925cdc2cd
--- /dev/null
+++ b/metadata/glsa/glsa-202104-09.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-09">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>772287</bug>
+  <bug>778272</bug>
+  <bug>784578</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.10.0</unaffected>
+      <vulnerable range="lt">78.10.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.10.0</unaffected>
+      <vulnerable range="lt">78.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.10.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.10.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23968">CVE-2021-23968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23969">CVE-2021-23969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23973">CVE-2021-23973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23978">CVE-2021-23978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23981">CVE-2021-23981</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23982">CVE-2021-23982</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23984">CVE-2021-23984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23987">CVE-2021-23987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23994">CVE-2021-23994</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23995">CVE-2021-23995</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23998">CVE-2021-23998</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23999">CVE-2021-23999</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-24002">CVE-2021-24002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29945">CVE-2021-29945</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29946">CVE-2021-29946</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29948">CVE-2021-29948</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/">
+      MFSA-2021-09
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/">
+      MFSA-2021-12
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/">
+      MFSA-2021-14
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T22:33:39Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:46:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-10.xml b/metadata/glsa/glsa-202104-10.xml
new file mode 100644
index 000000000000..02a76e567bf1
--- /dev/null
+++ b/metadata/glsa/glsa-202104-10.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-10">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>772305</bug>
+  <bug>778269</bug>
+  <bug>784572</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.10.0</unaffected>
+      <unaffected range="ge">88.0</unaffected>
+      <vulnerable range="lt">88.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.10.0</unaffected>
+      <unaffected range="ge">88.0</unaffected>
+      <vulnerable range="lt">88.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.10.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.10.0"
+    </code>
+    
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-88.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-88.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23968">CVE-2021-23968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23969">CVE-2021-23969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23970">CVE-2021-23970</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23971">CVE-2021-23971</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23972">CVE-2021-23972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23973">CVE-2021-23973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23974">CVE-2021-23974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23975">CVE-2021-23975</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23976">CVE-2021-23976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23977">CVE-2021-23977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23978">CVE-2021-23978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23981">CVE-2021-23981</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23982">CVE-2021-23982</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23983">CVE-2021-23983</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23984">CVE-2021-23984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23985">CVE-2021-23985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23986">CVE-2021-23986</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23987">CVE-2021-23987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23988">CVE-2021-23988</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23994">CVE-2021-23994</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23995">CVE-2021-23995</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23998">CVE-2021-23998</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23999">CVE-2021-23999</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-24002">CVE-2021-24002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29945">CVE-2021-29945</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29946">CVE-2021-29946</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/">
+      MFSA-2021-08
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/">
+      MFSA-2021-11
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/">
+      MFSA-2021-15
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T22:45:03Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:47:33Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-01.xml b/metadata/glsa/glsa-202105-01.xml
new file mode 100644
index 000000000000..9d471cc9a50c
--- /dev/null
+++ b/metadata/glsa/glsa-202105-01.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-01">
+  <title>Exim: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Exim, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2021-05-04</announced>
+  <revised count="1">2021-05-04</revised>
+  <bug>786945</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.94.2</unaffected>
+      <vulnerable range="lt">4.94.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Exim. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by connecting to the SMTP listener daemon, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition. Furthermore, a local attacker could
+      perform symlink attacks to overwrite arbitrary files with the privileges
+      of the user running the application or escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.94.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28007">CVE-2020-28007</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28008">CVE-2020-28008</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28009">CVE-2020-28009</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28010">CVE-2020-28010</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28011">CVE-2020-28011</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28012">CVE-2020-28012</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28013">CVE-2020-28013</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28014">CVE-2020-28014</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28015">CVE-2020-28015</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28016">CVE-2020-28016</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28017">CVE-2020-28017</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28018">CVE-2020-28018</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28019">CVE-2020-28019</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28020">CVE-2020-28020</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28021">CVE-2020-28021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28022">CVE-2020-28022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28023">CVE-2020-28023</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28024">CVE-2020-28024</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28025">CVE-2020-28025</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28026">CVE-2020-28026</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27216">CVE-2021-27216</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-04T18:26:25Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-04T19:29:15Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-02.xml b/metadata/glsa/glsa-202105-02.xml
new file mode 100644
index 000000000000..6033d073253a
--- /dev/null
+++ b/metadata/glsa/glsa-202105-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-02">
+  <title>stunnel: Improper certificate validation</title>
+  <synopsis>Stunnel was not properly verifying TLS certificates, possibly
+    allowing an integrity/confidentiality compromise.
+  </synopsis>
+  <product type="ebuild">stunnel</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>772146</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/stunnel" auto="yes" arch="*">
+      <unaffected range="ge">5.58</unaffected>
+      <vulnerable range="lt">5.58</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The stunnel program is designed to work as an SSL/TLS encryption wrapper
+      between a client and a local or remote server.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that stunnel did not correctly verified the client
+      certificate when options “redirect” and “verifyChain” are used.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send a specially crafted certificate, possibly
+      resulting in a breach of integrity or confidentiality.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All stunnel users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/stunnel-5.58"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20230">CVE-2021-20230</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T22:51:07Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T07:44:01Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-03.xml b/metadata/glsa/glsa-202105-03.xml
new file mode 100644
index 000000000000..f866dd062401
--- /dev/null
+++ b/metadata/glsa/glsa-202105-03.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-03">
+  <title>GPT fdisk: Integer underflow</title>
+  <synopsis>An integer underflow in sgdisk from GPT fdisk package might allow
+    local attacker(s) to escalate privileges.
+  </synopsis>
+  <product type="ebuild">gptfdisk</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>768762</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/gptfdisk" auto="yes" arch="*">
+      <unaffected range="ge">1.0.6</unaffected>
+      <vulnerable range="lt">1.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GPT fdisk (consisting of the gdisk, cgdisk, sgdisk, and fixparts
+      programs) is a set of text-mode partitioning tools for Linux, FreeBSD,
+      Mac OS X, and Windows.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that ReadLogicalParts() function in basicmbr.cc was
+      missing a bounds check.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could entice a user to insert a malicious formatted
+      block device (USB stick or SD card for example), that, when processed
+      with sgdisk, possibly resulting in local escalation of privileges or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPT fdisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/gptfdisk-1.0.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-0308">CVE-2021-0308</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T22:34:12Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T07:45:07Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-04.xml b/metadata/glsa/glsa-202105-04.xml
new file mode 100644
index 000000000000..6c92bcfc9a59
--- /dev/null
+++ b/metadata/glsa/glsa-202105-04.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-04">
+  <title>Boost: Buffer overflow</title>
+  <synopsis>A buffer overflow in Boost might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">boost</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>620468</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/boost" auto="yes" arch="*">
+      <unaffected range="ge">1.74.0-r2</unaffected>
+      <vulnerable range="lt">1.74.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Boost is a set of C++ libraries, including the Boost.Regex library to
+      process regular expressions.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Boost incorrectly sanitized ‘next_size’ and
+      ‘max_size’ parameter in ordered_malloc() function when allocating
+      memory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could provide a specially crafted application-specific
+      file (requiring runtime memory allocation to be processed correctly),
+      that, when opened with an application using Boost C++ source libraries,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Boost users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/boost-1.74.0-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-2677">CVE-2012-2677</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T22:14:01Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T07:45:40Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-05.xml b/metadata/glsa/glsa-202105-05.xml
new file mode 100644
index 000000000000..1473c2d8928d
--- /dev/null
+++ b/metadata/glsa/glsa-202105-05.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-05">
+  <title>Mutt, NeoMutt: Denial of service</title>
+  <synopsis>A vulnerability in Mutt and NeoMutt could lead to a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">mutt,neomutt</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>788388</bug>
+  <bug>788391</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">2.0.7</unaffected>
+      <vulnerable range="lt">2.0.7</vulnerable>
+    </package>
+    <package name="mail-client/neomutt" auto="yes" arch="*">
+      <unaffected range="ge">20210205-r1</unaffected>
+      <vulnerable range="lt">20210205-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+    
+    <p>NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt
+      with added features.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Mutt, and NeoMutt did not properly handle certain
+      situations where an IMAP sequence set ends with a comma.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to connect to a malicious IMAP
+      server to cause a Denial of Service condition, or other unspecified
+      impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-2.0.7"
+    </code>
+    
+    <p>All NeoMutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/neomutt-20210205-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32055">CVE-2021-32055</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T22:00:56Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T07:46:31Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-06.xml b/metadata/glsa/glsa-202105-06.xml
new file mode 100644
index 000000000000..84a6f01bc263
--- /dev/null
+++ b/metadata/glsa/glsa-202105-06.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-06">
+  <title>Smarty: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in the Smarty template engine might allow
+    remote attackers to execute arbitrary PHP code.
+  </synopsis>
+  <product type="ebuild">smarty</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>772206</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-php/smarty" auto="yes" arch="*">
+      <unaffected range="ge">3.1.39</unaffected>
+      <vulnerable range="lt">3.1.39</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Smarty is a template engine for PHP.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Smarty template engine.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Smarty template engine users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/smarty-3.1.39"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26119">CVE-2021-26119</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26120">CVE-2021-26120</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T21:28:37Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T07:46:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-07.xml b/metadata/glsa/glsa-202105-07.xml
new file mode 100644
index 000000000000..500983dbb936
--- /dev/null
+++ b/metadata/glsa/glsa-202105-07.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-07">
+  <title>Telegram: Security bypass</title>
+  <synopsis>An insufficient session expiration has been reported in Telegram.</synopsis>
+  <product type="ebuild">telegram</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>771684</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/telegram-desktop" auto="yes" arch="*">
+      <unaffected range="ge">2.4.11</unaffected>
+      <vulnerable range="lt">2.4.11</vulnerable>
+    </package>
+    <package name="net-im/telegram-desktop-bin" auto="yes" arch="*">
+      <unaffected range="ge">2.4.11</unaffected>
+      <vulnerable range="lt">2.4.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Telegram is a cloud-based mobile and desktop messaging app with a focus
+      on security and speed.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Telegram failed to invalidate a recently active
+      session.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Telegram users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/telegram-desktop-2.4.11"
+    </code>
+    
+    <p>All Telegram binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-im/telegram-desktop-bin-2.4.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27351">CVE-2021-27351</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T20:11:43Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:12:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-08.xml b/metadata/glsa/glsa-202105-08.xml
new file mode 100644
index 000000000000..72e5c500070c
--- /dev/null
+++ b/metadata/glsa/glsa-202105-08.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-08">
+  <title>ICU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ICU, the worst of which
+    could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>755704</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">68.2</unaffected>
+      <vulnerable range="lt">68.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ICU is a mature, widely used set of C/C++ and Java libraries providing
+      Unicode and Globalization support for software applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ICU. Please review the
+      upstream bugs referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Remote attackers could cause a Denial of Service condition or possibly
+      have other unspecified impacts via unspecified vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ICU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-68.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://chromium-review.googlesource.com/q/Iad839ac77d487d5e1b396bcdbc29bc7cd58a7ef8">
+      Chromium Change-Id Iad839ac77d487d5e1b396bcdbc29bc7cd58a7ef8
+    </uri>
+    <uri link="https://unicode-org.atlassian.net/browse/ICU-21383">ICU-21383</uri>
+    <uri link="https://unicode-org.atlassian.net/browse/ICU-21385">ICU-21385</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T16:34:40Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:13:14Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-09.xml b/metadata/glsa/glsa-202105-09.xml
new file mode 100644
index 000000000000..404c19997660
--- /dev/null
+++ b/metadata/glsa/glsa-202105-09.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-09">
+  <title>BusyBox: Denial of service</title>
+  <synopsis>A vulnerability in BusyBox might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">busybox</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>777255</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/busybox" auto="yes" arch="*">
+      <unaffected range="ge">1.32.1</unaffected>
+      <vulnerable range="lt">1.32.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BusyBox is a set of tools for embedded systems and is a replacement for
+      GNU Coreutils.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that BusyBox mishandled the error bit on the
+      huft_build result pointer when decompressing GZIP compressed data.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted GZIP
+      file using BusyBox, possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BusyBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/busybox-1.32.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28831">CVE-2021-28831</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T01:11:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:14:24Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-10.xml b/metadata/glsa/glsa-202105-10.xml
new file mode 100644
index 000000000000..aa151c4e9f25
--- /dev/null
+++ b/metadata/glsa/glsa-202105-10.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-10">
+  <title>GNOME Autoar: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in GNOME Autoar that could allow a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">gnome-autoar</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>768828</bug>
+  <bug>777126</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/gnome-autoar" auto="yes" arch="*">
+      <unaffected range="ge">0.3.1</unaffected>
+      <vulnerable range="lt">0.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNOME Autoar provides functions and widgets for GNOME applications which
+      want to use archives as a method to transfer directories over the
+      internet.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that GNOME Autoar could extract files outside of the
+      intended directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive using GNOME Autoar, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNOME Autoar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/gnome-autoar-0.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36241">CVE-2020-36241</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28650">CVE-2021-28650</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T21:19:21Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:14:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-11.xml b/metadata/glsa/glsa-202105-11.xml
new file mode 100644
index 000000000000..548f498d4d3a
--- /dev/null
+++ b/metadata/glsa/glsa-202105-11.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-11">
+  <title>GNU Screen: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in GNU screen may allow a remote attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">screen</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>769770</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-misc/screen" auto="yes" arch="*">
+      <unaffected range="ge">4.8.0-r2</unaffected>
+      <vulnerable range="lt">4.8.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Screen is a full-screen window manager that multiplexes a physical
+      terminal between several processes, typically interactive shells.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that GNU screen did not properly handle certain UTF-8
+      character sequences.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to run a program where attacker
+      controls the output inside a GNU screen session, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>This vulnerability can be mitigated by disabling UTF-8 processing in
+      .screenrc.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All GNU screen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/screen-4.8.0-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26937">CVE-2021-26937</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T21:07:51Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:14:58Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-12.xml b/metadata/glsa/glsa-202105-12.xml
new file mode 100644
index 000000000000..ad904d7afd3b
--- /dev/null
+++ b/metadata/glsa/glsa-202105-12.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-12">
+  <title>OpenSMTPD: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSMTPD, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">opensmtpd</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>761945</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-mta/opensmtpd" auto="yes" arch="*">
+      <unaffected range="ge">6.8.0_p2</unaffected>
+      <vulnerable range="lt">6.8.0_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSMTPD. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker, by connecting to the SMTP listener daemon, could
+      possibly cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSMTPD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/opensmtpd-6.8.0_p2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35679">CVE-2020-35679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35680">CVE-2020-35680</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T20:46:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:15:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-13.xml b/metadata/glsa/glsa-202105-13.xml
new file mode 100644
index 000000000000..6638a5a6dd58
--- /dev/null
+++ b/metadata/glsa/glsa-202105-13.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-13">
+  <title>Mumble: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in Mumble that could allow a remote
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mumble</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>770973</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/mumble" auto="yes" arch="*">
+      <unaffected range="ge">1.3.4</unaffected>
+      <vulnerable range="lt">1.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mumble is low-latency voice chat software intended for use with gaming.</p>
+  </background>
+  <description>
+    <p>Please review the CVE identifiers referenced below for details.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted server
+      list (web page) using Mumble, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mumble users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/mumble-1.3.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27229">CVE-2021-27229</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T20:52:52Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:36:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-14.xml b/metadata/glsa/glsa-202105-14.xml
new file mode 100644
index 000000000000..2469e2a8a654
--- /dev/null
+++ b/metadata/glsa/glsa-202105-14.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-14">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Squid, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>775194</bug>
+  <bug>789309</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">4.15</unaffected>
+      <vulnerable range="lt">4.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squid is a full-featured Web proxy cache designed to run on Unix
+      systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+      as well as SSL support, cache hierarchies, transparent caching, access
+      control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Squid. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could send a specially crafted request, possibly
+      resulting in a Denial of Service condition or information leak.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Squid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-4.15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25097">CVE-2020-25097</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28116">CVE-2021-28116</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28651">CVE-2021-28651</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28652">CVE-2021-28652</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28662">CVE-2021-28662</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31806">CVE-2021-31806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31807">CVE-2021-31807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31808">CVE-2021-31808</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T16:14:31Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:37:04Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-15.xml b/metadata/glsa/glsa-202105-15.xml
new file mode 100644
index 000000000000..5f2b4e50cd67
--- /dev/null
+++ b/metadata/glsa/glsa-202105-15.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-15">
+  <title>Prosŏdy IM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Prosŏdy IM, the worst
+    of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">prosody</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>771144</bug>
+  <bug>789969</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/prosody" auto="yes" arch="*">
+      <unaffected range="ge">0.11.9</unaffected>
+      <vulnerable range="lt">0.11.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Prosŏdy IM is a modern XMPP communication server. It aims to be easy to
+      set up and configure, and efficient with system resources.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Prosŏdy IM. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Prosŏdy IM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/prosody-0.11.9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32917">CVE-2021-32917</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32918">CVE-2021-32918</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32919">CVE-2021-32919</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32920">CVE-2021-32920</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32921">CVE-2021-32921</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T16:08:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:37:19Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-16.xml b/metadata/glsa/glsa-202105-16.xml
new file mode 100644
index 000000000000..7d7d41ac76c5
--- /dev/null
+++ b/metadata/glsa/glsa-202105-16.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-16">
+  <title>X.Org X11 library: Denial of service</title>
+  <synopsis>A vulnerability in X.Org X11 library could lead to a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">libx11</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>790824</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/libX11" auto="yes" arch="*">
+      <unaffected range="ge">1.7.1</unaffected>
+      <vulnerable range="lt">1.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org is an implementation of the X Window System. The X.Org X11 library
+      provides the X11 protocol library files.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that XLookupColor() and other X.Org X11 library
+      functions lacked proper validation of the length of their string
+      parameters.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An attacker could emit arbitrary X protocol requests to the X server
+      through malicious crafted string parameters in applications linked
+      against X.Org X11 library.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X11 library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libX11-1.7.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31535">CVE-2021-31535</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T15:55:58Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:37:54Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-17.xml b/metadata/glsa/glsa-202105-17.xml
new file mode 100644
index 000000000000..17d191c8e5a6
--- /dev/null
+++ b/metadata/glsa/glsa-202105-17.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-17">
+  <title>rxvt-unicode: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in rxvt-unicode may allow a remote attacker to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rxvt-unicode</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>790782</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-terms/rxvt-unicode" auto="yes" arch="*">
+      <unaffected range="ge">9.22-r9</unaffected>
+      <vulnerable range="lt">9.22-r9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>rxvt-unicode (urxvt) is a clone of the rxvt terminal emulator.</p>
+  </background>
+  <description>
+    <p>It was discovered that rxvt-unicode did not properly handle certain
+      escape sequences.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to run a program where attacker
+      controls the output inside a rxvt terminal window, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rxvt-unicode users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-terms/rxvt-unicode-9.22-r9"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33477">CVE-2021-33477</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T15:13:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:38:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-18.xml b/metadata/glsa/glsa-202105-18.xml
new file mode 100644
index 000000000000..4e7c5707c1f1
--- /dev/null
+++ b/metadata/glsa/glsa-202105-18.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-18">
+  <title>LittleCMS: User-assisted execution of arbitrary code</title>
+  <synopsis>A heap-based buffer overflow in LittleCMS might allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">lcms</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>761418</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/lcms" auto="yes" arch="*">
+      <unaffected range="ge">2.10</unaffected>
+      <vulnerable range="lt">2.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LittleCMS, or short lcms, is a color management system for working with
+      ICC profiles. It is used by many applications including GIMP, Firefox and
+      Chromium.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that LittleCMS (aka Little Color Management System)
+      had an integer overflow in the AllocateDataSet function in cmscgats.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to open a
+      specially crafted file containing malicious color data, possibly
+      resulting in execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LittleCMS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/lcms-2.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16435">CVE-2018-16435</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T14:14:12Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:38:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-19.xml b/metadata/glsa/glsa-202105-19.xml
new file mode 100644
index 000000000000..79e89f0c9fe9
--- /dev/null
+++ b/metadata/glsa/glsa-202105-19.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-19">
+  <title>Firejail: Privilege escalation</title>
+  <synopsis>A vulnerability was discovered in Firejail which may allow local
+    attackers to gain root privileges.
+  </synopsis>
+  <product type="ebuild">firejail</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>769542</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/firejail" auto="yes" arch="*">
+      <unaffected range="ge">0.9.64.4</unaffected>
+      <vulnerable range="lt">0.9.64.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A SUID program that reduces the risk of security breaches by restricting
+      the running environment of untrusted applications using Linux namespaces
+      and seccomp-bpf.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that a flaw in Firejail’s OverlayFS code allowed
+      restricted programs to escape sandbox.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could obtain arbitrary file system access via an
+      application running within a Firejail sandbox, possibly resulting in
+      privilege escalation.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firejail users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-0.9.64.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26910">CVE-2021-26910</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T20:22:19Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:38:46Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-20.xml b/metadata/glsa/glsa-202105-20.xml
new file mode 100644
index 000000000000..359b42aa3759
--- /dev/null
+++ b/metadata/glsa/glsa-202105-20.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-20">
+  <title>Dnsmasq: DNS cache poisoning</title>
+  <synopsis>Use of insufficient randomness in Dnsmasq might lead to DNS Cache
+    Poisoning.
+  </synopsis>
+  <product type="ebuild">dnsmasq</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>782130</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.85</unaffected>
+      <vulnerable range="lt">2.85</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP
+      server.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Dnsmasq, when configured with
+      --server=&lt;address&gt;@<interface> or similar (e.g. through dbus),
+        configured a fixed UDP port for all outgoing queries to the specified
+        upstream DNS server.
+      </interface>
+    </p>
+  </description>
+  <impact type="low">
+    <p>An attacker, by sending malicious crafted DNS responses, could perform a
+      DNS Cache Poisoning attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dnsmasq users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.85"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3448">CVE-2021-3448</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T13:34:22Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T08:39:11Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-21.xml b/metadata/glsa/glsa-202105-21.xml
new file mode 100644
index 000000000000..899bd2ffa0eb
--- /dev/null
+++ b/metadata/glsa/glsa-202105-21.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-21">
+  <title>Tcpreplay: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Tcpreplay, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tcpreplay</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>750344</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/tcpreplay" auto="yes" arch="*">
+      <unaffected range="ge">4.3.4</unaffected>
+      <vulnerable range="lt">4.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tcpreplay is a suite of utilities for UNIX systems for editing and
+      replaying network traffic which was previously captured by tools like
+      tcpdump and ethereal/wireshark.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tcpreplay. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted
+      network capture file using Tcpreplay, possibly resulting in a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tcpreplay users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/tcpreplay-4.3.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24265">CVE-2020-24265</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24266">CVE-2020-24266</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T14:01:52Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T09:28:42Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-22.xml b/metadata/glsa/glsa-202105-22.xml
new file mode 100644
index 000000000000..3d44f02e434e
--- /dev/null
+++ b/metadata/glsa/glsa-202105-22.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-22">
+  <title>Samba: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>778026</bug>
+  <bug>786825</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">4.13.8</unaffected>
+      <vulnerable range="lt">4.13.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.13.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27840">CVE-2020-27840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20254">CVE-2021-20254</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20277">CVE-2021-20277</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T13:25:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T09:29:08Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-23.xml b/metadata/glsa/glsa-202105-23.xml
new file mode 100644
index 000000000000..a763f0658803
--- /dev/null
+++ b/metadata/glsa/glsa-202105-23.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-23">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>764314</bug>
+  <bug>768756</bug>
+  <bug>788892</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge" slot="7.3">7.3.28</unaffected>
+      <unaffected range="ge" slot="7.4">7.4.19</unaffected>
+      <unaffected range="ge" slot="8.0">8.0.6</unaffected>
+      <vulnerable range="lt">8.0.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is an open source general-purpose scripting language that is
+      especially suited for web development.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers and bugs referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers and bugs for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 7.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.3.28:7.3"
+    </code>
+    
+    <p>All PHP 7.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.4.19:7.4"
+    </code>
+    
+    <p>All PHP 8.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-8.0.6:8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7071">CVE-2020-7071</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21702">CVE-2021-21702</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T13:47:47Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T09:29:31Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-24.xml b/metadata/glsa/glsa-202105-24.xml
new file mode 100644
index 000000000000..8075a96b41bf
--- /dev/null
+++ b/metadata/glsa/glsa-202105-24.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-24">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ffmpeg</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>763315</bug>
+  <bug>781146</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">4.4</unaffected>
+      <vulnerable range="lt">4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file using FFmpeg, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-4.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35964">CVE-2020-35964</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35965">CVE-2020-35965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30123">CVE-2021-30123</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T00:07:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T09:29:48Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-25.xml b/metadata/glsa/glsa-202105-25.xml
new file mode 100644
index 000000000000..da213f1833fc
--- /dev/null
+++ b/metadata/glsa/glsa-202105-25.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-25">
+  <title>OpenVPN: Authentication bypass</title>
+  <synopsis>A vulnerability has been found in OpenVPN, allowing attackers to
+    bypass the authentication process.
+  </synopsis>
+  <product type="ebuild">openvpn</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>785115</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-vpn/openvpn" auto="yes" arch="*">
+      <unaffected range="ge">2.5.2</unaffected>
+      <vulnerable range="lt">2.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenVPN is a multi-platform, full-featured SSL VPN solution.</p>
+  </background>
+  <description>
+    <p>It was discovered that OpenVPN incorrectly handled deferred
+      authentication.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could bypass authentication and access control channel
+      data and trigger further information leaks.
+    </p>
+  </impact>
+  <workaround>
+    <p>Configure OpenVPN server to not use deferred authentication.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenVPN users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/openvpn-2.5.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15078">CVE-2020-15078</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T01:22:05Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T09:30:05Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-26.xml b/metadata/glsa/glsa-202105-26.xml
new file mode 100644
index 000000000000..70c75a3efabd
--- /dev/null
+++ b/metadata/glsa/glsa-202105-26.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-26">
+  <title>SpamAssassin: Arbitrary command execution</title>
+  <synopsis>A vulnerability in SpamAssassin might allow remote attackers to
+    execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">SpamAssassin</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>778002</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-filter/spamassassin" auto="yes" arch="*">
+      <unaffected range="ge">3.4.5</unaffected>
+      <vulnerable range="lt">3.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SpamAssassin is an extensible email filter used to identify junk email.</p>
+  </background>
+  <description>
+    <p>It was discovered that SpamAssassin incorrectly handled certain CF
+      files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system to process a
+      specially crafted CF file using SpamAssassin, possibly resulting in
+      execution of arbitrary commands with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SpamAssassin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-filter/spamassassin-3.4.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1946">CVE-2020-1946</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T01:30:56Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T09:30:23Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-27.xml b/metadata/glsa/glsa-202105-27.xml
new file mode 100644
index 000000000000..030bb9ed2a0a
--- /dev/null
+++ b/metadata/glsa/glsa-202105-27.xml
@@ -0,0 +1,247 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-27">
+  <title>MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MySQL, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">mysql</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>699876</bug>
+  <bug>708090</bug>
+  <bug>717628</bug>
+  <bug>732974</bug>
+  <bug>766339</bug>
+  <bug>789243</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge" slot="5.7">5.7.34</unaffected>
+      <unaffected range="ge">8.0.24</unaffected>
+      <vulnerable range="lt">8.0.24</vulnerable>
+    </package>
+    <package name="dev-db/mysql-connector-c" auto="yes" arch="*">
+      <unaffected range="ge">8.0.24</unaffected>
+      <vulnerable range="lt">8.0.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process, escalate privileges, gain access to critical data or
+      complete access to all MySQL server accessible data, or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.7.34"
+    </code>
+    
+    <p>All mysql users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-8.0.24"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2938">CVE-2019-2938</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2974">CVE-2019-2974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14539">CVE-2020-14539</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14540">CVE-2020-14540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14547">CVE-2020-14547</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14550">CVE-2020-14550</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14553">CVE-2020-14553</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14559">CVE-2020-14559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14564">CVE-2020-14564</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14567">CVE-2020-14567</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14568">CVE-2020-14568</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14575">CVE-2020-14575</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14576">CVE-2020-14576</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14586">CVE-2020-14586</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14591">CVE-2020-14591</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14597">CVE-2020-14597</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14614">CVE-2020-14614</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14619">CVE-2020-14619</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14620">CVE-2020-14620</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14623">CVE-2020-14623</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14624">CVE-2020-14624</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14626">CVE-2020-14626</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14631">CVE-2020-14631</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14632">CVE-2020-14632</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14633">CVE-2020-14633</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14634">CVE-2020-14634</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14641">CVE-2020-14641</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14643">CVE-2020-14643</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14651">CVE-2020-14651</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14654">CVE-2020-14654</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14656">CVE-2020-14656</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14663">CVE-2020-14663</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14672">CVE-2020-14672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14678">CVE-2020-14678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14680">CVE-2020-14680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14697">CVE-2020-14697</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14702">CVE-2020-14702</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14725">CVE-2020-14725</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14760">CVE-2020-14760</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14765">CVE-2020-14765</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14769">CVE-2020-14769</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14771">CVE-2020-14771</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14773">CVE-2020-14773</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14775">CVE-2020-14775</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14776">CVE-2020-14776</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14777">CVE-2020-14777</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14785">CVE-2020-14785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14786">CVE-2020-14786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14789">CVE-2020-14789</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14790">CVE-2020-14790</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14791">CVE-2020-14791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14793">CVE-2020-14793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14794">CVE-2020-14794</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14799">CVE-2020-14799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14800">CVE-2020-14800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14804">CVE-2020-14804</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14809">CVE-2020-14809</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14812">CVE-2020-14812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14814">CVE-2020-14814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14821">CVE-2020-14821</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14827">CVE-2020-14827</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14828">CVE-2020-14828</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14829">CVE-2020-14829</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14830">CVE-2020-14830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14836">CVE-2020-14836</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14837">CVE-2020-14837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14838">CVE-2020-14838</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14839">CVE-2020-14839</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14844">CVE-2020-14844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14845">CVE-2020-14845</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14846">CVE-2020-14846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14848">CVE-2020-14848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14852">CVE-2020-14852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14853">CVE-2020-14853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14860">CVE-2020-14860</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14861">CVE-2020-14861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14866">CVE-2020-14866</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14867">CVE-2020-14867</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14868">CVE-2020-14868</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14869">CVE-2020-14869</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14870">CVE-2020-14870</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14873">CVE-2020-14873</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14878">CVE-2020-14878</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14888">CVE-2020-14888</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14891">CVE-2020-14891</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14893">CVE-2020-14893</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2570">CVE-2020-2570</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2572">CVE-2020-2572</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2573">CVE-2020-2573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2574">CVE-2020-2574</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2577">CVE-2020-2577</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2579">CVE-2020-2579</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2580">CVE-2020-2580</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2584">CVE-2020-2584</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2588">CVE-2020-2588</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2589">CVE-2020-2589</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2627">CVE-2020-2627</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2660">CVE-2020-2660</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2679">CVE-2020-2679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2686">CVE-2020-2686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2694">CVE-2020-2694</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2752">CVE-2020-2752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2759">CVE-2020-2759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2760">CVE-2020-2760</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2761">CVE-2020-2761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2762">CVE-2020-2762</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2763">CVE-2020-2763</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2765">CVE-2020-2765</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2768">CVE-2020-2768</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2770">CVE-2020-2770</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2774">CVE-2020-2774</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2779">CVE-2020-2779</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2780">CVE-2020-2780</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2790">CVE-2020-2790</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2804">CVE-2020-2804</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2806">CVE-2020-2806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2812">CVE-2020-2812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2814">CVE-2020-2814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2853">CVE-2020-2853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2875">CVE-2020-2875</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2892">CVE-2020-2892</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2893">CVE-2020-2893</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2895">CVE-2020-2895</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2896">CVE-2020-2896</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2897">CVE-2020-2897</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2898">CVE-2020-2898</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2901">CVE-2020-2901</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2903">CVE-2020-2903</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2904">CVE-2020-2904</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2921">CVE-2020-2921</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2922">CVE-2020-2922</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2923">CVE-2020-2923</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2924">CVE-2020-2924</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2925">CVE-2020-2925</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2926">CVE-2020-2926</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2928">CVE-2020-2928</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2930">CVE-2020-2930</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2933">CVE-2020-2933</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2934">CVE-2020-2934</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1998">CVE-2021-1998</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2001">CVE-2021-2001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2002">CVE-2021-2002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2006">CVE-2021-2006</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2007">CVE-2021-2007</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2009">CVE-2021-2009</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2010">CVE-2021-2010</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2011">CVE-2021-2011</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2012">CVE-2021-2012</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2014">CVE-2021-2014</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2016">CVE-2021-2016</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2019">CVE-2021-2019</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2020">CVE-2021-2020</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2021">CVE-2021-2021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2022">CVE-2021-2022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2024">CVE-2021-2024</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2028">CVE-2021-2028</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2030">CVE-2021-2030</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2031">CVE-2021-2031</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2032">CVE-2021-2032</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2036">CVE-2021-2036</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2038">CVE-2021-2038</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2042">CVE-2021-2042</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2046">CVE-2021-2046</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2048">CVE-2021-2048</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2055">CVE-2021-2055</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2056">CVE-2021-2056</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2058">CVE-2021-2058</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2060">CVE-2021-2060</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2061">CVE-2021-2061</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2065">CVE-2021-2065</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2070">CVE-2021-2070</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2072">CVE-2021-2072</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2076">CVE-2021-2076</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2081">CVE-2021-2081</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2087">CVE-2021-2087</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2088">CVE-2021-2088</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2122">CVE-2021-2122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2154">CVE-2021-2154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2166">CVE-2021-2166</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2180">CVE-2021-2180</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T18:09:59Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T09:30:48Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-28.xml b/metadata/glsa/glsa-202105-28.xml
new file mode 100644
index 000000000000..f020be913511
--- /dev/null
+++ b/metadata/glsa/glsa-202105-28.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-28">
+  <title>MariaDB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MariaDB, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">mariadb</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>777786</bug>
+  <bug>789240</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge" slot="10.2">10.2.38</unaffected>
+      <unaffected range="ge" slot="10.3">10.3.29</unaffected>
+      <unaffected range="ge" slot="10.4">10.4.19</unaffected>
+      <unaffected range="ge" slot="10.5">10.5.10</unaffected>
+      <vulnerable range="lt">10.5.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MariaDB is an enhanced, drop-in replacement for MySQL.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MariaDB. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB 10.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.2.38:10.2"
+    </code>
+    
+    <p>All MariaDB 10.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.3.29:10.3"
+    </code>
+    
+    <p>All MariaDB 10.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.4.19:10.4"
+    </code>
+    
+    <p>All MariaDB 10.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.5.10:10.5"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2154">CVE-2021-2154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2166">CVE-2021-2166</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2180">CVE-2021-2180</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27928">CVE-2021-27928</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T01:47:51Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T09:31:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-29.xml b/metadata/glsa/glsa-202105-29.xml
new file mode 100644
index 000000000000..e2507b22b90b
--- /dev/null
+++ b/metadata/glsa/glsa-202105-29.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-29">
+  <title>Tar: Denial of service</title>
+  <synopsis>A vulnerability in Tar could lead to a Denial of Service condition.</synopsis>
+  <product type="ebuild">tar</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>778548</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/tar" auto="yes" arch="*">
+      <unaffected range="ge">1.34</unaffected>
+      <vulnerable range="lt">1.34</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Tar program provides the ability to create and manipulate tar
+      archives.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that GNU Tar had a memory leak when processing archive
+      headers.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive using Tar, possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/tar-1.34"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20193">CVE-2021-20193</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T01:03:25Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T10:11:52Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-30.xml b/metadata/glsa/glsa-202105-30.xml
new file mode 100644
index 000000000000..4cbf0070e7eb
--- /dev/null
+++ b/metadata/glsa/glsa-202105-30.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-30">
+  <title>MuPDF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MuPDF, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">mupdf</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>747151</bug>
+  <bug>772311</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-text/mupdf" auto="yes" arch="*">
+      <unaffected range="ge">1.18.0-r3</unaffected>
+      <vulnerable range="lt">1.18.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MuPDF is a lightweight PDF viewer and toolkit written in portable C.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MuPDF. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      document using MuPDF, possibly resulting in a Denial of Service condition
+      or have other unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MuPDF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/mupdf-1.18.0-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26519">CVE-2020-26519</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3407">CVE-2021-3407</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T21:00:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T10:12:11Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-31.xml b/metadata/glsa/glsa-202105-31.xml
new file mode 100644
index 000000000000..05d9ce89b585
--- /dev/null
+++ b/metadata/glsa/glsa-202105-31.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-31">
+  <title>Nettle: Denial of service</title>
+  <synopsis>A vulnerability in Nettle could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">nettle</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>780483</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/nettle" auto="yes" arch="*">
+      <unaffected range="ge">3.7.2</unaffected>
+      <vulnerable range="lt">3.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Nettle is a cryptographic library that is designed to fit easily in
+      almost any context: In cryptographic toolkits for object-oriented
+      languages, such as C++, Python, or Pike, in applications like lsh or
+      GnuPG, or even in kernel space.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Nettle incorrectly handled signature
+      verification.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send a specially crafted valid-looking input
+      signature, possibly resulting in a Denial of Service condition or force
+      an invalid signature.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nettle users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nettle-3.7.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20305">CVE-2021-20305</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T20:00:54Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T10:12:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-32.xml b/metadata/glsa/glsa-202105-32.xml
new file mode 100644
index 000000000000..44edeaa40bfd
--- /dev/null
+++ b/metadata/glsa/glsa-202105-32.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-32">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in information disclosure.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>771942</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.5">9.5.25</unaffected>
+      <unaffected range="ge" slot="9.6">9.6.21</unaffected>
+      <unaffected range="ge" slot="10">10.16</unaffected>
+      <unaffected range="ge" slot="11">11.11</unaffected>
+      <unaffected range="ge" slot="12">12.6</unaffected>
+      <unaffected range="ge" slot="13">13.2</unaffected>
+      <vulnerable range="lt">13.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An authenticated remote attacker, by executing malicious crafted
+      queries, could possibly disclose sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.25:9.5"
+    </code>
+    
+    <p>All PostgreSQL 9.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.21:9.6"
+    </code>
+    
+    <p>All PostgreSQL 10.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.16:10"
+    </code>
+    
+    <p>All PostgreSQL 11.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-11.11:11"
+    </code>
+    
+    <p>All PostgreSQL 12.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-12.6:12"
+    </code>
+    
+    <p>All PostgreSQL 13.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-13.2:13"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20229">CVE-2021-20229</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3393">CVE-2021-3393</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T18:56:02Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T10:12:52Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-33.xml b/metadata/glsa/glsa-202105-33.xml
new file mode 100644
index 000000000000..dddf99d66910
--- /dev/null
+++ b/metadata/glsa/glsa-202105-33.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-33">
+  <title>containerd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in containerd, the worst
+    of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">containerd</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>758137</bug>
+  <bug>775329</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/containerd" auto="yes" arch="*">
+      <unaffected range="ge">1.4.4</unaffected>
+      <vulnerable range="lt">1.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Containerd is a daemon with an API and a command line client, to manage
+      containers on one machine. It uses runC to run containers according to
+      the OCI specification.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in containerd. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker, able to run a malicious container in the same network
+      namespace as the shim, could possibly escalate privileges. Furthermore,
+      an attacker could disclose sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All containerd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/containerd-1.4.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15257">CVE-2020-15257</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21334">CVE-2021-21334</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T19:40:34Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T10:13:09Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-34.xml b/metadata/glsa/glsa-202105-34.xml
new file mode 100644
index 000000000000..31c7e3ef7065
--- /dev/null
+++ b/metadata/glsa/glsa-202105-34.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-34">
+  <title>Bash: Privilege escalation</title>
+  <synopsis>A vulnerability in Bash may allow users to escalate privileges.</synopsis>
+  <product type="ebuild">bash</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>702488</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-shells/bash" auto="yes" arch="*">
+      <unaffected range="ge">5.0_p11-r1</unaffected>
+      <vulnerable range="lt">5.0_p11-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bash is the standard GNU Bourne Again SHell.</p>
+  </background>
+  <description>
+    <p>It was discovered that Bash incorrectly dropped privileges by setting
+      its effective UID to its real UID.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bash users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/bash-5.0_p11-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18276">CVE-2019-18276</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T19:22:45Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T10:13:27Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-35.xml b/metadata/glsa/glsa-202105-35.xml
new file mode 100644
index 000000000000..33ff95b8cb20
--- /dev/null
+++ b/metadata/glsa/glsa-202105-35.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-35">
+  <title>OpenSSH: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of
+    which could allow a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>763048</bug>
+  <bug>774090</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">8.5_p1</unaffected>
+      <vulnerable range="lt">8.5_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to access the socket of the forwarding agent,
+      might be able to execute arbitrary code with the privileges of the
+      process or cause a Denial of Service condition.
+      Furthermore, a remote attacker might conduct a man-in-the-middle attack
+      targeting initial connection attempts where no host key for the server
+      has been cached by client yet.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-8.5_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14145">CVE-2020-14145</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28041">CVE-2021-28041</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T00:47:38Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T10:35:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-36.xml b/metadata/glsa/glsa-202105-36.xml
new file mode 100644
index 000000000000..21839569513f
--- /dev/null
+++ b/metadata/glsa/glsa-202105-36.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-36">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>779535</bug>
+  <bug>792192</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.77.0</unaffected>
+      <vulnerable range="lt">7.77.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.77.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22876">CVE-2021-22876</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22890">CVE-2021-22890</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22898">CVE-2021-22898</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22901">CVE-2021-22901</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T01:59:03Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T12:37:53Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-37.xml b/metadata/glsa/glsa-202105-37.xml
new file mode 100644
index 000000000000..207f833941a9
--- /dev/null
+++ b/metadata/glsa/glsa-202105-37.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-37">
+  <title>Nextcloud Desktop Client: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in Nextcloud Desktop Client could allow a remote
+    attacker to execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">nextcloud-client</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>783531</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/nextcloud-client" auto="yes" arch="*">
+      <unaffected range="ge">3.1.3</unaffected>
+      <vulnerable range="lt">3.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Nextcloud Desktop Client is a tool to synchronize files from
+      Nextcloud Server with your computer.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Nextcloud Desktop Client did not validate URLs.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to connect to a malicious
+      Nextcloud server to cause the execution of arbitrary commands with the
+      privileges of the user running the Nextcloud Desktop Client application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nextcloud Desktop Client users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/nextcloud-client-3.1.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22879">CVE-2021-22879</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-25T14:10:09Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T13:19:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-38.xml b/metadata/glsa/glsa-202105-38.xml
new file mode 100644
index 000000000000..d5c53fccdbba
--- /dev/null
+++ b/metadata/glsa/glsa-202105-38.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-38">
+  <title>nginx: Remote code execution</title>
+  <synopsis>A vulnerability in nginx could lead to remote code execution.</synopsis>
+  <product type="ebuild">nginx</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>792087</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge" slot="0">1.20.1</unaffected>
+      <unaffected range="ge" slot="mainline">1.21.0</unaffected>
+      <vulnerable range="lt">1.21.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that nginx did not properly handle DNS responses when
+      “resolver” directive is used.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, able to provide DNS responses to a nginx instance,
+      could cause the execution of arbitrary code with the privileges of the
+      process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nginx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.20.1"
+    </code>
+    
+    <p>All nginx mainline users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-servers/nginx-1.21.0:mainline"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23017">CVE-2021-23017</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-26T17:05:23Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T17:40:33Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-39.xml b/metadata/glsa/glsa-202105-39.xml
new file mode 100644
index 000000000000..83c8ceab4fca
--- /dev/null
+++ b/metadata/glsa/glsa-202105-39.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-39">
+  <title>Ceph: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Ceph, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">ceph</product>
+  <announced>2021-05-26</announced>
+  <revised count="1">2021-05-26</revised>
+  <bug>760824</bug>
+  <bug>761969</bug>
+  <bug>783486</bug>
+  <bug>791253</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-cluster/ceph" auto="yes" arch="*">
+      <unaffected range="ge">14.2.21</unaffected>
+      <vulnerable range="lt">14.2.21</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ceph is a distributed network file system designed to provide excellent
+      performance, reliability, and scalability.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ceph. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ceph users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/ceph-14.2.21"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10753">CVE-2020-10753</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1759">CVE-2020-1759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1760">CVE-2020-1760</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25660">CVE-2020-25660</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25678">CVE-2020-25678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27781">CVE-2020-27781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20288">CVE-2021-20288</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T14:51:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-26T20:56:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-01.xml b/metadata/glsa/glsa-202107-01.xml
new file mode 100644
index 000000000000..032f9797ab47
--- /dev/null
+++ b/metadata/glsa/glsa-202107-01.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-01">
+  <title>corosync: Denial of service</title>
+  <synopsis>A vulnerability in corosync could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">corosync</product>
+  <announced>2021-07-03</announced>
+  <revised count="1">2021-07-03</revised>
+  <bug>658354</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-cluster/corosync" auto="yes" arch="*">
+      <unaffected range="ge">3.0.4</unaffected>
+      <vulnerable range="lt">3.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Corosync Cluster Engine is a Group Communication System with
+      additional features for implementing high availability within
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that corosync allowed an unauthenticated user to cause
+      a Denial of Service by application crash.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send a malicious crafted packet, possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All corosync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/corosync-3.0.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1084">CVE-2018-1084</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-26T21:04:45Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-03T01:25:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-02.xml b/metadata/glsa/glsa-202107-02.xml
new file mode 100644
index 000000000000..befac3c0b718
--- /dev/null
+++ b/metadata/glsa/glsa-202107-02.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-02">
+  <title>FreeImage: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FreeImage, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">freeimage</product>
+  <announced>2021-07-03</announced>
+  <revised count="1">2021-07-03</revised>
+  <bug>701850</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/freeimage" auto="yes" arch="*">
+      <unaffected range="ge">3.18.0-r2</unaffected>
+      <vulnerable range="lt">3.18.0-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeImage is an Open Source library project for developers who would
+      like to support popular graphics image formats like PNG, BMP, JPEG, TIFF
+      and others as needed by today’s multimedia applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FreeImage. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      image file, could possibly cause a Denial of Service condition or other
+      unspecified impact.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeImage users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freeimage-3.18.0-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12211">CVE-2019-12211</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12213">CVE-2019-12213</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-26T21:35:01Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-03T02:48:33Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-03.xml b/metadata/glsa/glsa-202107-03.xml
new file mode 100644
index 000000000000..2de2f6eb5941
--- /dev/null
+++ b/metadata/glsa/glsa-202107-03.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-03">
+  <title>libqb: Insecure temporary file</title>
+  <synopsis>An insecure temporary file usage has been reported in libqb
+    possibly allowing local code execution.
+  </synopsis>
+  <product type="ebuild">libqb</product>
+  <announced>2021-07-03</announced>
+  <revised count="1">2021-07-03</revised>
+  <bug>699860</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-cluster/libqb" auto="yes" arch="*">
+      <unaffected range="ge">1.0.5</unaffected>
+      <vulnerable range="lt">1.0.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libqb is a library with the primary purpose of providing
+      high-performance, reusable features for client-server architecture, such
+      as logging, tracing, inter-process communication (IPC), and polling.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that libqb used predictable filenames (under /dev/shm
+      and /tmp) without O_EXCL.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application linked
+      against libqb.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libqb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/libqb-1.0.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12779">CVE-2019-12779</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-26T21:28:24Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-03T03:11:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-04.xml b/metadata/glsa/glsa-202107-04.xml
new file mode 100644
index 000000000000..45df46de44a8
--- /dev/null
+++ b/metadata/glsa/glsa-202107-04.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-04">
+  <title>Graphviz: Multiple vulnerabilities
+  </title>
+  <synopsis>Multiple vulnerabilities have been found in Graphviz, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">Graphviz</product>
+  <announced>2021-07-03</announced>
+  <revised count="1">2021-07-03</revised>
+  <bug>684844</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-gfx/graphviz" auto="yes" arch="*">
+      <unaffected range="ge">2.47.1</unaffected>
+      <vulnerable range="lt">2.47.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Graphviz is an open source graph visualization software.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Graphviz. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file using Graphviz, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Graphviz users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/graphviz-2.47.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9904">CVE-2019-9904</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18032">CVE-2020-18032</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-26T21:13:28Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-03T03:32:10Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-05.xml b/metadata/glsa/glsa-202107-05.xml
new file mode 100644
index 000000000000..292c32b550aa
--- /dev/null
+++ b/metadata/glsa/glsa-202107-05.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-05">
+  <title>libxml2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libxml2, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2021-07-06</announced>
+  <revised count="1">2021-07-06</revised>
+  <bug>749849</bug>
+  <bug>790002</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.11</unaffected>
+      <vulnerable range="lt">2.9.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML (eXtended Markup Language) C parser and toolkit
+      initially developed for the GNOME project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxml2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to process a specially crafted XML
+      document using an application linked against libxml2, possibly resulting
+      in a Denial of Service condition or obtaining sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.12-r3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24977">CVE-2020-24977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3516">CVE-2021-3516</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3517">CVE-2021-3517</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3518">CVE-2021-3518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3537">CVE-2021-3537</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3541">CVE-2021-3541</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T00:17:09Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-06T03:13:56Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-06.xml b/metadata/glsa/glsa-202107-06.xml
new file mode 100644
index 000000000000..369536037a98
--- /dev/null
+++ b/metadata/glsa/glsa-202107-06.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-06">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabillities have been found in Chromium and Google
+    Chrome, the worst of which could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">google-chrome,chromium</product>
+  <announced>2021-07-06</announced>
+  <revised count="1">2021-07-06</revised>
+  <bug>789420</bug>
+  <bug>792084</bug>
+  <bug>795204</bug>
+  <bug>796338</bug>
+  <bug>796521</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">91.0.4472.114</unaffected>
+      <vulnerable range="lt">91.0.4472.114</vulnerable>
+    </package>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">91.0.4472.114</unaffected>
+      <vulnerable range="lt">91.0.4472.114</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary code, escalate privileges,
+      obtain sensitive information, spoof a URL or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-91.0.4472.114"
+    </code>
+    
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-91.0.4472.114"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30506">CVE-2021-30506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30507">CVE-2021-30507</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30508">CVE-2021-30508</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30509">CVE-2021-30509</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30510">CVE-2021-30510</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30511">CVE-2021-30511</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30512">CVE-2021-30512</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30513">CVE-2021-30513</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30514">CVE-2021-30514</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30515">CVE-2021-30515</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30516">CVE-2021-30516</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30517">CVE-2021-30517</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30518">CVE-2021-30518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30519">CVE-2021-30519</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30520">CVE-2021-30520</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30521">CVE-2021-30521</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30522">CVE-2021-30522</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30523">CVE-2021-30523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30524">CVE-2021-30524</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30525">CVE-2021-30525</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30526">CVE-2021-30526</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30527">CVE-2021-30527</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30528">CVE-2021-30528</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30530">CVE-2021-30530</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30531">CVE-2021-30531</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30532">CVE-2021-30532</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30533">CVE-2021-30533</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30534">CVE-2021-30534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30536">CVE-2021-30536</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30537">CVE-2021-30537</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30538">CVE-2021-30538</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30539">CVE-2021-30539</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30540">CVE-2021-30540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30544">CVE-2021-30544</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30545">CVE-2021-30545</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30546">CVE-2021-30546</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30548">CVE-2021-30548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30549">CVE-2021-30549</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30550">CVE-2021-30550</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30551">CVE-2021-30551</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30552">CVE-2021-30552</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30553">CVE-2021-30553</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30554">CVE-2021-30554</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30555">CVE-2021-30555</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30556">CVE-2021-30556</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30557">CVE-2021-30557</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-05T03:25:38Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-06T03:30:34Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-07.xml b/metadata/glsa/glsa-202107-07.xml
new file mode 100644
index 000000000000..9a915ff4592f
--- /dev/null
+++ b/metadata/glsa/glsa-202107-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-07">
+  <title>glibc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities in glibc could result in Denial of
+    Service.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2021-07-06</announced>
+  <revised count="1">2021-07-06</revised>
+  <bug>764176</bug>
+  <bug>767718</bug>
+  <bug>772425</bug>
+  <bug>792261</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.33-r1</unaffected>
+      <vulnerable range="lt">2.33-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>glibc is a package that contains the GNU C library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in glibc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All glibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.33-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-25013">CVE-2019-25013</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27618">CVE-2020-27618</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27645">CVE-2021-27645</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3326">CVE-2021-3326</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33574">CVE-2021-33574</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-05T02:27:53Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-06T03:37:10Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-08.xml b/metadata/glsa/glsa-202107-08.xml
new file mode 100644
index 000000000000..07a104b936be
--- /dev/null
+++ b/metadata/glsa/glsa-202107-08.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-08">
+  <title>PostSRSd: Denial of service</title>
+  <synopsis>Multiple vulnerabilities in PostSRSd could lead to a Denial of
+    Service condition.
+  </synopsis>
+  <product type="ebuild">postsrsd</product>
+  <announced>2021-07-06</announced>
+  <revised count="1">2021-07-06</revised>
+  <bug>760821</bug>
+  <bug>793674</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-filter/postsrsd" auto="yes" arch="*">
+      <unaffected range="ge">1.11</unaffected>
+      <vulnerable range="lt">1.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostSRSd is a Postfix sender rewriting scheme daemon</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostSRSd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All postsrsd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-filter/postsrsd-1.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35573">CVE-2020-35573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35525">CVE-2021-35525</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-02-20T19:48:10Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-06T03:43:40Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-09.xml b/metadata/glsa/glsa-202107-09.xml
new file mode 100644
index 000000000000..355d53f8722a
--- /dev/null
+++ b/metadata/glsa/glsa-202107-09.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-09">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2021-07-07</announced>
+  <revised count="1">2021-07-07</revised>
+  <bug>794082</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.11.0</unaffected>
+      <unaffected range="ge">89.0</unaffected>
+      <vulnerable range="lt">89.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.11.0</unaffected>
+      <unaffected range="ge">89.0</unaffected>
+      <vulnerable range="lt">89.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.11.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.11.0"
+    </code>
+    
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-89.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-89.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29959">CVE-2021-29959</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29960">CVE-2021-29960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29961">CVE-2021-29961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29966">CVE-2021-29966</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-06T03:15:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-07T07:46:37Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-10.xml b/metadata/glsa/glsa-202107-10.xml
new file mode 100644
index 000000000000..b271ec42cba4
--- /dev/null
+++ b/metadata/glsa/glsa-202107-10.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-10">
+  <title>TCG TPM2 Software Stack: Information disclosure</title>
+  <synopsis>A bug in TCG TPM2 Software Stack may result in information
+    disclosure to a local attacker.
+  </synopsis>
+  <product type="ebuild">tpm2-tss</product>
+  <announced>2021-07-07</announced>
+  <revised count="1">2021-07-07</revised>
+  <bug>746563</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-crypt/tpm2-tss" auto="yes" arch="*">
+      <unaffected range="ge">2.4.3</unaffected>
+      <vulnerable range="lt">2.4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>TCG TPM2 Software Stack is a library to interface with trusted platform
+      modules.
+    </p>
+  </background>
+  <description>
+    <p>TCG TPM2 Software Stack did not appropriately apply FAPI policies to
+      protect data encrypted with the trusted platform module.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Data encrypted using TCG TPM2 Software Stack (tpm2-tss) may not be
+      protected from an attacker.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tpm2-tss users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/tpm2-tss-2.4.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24455">CVE-2020-24455</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T14:04:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-07T07:58:39Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-11.xml b/metadata/glsa/glsa-202107-11.xml
new file mode 100644
index 000000000000..33c7a57948fd
--- /dev/null
+++ b/metadata/glsa/glsa-202107-11.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-11">
+  <title>OpenDoas: Insufficient environment filtering</title>
+  <synopsis>A vulnerability in OpenDoas could lead to privilege escalation.</synopsis>
+  <product type="ebuild">doas</product>
+  <announced>2021-07-07</announced>
+  <revised count="1">2021-07-07</revised>
+  <bug>767781</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/doas" auto="yes" arch="*">
+      <unaffected range="ge">6.8.1</unaffected>
+      <vulnerable range="lt">6.8.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenDoas allows users to run commands as other users.</p>
+  </background>
+  <description>
+    <p>OpenDoas does not properly filter the PATH variable from the resulting
+      shell after escalating privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker with control of a user’s PATH variable could escalate
+      privileges if that user uses OpenDoas with a poisoned PATH variable.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenDoas users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/doas-6.8.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-25016">CVE-2019-25016</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-30T16:48:56Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-07T07:59:33Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-12.xml b/metadata/glsa/glsa-202107-12.xml
new file mode 100644
index 000000000000..3dc6bc469258
--- /dev/null
+++ b/metadata/glsa/glsa-202107-12.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-12">
+  <title>Schism Tracker: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Schism Tracker, the
+    worst of which could result in denial of service.
+  </synopsis>
+  <product type="ebuild">schismtracker</product>
+  <announced>2021-07-07</announced>
+  <revised count="1">2021-07-07</revised>
+  <bug>711210</bug>
+  <access>local</access>
+  <affected>
+    <package name="media-sound/schismtracker" auto="yes" arch="*">
+      <unaffected range="ge">20190805</unaffected>
+      <vulnerable range="lt">20190805</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Schism Tracker is a free implementation of Impulse Tracker, a tool used
+      to create high quality music.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Schism Tracker. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Schism Tracker users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-sound/schismtracker-20190805"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14465">CVE-2019-14465</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14523">CVE-2019-14523</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-06-02T11:30:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-07T08:00:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-13.xml b/metadata/glsa/glsa-202107-13.xml
new file mode 100644
index 000000000000..bb98e4f0139c
--- /dev/null
+++ b/metadata/glsa/glsa-202107-13.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-13">
+  <title>GLib: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GLib, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">glib</product>
+  <announced>2021-07-07</announced>
+  <revised count="1">2021-07-07</revised>
+  <bug>768753</bug>
+  <bug>775632</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/glib" auto="yes" arch="*">
+      <unaffected range="ge">2.66.8</unaffected>
+      <vulnerable range="lt">2.66.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GLib is a library providing a number of GNOME’s core objects and
+      functions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GLib. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GLib users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.66.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27218">CVE-2021-27218</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27219">CVE-2021-27219</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28153">CVE-2021-28153</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-24T01:51:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-07T08:01:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-14.xml b/metadata/glsa/glsa-202107-14.xml
new file mode 100644
index 000000000000..5a10a179d0c8
--- /dev/null
+++ b/metadata/glsa/glsa-202107-14.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-14">
+  <title>rclone: Weak random number generation</title>
+  <synopsis>rclone uses weak random number generation such that generated
+    passwords can be easily cracked.
+  </synopsis>
+  <product type="ebuild">rclone</product>
+  <announced>2021-07-08</announced>
+  <revised count="1">2021-07-08</revised>
+  <bug>755638</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/rclone" auto="yes" arch="*">
+      <unaffected range="ge">1.53.3</unaffected>
+      <vulnerable range="lt">1.53.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>rclone is a problem to sync files to and from various cloud storage
+      providers.
+    </p>
+  </background>
+  <description>
+    <p>Passwords generated with rclone were insecurely generated and are
+      vulnerable to brute force attacks.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Data kept secret with a password generated by rclone may be disclosed to
+      a local attacker.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rclone users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rclone-1.53.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28924">CVE-2020-28924</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-31T20:48:28Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-08T03:19:54Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-15.xml b/metadata/glsa/glsa-202107-15.xml
new file mode 100644
index 000000000000..79b937641f54
--- /dev/null
+++ b/metadata/glsa/glsa-202107-15.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-15">
+  <title>blktrace: Buffer overflow</title>
+  <synopsis>A buffer overflow in blktrace might allow arbitrary code execution.</synopsis>
+  <product type="ebuild">blktrace</product>
+  <announced>2021-07-08</announced>
+  <revised count="1">2021-07-08</revised>
+  <bug>655146</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-block/blktrace" auto="yes" arch="*">
+      <unaffected range="ge">1.2.0_p20210419122502</unaffected>
+      <vulnerable range="lt">1.2.0_p20210419122502</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>blktrace shows detailed information about what is happening on a block
+      device IO queue.
+    </p>
+  </background>
+  <description>
+    <p>A crafted file could cause a buffer overflow in the ‘dev_map_read’
+      function because the device and devno arrays are too small.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using blktrace, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All blktrace users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=sys-block/blktrace-1.2.0_p20210419122502"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10689">CVE-2018-10689</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-06T00:11:19Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-08T03:29:36Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-16.xml b/metadata/glsa/glsa-202107-16.xml
new file mode 100644
index 000000000000..389a5b9374de
--- /dev/null
+++ b/metadata/glsa/glsa-202107-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-16">
+  <title>Privoxy: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Privoxy, the worst of
+    which could result in Denial of Service.
+  </synopsis>
+  <product type="ebuild">privoxy</product>
+  <announced>2021-07-08</announced>
+  <revised count="1">2021-07-08</revised>
+  <bug>758428</bug>
+  <bug>768096</bug>
+  <bug>771960</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/privoxy" auto="yes" arch="*">
+      <unaffected range="ge">3.0.32</unaffected>
+      <vulnerable range="lt">3.0.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Privoxy is a web proxy with advanced filtering capabilities for
+      enhancing privacy.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in privoxy. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Privoxy users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/privoxy-3.0.32"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35502">CVE-2020-35502</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20209">CVE-2021-20209</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20210">CVE-2021-20210</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20211">CVE-2021-20211</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20212">CVE-2021-20212</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20213">CVE-2021-20213</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20214">CVE-2021-20214</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20215">CVE-2021-20215</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20216">CVE-2021-20216</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20217">CVE-2021-20217</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20272">CVE-2021-20272</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20273">CVE-2021-20273</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20274">CVE-2021-20274</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20275">CVE-2021-20275</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20276">CVE-2021-20276</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-31T21:51:37Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-08T03:36:21Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-17.xml b/metadata/glsa/glsa-202107-17.xml
new file mode 100644
index 000000000000..4646661b6380
--- /dev/null
+++ b/metadata/glsa/glsa-202107-17.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-17">
+  <title>Mechanize: Command injection</title>
+  <synopsis>A file named by an attacker being utilized by Mechanize could
+    result in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">mechanize</product>
+  <announced>2021-07-08</announced>
+  <revised count="1">2021-07-08</revised>
+  <bug>768609</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-ruby/mechanize" auto="yes" arch="*">
+      <unaffected range="ge">2.7.7</unaffected>
+      <vulnerable range="lt">2.7.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mechanize is a Ruby library used for automating interaction with
+      websites.
+    </p>
+  </background>
+  <description>
+    <p>Mechanize does not neutralize filename input and could allow arbitrary
+      code execution if an attacker can control filenames used by Mechanize.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mechanize users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/mechanize-2.7.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21289">CVE-2021-21289</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-31T21:54:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-08T03:38:36Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-18.xml b/metadata/glsa/glsa-202107-18.xml
new file mode 100644
index 000000000000..2b65f114639a
--- /dev/null
+++ b/metadata/glsa/glsa-202107-18.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-18">
+  <title>BladeEnc: Buffer overflow</title>
+  <synopsis>A buffer overflow in BladeEnc might allow arbitrary code execution.</synopsis>
+  <product type="ebuild">bladeenc</product>
+  <announced>2021-07-08</announced>
+  <revised count="1">2021-07-08</revised>
+  <bug>631394</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/bladeenc" auto="yes" arch="*">
+      <vulnerable range="lt">0.94.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BladeEnc is an mp3 encoder.</p>
+  </background>
+  <description>
+    <p>A crafted file could cause a buffer overflow in the iteration_loop
+      function in BladeEnc.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted using
+      BladeEnc, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for BladeEnc. We recommend that users
+      unmerge it:
+    </p>
+    
+    <code>
+      # emerge --ask --depclean "media-sound/bladeenc"
+    </code>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining BladeEnc have discontinued
+      support at this time. It may be possible that a new Gentoo developer will
+      update BladeEnc at a later date. We do not have a suggestion for a
+      replacement at this time.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14648">CVE-2017-14648</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-05T23:50:22Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-08T03:44:12Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-19.xml b/metadata/glsa/glsa-202107-19.xml
new file mode 100644
index 000000000000..75efc2f17de5
--- /dev/null
+++ b/metadata/glsa/glsa-202107-19.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-19">
+  <title>Jinja: Denial of service</title>
+  <synopsis>An inefficient regular expression could be exploited to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">jinja2</product>
+  <announced>2021-07-08</announced>
+  <revised count="1">2021-07-08</revised>
+  <bug>768300</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/jinja" auto="yes" arch="*">
+      <unaffected range="ge">2.11.3</unaffected>
+      <vulnerable range="lt">2.11.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Jinja is a template engine written in pure Python.</p>
+  </background>
+  <description>
+    <p>The ‘urlize’ filter in Jinja utilized an inefficient regular
+      expression that could be exploited to consume excess CPU.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An attacker could cause a Denial of Service condition via crafted input
+      to the ‘urlize’ Jinja filter.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Jinja users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/jinja-2.11.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28493">CVE-2020-28493</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-31T21:46:47Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-07-08T04:02:25Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-20.xml b/metadata/glsa/glsa-202107-20.xml
new file mode 100644
index 000000000000..669cd332a6dc
--- /dev/null
+++ b/metadata/glsa/glsa-202107-20.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-20">
+  <title>Redis: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Redis, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2021-07-09</announced>
+  <revised count="1">2021-07-09</revised>
+  <bug>788211</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">6.0.13</unaffected>
+      <unaffected range="ge">6.2.3</unaffected>
+      <vulnerable range="lt">6.0.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Redis. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis 6.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-6.0.13"
+    </code>
+    
+    <p>All Redis 6.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-6.2.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29477">CVE-2021-29477</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29478">CVE-2021-29478</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-08T22:57:01Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-09T02:52:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-21.xml b/metadata/glsa/glsa-202107-21.xml
new file mode 100644
index 000000000000..b8f906df8acf
--- /dev/null
+++ b/metadata/glsa/glsa-202107-21.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-21">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2021-07-09</announced>
+  <revised count="1">2021-07-09</revised>
+  <bug>767907</bug>
+  <bug>775323</bug>
+  <bug>784899</bug>
+  <bug>793968</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">3.4.6</unaffected>
+      <vulnerable range="lt">3.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-3.4.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22173">CVE-2021-22173</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22174">CVE-2021-22174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22191">CVE-2021-22191</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22207">CVE-2021-22207</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22222">CVE-2021-22222</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-08T23:11:17Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-09T02:54:48Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-22.xml b/metadata/glsa/glsa-202107-22.xml
new file mode 100644
index 000000000000..47009889f605
--- /dev/null
+++ b/metadata/glsa/glsa-202107-22.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-22">
+  <title>InspIRCd: Information disclosure</title>
+  <synopsis>An information disclosure vulnerability in InspIRCd may allow
+    remote attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">inspircd</product>
+  <announced>2021-07-09</announced>
+  <revised count="1">2021-07-09</revised>
+  <bug>791589</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/inspircd" auto="yes" arch="*">
+      <unaffected range="ge">3.10.0</unaffected>
+      <vulnerable range="lt">3.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>InspIRCd is a modular Internet Relay Chat (IRC) server written in C++
+      which was created from scratch to be stable, modern and lightweight.
+    </p>
+  </background>
+  <description>
+    <p>InspIRCd incorrectly handled malformed PONG messages, resulting in
+      access of freed memory.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send crafted packets to the server, possibly
+      allowing them to obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All InspIRCd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/inspircd-3.10.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33586">CVE-2021-33586</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-08T23:19:01Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-09T02:55:39Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-23.xml b/metadata/glsa/glsa-202107-23.xml
new file mode 100644
index 000000000000..9c39ca6f7a45
--- /dev/null
+++ b/metadata/glsa/glsa-202107-23.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-23">
+  <title>Docker: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Docker, the worst of
+    which could result in privilege escalation to root on the host.
+  </synopsis>
+  <product type="ebuild">docker</product>
+  <announced>2021-07-10</announced>
+  <revised count="1">2021-07-10</revised>
+  <bug>768612</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/docker" auto="yes" arch="*">
+      <unaffected range="ge">19.03.15</unaffected>
+      <unaffected range="ge">20.10.3</unaffected>
+      <vulnerable range="lt">20.10.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Docker is the world’s leading software containerization platform.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Docker. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Docker 19.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/docker-19.03.15"
+    </code>
+    
+    <p>All Docker 20.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/docker-20.10.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21284">CVE-2021-21284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21285">CVE-2021-21285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-10T00:25:27Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-10T02:49:46Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-24.xml b/metadata/glsa/glsa-202107-24.xml
new file mode 100644
index 000000000000..c5aea138e344
--- /dev/null
+++ b/metadata/glsa/glsa-202107-24.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-24">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2021-07-10</announced>
+  <revised count="1">2021-07-10</revised>
+  <bug>678806</bug>
+  <bug>761957</bug>
+  <bug>764170</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.35.2</unaffected>
+      <vulnerable range="lt">2.35.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.35.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9070">CVE-2019-9070</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9071">CVE-2019-9071</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9072">CVE-2019-9072</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9073">CVE-2019-9073</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9074">CVE-2019-9074</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9075">CVE-2019-9075</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9076">CVE-2019-9076</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9077">CVE-2019-9077</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-19599">CVE-2020-19599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35448">CVE-2020-35448</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35493">CVE-2020-35493</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35494">CVE-2020-35494</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35495">CVE-2020-35495</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35496">CVE-2020-35496</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35507">CVE-2020-35507</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-06T00:21:42Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-10T02:51:25Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-25.xml b/metadata/glsa/glsa-202107-25.xml
new file mode 100644
index 000000000000..5e9b2a4ff2e3
--- /dev/null
+++ b/metadata/glsa/glsa-202107-25.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-25">
+  <title>Tor: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Tor, the worst of which
+    could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2021-07-10</announced>
+  <revised count="1">2021-07-10</revised>
+  <bug>776586</bug>
+  <bug>795969</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-vpn/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.4.6.5</unaffected>
+      <unaffected range="ge">0.4.5.9</unaffected>
+      <unaffected range="ge">0.4.4.9</unaffected>
+      <vulnerable range="lt">0.4.6.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tor is an implementation of second generation Onion Routing, a
+      connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tor. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tor 0.4.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/tor-0.4.6.5"
+    </code>
+    
+    <p>All Tor 0.4.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/tor-0.4.5.9"
+    </code>
+    
+    <p>All Tor 0.4.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/tor-0.4.4.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28089">CVE-2021-28089</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28090">CVE-2021-28090</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34548">CVE-2021-34548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34549">CVE-2021-34549</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34550">CVE-2021-34550</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-10T00:37:16Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-10T02:53:55Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-26.xml b/metadata/glsa/glsa-202107-26.xml
new file mode 100644
index 000000000000..311683d9ec00
--- /dev/null
+++ b/metadata/glsa/glsa-202107-26.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-26">
+  <title>runC: Container breakout</title>
+  <synopsis>A vulnerability has been found in runC which could result in
+    privilege escalation.
+  </synopsis>
+  <product type="ebuild">runc</product>
+  <announced>2021-07-10</announced>
+  <revised count="1">2021-07-10</revised>
+  <bug>790257</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/runc" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0_rc95</unaffected>
+      <vulnerable range="lt">1.0.0_rc95</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>runC is a CLI tool for spawning and running containers according to the
+      OCI specification.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in runC could allow an attacker to achieve privilege
+      escalation if specific mount configuration prerequisites are satisfied.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An attacker may be able to escalation privileges to gain access to the
+      host system.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All runC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/runc-1.0.0_rc95"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30465">CVE-2021-30465</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-10T00:27:46Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-10T02:54:58Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-27.xml b/metadata/glsa/glsa-202107-27.xml
new file mode 100644
index 000000000000..7e0b126848b6
--- /dev/null
+++ b/metadata/glsa/glsa-202107-27.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-27">
+  <title>OpenEXR: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenEXR, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openexr</product>
+  <announced>2021-07-11</announced>
+  <revised count="1">2021-07-11</revised>
+  <bug>717474</bug>
+  <bug>746794</bug>
+  <bug>762862</bug>
+  <bug>770229</bug>
+  <bug>776808</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openexr" auto="yes" arch="*">
+      <unaffected range="ge">2.5.6</unaffected>
+      <vulnerable range="lt">2.5.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenEXR is a high dynamic-range (HDR) image file format developed by
+      Industrial Light &amp; Magic for use in computer imaging applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenEXR. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenEXR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openexr-2.5.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11758">CVE-2020-11758</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11759">CVE-2020-11759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11760">CVE-2020-11760</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11761">CVE-2020-11761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11762">CVE-2020-11762</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11763">CVE-2020-11763</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11764">CVE-2020-11764</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11765">CVE-2020-11765</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15304">CVE-2020-15304</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15305">CVE-2020-15305</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15306">CVE-2020-15306</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20296">CVE-2021-20296</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3474">CVE-2021-3474</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3475">CVE-2021-3475</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3476">CVE-2021-3476</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3477">CVE-2021-3477</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3478">CVE-2021-3478</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3479">CVE-2021-3479</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-11T02:00:34Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-11T02:27:52Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-28.xml b/metadata/glsa/glsa-202107-28.xml
new file mode 100644
index 000000000000..b7822d9afc6b
--- /dev/null
+++ b/metadata/glsa/glsa-202107-28.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-28">
+  <title>GNU Chess: Buffer overflow</title>
+  <synopsis>A buffer overflow in GNU Chess might allow arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">gnuchess</product>
+  <announced>2021-07-12</announced>
+  <revised count="1">2021-07-12</revised>
+  <bug>780855</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-board/gnuchess" auto="yes" arch="*">
+      <unaffected range="ge">6.2.8-r1</unaffected>
+      <vulnerable range="lt">6.2.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Chess is a console based chess interfae.</p>
+  </background>
+  <description>
+    <p>The cmd_pgnload() and cmd_pgnreplay() functions in cmd.cc in GNU Chess
+      to not sufficiently validate PGN file input, potentially resulting in a
+      buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PGN
+      file using GNU Chess, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Chess users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-board/gnuchess-6.2.8-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30184">CVE-2021-30184</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-06T01:16:05Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-12T02:45:49Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-29.xml b/metadata/glsa/glsa-202107-29.xml
new file mode 100644
index 000000000000..e67c3b566e04
--- /dev/null
+++ b/metadata/glsa/glsa-202107-29.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-29">
+  <title>ConnMan: Multiple vulnerabilities</title>
+  <synopsis>A buffer overflow in ConnMan might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">connman</product>
+  <announced>2021-07-12</announced>
+  <revised count="1">2021-07-12</revised>
+  <bug>769491</bug>
+  <bug>795084</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/connman" auto="yes" arch="*">
+      <unaffected range="ge">1.40</unaffected>
+      <vulnerable range="lt">1.40</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ConnMan provides a daemon for managing Internet connections.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in connman. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ConnMan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/connman-1.40"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26675">CVE-2021-26675</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26676">CVE-2021-26676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33833">CVE-2021-33833</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-11T03:04:08Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-12T02:47:52Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-30.xml b/metadata/glsa/glsa-202107-30.xml
new file mode 100644
index 000000000000..bd790484fb22
--- /dev/null
+++ b/metadata/glsa/glsa-202107-30.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-30">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2021-07-12</announced>
+  <revised count="1">2021-07-12</revised>
+  <bug>760144</bug>
+  <bug>766474</bug>
+  <bug>783456</bug>
+  <bug>795054</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.14.2-r1</unaffected>
+      <unaffected range="ge">4.15.0-r1</unaffected>
+      <vulnerable range="lt">4.15.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen 4.14.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.14.2-r1"
+    </code>
+    
+    <p>All Xen 4.15.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.15.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29479">CVE-2020-29479</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29486">CVE-2020-29486</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29487">CVE-2020-29487</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29566">CVE-2020-29566</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29567">CVE-2020-29567</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29568">CVE-2020-29568</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29569">CVE-2020-29569</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29570">CVE-2020-29570</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29571">CVE-2020-29571</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-0089">CVE-2021-0089</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26313">CVE-2021-26313</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28687">CVE-2021-28687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28690">CVE-2021-28690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28691">CVE-2021-28691</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28692">CVE-2021-28692</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28693">CVE-2021-28693</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3308">CVE-2021-3308</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-06T02:51:30Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-12T02:48:56Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-31.xml b/metadata/glsa/glsa-202107-31.xml
new file mode 100644
index 000000000000..77846b9839bb
--- /dev/null
+++ b/metadata/glsa/glsa-202107-31.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-31">
+  <title>polkit: Privilege escalation</title>
+  <synopsis>A vulnerability in polkit could lead to local root privilege
+    escalation.
+  </synopsis>
+  <product type="ebuild">polkit</product>
+  <announced>2021-07-13</announced>
+  <revised count="1">2021-07-13</revised>
+  <bug>794052</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-auth/polkit" auto="yes" arch="*">
+      <unaffected range="ge">0.119</unaffected>
+      <vulnerable range="lt">0.119</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>polkit is a toolkit for managing policies related to unprivileged
+      processes communicating with privileged process.
+    </p>
+  </background>
+  <description>
+    <p>The function polkit_system_bus_name_get_creds_sync() was called without
+      checking for error, and as such temporarily treats the authentication
+      request as coming from root.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All polkit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/polkit-0.119"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3560">CVE-2021-3560</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-13T00:16:39Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-13T02:29:59Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-32.xml b/metadata/glsa/glsa-202107-32.xml
new file mode 100644
index 000000000000..1471ab62487f
--- /dev/null
+++ b/metadata/glsa/glsa-202107-32.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-32">
+  <title>Apache Thrift: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache Thrift, the
+    worst of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">thrift</product>
+  <announced>2021-07-14</announced>
+  <revised count="1">2021-07-14</revised>
+  <bug>761409</bug>
+  <bug>770145</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/thrift" auto="yes" arch="*">
+      <unaffected range="ge">0.14.1</unaffected>
+      <vulnerable range="lt">0.14.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Thrift is a software framework that combines a software stack
+      with a code generation engine to build services that work efficiently and
+      seamlessly between many languages.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache Thrift. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Thrift users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/thrift-0.14.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0205">CVE-2019-0205</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0210">CVE-2019-0210</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13949">CVE-2020-13949</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-08T01:05:35Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-14T03:10:06Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-33.xml b/metadata/glsa/glsa-202107-33.xml
new file mode 100644
index 000000000000..ab54702ebb12
--- /dev/null
+++ b/metadata/glsa/glsa-202107-33.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-33">
+  <title>Pillow: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Pillow, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">pillow</product>
+  <announced>2021-07-14</announced>
+  <revised count="1">2021-07-14</revised>
+  <bug>773559</bug>
+  <bug>774387</bug>
+  <bug>779760</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/pillow" auto="yes" arch="*">
+      <unaffected range="ge">8.2.0</unaffected>
+      <vulnerable range="lt">8.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python Imaging Library (fork)</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pillow. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pillow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/pillow-8.2.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25287">CVE-2021-25287</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25288">CVE-2021-25288</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25289">CVE-2021-25289</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25290">CVE-2021-25290</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25291">CVE-2021-25291</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25292">CVE-2021-25292</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25293">CVE-2021-25293</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27921">CVE-2021-27921</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27922">CVE-2021-27922</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27923">CVE-2021-27923</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28675">CVE-2021-28675</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28676">CVE-2021-28676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28677">CVE-2021-28677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28678">CVE-2021-28678</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-13T01:09:21Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-14T03:15:19Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-34.xml b/metadata/glsa/glsa-202107-34.xml
new file mode 100644
index 000000000000..45507b800ec2
--- /dev/null
+++ b/metadata/glsa/glsa-202107-34.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-34">
+  <title>FluidSynth: Remote code execution</title>
+  <synopsis>A vulnerability was found in FluidSynth that could result in remote
+    code execution.
+  </synopsis>
+  <product type="ebuild">fluidsynth</product>
+  <announced>2021-07-15</announced>
+  <revised count="1">2021-07-15</revised>
+  <bug>782700</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-sound/fluidsynth" auto="yes" arch="*">
+      <unaffected range="ge">2.2.0</unaffected>
+      <vulnerable range="lt">2.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FluidSynth is a real-time synthesizer based on the Soundfont 2
+      specifications.
+    </p>
+  </background>
+  <description>
+    <p>FluidSynth contains a use-after-free in sfloader/fluid_sffile.c which
+      occurs when parsing Soundfile 2 files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      Soundfont 2 file using FluidSynth, possibly resulting in execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FluidSynth users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-sound/fluidsynth-2.2.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28421">CVE-2021-28421</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-14T23:27:29Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-15T05:12:31Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-35.xml b/metadata/glsa/glsa-202107-35.xml
new file mode 100644
index 000000000000..392ebaa6e18e
--- /dev/null
+++ b/metadata/glsa/glsa-202107-35.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-35">
+  <title>OpenSCAD: Buffer overflow</title>
+  <synopsis>A buffer overflow in OpenSCAD might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">openscad</product>
+  <announced>2021-07-15</announced>
+  <revised count="1">2021-07-15</revised>
+  <bug>773217</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/openscad" auto="yes" arch="*">
+      <unaffected range="ge">2021.01</unaffected>
+      <vulnerable range="lt">2021.01</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSCAD is the programmer’s solid 3D CAD modeller.</p>
+  </background>
+  <description>
+    <p>A buffer overflow exists in OpenSCAD when parsing STL files.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted STL
+      file using OpenSCAD, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSCAD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/openscad-2021.01"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28599">CVE-2020-28599</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-14T23:34:45Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-15T05:18:07Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-36.xml b/metadata/glsa/glsa-202107-36.xml
new file mode 100644
index 000000000000..f5fc80d84489
--- /dev/null
+++ b/metadata/glsa/glsa-202107-36.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-36">
+  <title>urllib3: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in urllib3, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">urllib3</product>
+  <announced>2021-07-15</announced>
+  <revised count="1">2021-07-15</revised>
+  <bug>776421</bug>
+  <bug>799413</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/urllib3" auto="yes" arch="*">
+      <unaffected range="ge">1.26.5</unaffected>
+      <vulnerable range="lt">1.26.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The urllib3 library is an HTTP library with thread-safe connection
+      pooling, file post, and more.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in urllib3. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All urllib3 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/urllib3-1.26.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28363">CVE-2021-28363</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33503">CVE-2021-33503</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-13T14:50:16Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-15T05:20:38Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-37.xml b/metadata/glsa/glsa-202107-37.xml
new file mode 100644
index 000000000000..649bc79dcaa8
--- /dev/null
+++ b/metadata/glsa/glsa-202107-37.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-37">
+  <title>Apache Commons Collections: Remote code execution</title>
+  <synopsis>Apache Commons Collections unsafely deserializes untrusted input,
+    potentially resulting in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">commons-collections</product>
+  <announced>2021-07-16</announced>
+  <revised count="1">2021-07-16</revised>
+  <bug>739348</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/commons-collections" auto="yes" arch="*">
+      <unaffected range="ge">3.2.2</unaffected>
+      <vulnerable range="lt">3.2.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Commons Collections extends the JCF classes with new interfaces,
+      implementations and utilities.
+    </p>
+  </background>
+  <description>
+    <p>Some classes in the Apache Commons Collections functor package
+      deserialized potentially untrusted input by default.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Deserializing untrusted input using Apache Commons Collections could
+      result in remote code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Commons Collections users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/commons-collections-3.2.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15708">CVE-2017-15708</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-14T23:32:40Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-16T04:11:42Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-38.xml b/metadata/glsa/glsa-202107-38.xml
new file mode 100644
index 000000000000..f727464eb5b8
--- /dev/null
+++ b/metadata/glsa/glsa-202107-38.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-38">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2021-07-17</announced>
+  <revised count="1">2021-07-17</revised>
+  <bug>795231</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.48</unaffected>
+      <vulnerable range="lt">2.4.48</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.48"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17567">CVE-2019-17567</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13950">CVE-2020-13950</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35452">CVE-2020-35452</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26690">CVE-2021-26690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26691">CVE-2021-26691</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30641">CVE-2021-30641</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31618">CVE-2021-31618</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-17T03:52:42Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-17T04:57:02Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-39.xml b/metadata/glsa/glsa-202107-39.xml
new file mode 100644
index 000000000000..42a2dbf5f8e6
--- /dev/null
+++ b/metadata/glsa/glsa-202107-39.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-39">
+  <title>Apache Commons FileUpload: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache Commons
+    FileUpload, the worst of which could result in a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">commons-fileupload</product>
+  <announced>2021-07-17</announced>
+  <revised count="1">2021-07-17</revised>
+  <bug>739350</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/commons-fileupload" auto="yes" arch="*">
+      <vulnerable range="le">1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache Commons FileUpload package makes it easy to add robust,
+      high-performance, file upload capability to your servlets and web
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache Commons
+      FileUpload. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Apache Commons FileUpload. We
+      recommend that users unmerge it:
+    </p>
+    
+    <code>
+      # emerge --ask --depclean "dev-java/commons-fileupload"
+    </code>
+    
+    <p>NOTE: The Gentoo developer(s) maintaining Apache Commons FileUpload have
+      discontinued support at this time. It may be possible that a new Gentoo
+      developer will update Apache Commons FileUpload at a later date. We do
+      not have a suggestion for a replacement at this time.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2013-0248">CVE-2013-0248</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-0050">CVE-2014-0050</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-3092">CVE-2016-3092</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-17T04:04:02Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-17T05:07:31Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-40.xml b/metadata/glsa/glsa-202107-40.xml
new file mode 100644
index 000000000000..3ad90ee21f0a
--- /dev/null
+++ b/metadata/glsa/glsa-202107-40.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-40">
+  <title>MediaWiki: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">mediawiki</product>
+  <announced>2021-07-17</announced>
+  <revised count="1">2021-07-17</revised>
+  <bug>780654</bug>
+  <bug>797661</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/mediawiki" auto="yes" arch="*">
+      <unaffected range="ge">1.36.1</unaffected>
+      <vulnerable range="lt">1.36.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MediaWiki is a collaborative editing software used by large projects
+      such as Wikipedia.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MediaWiki. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MediaWiki users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.36.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30152">CVE-2021-30152</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30154">CVE-2021-30154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30155">CVE-2021-30155</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30157">CVE-2021-30157</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30158">CVE-2021-30158</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30159">CVE-2021-30159</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30458">CVE-2021-30458</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35197">CVE-2021-35197</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-17T03:41:24Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-17T05:10:27Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-41.xml b/metadata/glsa/glsa-202107-41.xml
new file mode 100644
index 000000000000..2e01572b2113
--- /dev/null
+++ b/metadata/glsa/glsa-202107-41.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-41">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2021-07-18</announced>
+  <revised count="2">2021-07-18</revised>
+  <bug>797349</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.3.14.1</unaffected>
+      <vulnerable range="lt">2.3.14.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dovecot. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.14.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29157">CVE-2021-29157</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33515">CVE-2021-33515</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-17T16:37:03Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-18T03:45:21Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-42.xml b/metadata/glsa/glsa-202107-42.xml
new file mode 100644
index 000000000000..8b6fc8a9b409
--- /dev/null
+++ b/metadata/glsa/glsa-202107-42.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-42">
+  <title>PJSIP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PJSIP, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">pjproject</product>
+  <announced>2021-07-20</announced>
+  <revised count="1">2021-07-20</revised>
+  <bug>775359</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/pjproject" auto="yes" arch="*">
+      <unaffected range="ge">2.10-r1</unaffected>
+      <vulnerable range="lt">2.10-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PJSIP is a free and open source multimedia communication library written
+      in C language implementing standard based protocols such as SIP, SDP,
+      RTP, STUN, TURN, and ICE.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PJSIP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PJSIP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/pjproject-2.10-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15260">CVE-2020-15260</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21375">CVE-2021-21375</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-16T02:16:25Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-20T03:48:47Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-43.xml b/metadata/glsa/glsa-202107-43.xml
new file mode 100644
index 000000000000..aa7e48b71929
--- /dev/null
+++ b/metadata/glsa/glsa-202107-43.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-43">
+  <title>RPM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in RPM, the worst of which
+    could result in remote code execution.
+  </synopsis>
+  <product type="ebuild">rpm</product>
+  <announced>2021-07-20</announced>
+  <revised count="1">2021-07-20</revised>
+  <bug>778533</bug>
+  <bug>787944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/rpm" auto="yes" arch="*">
+      <unaffected range="ge">4.16.1.3</unaffected>
+      <vulnerable range="lt">4.16.1.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Red Hat Package Manager (RPM) is a command line driven package
+      management system capable of installing, uninstalling, verifying,
+      querying, and updating computer software packages.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in RPM. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RPM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/rpm-4.16.1.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20266">CVE-2021-20266</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20271">CVE-2021-20271</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3421">CVE-2021-3421</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-16T01:57:38Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-20T04:06:54Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-44.xml b/metadata/glsa/glsa-202107-44.xml
new file mode 100644
index 000000000000..30a974dc968c
--- /dev/null
+++ b/metadata/glsa/glsa-202107-44.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-44">
+  <title>libslirp: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libslirp, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libslirp</product>
+  <announced>2021-07-20</announced>
+  <revised count="1">2021-07-20</revised>
+  <bug>796347</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-libs/libslirp" auto="yes" arch="*">
+      <unaffected range="ge">4.6.0</unaffected>
+      <vulnerable range="lt">4.6.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libslirp is a TCP/IP emulator used to provide virtual networking
+      services.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libslirp. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libslirp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libslirp-4.6.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3592">CVE-2021-3592</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3593">CVE-2021-3593</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3594">CVE-2021-3594</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3595">CVE-2021-3595</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-10T00:29:05Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-20T04:11:18Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-45.xml b/metadata/glsa/glsa-202107-45.xml
new file mode 100644
index 000000000000..253cc37b6db7
--- /dev/null
+++ b/metadata/glsa/glsa-202107-45.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-45">
+  <title>PyCharm Community, Professional: Remote code execution</title>
+  <synopsis>A vulnerability has been found in PyCharm Community and
+    Professional, potentially resulting in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">pycharm</product>
+  <announced>2021-07-20</announced>
+  <revised count="1">2021-07-20</revised>
+  <bug>797892</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-util/pycharm-community" auto="yes" arch="*">
+      <unaffected range="ge">2021.1.2</unaffected>
+      <vulnerable range="lt">2021.1.2</vulnerable>
+    </package>
+    <package name="dev-util/pycharm-professional" auto="yes" arch="*">
+      <unaffected range="ge">2021.1.2</unaffected>
+      <vulnerable range="lt">2021.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PyCharm is the Python IDE for professional developers.</p>
+  </background>
+  <description>
+    <p>Insufficient validation exists within PyCharm’s checks for fetching
+      projects from VCS.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>If a victim can be enticed into fetching a VCS project via PyCharm, a
+      remote attacker could achieve remote code execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PyCharm Community users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-util/pycharm-community-2021.1.2"
+    </code>
+    
+    <p>All PyCharm Professional users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-util/pycharm-professional-2021.1.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30005">CVE-2021-30005</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-16T02:00:34Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-20T04:13:01Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-46.xml b/metadata/glsa/glsa-202107-46.xml
new file mode 100644
index 000000000000..2c4b4415bdd9
--- /dev/null
+++ b/metadata/glsa/glsa-202107-46.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-46">
+  <title>mpv: Format string vulnerability</title>
+  <synopsis>A format string vulnerability was found in mpv, potentially
+    resulting in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">mpv</product>
+  <announced>2021-07-20</announced>
+  <revised count="1">2021-07-20</revised>
+  <bug>780474</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/mpv" auto="yes" arch="*">
+      <unaffected range="ge">0.33.1</unaffected>
+      <vulnerable range="lt">0.33.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Video player based on MPlayer/mplayer2.</p>
+  </background>
+  <description>
+    <p>mpv uses untrusted input within format strings.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted m3u
+      playlist file using mpv, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mpv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/mpv-0.33.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30145">CVE-2021-30145</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-16T02:03:07Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-20T04:16:47Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-47.xml b/metadata/glsa/glsa-202107-47.xml
new file mode 100644
index 000000000000..39653c3ca06c
--- /dev/null
+++ b/metadata/glsa/glsa-202107-47.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-47">
+  <title>libpano13: Format string vulnerability</title>
+  <synopsis>A format string vulnerability has been found in libpano13,
+    potentially resulting in arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">libpano13</product>
+  <announced>2021-07-20</announced>
+  <revised count="1">2021-07-20</revised>
+  <bug>780486</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpano13" auto="yes" arch="*">
+      <unaffected range="ge">2.9.20</unaffected>
+      <vulnerable range="lt">2.9.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpano13 is Helmut Dersch’s panorama toolbox library.</p>
+  </background>
+  <description>
+    <p>A format string issue exists within panoFileOutputNamesCreate() where
+      unvalidated input is passed directly into the formatter.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted file
+      using libpano13, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpano13 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpano13-2.9.20"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20307">CVE-2021-20307</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-16T01:54:06Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-20T04:19:22Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-48.xml b/metadata/glsa/glsa-202107-48.xml
new file mode 100644
index 000000000000..93798cdc8b89
--- /dev/null
+++ b/metadata/glsa/glsa-202107-48.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-48">
+  <title>systemd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in systemd, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">systemd</product>
+  <announced>2021-07-20</announced>
+  <revised count="1">2021-07-20</revised>
+  <bug>789399</bug>
+  <bug>803041</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/systemd" auto="yes" arch="*">
+      <unaffected range="ge">248.5</unaffected>
+      <vulnerable range="lt">248.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A system and service manager.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in systemd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All systemd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/systemd-248.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13529">CVE-2020-13529</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33910">CVE-2021-33910</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-20T18:35:40Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-20T19:14:28Z">ajak</metadata>
+</glsa>
+
diff --git a/metadata/glsa/glsa-202107-49.xml b/metadata/glsa/glsa-202107-49.xml
new file mode 100644
index 000000000000..66db2e9ee5f0
--- /dev/null
+++ b/metadata/glsa/glsa-202107-49.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-49">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium, google-chrome</product>
+  <announced>2021-07-22</announced>
+  <revised count="2">2021-07-22</revised>
+  <bug>802540</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">91.0.4472.164</unaffected>
+      <vulnerable range="lt">91.0.4472.164</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">91.0.4472.164</unaffected>
+      <vulnerable range="lt">91.0.4472.164</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in chromium, and
+      google-chrome. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-91.0.4472.164"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-91.0.4472.164"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30541">CVE-2021-30541</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30559">CVE-2021-30559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30560">CVE-2021-30560</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30561">CVE-2021-30561</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30562">CVE-2021-30562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30563">CVE-2021-30563</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30564">CVE-2021-30564</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-19T02:47:55Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-22T04:51:59Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-50.xml b/metadata/glsa/glsa-202107-50.xml
new file mode 100644
index 000000000000..147944a9d215
--- /dev/null
+++ b/metadata/glsa/glsa-202107-50.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-50">
+  <title>Singularity: Remote code execution</title>
+  <synopsis>A vulnerability in Singularity could result in remote code
+    execution.
+  </synopsis>
+  <product type="ebuild">singularity</product>
+  <announced>2021-07-22</announced>
+  <revised count="1">2021-07-22</revised>
+  <bug>792465</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-cluster/singularity" auto="yes" arch="*">
+      <unaffected range="ge">3.7.4</unaffected>
+      <vulnerable range="lt">3.7.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Singularity is the container platform for performance sensitive
+      workloads.
+    </p>
+  </background>
+  <description>
+    <p>Singularity always uses the default remote endpoint,
+      ‘cloud.syslabs.io’, for action commands using the ‘library://’
+      URI rather than the configured remote endpoint.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker that that can push a malicious container to the default
+      remote endpoint could execute code on hosts that fetch the container.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Singularity users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/singularity-3.7.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32635">CVE-2021-32635</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-19T02:57:15Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-22T04:54:09Z">ajak</metadata>
+</glsa>